stackforge/puppet-openstack
Code Issues Proposed changes

Retire stackforge/puppet-openstack

Browse Source
This commit is contained in:
Monty Taylor 2015-10-17 16:04:20 -04:00
parent 96917bcbe0
commit b8f39c8a76
66 changed files with 7 additions and 8676 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
.fixtures.yml
View File

@ -1,50 +0,0 @@
fixtures:
repositories:
'cinder':
repo: 'git://github.com/stackforge/puppet-cinder'
ref: 'origin/stable/icehouse'
'keystone':
repo: 'git://github.com/stackforge/puppet-keystone.git'
ref: 'origin/stable/icehouse'
'nova':
repo: 'git://github.com/stackforge/puppet-nova.git'
ref: 'origin/stable/icehouse'
'glance':
repo: 'git://github.com/stackforge/puppet-glance.git'
ref: 'origin/stable/icehouse'
'horizon':
repo: 'git://github.com/stackforge/puppet-horizon'
ref: 'origin/stable/icehouse'
'swift' :
repo: 'git://github.com/stackforge/puppet-swift'
ref: 'origin/stable/icehouse'
'neutron':
repo: 'git://github.com/stackforge/puppet-neutron'
ref: 'origin/stable/icehouse'
'ceilometer' :
repo: 'git://github.com/stackforge/puppet-ceilometer'
ref: 'origin/stable/icehouse'
'heat' :
repo: 'git://github.com/stackforge/puppet-heat'
ref: 'origin/stable/icehouse'
'apt': 'git://github.com/puppetlabs/puppetlabs-apt.git'
'apache': 'git://github.com/puppetlabs/puppetlabs-apache.git'
'concat':
repo: 'git://github.com/puppetlabs/puppetlabs-concat.git'
ref: '1.2.1'
'firewall': 'git://github.com/puppetlabs/puppetlabs-firewall.git'
'mysql':
repo: 'git://github.com/puppetlabs/puppetlabs-mysql.git'
ref: 'origin/0.x'
'rabbitmq':
repo: 'git://github.com/puppetlabs/puppetlabs-rabbitmq'
ref: 'origin/2.x'
'memcached': 'git://github.com/saz/puppet-memcached'
'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git'
'sysctl': 'git://github.com/duritong/puppet-sysctl.git'
'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile'
'vswitch': 'git://github.com/stackforge/puppet-vswitch'
'tempest': 'git://github.com/stackforge/puppet-tempest'
'vcsrepo': 'git://github.com/puppetlabs/puppetlabs-vcsrepo'
symlinks:
"openstack": "#{source_dir}"

6
.gitignore vendored
View File

@ -1,6 +0,0 @@
spec/fixtures/modules/*
spec/fixtures/manifests/*
*swp
.vendor
Gemfile.lock
pkg

4
.gitreview
View File

@ -1,4 +0,0 @@
[gerrit]
host=review.openstack.org
port=29418
project=stackforge/puppet-openstack.git

4
.mailmap
View File

@ -1,4 +0,0 @@
# Format is:
# <preferred e-mail> <other e-mail 1>
# <preferred e-mail> <other e-mail 2>
Xingchao Yu <xingchao@unitedstack.com> <yuxcer@gmail.com>

33
.travis.yml
View File

@ -1,33 +0,0 @@
language: ruby
bundler_args: --without development
before_script:
- echo $PUPPET_GEM_VERSION | grep '2.6' && git clone git://github.com/puppetlabs/puppetlabs-create_resources.git spec/fixtures/modules/create_resources || true
script: "bundle exec rake spec SPEC_OPTS='--format documentation'"
rvm:
- 1.8.7
- 1.9.3
- ruby-head
branches:
only:
- master
- folsom
- essex
env:
- PUPPET_GEM_VERSION="~> 2.6"
- PUPPET_GEM_VERSION="~> 2.7"
- PUPPET_GEM_VERSION="~> 3.0"
- PUPPET_GEM_VERSION="~> 3.1"
matrix:
allow_failures:
- rvm: ruby-head
exclude:
- rvm: 1.9.3
env: PUPPET_GEM_VERSION="~> 2.7"
- rvm: ruby-head
env: PUPPET_GEM_VERSION="~> 2.7"
- rvm: 1.9.3
env: PUPPET_GEM_VERSION="~> 2.6"
- rvm: ruby-head
env: PUPPET_GEM_VERSION="~> 2.6"
notifications:
email: false

16
Gemfile
View File

@ -1,16 +0,0 @@
source 'https://rubygems.org'
group :development, :test do
gem 'puppetlabs_spec_helper', :require => false
gem 'puppet-lint', '~> 0.3.2'
gem 'json'
gem 'webmock'
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end
# vim:ft=ruby

201
LICENSE
View File

@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

18
Modulefile
View File

@ -1,18 +0,0 @@
name 'puppetlabs-openstack'
version '4.0.0-devel'
source 'https://github.com/stackforge/puppet-openstack'
author 'Puppet Labs'
license 'Apache License 2.0'
summary 'Puppet Labs Openstack Module targeted for Grizzly'
description 'Puppet module that pulls together all the individual components of Openstack, resulting is a complete and functional stack.'
project_page 'https://github.com/stackforge/puppet-openstack'
dependency 'puppetlabs/ceilometer', '>=4.0.0 <5.0.0'
dependency 'puppetlabs/cinder', '>=4.0.0 <5.0.0'
dependency 'puppetlabs/glance', '>=4.0.0 <5.0.0'
dependency 'puppetlabs/heat', '>=4.0.0 <5.0.0'
dependency 'puppetlabs/horizon', '>=4.0.0 <5.0.0'
dependency 'puppetlabs/keystone', '>=4.0.0 <5.0.0'
dependency 'puppetlabs/nova', '>=4.0.0 <5.0.0'
dependency 'puppetlabs/quantum', '>=4.0.0 <5.0.0'
dependency 'puppetlabs/swift', '>=4.0.0 <5.0.0'

35
Puppetfile
View File

@ -1,35 +0,0 @@
forge "http://forge.puppetlabs.com"
mod 'puppetlabs/nova', :git => 'git://github.com/stackforge/puppet-nova'
mod 'puppetlabs/glance', :git => 'git://github.com/stackforge/puppet-glance'
mod 'puppetlabs/keystone', :git => 'git://github.com/stackforge/puppet-keystone'
mod 'puppetlabs/horizon', :git => 'git://github.com/stackforge/puppet-horizon'
mod 'puppetlabs/swift', :git => 'git://github.com/stackforge/puppet-swift'
mod 'puppetlabs/cinder', :git => 'git://github.com/stackforge/puppet-cinder'
mod 'puppetlabs/tempest', :git => 'git://github.com/stackforge/puppet-tempest'
mod 'stackforge/neutron', :git => 'git://github.com/stackforge/puppet-neutron'
# openstack middleware
mod 'puppet/vswitch', :git => 'git://github.com/stackforge/puppet-vswitch'
mod 'puppetlabs/rabbitmq',
:git => 'git://github.com/puppetlabs/puppetlabs-rabbitmq',
:ref => 'origin/2.x'
mod 'puppetlabs/mysql',
:git => 'git://github.com/puppetlabs/puppetlabs-mysql',
:ref => 'origin/0.x'
mod 'puppetlabs/apache',
:git => 'git://github.com/puppetlabs/puppetlabs-apache',
:ref => 'origin/0.x'
mod 'puppetlabs/git', :git => 'git://github.com/puppetlabs/puppetlabs-git'
mod 'puppetlabs/vcsrepo', :git => 'git://github.com/puppetlabs/puppetlabs-vcsrepo'
mod 'saz/memcached', :git => 'git://github.com/saz/puppet-memcached'
mod 'puppetlabs/rsync', :git => 'git://github.com/puppetlabs/puppetlabs-rsync'
# other deps
mod 'puppetlabs/xinetd', :git => 'git://github.com/puppetlabs/puppetlabs-xinetd'
mod 'saz/ssh', :git => 'git://github.com/saz/puppet-ssh'
mod 'saz/sudo', :git => 'git://github.com/saz/puppet-sudo'
mod 'puppetlabs/stdlib', :git => 'git://github.com/puppetlabs/puppetlabs-stdlib'
mod 'puppetlabs/apt', :git => 'git://github.com/puppetlabs/puppetlabs-apt'
mod 'puppetlabs/firewall', :git => 'git://github.com/puppetlabs/puppetlabs-firewall'
mod 'puppetlabs/concat', :git => 'git://github.com/puppetlabs/puppetlabs-concat'
mod 'duritong/sysctl', :git => 'git://github.com/duritong/puppet-sysctl.git'
mod 'puppetlabs/inifile', :git => 'git://github.com/puppetlabs/puppetlabs-inifile'

575
README.md
View File

@ -1,575 +0,0 @@
Openstack
=========
#### Table of Contents
1. [Overview - What is the openstack module?](#overview)
2. [Module Description - What does the module do?](#module-description)
3. [Setup - The basics of getting started with cinder.](#setup)
4. [Implementation - An under-the-hood peek at what the module is doing.](#implementation)
5. [Limitations - OS compatibility, etc.](#limitations)
6. [Getting Involved - How to go deeper?](#getting-involved)
7. [Development - Guide for contributing to the module.](#development)
8. [Contributors - Those with commits.](#contributors)
9. [Release Notes - Notes on the most recent updates to the module.](#release-notes)
Deprecation
-----------
This implementation of the puppet-openstack module is deprecated, and will be removed for the OpenStack Icehouse release.
A new reference deployment based on the [puppetlabs-havana](https://github.com/puppetlabs/puppetlabs-havana) module is under development.
Overview
--------
The Openstack Puppet Modules are a flexible Puppet implementation capable of configuring the core [Openstack](http://docs.openstack.org/) services:
* [nova](http://nova.openstack.org/) (compute service)
* [glance](http://glance.openstack.org/) (image database)
* [swift](http://swift.openstack.org/) (object store)
* [keystone](http://keystone.openstack.org/) (authentication/authorization)
* [horizon](http://horizon.openstack.org/) (web front end)
* [cinder](http://cinder.openstack.org/) (block storage exporting)
[Puppet Modules](http://docs.puppetlabs.com/learning/modules1.html#modules) are a collection of related contents that can be used to model the configuration of a discrete service.
These Puppet modules are based on the [openstack documentation](http://docs.openstack.org/).
Module Description
------------------
There are a lot of moving pieces in Openstack, consequently there are several Puppet modules needed to cover all these pieces. Each module is then made up of several class definitions, resource declarations, defined resources, and custom types/providers. A common pattern to reduce this complexity in Puppet is to create a composite module that bundles all these component type modules into a common set of configurations. The openstack module is doing this compositing and exposing a set of variables needed to be successful in getting a functional stack up and running. Multiple companies and individuals contributed to this module with the goal of producing a quick way to build single and multi-node installations that was based off documented Openstack best practices.
**Pre-module Dependencies**
* [Puppet](http://docs.puppetlabs.com/puppet/) 2.7.12 or greater
* [Facter](http://www.puppetlabs.com/puppet/related-projects/facter/) 1.6.1 or greater (versions that support the osfamily fact)
**Platforms**
* These modules have been fully tested on Ubuntu Precise and Debian Wheezy and RHEL 6.
* The instructions in this document have only been verified on Ubuntu Precise. For instructions of how to use these modules on Debian, check out this excellent [link](http://wiki.debian.org/OpenStackPuppetHowto)
Setup
-----
**What the openstack module affects**
* The entirety of Openstack!
### Installing Puppet
Puppet Labs provides two tools for getting started with managing configuration modeling with Puppet, Puppet Enterprise or its underlying opensource projects, i.e. Puppet and MCollective.
* [Puppet Enterprise](http://docs.puppetlabs.com/#puppet-enterprisepelatest) is a complete configuration management platform, with an optimized set of components proven to work well together. Is free up to 10 nodes so if you're just using Puppet for Openstack management this might just work perfectly. It will come configured with a handful of extra components that make for a richer experience, like a web interface for managing the orchestration of Puppet and certificate management.
* [Puppet](http://docs.puppetlabs.com/#puppetpuppet) manages your servers: you describe machine configurations in an easy-to-read declarative language, and Puppet will bring your systems into the desired state and keep them there. This is the opensource version of Puppet and should be available in your operating system's package repositories but it is generally suggested you use the [yum](http://yum.puppetlabs.com) or [apt](http://apt.puppetlabs.com) repositories from Puppet Labs if possible.
Consult the documentation linked above to help you make your decision but don't fret about the choice to much, opensource Puppet agents are compatible with Puppet Enterprise Puppet masters.
### Optional Puppet features
The swift portions of this module needs Puppet's [exported resources](http://docs.puppetlabs.com/puppet/3/reference/lang_exported.html). Exported resources leverages the PuppetDB to export and share data across other Puppet managed nodes.
### Installing openstack
puppet module install puppetlabs/openstack
### Installing latest unstable openstack module from source
cd /etc/puppet/modules
git clone git://github.com/stackforge/puppet-openstack.git openstack
cd openstack
gem install librarian-puppet
librarian-puppet install --path ../
**Pre-puppet setup**
The things that follow can be handled by Puppet but are out of scope of this document and are not included in the openstack module.
### Networking
* Each of the machines running the Openstack services should have a minimum of 2 NICS.
* One for the public/internal network
- This nic should be assigned an IP address
* One of the virtual machine network
- This nic should not have an ipaddress assigned
* If machines only have one NIC, it is necessary to manually create a bridge called br100 that bridges into the ip address specified on that NIC.
* All interfaces that are used to bridge traffic for the internal network need to have promiscuous mode set.
* Below is an example of setting promiscuous mode on an interface on Ubuntu.
```
#/etc/network/interfaces
auto eth1
iface eth1 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ifconfig $IFACE promisc
```
### Volumes
Every node that is configured to be a cinder volume service must have a volume group called `cinder-volumes`.
### Compute nodes
* Compute nodes should be deployed onto physical hardware.
* If compute nodes are deployed on virtual machines for testing, the `libvirt_type` parameter for the `openstack::compute` class should probably be configured as `qemu`. This is because most virtualization technologies do not pass the virtualization CPU extensions through to their virtual machines.
```puppet
class { 'openstack::compute':
libvirt_type => 'qemu'
}
```
**or**
```puppet
class { 'openstack::all':
libvirt_type => 'qemu'
}
```
### Beginning with openstack
Utilization of this module can come in many forms. It was designed to be capable of deploying all services to a single node or distributed across several. This is not an exhaustive list, we recommend you consult and understand all the manifests included in this module and the [core openstack](http://docs.openstack.org) documentation.
**Defining an all in one configuration**
The `openstack::all` class provides a single configuration interface that can be
used to deploy all Openstack services on a single host.
This is a great starting place for people who are just kicking the tires with
Openstack or with Puppet deployed OpenStack environments.
```puppet
class { 'openstack::all':
public_address => '192.168.1.12',
public_interface => 'eth0',
private_interface => 'eth1',
admin_email => 'some_admin@some_company',
admin_password => 'admin_password',
keystone_admin_token => 'keystone_admin_token',
keystone_db_password => 'keystone_db_password',
cinder_db_password => 'cinder_db_password',
cinder_user_password => 'cinder_user_password',
nova_user_password => 'nova_user_password',
nova_db_password => 'nova_db_password',
glance_user_password => 'glance_user_password',
glance_db_password => 'glance_db_password',
rabbit_password => 'rabbit_password',
rabbit_user => 'rabbit_user',
libvirt_type => 'kvm',
fixed_range => '10.0.0.0/24',
secret_key => '12345',
neutron => false,
mysql_root_password => 'mysql_root_password',
}
```
For more information on the parameters, check out the inline documentation in the [manifest](https://github.com/stackforge/puppet-openstack/blob/master/manifests/all.pp).
**Defining a controller configuration**
The `openstack::controller` class is intended to provide basic support for multi-node Openstack deployments.
There are two roles in this basic multi-node Openstack deployment:
* controller - deploys all of the central management services
* compute - deploys the actual hypervisor on which VMs are deployed.
The `openstack::controller` class deploys the following Openstack services:
* keystone
* horizon
* glance
* nova (omitting the nova compute service and, when multi_host is enabled,
the nova network service)
* mysql
* rabbitmq
```puppet
class { 'openstack::controller':
public_address => '192.168.101.10',
public_interface => 'eth0',
private_interface => 'eth1',
internal_address => '192.168.101.10',
floating_range => '192.168.101.64/28',
fixed_range => '10.0.0.0/24',
multi_host => false,
network_manager => 'nova.network.manager.FlatDHCPManager',
admin_email => 'root@localhost',
admin_password => 'admin_password',
cinder_db_password => 'cinder_db_password',
cinder_user_password => 'cinder_user_password',
keystone_admin_token => 'keystone_admin_token',
keystone_db_password => 'keystone_db_password',
glance_user_password => 'glance_user_password',
glance_db_password => 'glance_db_password',
nova_db_password => 'nova_db_password',
nova_user_password => 'nova_user_password',
rabbit_password => 'rabbit_password',
rabbit_user => 'rabbit_user',
secret_key => '12345',
neutron => false,
}
```
For more information on the parameters, check out the inline documentation in the [manifest](https://github.com/stackforge/puppet-openstack/blob/master/manifests/controller.pp)
**Defining a compute configuration**
The `openstack::compute` class is used to manage the underlying hypervisor. A typical multi-host Openstack installation would consist of a single `openstack::controller` node and multiple `openstack::compute` nodes (based on the amount of resources being virtualized)
The `openstack::compute` class deploys the following services:
* nova
- compute service (libvirt backend)
- optionally, the nova network service (if multi_host is enabled)
- optionally, the nova api service (if multi_host is enabled)
- optionally, the nova volume service if it is enabled
```puppet
class { 'openstack::compute':
private_interface => 'eth1',
internal_address => $::ipaddress_eth0,
libvirt_type => 'kvm',
fixed_range => '10.0.0.0/24',
network_manager => 'nova.network.manager.FlatDHCPManager',
multi_host => false,
rabbit_host => '192.168.101.10',
rabbit_password => 'rabbit_password',
cinder_db_password => 'cinder_db_password',
glance_api_servers => '192.168.101.10:9292',
nova_db_password => 'nova_db_password',
nova_user_password => 'nova_user_password',
vncproxy_host => '192.168.101.10',
vnc_enabled => true,
manage_volumes => true,
neutron => false,
}
```
For more information on the parameters, check out the inline documentation in the [manifest](https://github.com/stackforge/puppet-openstack/blob/master/manifests/compute.pp)
Implementation
--------------
### Creating your deployment scenario
So far, classes have been discussed as configuration interfaces used to deploy the openstack roles. This section explains how to apply these roles to actual nodes using a puppet site manifest.
The default file name for the site manifest is `site.pp`. This file should be contained in the puppetmaster's manifestdir:
* open source puppet - /etc/puppet/manifests/site.pp
* Puppet Enterprise - /etc/puppetlabs/puppet/manifests/site.pp
Node blocks are used to map a node's certificate name to the classes that should be assigned to it.
[Node blocks](http://docs.puppetlabs.com/guides/language_guide.html#nodes) can match specific hosts:
```puppet
node my_explicit_host { }
```
Or they can use regular expression to match sets of hosts
```puppet
node /my_similar_hosts/ { }
```
Inside the `site.pp` file, Puppet resources declared within node blocks are applied to those specified nodes. Resources specified at top-scope are applied to all nodes.
### Deploying an Openstack all-in-one environment
The easiest way to get started with the `openstack::all` class is to use the file
<module_dir>/openstack/tests/site.pp
There is a node entry for
```puppet
node /openstack_all/ { }
```
that can be used to deploy a simple nova all-in-one environment.
You can explicitly target this node entry by specifying a matching certname and targeting the manifest explicitly with:
puppet apply /etc/puppet/modules/openstack/tests/site.pp --certname openstack_all
You could also update `site.pp` with the hostname of the node on which you wish to perform an all-in-one installation:
```puppet
node /<my_node>/ { }
```
If you wish to provision an all-in-one host from a remote puppetmaster, you can run the following command:
puppet agent -td
### Deploying an Openstack multi-node environment
A Puppet Master should be used when deploying multi-node environments.
The example modules and `site.pp` should be installed on the Master.
This file contains entries for:
```puppet
node /openstack_controller/ { }
node /openstack_compute/ { }
```
Which can be used to assign the respective roles.
(As above, you can replace these default certificate names with the hostnames of your nodes)
The first step for building out a multi-node deployment scenario is to choose the IP address of the controller node.
Both nodes will need this configuration parameter.
In the example `site.pp`, replace the following line:
```puppet
$controller_node_address = <your_node_ip>
```
with the IP address of your controller.
It is also possible to use store configs in order for the compute hosts to automatically discover the address of the controller host. Documentation for this may not be available until a later release of the openstack modules.
Once everything is configured on the master, you can configure the nodes using:
puppet agent -t <--certname ROLE_CERTNAME>
It is recommended that you first configure the controller before configuring your compute nodes:
openstack_controller> puppet agent -t --certname openstack_controller
openstack_compute1> puppet agent -t --certname openstack_compute1
openstack_compute2> puppet agent -t --certname openstack_compute2
### Verifying an OpenStack deployment
Once you have installed openstack using Puppet (and assuming you experience no errors), the next step is to verify the installation:
### openstack::auth_file
The `openstack::auth_file` class creates the file:
/root/openrc
which stores environment variables that can be used for authentication of openstack command line utilities.
#### Usage Example:
```puppet
class { 'openstack::auth_file':
admin_password => 'my_admin_password',
controller_node => 'my_controller_node',
keystone_admin_token => 'my_admin_token',
}
```
### Verification Process
1. Ensure that your authentication information is stored in /root/openrc. This assumes that the class `openstack::auth_file` had been applied to this node.
2. Ensure that your authentication information is in the user's environment.
source /root/openrc
3. Verify that all of the services for nova are operational:
> nova-manage service list
Binary Host Zone Status State Updated_At
nova-volume <your_host> nova enabled :-) 2012-06-06 22:30:05
nova-consoleauth <your_host> nova enabled :-) 2012-06-06 22:30:04
nova-scheduler <your_host> nova enabled :-) 2012-06-06 22:30:05
nova-compute <your_host> nova enabled :-) 2012-06-06 22:30:02
nova-network <your_host> nova enabled :-) 2012-06-06 22:30:07
nova-cert <your_host> nova enabled :-) 2012-06-06 22:30:04
4. Ensure that the test script has been deployed to the node.
```puppet
include openstack::test_file
```
5. Run the test script.
bash /tmp/test_nova.sh
This script will verify that an image can be inserted into glance, and that that image can be used to fire up a virtual machine instance.
6. Log into horizon on port 80 of your controller node and walk through a few operations:
- fire up a VM
- create a volume
- attach that volume to the VM
- allocate a floating IP address to a VM instance.
- verify that volume is actually attached to the VM and that
it is reachable by its floating ip address (which will require
some security groups)
### Building your own custom deployment scenario for Openstack
The classes included in the Openstack module are implemented using a number of other modules. These modules can be used directly to create a customized openstack deployment.
The full list of modules, their source locations, as well as the revisions that have been tested are available in the file .fixtures.yaml.
These building block modules have been written to support a wide variety of specific configuration and deployment use cases. They also provide a lot of configuration options not available with the more constrained puppetlabs-openstack modules.
The manifests in the Openstack module can serve as an example of how to use these base building block to compose custom deployments.
<module_path>/openstack/manifests/{all,controller,compute}.pp
These files contain examples of how to deploy the following services:
* nova
* api
* scheduler
* volumes
* compute
* network
* keystone
* glance
* api
* registry
* horizon
* database
* examples only exist for Mysql and Sqlite (there is work underway for postgresql)
* message queue
* examples currently only exist for rabbitmq
Once you have selected which services need to be combined on which nodes, you should review the modules for all of these services and figure out how you can configure things like the pipelines and back-ends for these individual services.
This information should then be used to compose your own custom `site.pp`
## Deploying swift
In order to deploy swift, you should use the example manifest that comes with the swift modules (tests/site.pp)
In this example, the following nodes are specified:
* swift_proxy
- used as the ringbuilder + proxy node
* swift_storage_1
- used as a storage node
* swift_storage_2
- used as a storage node
* swift_storage_3
- used as a storage node
This swift configuration requires both a puppetmaster with storeconfigs enabled.
To fully configure a Swift environment, the nodes must be configured in the following order:
* First the storage nodes need to be configured. This creates the storage services (object, container, account) and exports all of the storage endpoints for the ring builder into storeconfigs. (The replicator service fails to start in this initial configuration)
* Next, the ringbuild and swift proxy must be configured. The ringbuilder needs to collect the storage endpoints and create the ring database before the proxy can be installed. It also sets up an rsync server which is used to host the ring database. Resources are exported that are used to rsync the ring database from this server.
* Finally, the storage nodes should be run again so that they can rsync the ring databases.
This configuration of rsync create two loopback devices on every node. For more realistic scenarios, users should deploy their own volumes in combination with the other classes.
Better examples of this will be provided in a future version of the module.
Limitations
-----------
* Deploys only with rabbitmq and mysql RPC/data backends.
* Not backwards compatible with pre-2.x release of the openstack modules.
### Upgrade warning
The current version of the code is intended for the 2.x series of the openstack modules and has the following known backwards incompatible breaking changes from 1.x.
* The cinder parameter has been removed (b/c support for nova-volumes has been removed). The manage_volumes parameter indicates if cinder volumes should be managed.
* The names of the sql connection parameters of the `openstack::compute` class have changed from sql_connetion to individual parameters for the db user,name,password,host.
Getting Involved
----------------
Need a feature? Found a bug? Let me know!
We are extremely interested in growing a community of OpenStack experts and users around these modules so they can serve as an example of consolidated best practices of how to deploy openstack.
The best way to get help with this set of modules is to email the group associated with this project:
puppet-openstack@puppetlabs.com
Issues should be opened here:
https://launchpad.net/puppet-openstack
The process for contributing code is as follows:
* stackforge/puppet-openstack uses Gerrit for code review.
* Please visit http://wiki.openstack.org/GerritWorkflow and follow the instructions there to upload your change to Gerrit.
* Please add rspec tests for your code if applicable
Development
-----------
Developer documentation for the entire puppet-openstack project.
* https://wiki.openstack.org/wiki/Puppet-openstack#Developer_documentation
Contributors
------------
* https://github.com/stackforge/puppet-openstack/graphs/contributors
Release Notes
-------------
**2.2.0**
* Added support for syslog.
* Added passing keystone_host to controller class to support non-local keystone server.
* Added parameter for memcached_servers to support multiple memcache servers.
* Fixed bug to make vncserver_listen default to internal_address if not set.
* Added force_config_drive to openstack::all.
* Added support for rdb volumes.
* Added support for rdb as glance backend.
* Added ovs network provider.
* Added support for keystone token_format and token_driver.
* Fixed reference to 'quantum' repository to reflect upstream change to puppet-neutron.
* Added support for security_group_api.
* Fixed swift keystone authentication endpoints.
* Fixed selinux logic for horizon.
**2.1.0**
* Added support for Neutron OVS VLAN networking.
* Added Neutron firewall driver at top scope parameter.
* Added support for Glance Registry MySQL Idle Timeout
* Added support for debug logging.
* Added rdb/ceph backend support to Glance.
* Added rdb/ceph backend support to Cinder.
* Added support for splitting proxy and storage networks.
* Added support for memcached.
* Added support for RabbitMQ clustering.
* Added support for Nova API Bind Address.
* Added support for SQL Idle Timeout.
* Added support for debug logging.
* Added support for RabbitMQ mirrored queues.
* Added support for RDO setup on additional RedHat based systems.
* Added swift_public_address.
* Added configuration for Swift auth in controller.
* Reintroduces support for provider networks.
* Propagates both internal and admin addresses to services.
* Passes through neutron core plugin.
* Exposes public_protocol parameter in openstack::controller.
* Exposes Glance registry_host parameter.
* Fixed authentication host parameter bug to use real_keystone_host.
* Fixed selinux Horizon bug.
* Fixed Keystone 'token-get' bug.
* Removed unneeded ovs_local_ip error message.
* Disabled dhcp on provisioned public subnet.
* Allows ovs_enable_tunneling to be passed through.
* Pinned module dependencies.
* Various lint and bug fixes.
**2.0.0**
* Upstream is now part of stackfoge.
* Initial support for the utilization of the neutron module.
* Ability to set vncproxy host.
* Refactors of db connections for compute.
* Refactor of glance and cinder related classes.
* Nova-conductor added.
* Various cleanups and bug fixes.
* Removes Puppet 3.2 deprecation warnings in templates.
* Adds the option to automatically set up RedHat or Ubuntu supplemental repositories.
* Class['openstack::all'] refactor that adds support of future compute nodes to be added.
* The cinder-volume logical volume group is no longer a requirement.
* Swift can use the disk storage_type

7
README.rst Normal file
View File

@ -0,0 +1,7 @@
This project is no longer maintained.
The contents of this repository are still available in the Git source code
management system. To see the contents of this repository before it reached
its end of life, please check out the previous commit with
"git checkout HEAD^1".

5
Rakefile
View File

@ -1,5 +0,0 @@
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.send('disable_class_parameter_defaults')

31
files/RPM-GPG-KEY-EPEL-6
View File

@ -1,31 +0,0 @@
pub 4096R/0608B895 2010-04-23 EPEL (6) <epel@fedoraproject.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1
JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B
M9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn
XtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6
pQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV
QqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp
Xo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq
3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu
vBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar
1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g
YgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB
tCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS
KUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9
qO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT
9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP
Q4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS
WtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft
HpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF
p0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP
x1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8
wB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J
l/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG
iVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR
XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ==
=V/6I
-----END PGP PUBLIC KEY BLOCK-----

52
files/RPM-GPG-KEY-RDO-Grizzly
View File

@ -1,52 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFFkEmYBEAC8Us9tZ11HtpSlR2Kc2xInncsAD04+cKF9E63Sw42PPCvyEFZ6
88bVm2Gr+ZacM67B5BSopfhf0IUalZTHhR0QH98Rizbx04uJoU3CvMx41sOktCus
ncOz8dnJpAUAFycwIiFbG5lcH+i/DM6hyJ7S3FeEZfq6xbGNVb8qP30oWsqKIM+O
C642jFRI8rVFMHCSW3MnDATw0LO78TX+kod5N+F23Pm39BrhPvliKqgdwU3xWJ0u
SI4bUcIOgernFLPlZaOc6oT1PhCrmy44TpK57bBudaTgTr4GAix02aINKSzNkfiV
/ZjTkZZtYtlTKP5VZ7CbdBf40E/dw4TcwpB+RJrPfIwocMIU17u2wYPRioNK8uJg
4EJ0VGaor6k5LlG67qgWHRzBMs+W4kez7iz+LS7NdOypBy+QuxGIxSzXx3h/K65j
lhkDNnYSjQIWUC5Xf9LFJOdadL/vNPRS0e3pPAwtsW4YZk0li/YPbOSJl1grN2xm
XKzFXAQFkyCQ04MflCjVeA/yGJc3QVjbfvDFfCTIBfKWCnqr8u35rPMGulg1UiYa
kU8Vpw7mJP2u1aYYJ7nI7tNJSrGjwGsNjQnuFI6N1zIBbAzptrk0XYLegFq9Zo+w
oiwckRha7NmM4pUzopmpIIT/Hy/2mhW0UK90xHIHtvPu8Uin3QQkDbUXtwARAQAB
tCZyZG8tZ3JpenpseS1zaWduIDxyZG8taW5mb0ByZWRoYXQuY29tPokCOAQTAQIA
IgUCUWQSZgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQJapafdl7Mkfw
9BAAnXsnLwrxINkdahdyE5MQezbbiizukBm+mOD3wKxzeUbogeNvN9G0USrQcMzT
uwwzKIuzWk3JL+8g6gAhtLnVH/vX2LWGGtTEDo32UdyKwynXC+HAiqeavm03P4f/
tJQOjniqFLFCDWP2gpozr68cnanBH8nlsbFgThUX/cnY1Y13FpzXUHoDO4aMeKfZ
ADVpML5WSGM2dhgSZcVMC/i+RmiV/IKwLQqebu7KTRxUr8DkuozYUsWxYJjZLyBm
cDujbmtjqmqGA9PdYEJC/sgDcPljLdCjnLUKA6eCZvdwvhSHAxlBcGPlA+/czVlB
zWsGTRpNrHblXJvkWEPrWGB+WRCaYLlhrABo/pOKvb8x+erly+ylU8JuImC9BIKv
XPkIf/OgTSV9WOkFkly1vSMbViwGC9ZSgEdxGF0mFBV8OJ59OhAAj0q3Lfj7X9kw
T00fYY1L+R/f6xmXFBPYpwTZG4YlOi2YHdNv5b2qyMpgoobY84VcJw474Bbsvye8
aIsIstsazonSuPujIf1oM+wAkgDsgEZVxygih4NSMsIfzphqqoGmwqpZOcogO3DY
EN4T80tbwMt/lZLAl3hpw/YHy+YbFZfWeasZPKz8oltulyXKp0SY3nTBsC01n2a0
qQ16WkGPRzPYvMjQNTMz3EC6wVvZT3i7Dksa2FybdSsCAAy5Ag0EUWQSZgEQALY0
glQYVFxkDCxZz7Ws7zDdLr5ER7ixu3QBy3fISlXzOlMDluUQ1PhTpW2IqpUYkSpK
oK9iC3UAK6H5t7Bfar00CQy+kZj7Tijm85cHnNkXITXan3vgTWsWB7s6RRLTOqnY
g+arLnANGuPvgKe8EkvReAeC0v8lf878OJT1gn6lA2btr1X9KGhI4Glm6uSRuIW6
YLrpmTLpKCfpOeaArWrup7Byg1T/xh0sZtO9Vbf65kjkz3I34seLpCOaXnOSwL/G
dug1JJEsE6gOH631/pl+aRg3wDg0oVWQo/RsJ46fAwHV7H/yf4wE0EsVWaYjv4A/
XHd9dA9k23b7ltnnWWJn98zT48xrYnhxSZdcHwC/iwD6s3ejPvOofUcH1HUaSP3e
xc1pMjgLLwTqOwJYuhuI8xZhUKRMr/RXZYaMyRhIxLPdvjdM2BG07j3uZFnf6pXX
rIpS9QnEidHTRnWucm8kc4UKDRajLOQjlBYJeEAm39K50NG8cPq6e3QwWEgqejPV
kQLMOgxhrAxqI3BHhPt58UbsbgQrs1CZzp/rIZ9VCpHhCKw8BRE4x2QwheT3I0wb
ibgU6AFSybG2iozeLYTTvJMokhMIE16V18obEDnGo7jGb0LzB3AGrgAeMbzi6KkO
mNCo8wL71WfOC20yHH6bosomFAy2iLbGVT5IvQQXABEBAAGJAh8EGAECAAkFAlFk
EmYCGwwACgkQJapafdl7MkeoiRAAnQk6V1StyBFjXBC3Ht2MnaxNI+3s3UtwU9Iq
M5etsYHsDYa+b2YlmwpNgq4b8rVoRRT5iuDzX9q5z0+IrbrpUbxn0hCKQaynRBpt
IU4/XQsRrPpDTSLUO6djaVS1GIXaiciy6Nj8wQG+CMJykxgJVXEq3yDquRR3nRt6
vex8zRhTpKZsJ2XEHftDNLTdtZBllQH+xk2CxFZx2qi5jIGQnQ/l+8+b4W7qYbp7
YBkk08T4ARjNvnEu7Qa4gLXz6ZagKYSfVS9menYl6oP8DyJmT/HL+6ecGgm7upAz
c/IYhC3taHDTF/NAaFFBRPN8km1uk7yzYQoveNaweBSCaL+kklLAndk8tXUWy9pW
wukL6FDXyYFvYQtiMlNw2qM4ykHJEG0m3j978Z/TY0YYBRd8Gs6drsp6Fc7AF4Cm
KIYmXiAMbwTNoXZYUNcy0dAW5IHYf1JuAjnmYnXeMDqJiyEI3t6fun5B80bcOivZ
/dyLF+SX7HuX8NNdEZLOAN/GeajF1105a99b5vYC9s0T9ot7uzYNNS3HIDhcVNeK
UeDB5M/+s3i3Atsd5jNXCLLWoMdPqsoafgIJA21/1F1T3zZeNoN7oi7o2vmJXvEL
E0rZNux3BeaeROXGSS/Bpa1nkIK9ynh0xOv7s/DspegOmhy4R8qCnT3m78ULQ6Er
kHVKhYA=
=F6XX
-----END PGP PUBLIC KEY BLOCK-----

52
files/RPM-GPG-KEY-RDO-Havana
View File

@ -1,52 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFHvxL0BEADUX2nizL2nXQDR+c4msIcBdvXx67Q9MUXgPzaTWIB9EPxrnJVb
hrZva6JKKrt9djG3k7qeUdy7qwMT6OwZ5LswmcVKEQ91+sgO9GazUSmdZIb+e9ag
vmEnkPgeUCI7UlmNqpoPjfvn5msgcJGFGyLHoNGONs88Jo8TWkc145d+P2UJC6Kx
hNAHNIntE40eebA/mHW8NWySMQy9UPLYqw1TEawv5PTDGViaM08gEhvH1lEMOpD9
nIYTeYw9JCXSPqG7NcpvF3q2gzew3sw1dYuXkowOybSSTJCAPGhuaRMcBzTOFhLD
1NRzeBXOHYKg7lxVSDtdH0wljNleR4IzdH6R+vR5XEddmqqIAZJ/8I8T9fxq18De
hVLvSuRh+UcVehjjHucmLNskTzDE+8oC7WdI2SoTQaPfa0xVcYvM+zWZ4OSVqoiW
i4/fIwIArFiuUqu7E9trackxdtzEIjdJnWzjdlNSZ9S8wqyt0ncjgyTnCzcoFPvq
HTnRmIR3ldxxlTKEXdTw/v3TobN6Giu+Iqu4vFpyP8j/z/YJQJoDCnLX+6Dsj4Ko
JDHBfaCLVnHRUVdnowtd37qN13x+w5Bj/u7td9SRvsHyVYmM7WxlDFjTYvo685IZ
hhu5qyrvMReXciQfGNkwEGpRzniY3PKJFJy0jCjiAiT3pjhUC2XWkjHGaQARAQAB
tCVyZG8taGF2YW5hLXNpZ24gPHJkby1pbmZvQHJlZGhhdC5jb20+iQI4BBMBAgAi
BQJR78S9AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD6Fnt8K8fIAV5L
D/9T1ZWgP38an1pF2rzklTu09ET5e5B55/Jm2bBt1jLp55iF2R/N/G3EEZQM2UzQ
9u3NqY9JdEtdcGUuBP46+DhO6y5HpwvFug/s+ZL4QnlU//tLa8aJXCycyct3tE82
3tGv37ToAQYucrJkWKNyxOK6SPj/wCKv0sySJsCstRB4ygQWEB8Y7U48kfybAriS
4lwfAceoDLTui2JNfolKeiYfY1iZn4m7q5a2CC8ZhpuWW9W4myUEA7pwKnOJRNr1
JxF4eDo4SBlwG1eHH/Eg99QodzG49OerOZ4cLozTp9gz9kD70Ki7OXDS4vCsk4Xm
O0z243PK6WKVgmuWs9BYjyvojlvdHrr9UB4xBu9tVSdwJdnYKHunyN4F54IIby6b
+x2J5yTb36gSuQXywkLPuzQJ3qVtlyk1BMl9y8ZSAmiNtfUx2LzIPv558yogsky3
0onTSFYBlvieo51qbDNmyCsqoClZ9EmGVDjzZpRyJvG/kzISGHStlwrC5ZlDzt/9
dGfGh4AEOP0ISoCJHcUBfcoPQ0lZmIHUg50ZID1dcrttFdvKWP3mQ5PhjbJ2jm7u
THUSAXYNZRAS4p5NL55+7nVtT0Yu7+rWkgkIOEih5O4VCH56QOV4dfgJndXMzHRt
VTioriA/wrMLiyCw6RLP3iXfzyXch5mjAIeG+7YD8WnFvrkCDQRR78S9ARAAotGX
fwwB+o8bkPK2T2QfIsCg81oyfn5ka1VCeRX05ggQ+KscDWbYDSe/CndRSGoYnSAQ
1GvfDNRcoAB7ZLFU/plQxQEj2dmOAJ6fVvebi8ZP7wU4zOBEm5ijEGTsUGqqdye1
F0hn/aFomvbMVCrnpThSTTY31c1BRlP7vJFn+21MuohI+/WaDmXq+eM55UlgqksM
3iJrexQRyzGj7cwt3kpFITYOsog6r5AgURsKfyRUM0mk3I2bjvpEu94HBk35RJoS
SacesgmWIscFF52I4PyaXZIo0tz3M8O1lk8y1J7Nl16LfvjEk9nxf9isxc8XgJ+f
C7O1zTxV4nmZqbxphbOfNACfmdlcp9BXg0znvVTgarU5QEdIPb+yhF4ilZItqRIo
feXeb4JuAfZhZNSVeAmqMMydDGkJ2IGL3ahtP4baBTEgdB5xPhm9HQnqLEdoXZZi
1HvRpT8eBsbR6EfhITNosVHy6zqbe3BcGLaDMu3PJAhziIGwtFAXuFhCGnXTtJHm
4A/2VMhgM4Zpf6kVijQ6APJn7X4iq6qeVWTOh/h2HsXanvbv0b0zfKBRCV4tgTnw
S0CO1tO3LVWJSbE+qYc1ZDEqN+0pPc0dIeBAhoBP54KPyc3s/BJrs4YBKkR/cROn
y8S+utUnW4h8cZbWBpfCTDjVBZTQYFyAoHeFJkcAEQEAAYkCHwQYAQIACQUCUe/E
vQIbDAAKCRD6Fnt8K8fIAVlRD/9lgKWuoU1iUdKBg25fM7HTGUhiUzddT/0rFnjp
jOIjeCguc8yX3tekgO+hY6+xM/OOc2BfGSmVXg88u9+aG97KInP2nAPCnxYSWMaQ
Wo1I9066K7nRfZ7PNYB3/lhDkPy0E2ha79SUnWUjlGnswzsNtSt8GxRETAEAv5jo
m9Jbep62jxl3M+f8Z817452dwaUoNNSrfTUKP5FMO95gkHS7sWG2t7X+K5c9/vX5
GTv3SLQMbHivrRm0yCzFfQpQfAkYAZNahiLp/89RKwyySiQeDzeeqy581U7uLxwA
Uu/QXZH0k3RIZGI/JdOQ3Yk09wzh5SQeOcUs51Jk/O34wu+LrKwFvSgkP1Ld7hqB
j4A8LKn/tJDESOomPlljb8D/sfFb7K7g+sO8GY5Z8RiJKxQT8NXpw+st7QIa2XGV
5i2uhhbPVFaPly8bwtLstoaF84hokOSv4/cMfRbsUIQJMaxtcMwqf9H+eOas0uKh
D3gDZODEve5hYEabTFbVUrJ8N61qyVm3s1kbYBS4q1pM8pPzOnSqKsGnahHDpwhD
vXXbLsOsskZR629yTT/ZbPXMExPUnczhuGzEkCj2tDYF6n63nHSZmClPToXKxkPP
KIaHfraZoe+pO1XjRRSrT+Ax68FlnxoJqLBcuIWpzylnLpXldYqtVXFgXBy9bQ1A
WRhdyg==
=3A9V
-----END PGP PUBLIC KEY BLOCK-----

557
manifests/all.pp
View File

@ -1,557 +0,0 @@
#
# Class that performs a basic openstack all in one installation.
#
# === Parameters
#
# [public_interface] Public interface used to route public traffic. Required.
# [public_address] Public address for public endpoints. Required.
# [private_interface] Interface used for vm networking connectivity. Required.
# [internal_address] Internal address used for management. Required.
# [mysql_root_password] Root password for mysql server.
# [admin_email] Admin email.
# [admin_password] Admin password.
# [keystone_db_password] Keystone database password.
# [keystone_admin_token] Admin token for keystone.
# [keystone_bind_address] Address that keystone api service should bind to.
# Optional. Defaults to '0.0.0.0'.
# [glance_db_password] Glance DB password.
# [glance_user_password] Glance service user password.
# [nova_db_password] Nova DB password.
# [nova_user_password] Nova service password.
#
# [purge_nova_config]
# Whether unmanaged nova.conf entries should be purged.
# (optional) Defaults to false.
#
# [rabbit_password] Rabbit password.
# [rabbit_user] Rabbit User. Optional. Defaults to openstack.
# [rabbit_virtual_host] Rabbit virtual host path for Nova. Defaults to '/'.
# [network_manager] Nova network manager to use.
# [fixed_range] Range of ipv4 network for vms.
# [floating_range] Floating ip range to create.
# [create_networks] Rather network and floating ips should be created.
# [debug] (bool) Whether to log services at debug. Default to: false.
# [num_networks] Number of networks that fixed range should be split into.
# [multi_host] Rather node should support multi-host networking mode for HA.
# Optional. Defaults to false.
# [auto_assign_floating_ip] Rather configured to automatically allocate and
# assign a floating IP address to virtual instances when they are launched.
# Defaults to false.
# [network_config] Hash that can be used to pass implementation specifc
# network settings. Optioal. Defaults to {}
# [verbose] Whether to log services at verbose.
# Horizon related config - assumes puppetlabs-horizon code
# [secret_key] secret key to encode cookies
# [cache_server_ip] local memcached instance ip
# [cache_server_port] local memcached instance port
# [horizon] (bool) is horizon installed. Defaults to: true
# [neutron] (bool) is neutron installed
# [network_vlan_ranges] array of vlan_start:vlan_stop groups
# [bridge_mappings] array of physical_newtork:l2_start:l2end groups
# [bridge_uplinks] array of bridge_name:bridge_interface groups
# [tenant_network_type] vlan, gre, etc.
# The next is an array of arrays, that can be used to add call-out links to the dashboard for other apps.
# There is no specific requirement for these apps to be for monitoring, that's just the defacto purpose.
# Each app is defined in two parts, the display name, and the URI
# [metadata_shared_secret]
# Shared secret used by nova and neutron to authenticate metadata.
# (optional) Defaults to false.
#
# [firewall_driver]
# Driver used to implement firewall rules.
# (optional) Defaults to 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'.
#
# [neutron_auth_url]
# Url used to neutron to contact the authentication service.
# (optional) Default to http://127.0.0.1:35357/v2.0.
#
# [horizon_app_links] array as in '[ ["Nagios","http://nagios_addr:port/path"],["Ganglia","http://ganglia_addr"] ]'
# [enabled] Whether services should be enabled. This parameter can be used to
# implement services in active-passive modes for HA. Optional. Defaults to true.
#
# === Examples
#
# class { 'openstack::all':
# public_address => '192.168.0.3',
# public_interface => eth0,
# private_interface => eth1,
# internal_address => '192.168.1.3',
# mysql_root_password => 'changeme',
# allowed_hosts => ['127.0.0.%', '192.168.1.%'],
# admin_email => 'my_email@mw.com',
# admin_password => 'my_admin_password',
# keystone_db_password => 'changeme',
# keystone_admin_token => '12345',
# glance_db_password => 'changeme',
# glance_user_password => 'changeme',
# nova_db_password => 'changeme',
# nova_user_password => 'changeme',
# secret_key => 'dummy_secret_key',
# nova_user_password => 'changeme',
# nova_db_password => 'changeme',
# glance_user_password => 'changeme',
# glance_db_password => 'changeme',
# cinder_user_password => 'changeme',
# cinder_db_password => 'changeme',
# keystone_db_password => 'changeme',
# admin_password => 'changeme',
# rabbit_password => 'changeme',
# keystone_admin_token => 'changeme',
# neutron_user_password => 'changeme',
# neutron_db_password => 'changeme',
# secret_key => 'dummy_secret_key',
# bridge_interface => 'eth0',
# metadata_shared_secret => 'shared_md_secret',
# enable_ovs_agent => true,
# }
#
class openstack::all (
# Required Network
$public_address,
$public_interface,
$admin_email,
# required password
$admin_password,
$rabbit_password,
$keystone_db_password,
$keystone_admin_token,
$glance_db_password,
$glance_user_password,
$nova_db_password,
$nova_user_password,
$secret_key,
$mysql_root_password,
# cinder and neutron password are not required b/c they are
# optional. Not sure what to do about this.
$neutron_user_password = false,
$neutron_db_password = false,
$cinder_user_password = false,
$cinder_db_password = false,
# Database
$db_host = '127.0.0.1',
$db_type = 'mysql',
$mysql_account_security = true,
$mysql_bind_address = '0.0.0.0',
$allowed_hosts = '%',
$charset = 'latin1',
# Keystone
$keystone_host = '127.0.0.1',
$keystone_db_user = 'keystone',
$keystone_db_dbname = 'keystone',
$keystone_admin_tenant = 'admin',
$keystone_bind_address = '0.0.0.0',
$region = 'RegionOne',
# Glance
$glance_db_user = 'glance',
$glance_db_dbname = 'glance',
$glance_api_servers = undef,
$glance_backend = 'file',
# Glance Swift Backend
$swift_store_user = 'swift_store_user',
$swift_store_key = 'swift_store_key',
# Glance RBD Backend
$glance_rbd_user = 'images',
$glance_rbd_pool = 'images',
# Nova
$nova_admin_tenant_name = 'services',
$nova_admin_user = 'nova',
$nova_db_user = 'nova',
$nova_db_dbname = 'nova',
$purge_nova_config = false,
$libvirt_vif_driver = 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver',
$enabled_apis = 'ec2,osapi_compute,metadata',
$force_config_drive = false,
# Virtualization
$libvirt_type = 'kvm',
$migration_support = false,
# Nova Networking
$private_interface = false,
$internal_address = false,
$admin_address = false,
$network_manager = 'nova.network.manager.FlatDHCPManager',
$fixed_range = '10.0.0.0/24',
$floating_range = false,
$create_networks = true,
$num_networks = 1,
$multi_host = false,
$auto_assign_floating_ip = false,
$network_config = {},
# Rabbit
$rabbit_host = '127.0.0.1',
$rabbit_user = 'openstack',
$rabbit_virtual_host = '/',
# Horizon
$horizon = true,
$cache_server_ip = '127.0.0.1',
$cache_server_port = '11211',
$horizon_app_links = undef,
# VNC
$vnc_enabled = true,
$vncproxy_host = false,
$vncserver_listen = false,
# cinder
# if the cinder management components should be installed
$cinder = true,
$cinder_db_user = 'cinder',
$cinder_db_dbname = 'cinder',
$cinder_bind_address = '0.0.0.0',
$manage_volumes = true,
$setup_test_volume = false,
$volume_group = 'cinder-volumes',
$iscsi_ip_address = '127.0.0.1',
$cinder_volume_driver = 'iscsi',
$cinder_rbd_user = 'volumes',
$cinder_rbd_pool = 'volumes',
$cinder_rbd_secret_uuid = false,
# Neutron
$neutron = true,
$bridge_interface = undef,
$external_bridge_name = 'br-ex',
$enable_ovs_agent = true,
$enable_dhcp_agent = true,
$enable_l3_agent = true,
$enable_metadata_agent = true,
$metadata_shared_secret = false,
$firewall_driver = 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
$neutron_db_user = 'neutron',
$neutron_db_name = 'neutron',
$neutron_auth_url = 'http://127.0.0.1:35357/v2.0',
$enable_neutron_server = true,
$ovs_enable_tunneling = true,
$ovs_local_ip = false,
$network_vlan_ranges = undef,
$bridge_mappings = undef,
$bridge_uplinks = undef,
$tenant_network_type = 'gre',
# General
$debug = false,
$verbose = false,
$enabled = true
) {
if $ovs_local_ip {
$ovs_local_ip_real = $ovs_local_ip
} else {
$ovs_local_ip_real = $internal_address
}
if $internal_address {
$internal_address_real = $internal_address
} else {
$internal_address_real = $public_address
}
if $admin_address {
$admin_address_real = $admin_address
} else {
$admin_address_real = $internal_address_real
}
if $vncproxy_host {
$vncproxy_host_real = $vncproxy_host
} else {
$vncproxy_host_real = $public_address
}
if $vncserver_listen {
$vncserver_listen_real = $vncserver_listen
} else {
$vncserver_listen_real = $internal_address_real
}
if $glance_api_servers {
$glance_api_servers_real = $glance_api_servers
} else {
$glance_api_servers_real = "${internal_address_real}:9292"
}
# Ensure things are run in order
Class['openstack::db::mysql'] -> Class['openstack::keystone']
Class['openstack::db::mysql'] -> Class['openstack::glance']
Class['openstack::db::mysql'] -> Class['openstack::nova::controller']
####### DATABASE SETUP ######
# set up mysql server
if ($db_type == 'mysql') {
if ($enabled) {
Class['glance::db::mysql'] -> Class['glance::registry']
}
class { 'openstack::db::mysql':
mysql_root_password => $mysql_root_password,
mysql_bind_address => $mysql_bind_address,
mysql_account_security => $mysql_account_security,
keystone_db_user => $keystone_db_user,
keystone_db_password => $keystone_db_password,
keystone_db_dbname => $keystone_db_dbname,
glance_db_user => $glance_db_user,
glance_db_password => $glance_db_password,
glance_db_dbname => $glance_db_dbname,
nova_db_user => $nova_db_user,
nova_db_password => $nova_db_password,
nova_db_dbname => $nova_db_dbname,
cinder => $cinder,
cinder_db_user => $cinder_db_user,
cinder_db_password => $cinder_db_password,
cinder_db_dbname => $cinder_db_dbname,
neutron => $neutron,
neutron_db_user => $neutron_db_user,
neutron_db_password => $neutron_db_password,
neutron_db_dbname => $neutron_db_name,
allowed_hosts => $allowed_hosts,
charset => $charset,
enabled => $enabled,
}
} else {
fail("Unsupported db : ${db_type}")
}
####### KEYSTONE ###########
class { 'openstack::keystone':
verbose => $verbose,
db_type => $db_type,
db_host => $db_host,
db_password => $keystone_db_password,
db_name => $keystone_db_dbname,
db_user => $keystone_db_user,
debug => $debug,
admin_token => $keystone_admin_token,
admin_tenant => $keystone_admin_tenant,
admin_email => $admin_email,
admin_password => $admin_password,
public_address => $public_address,
internal_address => $internal_address_real,
admin_address => $admin_address_real,
region => $region,
glance_user_password => $glance_user_password,
nova_user_password => $nova_user_password,
cinder => $cinder,
cinder_user_password => $cinder_user_password,
neutron => $neutron,
neutron_user_password => $neutron_user_password,
enabled => $enabled,
bind_host => $keystone_bind_address,
}
######## BEGIN GLANCE ##########
class { 'openstack::glance':
verbose => $verbose,
db_type => $db_type,
db_host => $db_host,
debug => $debug,
keystone_host => $keystone_host,
db_user => $glance_db_user,
db_name => $glance_db_dbname,
db_password => $glance_db_password,
user_password => $glance_user_password,
backend => $glance_backend,
swift_store_user => $swift_store_user,
swift_store_key => $swift_store_key,
rbd_store_user => $glance_rbd_user,
rbd_store_pool => $glance_rbd_pool,
enabled => $enabled,
}
######## BEGIN NOVA ###########
#
# indicates that all nova config entries that we did
# not specifify in Puppet should be purged from file
#
if ($purge_nova_config) {
resources { 'nova_config':
purge => true,
}
}
# Install / configure nova-compute
class { '::nova::compute':
enabled => $enabled,
vnc_enabled => $vnc_enabled,
vncserver_proxyclient_address => $internal_address_real,
vncproxy_host => $vncproxy_host_real,
force_config_drive => $force_config_drive
}
# Configure libvirt for nova-compute
class { 'nova::compute::libvirt':
libvirt_type => $libvirt_type,
vncserver_listen => $vncserver_listen_real,
migration_support => $migration_support,
}
class { 'openstack::nova::controller':
# Database
db_host => $db_host,
# Network
network_manager => $network_manager,
network_config => $network_config,
floating_range => $floating_range,
fixed_range => $fixed_range,
public_address => $public_address,
admin_address => $admin_address,
internal_address => $internal_address_real,
auto_assign_floating_ip => $auto_assign_floating_ip,
create_networks => $create_networks,
num_networks => $num_networks,
multi_host => $multi_host,
public_interface => $public_interface,
private_interface => $private_interface,
# Neutron
neutron => $neutron,
neutron_user_password => $neutron_user_password,
metadata_shared_secret => $metadata_shared_secret,
# Nova
nova_admin_tenant_name => $nova_admin_tenant_name,
nova_admin_user => $nova_admin_user,
nova_user_password => $nova_user_password,
nova_db_password => $nova_db_password,
nova_db_user => $nova_db_user,
nova_db_dbname => $nova_db_dbname,
enabled_apis => $enabled_apis,
# Rabbit
rabbit_user => $rabbit_user,
rabbit_password => $rabbit_password,
rabbit_virtual_host => $rabbit_virtual_host,
# Glance
glance_api_servers => $glance_api_servers_real,
# VNC
vnc_enabled => $vnc_enabled,
vncproxy_host => $vncproxy_host_real,
# General
debug => $debug,
verbose => $verbose,
enabled => $enabled,
}
######### Neutron Controller Services ########
if ($neutron) {
if ! $neutron_user_password {
fail('neutron_user_password must be set when configuring neutron')
}
if ! $neutron_db_password {
fail('neutron_db_password must be set when configuring neutron')
}
if ! $bridge_interface {
fail('bridge_interface must be set when configuring neutron')
}
if ! $bridge_mappings {
$bridge_mappings_real = ["default:${external_bridge_name}"]
} else {
$bridge_mappings_real = $bridge_mappings
}
if ! $bridge_uplinks {
$bridge_uplinks_real = ["${external_bridge_name}:${bridge_interface}"]
} else {
$bridge_uplinks_real = $bridge_uplinks
}
class { 'openstack::neutron':
debug => $debug,
# Database
db_host => $db_host,
# Rabbit
rabbit_host => $rabbit_host,
rabbit_user => $rabbit_user,
rabbit_password => $rabbit_password,
rabbit_virtual_host => $rabbit_virtual_host,
# Neutron OVS
ovs_enable_tunneling => $ovs_enable_tunneling,
ovs_local_ip => $ovs_local_ip_real,
bridge_uplinks => $bridge_uplinks_real,
bridge_mappings => $bridge_mappings_real,
enable_ovs_agent => $enable_ovs_agent,
firewall_driver => $firewall_driver,
tenant_network_type => $tenant_network_type,
network_vlan_ranges => $network_vlan_ranges,
# Database
db_name => $neutron_db_name,
db_user => $neutron_db_user,
db_password => $neutron_db_password,
# Neutron agents
enable_dhcp_agent => $enable_dhcp_agent,
enable_l3_agent => $enable_l3_agent,
enable_metadata_agent => $enable_metadata_agent,
auth_url => $neutron_auth_url,
user_password => $neutron_user_password,
shared_secret => $metadata_shared_secret,
# Keystone
keystone_host => $keystone_host,
# General
enabled => $enabled,
enable_server => $enable_neutron_server,
verbose => $verbose,
}
class { 'nova::compute::neutron':
libvirt_vif_driver => $libvirt_vif_driver,
}
} else {
if ! $fixed_range {
fail('Must specify the fixed range when using nova-networks')
}
if $multi_host {
include keystone::python
nova_config {
'DEFAULT/send_arp_for_ha': value => true;
}
} else {
nova_config {
'DEFAULT/send_arp_for_ha': value => false;
}
}
}
######### Cinder Controller Services ########
if ($cinder) {
if ! $cinder_db_password {
fail('Must set cinder db password when setting up a cinder controller')
}
if ! $cinder_user_password {
fail('Must set cinder user password when setting up a cinder controller')
}
class { 'openstack::cinder::all':
bind_host => $cinder_bind_address,
debug => $debug,
keystone_auth_host => $keystone_host,
keystone_password => $cinder_user_password,
rabbit_userid => $rabbit_user,
rabbit_password => $rabbit_password,
rabbit_host => $rabbit_host,
db_password => $cinder_db_password,
db_dbname => $cinder_db_dbname,
db_user => $cinder_db_user,
db_type => $db_type,
db_host => $db_host,
iscsi_ip_address => $iscsi_ip_address,
volume_driver => $cinder_volume_driver,
rbd_user => $cinder_rbd_user,
rbd_pool => $cinder_rbd_pool,
rbd_secret_uuid => $cinder_rbd_secret_uuid,
setup_test_volume => $setup_test_volume,
manage_volumes => $manage_volumes,
volume_group => $volume_group,
verbose => $verbose
}
# set in nova::api
if ! defined(Nova_config['DEFAULT/volume_api_class']) {
nova_config { 'DEFAULT/volume_api_class': value => 'nova.volume.cinder.API' }
}
}
######## Horizon ########
if ($horizon) {
class { 'openstack::horizon':
secret_key => $secret_key,
cache_server_ip => $cache_server_ip,
cache_server_port => $cache_server_port,
horizon_app_links => $horizon_app_links,
}
}
}

58
manifests/auth_file.pp
View File

@ -1,58 +0,0 @@
# == Class: openstack::auth_file
#
# Creates an auth file that can be used to export
# environment variables that can be used to authenticate
# against a keystone server.
#
# === Parameters
#
# [*admin_password*]
# (required) Admin password.
# [*controller_node*]
# (optional) Keystone address. Defaults to '127.0.0.1'.
# [*keystone_admin_token*]
# (optional) Admin token.
# NOTE: This setting will trigger a warning from keystone.
# Authentication credentials will be ignored by keystone client
# in favor of token authentication. Defaults to undef.
# [*admin_user*]
# (optional) Defaults to 'admin'.
# [*admin_tenant*]
# (optional) Defaults to 'openstack'.
# [*region_name*]
# (optional) Defaults to 'RegionOne'.
# [*use_no_cache*]
# (optional) Do not use the auth token cache. Defaults to true.
# [*cinder_endpoint_type*]
# (optional) Defaults to 'publicURL'.
# [*glance_endpoint_type*]
# (optional) Defaults to 'publicURL'.
# [*keystone_endpoint_type*]
# (optional) Defaults to 'publicURL'.
# [*nova_endpoint_type*]
# (optional) Defaults to 'publicURL'.
# [*neutron_endpoint_type*]
# (optional) Defaults to 'publicURL'.
#
class openstack::auth_file(
$admin_password,
$controller_node = '127.0.0.1',
$keystone_admin_token = undef,
$admin_user = 'admin',
$admin_tenant = 'openstack',
$region_name = 'RegionOne',
$use_no_cache = true,
$cinder_endpoint_type = 'publicURL',
$glance_endpoint_type = 'publicURL',
$keystone_endpoint_type = 'publicURL',
$nova_endpoint_type = 'publicURL',
$neutron_endpoint_type = 'publicURL',
) {
file { '/root/openrc':
owner => 'root',
group => 'root',
mode => '0700',
content => template("${module_name}/openrc.erb")
}
}

121
manifests/cinder/all.pp
View File

@ -1,121 +0,0 @@
class openstack::cinder::all(
$rabbit_password,
$keystone_password,
$db_password,
$rpc_backend = 'cinder.openstack.common.rpc.impl_kombu',
$keystone_tenant = 'services',
$keystone_enabled = true,
$keystone_user = 'cinder',
$keystone_auth_host = 'localhost',
$keystone_auth_port = '35357',
$keystone_auth_protocol = 'http',
$keystone_service_port = '5000',
$rabbit_userid = 'openstack',
$rabbit_host = '127.0.0.1',
$rabbit_hosts = undef,
$rabbit_port = '5672',
$rabbit_virtual_host = '/',
$glance_api_servers = '127.0.0.1:9292',
# Database. Currently mysql is the only option.
$db_type = 'mysql',
$db_user = 'cinder',
$db_host = '127.0.0.1',
$db_dbname = 'cinder',
$sql_idle_timeout = '3600',
$package_ensure = present,
$bind_host = '0.0.0.0',
$api_paste_config = '/etc/cinder/api-paste.ini',
$scheduler_driver = 'cinder.scheduler.simple.SimpleScheduler',
$enabled = true,
$volume_group = 'cinder-volumes',
$volume_driver = 'iscsi',
$iscsi_ip_address = '127.0.0.1',
$rbd_user = 'volumes',
$rbd_pool = 'volumes',
$rbd_secret_uuid = false,
$setup_test_volume = false,
$manage_volumes = true,
$use_syslog = false,
$log_facility = 'LOG_USER',
$debug = false,
$verbose = false
) {
####### DATABASE SETUP ######
# set up mysql server
if ($db_type == 'mysql') {
$sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_dbname}?charset=utf8"
} else {
fail("Unsupported db_type ${db_type}")
}
class {'::cinder':
sql_connection => $sql_connection,
sql_idle_timeout => $sql_idle_timeout,
rpc_backend => $rpc_backend,
rabbit_userid => $rabbit_userid,
rabbit_password => $rabbit_password,
rabbit_host => $rabbit_host,
rabbit_port => $rabbit_port,
rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host,
package_ensure => $package_ensure,
api_paste_config => $api_paste_config,
use_syslog => $use_syslog,
log_facility => $log_facility,
debug => $debug,
verbose => $verbose,
}
class {'::cinder::api':
keystone_password => $keystone_password,
keystone_enabled => $keystone_enabled,
keystone_user => $keystone_user,
keystone_auth_host => $keystone_auth_host,
keystone_auth_port => $keystone_auth_port,
keystone_auth_protocol => $keystone_auth_protocol,
service_port => $keystone_service_port,
package_ensure => $package_ensure,
bind_host => $bind_host,
enabled => $enabled,
}
class {'::cinder::scheduler':
scheduler_driver => $scheduler_driver,
package_ensure => $package_ensure,
enabled => $enabled,
}
if $manage_volumes {
class {'::cinder::volume':
package_ensure => $package_ensure,
enabled => $enabled,
}
if $volume_driver {
if $volume_driver == 'iscsi' {
class { 'cinder::volume::iscsi':
iscsi_ip_address => $iscsi_ip_address,
volume_group => $volume_group,
}
if $setup_test_volume {
class {'::cinder::setup_test_volume':
volume_name => $volume_group,
}
}
} elsif $volume_driver == 'rbd' {
class { 'cinder::volume::rbd':
rbd_pool => $rbd_pool,
rbd_user => $rbd_user,
rbd_secret_uuid => $rbd_secret_uuid,
}
} else {
warning("Unsupported volume driver: ${volume_driver}, make sure you are configuring this yourself")
}
}
}
class { '::cinder::glance':
glance_api_servers => $glance_api_servers
}
}

87
manifests/cinder/controller.pp
View File

@ -1,87 +0,0 @@
class openstack::cinder::controller(
$rabbit_password,
$keystone_password,
$db_password,
$rpc_backend = 'cinder.openstack.common.rpc.impl_kombu',
$keystone_tenant = 'services',
$keystone_enabled = true,
$keystone_user = 'cinder',
$keystone_auth_host = 'localhost',
$keystone_auth_port = '35357',
$keystone_auth_protocol = 'http',
$keystone_service_port = '5000',
$rabbit_userid = 'guest',
$rabbit_host = '127.0.0.1',
$rabbit_hosts = false,
$rabbit_port = '5672',
$rabbit_virtual_host = '/',
$glance_api_servers = '127.0.0.1:9292',
# Database. Currently mysql is the only option.
$db_type = 'mysql',
$db_user = 'cinder',
$db_host = '127.0.0.1',
$db_dbname = 'cinder',
$sql_idle_timeout = '3600',
$package_ensure = present,
$api_package_ensure = present,
$scheduler_package_ensure = present,
$bind_host = '0.0.0.0',
$api_paste_config = '/etc/cinder/api-paste.ini',
$scheduler_driver = 'cinder.scheduler.simple.SimpleScheduler',
$api_enabled = true,
$scheduler_enabled = true,
$use_syslog = false,
$log_facility = 'LOG_USER',
$debug = false,
$verbose = false
) {
####### DATABASE SETUP ######
# set up mysql server
if ($db_type == 'mysql') {
$sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_dbname}?charset=utf8"
} else {
fail("Unsupported db_type ${db_type}")
}
class {'::cinder':
sql_connection => $sql_connection,
sql_idle_timeout => $sql_idle_timeout,
rpc_backend => $rpc_backend,
rabbit_userid => $rabbit_userid,
rabbit_password => $rabbit_password,
rabbit_host => $rabbit_host,
rabbit_port => $rabbit_port,
rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host,
package_ensure => $package_ensure,
api_paste_config => $api_paste_config,
use_syslog => $use_syslog,
log_facility => $log_facility,
debug => $debug,
verbose => $verbose,
}
class {'::cinder::api':
keystone_password => $keystone_password,
keystone_enabled => $keystone_enabled,
keystone_user => $keystone_user,
keystone_auth_host => $keystone_auth_host,
keystone_auth_port => $keystone_auth_port,
keystone_auth_protocol => $keystone_auth_protocol,
service_port => $keystone_service_port,
package_ensure => $api_package_ensure,
bind_host => $bind_host,
enabled => $api_enabled,
}
class {'::cinder::scheduler':
scheduler_driver => $scheduler_driver,
package_ensure => $scheduler_package_ensure,
enabled => $scheduler_enabled,
}
class { '::cinder::glance':
glance_api_servers => $glance_api_servers
}
}

78
manifests/cinder/storage.pp
View File

@ -1,78 +0,0 @@
class openstack::cinder::storage(
$sql_connection,
$rabbit_password,
$rabbit_userid = 'guest',
$rabbit_host = '127.0.0.1',
$rabbit_hosts = false,
$rabbit_port = '5672',
$rabbit_virtual_host = '/',
$glance_api_servers = '127.0.0.1:9292',
$package_ensure = 'present',
$api_paste_config = '/etc/cinder/api-paste.ini',
$volume_package_ensure = 'present',
$volume_group = 'cinder-volumes',
$enabled = true,
$rbd_user = 'volumes',
$rbd_pool = 'volumes',
$rbd_secret_uuid = false,
$volume_driver = 'iscsi',
$iscsi_ip_address = '127.0.0.1',
$setup_test_volume = false,
$use_syslog = false,
$log_facility = 'LOG_USER',
$debug = false,
$verbose = false
) {
class {'::cinder':
sql_connection => $sql_connection,
rabbit_userid => $rabbit_userid,
rabbit_password => $rabbit_password,
rabbit_host => $rabbit_host,
rabbit_port => $rabbit_port,
rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host,
package_ensure => $package_ensure,
api_paste_config => $api_paste_config,
use_syslog => $use_syslog,
log_facility => $log_facility,
debug => $debug,
verbose => $verbose,
}
class { '::cinder::volume':
package_ensure => $volume_package_ensure,
enabled => $enabled,
}
case $volume_driver {
'iscsi': {
class { 'cinder::volume::iscsi':
iscsi_ip_address => $iscsi_ip_address,
volume_group => $volume_group,
}
if $setup_test_volume {
class {'::cinder::setup_test_volume':
volume_name => $volume_group,
}
}
}
'rbd': {
class { 'cinder::volume::rbd':
rbd_user => $rbd_user,
rbd_pool => $rbd_pool,
rbd_secret_uuid => $rbd_secret_uuid,
}
}
default: {
warning("Unsupported volume driver: ${volume_driver}, make sure you are configuring this yourself")
}
}
class { '::cinder::glance':
glance_api_servers => $glance_api_servers
}
}

57
manifests/client.pp
View File

@ -1,57 +0,0 @@
#
# Installs only the OpenStack client libraries
#
# === Parameters
#
# [ceilometer]
# (optional) Install the Ceilometer client package
#
# [cinder]
# (optional) Install the Cinder client package
#
# [glance]
# (optional) Install the Glance client package
#
# [keystone]
# (optional) Install the Keystone client package
#
# [nova]
# (optional) Install the Nova client package
#
# [neutron]
# (optional) Install the Neutron client package
#
class openstack::client (
$ceilometer = true,
$cinder = true,
$glance = true,
$keystone = true,
$nova = true,
$neutron = true
) {
if $ceilometer {
include ceilometer::client
}
if $cinder {
include cinder::client
}
if $glance {
include glance::client
}
if $keystone {
include keystone::client
}
if $nova {
include nova::client
}
if $neutron {
include neutron::client
}
}

306
manifests/compute.pp
View File

@ -1,306 +0,0 @@
#
# == Class: openstack::compute
#
# Manifest to install/configure nova-compute
#
# [purge_nova_config]
# Whether unmanaged nova.conf entries should be purged.
# (optional) Defaults to false.
#
# [neutron_firewall_driver]
# Driver used to implement Neutron firewalling.
# (optional) Defaults to false.
#
# [ovs_enable_tunneling]
# Enable/disable the Neutron OVS GRE tunneling networking mode.
# Optional. Defaults to true.
#
# [rabbit_hosts] An array of IP addresses or Virttual IP address for connecting to a RabbitMQ Cluster.
# Optional. Defaults to false.
#
# [use_syslog]
# Use syslog for logging.
# (Optional) Defaults to false.
#
# [log_facility]
# Syslog facility to receive log lines.
# (Optional) Defaults to LOG_USER.
#
# === Examples
#
# class { 'openstack::compute':
# internal_address => '192.168.2.2',
# vncproxy_host => '192.168.1.1',
# nova_user_password => 'changeme',
# }
class openstack::compute (
# Required Network
$internal_address,
# Required Nova
$nova_user_password,
# Required Rabbit
$rabbit_password,
# DB
$nova_db_password,
$db_host = '127.0.0.1',
# Nova Database
$nova_db_user = 'nova',
$nova_db_name = 'nova',
# Network
$public_interface = undef,
$private_interface = undef,
$fixed_range = undef,
$network_manager = 'nova.network.manager.FlatDHCPManager',
$network_config = {},
$multi_host = false,
$enabled_apis = 'ec2,osapi_compute,metadata',
# Neutron
$neutron = true,
$neutron_user_password = false,
$neutron_admin_tenant_name = 'services',
$neutron_admin_user = 'neutron',
$enable_ovs_agent = true,
$enable_l3_agent = false,
$enable_dhcp_agent = false,
$neutron_auth_url = 'http://127.0.0.1:35357/v2.0',
$keystone_host = '127.0.0.1',
$neutron_host = '127.0.0.1',
$ovs_enable_tunneling = true,
$ovs_local_ip = false,
$neutron_firewall_driver = false,
$bridge_mappings = undef,
$bridge_uplinks = undef,
$security_group_api = 'neutron',
# Nova
$nova_admin_tenant_name = 'services',
$nova_admin_user = 'nova',
$purge_nova_config = false,
$libvirt_vif_driver = 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver',
# Rabbit
$rabbit_host = '127.0.0.1',
$rabbit_hosts = false,
$rabbit_user = 'openstack',
$rabbit_virtual_host = '/',
# Glance
$glance_api_servers = false,
# Virtualization
$libvirt_type = 'kvm',
# VNC
$vnc_enabled = true,
$vncproxy_host = undef,
$vncserver_listen = false,
# cinder / volumes
$manage_volumes = true,
$cinder_volume_driver = 'iscsi',
$cinder_db_password = false,
$cinder_db_user = 'cinder',
$cinder_db_name = 'cinder',
$volume_group = 'cinder-volumes',
$iscsi_ip_address = '127.0.0.1',
$setup_test_volume = false,
$cinder_rbd_user = 'volumes',
$cinder_rbd_pool = 'volumes',
$cinder_rbd_secret_uuid = false,
# General
$migration_support = false,
$verbose = false,
$force_config_drive = false,
$use_syslog = false,
$log_facility = 'LOG_USER',
$enabled = true
) {
if $ovs_local_ip {
$ovs_local_ip_real = $ovs_local_ip
} else {
$ovs_local_ip_real = $internal_address
}
if $vncserver_listen {
$vncserver_listen_real = $vncserver_listen
} else {
$vncserver_listen_real = $internal_address
}
#
# indicates that all nova config entries that we did
# not specifify in Puppet should be purged from file
#
if ! defined( Resources[nova_config] ) {
if ($purge_nova_config) {
resources { 'nova_config':
purge => true,
}
}
}
$nova_sql_connection = "mysql://${nova_db_user}:${nova_db_password}@${db_host}/${nova_db_name}"
class { 'nova':
sql_connection => $nova_sql_connection,
rabbit_userid => $rabbit_user,
rabbit_password => $rabbit_password,
image_service => 'nova.image.glance.GlanceImageService',
glance_api_servers => $glance_api_servers,
verbose => $verbose,
rabbit_host => $rabbit_host,
rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host,
use_syslog => $use_syslog,
log_facility => $log_facility,
}
# Install / configure nova-compute
class { '::nova::compute':
enabled => $enabled,
vnc_enabled => $vnc_enabled,
vncserver_proxyclient_address => $internal_address,
vncproxy_host => $vncproxy_host,
force_config_drive => $force_config_drive,
}
# Configure libvirt for nova-compute
class { 'nova::compute::libvirt':
libvirt_type => $libvirt_type,
vncserver_listen => $vncserver_listen_real,
migration_support => $migration_support,
}
# if the compute node should be configured as a multi-host
# compute installation
if ! $neutron {
if ! $fixed_range {
fail('Must specify the fixed range when using nova-networks')
}
if $multi_host {
include keystone::python
nova_config {
'DEFAULT/multi_host': value => true;
'DEFAULT/send_arp_for_ha': value => true;
}
if ! $public_interface {
fail('public_interface must be defined for multi host compute nodes')
}
$enable_network_service = true
class { 'nova::api':
enabled => true,
admin_tenant_name => $nova_admin_tenant_name,
admin_user => $nova_admin_user,
admin_password => $nova_user_password,
enabled_apis => $enabled_apis,
}
} else {
$enable_network_service = false
nova_config {
'DEFAULT/multi_host': value => false;
'DEFAULT/send_arp_for_ha': value => false;
}
}
class { 'nova::network':
private_interface => $private_interface,
public_interface => $public_interface,
fixed_range => $fixed_range,
floating_range => false,
network_manager => $network_manager,
config_overrides => $network_config,
create_networks => false,
enabled => $enable_network_service,
install_service => $enable_network_service,
}
} else {
if ! $neutron_user_password {
fail('neutron_user_password must be set when neutron is configured')
}
if ! $keystone_host {
fail('keystone_host must be configured when neutron is installed')
}
class { 'openstack::neutron':
# Database
db_host => $db_host,
# Networking
ovs_local_ip => $ovs_local_ip_real,
# Rabbit
rabbit_host => $rabbit_host,
rabbit_hosts => $rabbit_hosts,
rabbit_user => $rabbit_user,
rabbit_password => $rabbit_password,
# Neutron OVS
enable_ovs_agent => $enable_ovs_agent,
ovs_enable_tunneling => $ovs_enable_tunneling,
firewall_driver => $neutron_firewall_driver,
# Neutron L3 Agent
enable_l3_agent => $enable_l3_agent,
enable_dhcp_agent => $enable_dhcp_agent,
auth_url => $neutron_auth_url,
user_password => $neutron_user_password,
# Keystone
keystone_host => $keystone_host,
# General
enabled => $enabled,
enable_server => false,
verbose => $verbose,
bridge_mappings => $bridge_mappings,
bridge_uplinks => $bridge_uplinks,
use_syslog => $use_syslog,
log_facility => $log_facility,
}
class { 'nova::compute::neutron':
libvirt_vif_driver => $libvirt_vif_driver,
}
# Configures nova.conf entries applicable to Neutron.
class { 'nova::network::neutron':
neutron_admin_password => $neutron_user_password,
neutron_auth_strategy => 'keystone',
neutron_url => "http://${neutron_host}:9696",
neutron_admin_username => $neutron_admin_user,
neutron_admin_tenant_name => $neutron_admin_tenant_name,
neutron_admin_auth_url => "http://${keystone_host}:35357/v2.0",
security_group_api => $security_group_api
}
}
if $manage_volumes {
if ! $cinder_db_password {
fail('cinder_db_password must be set when cinder is being configured')
}
$cinder_sql_connection = "mysql://${cinder_db_user}:${cinder_db_password}@${db_host}/${cinder_db_name}"
class { 'openstack::cinder::storage':
sql_connection => $cinder_sql_connection,
rabbit_password => $rabbit_password,
rabbit_userid => $rabbit_user,
rabbit_host => $rabbit_host,
rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host,
volume_group => $volume_group,
iscsi_ip_address => $iscsi_ip_address,
enabled => $enabled,
verbose => $verbose,
setup_test_volume => $setup_test_volume,
rbd_user => $cinder_rbd_user,
rbd_pool => $cinder_rbd_pool,
rbd_secret_uuid => $cinder_rbd_secret_uuid,
volume_driver => $cinder_volume_driver,
use_syslog => $use_syslog,
log_facility => $log_facility,
}
# set in nova::api
if ! defined(Nova_config['DEFAULT/volume_api_class']) {
nova_config { 'DEFAULT/volume_api_class': value => 'nova.volume.cinder.API' }
}
}
}

619
manifests/controller.pp
View File

@ -1,619 +0,0 @@
#
# This can be used to build out the simplest openstack controller
#
# === Parameters
#
# [public_interface] Public interface used to route public traffic. Required.
# [public_address] Public address for public endpoints. Required.
# [public_protocol] Protocol used by public endpoints. Defaults to 'http'
# [token_format] Format keystone uses for tokens. Optional. Defaults to PKI.
# Supports PKI and UUID.
# [private_interface] Interface used for vm networking connectivity. Required.
# [internal_address] Internal address used for management. Required.
# [mysql_root_password] Root password for mysql server.
# [sql_idle_timeout] Timeout for sql to reap connections.
# (Optional) Defaults to undef.
# [admin_email] Admin email.
# [admin_password] Admin password.
# [keystone_db_password] Keystone database password.
# [keystone_admin_token] Admin token for keystone.
# [keystone_bind_address] Address that keystone api service should bind to.
# Optional. Defaults to '0.0.0.0'.
# [keystone_token_driver] Driver to use for managing tokens.
# Optional. Defaults to 'keystone.token.backends.sql.Token'
# [glance_registry_host] Address used by Glance API to find the Glance Registry service.
# Optional. Defaults to '0.0.0.0'.
# [glance_db_password] Glance DB password.
# [glance_user_password] Glance service user password.
# [nova_db_password] Nova DB password.
# [nova_user_password] Nova service password.
# [nova_memcached_servers] (array) List of memcached servers for use with nova.
# (optional) Defaults to false. Values should be hostname:port format.
#
# [purge_nova_config]
# Whether unmanaged nova.conf entries should be purged.
# (optional) Defaults to false.
#
# [nova_bind_address]
# IP address to use for binding Nova API's.
# (optional) Defualts to '0.0.0.0'.
#
# [rabbit_password] Rabbit password.
# [rabbit_user] Rabbit User. Optional. Defaults to openstack.
# [rabbit_host] IP address to connect to the RabbitMQ Broker. Optional. Defaults to '127.0.0.1'.
# [rabbit_hosts] An array of IP addresses or Virttual IP address for connecting to a RabbitMQ Cluster.
# Optional. Defaults to false.
# [rabbit_cluster_nodes] An array of Rabbit Broker IP addresses within the Cluster.
# Optional. Defaults to false.
# [rabbit_virtual_host] Rabbit virtual host path for Nova. Defaults to '/'.
# [network_manager] Nova network manager to use.
# [fixed_range] Range of ipv4 network for vms.
# [floating_range] Floating ip range to create.
# [create_networks] Rather network and floating ips should be created.
# [num_networks] Number of networks that fixed range should be split into.
# [multi_host] Rather node should support multi-host networking mode for HA.
# Optional. Defaults to false.
# [auto_assign_floating_ip] Rather configured to automatically allocate and
# assign a floating IP address to virtual instances when they are launched.
# Defaults to false.
# [network_config] Hash that can be used to pass implementation specifc
# network settings. Optioal. Defaults to {}
# [debug] Whether to log services at debug.
# [verbose] Whether to log services at verbose.
# Horizon related config - assumes puppetlabs-horizon code
# [secret_key] secret key to encode cookies,
# [cache_server_ip] local memcached instance ip
# [cache_server_port] local memcached instance port
# [horizon] (bool) is horizon installed. Defaults to: true
# [neutron] (bool) is neutron installed
# The next is an array of arrays, that can be used to add call-out links to the dashboard for other apps.
# There is no specific requirement for these apps to be for monitoring, that's just the defacto purpose.
# Each app is defined in two parts, the display name, and the URI
#
# [ovs_enable_tunneling]
# Enable/disable the Neutron OVS GRE tunneling networking mode.
# Optional. Defaults to true.
#
# [metadata_shared_secret]
# Shared secret used by nova and neutron to authenticate metadata.
# (optional) Defaults to false.
#
# [physical_network]
# Unique name of the physical network used by the Neutron OVS Agent.
# All physical networks listed are available for flat and VLAN
# provider network creation.
#
# [tenant_network_type]
# Type of network to allocate for tenant networks
# Optional. Defualts to 'gre'.
#
# [network_vlan_ranges]
# Comma-separated list of <physical_network>[:<vlan_min>:<vlan_max>]
# tuples enumerating ranges of VLAN IDs on named physical networks
# that are available for allocation. Only applicable when tenant_network_type
# parameter is set to 'vlan'.
# Optional. Defaults to 'physnet1:
#
# [firewall_driver]
# Driver used to implement firewall rules.
# (optional) Defaults to 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'.
#
# [neutron_auth_url]
# Url used to neutron to contact the authentication service.
# (optional) Default to http://127.0.0.1:35357/v2.0.
#
# [horizon_app_links] array as in '[ ["Nagios","http://nagios_addr:port/path"],["Ganglia","http://ganglia_addr"] ]'
# [enabled] Whether services should be enabled. This parameter can be used to
# implement services in active-passive modes for HA. Optional. Defaults to true.
# [swift]
# Whether or not to configure keystone for swift authorization.
# (Optional). Defaults to false.
#
# [swift_user_password]
# Auth password for swift.
# (Optional) Defaults to false. Required if swift is set to true.
#
# [swift_public_address]
# The swift public endpoint address used to populate the keystone service catalog.
# (optional). Defaults to false.
#
# [swift_internal_address]
# The swift internal endpoint address used to populate the keystone service catalog.
# (optional). Defaults to false.
#
# [swift_admin_address]
# The swift admin endpoint address used to populate the keystone service catalog.
# (optional). Defaults to false.
#
# [use_syslog]
# Use syslog for logging.
# (Optional) Defaults to false.
#
# [log_facility]
# Syslog facility to receive log lines.
# (Optional) Defaults to LOG_USER.
#
# === Examples
#
# class { 'openstack::controller':
# public_address => '192.168.0.3',
# mysql_root_password => 'changeme',
# allowed_hosts => ['127.0.0.%', '192.168.1.%'],
# admin_email => 'my_email@mw.com',
# admin_password => 'my_admin_password',
# keystone_db_password => 'changeme',
# keystone_admin_token => '12345',
# glance_db_password => 'changeme',
# glance_user_password => 'changeme',
# nova_db_password => 'changeme',
# nova_user_password => 'changeme',
# secret_key => 'dummy_secret_key',
# }
#
class openstack::controller (
# Required Network
$public_address,
$admin_email,
# required password
$admin_password,
$rabbit_password,
$keystone_db_password,
$keystone_admin_token,
$glance_db_password,
$glance_user_password,
$nova_db_password,
$nova_user_password,
$nova_memcached_servers = false,
$secret_key,
$mysql_root_password,
# cinder and neutron password are not required b/c they are
# optional. Not sure what to do about this.
$neutron_user_password = false,
$neutron_db_password = false,
$neutron_core_plugin = undef,
$cinder_user_password = false,
$cinder_db_password = false,
$swift_user_password = false,
# Database
$db_host = '127.0.0.1',
$db_type = 'mysql',
$mysql_account_security = true,
$mysql_bind_address = '0.0.0.0',
$sql_idle_timeout = undef,
$allowed_hosts = '%',
$mysql_ssl = false,
$mysql_ca = undef,
$mysql_cert = undef,
$mysql_key = undef,
# Keystone
$keystone_host = '127.0.0.1',
$keystone_db_user = 'keystone',
$keystone_db_dbname = 'keystone',
$keystone_admin_tenant = 'admin',
$keystone_bind_address = '0.0.0.0',
$region = 'RegionOne',
$public_protocol = 'http',
$keystone_token_driver = 'keystone.token.backends.sql.Token',
$token_format = 'PKI',
# Glance
$glance_registry_host = '0.0.0.0',
$glance_db_user = 'glance',
$glance_db_dbname = 'glance',
$glance_api_servers = undef,
$glance_backend = 'file',
$glance_rbd_store_user = undef,
$glance_rbd_store_pool = undef,
# Glance Swift Backend
$swift_store_user = 'swift_store_user',
$swift_store_key = 'swift_store_key',
# Nova
$nova_admin_tenant_name = 'services',
$nova_admin_user = 'nova',
$nova_db_user = 'nova',
$nova_db_dbname = 'nova',
$purge_nova_config = false,
$enabled_apis = 'ec2,osapi_compute,metadata',
$nova_bind_address = '0.0.0.0',
# Nova Networking
$public_interface = false,
$private_interface = false,
$internal_address = false,
$admin_address = false,
$network_manager = 'nova.network.manager.FlatDHCPManager',
$fixed_range = '10.0.0.0/24',
$floating_range = false,
$create_networks = true,
$num_networks = 1,
$multi_host = false,
$auto_assign_floating_ip = false,
$network_config = {},
# Rabbit
$rabbit_host = '127.0.0.1',
$rabbit_hosts = false,
$rabbit_cluster_nodes = false,
$rabbit_user = 'openstack',
$rabbit_virtual_host = '/',
# Horizon
$horizon = true,
$cache_server_ip = '127.0.0.1',
$cache_server_port = '11211',
$horizon_app_links = undef,
# VNC
$vnc_enabled = true,
$vncproxy_host = false,
# General
$debug = false,
$verbose = false,
# cinder
# if the cinder management components should be installed
$cinder = true,
$cinder_db_user = 'cinder',
$cinder_db_dbname = 'cinder',
$cinder_bind_address = '0.0.0.0',
$manage_volumes = false,
$volume_group = 'cinder-volumes',
$setup_test_volume = false,
$iscsi_ip_address = '127.0.0.1',
# Neutron
$neutron = true,
$physical_network = 'default',
$tenant_network_type = 'gre',
$ovs_enable_tunneling = true,
$allow_overlapping_ips = false,
$ovs_local_ip = false,
$network_vlan_ranges = undef,
$bridge_interface = undef,
$external_bridge_name = 'br-ex',
$bridge_uplinks = undef,
$bridge_mappings = undef,
$enable_ovs_agent = true,
$enable_dhcp_agent = true,
$enable_l3_agent = true,
$enable_metadata_agent = true,
$metadata_shared_secret = false,
$firewall_driver = 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
$neutron_db_user = 'neutron',
$neutron_db_name = 'neutron',
$neutron_auth_url = 'http://127.0.0.1:35357/v2.0',
$enable_neutron_server = true,
$security_group_api = 'neutron',
# swift
$swift = false,
$swift_public_address = false,
$swift_internal_address = false,
$swift_admin_address = false,
# Syslog
$use_syslog = false,
$log_facility = 'LOG_USER',
$enabled = true
) {
if $ovs_local_ip {
$ovs_local_ip_real = $ovs_local_ip
} else {
$ovs_local_ip_real = $internal_address
}
if $internal_address {
$internal_address_real = $internal_address
} else {
$internal_address_real = $public_address
}
if $admin_address {
$admin_address_real = $admin_address
} else {
$admin_address_real = $internal_address_real
}
if $vncproxy_host {
$vncproxy_host_real = $vncproxy_host
} else {
$vncproxy_host_real = $public_address
}
# Ensure things are run in order
Class['openstack::db::mysql'] -> Class['openstack::keystone']
Class['openstack::db::mysql'] -> Class['openstack::glance']
Class['openstack::db::mysql'] -> Class['openstack::nova::controller']
####### DATABASE SETUP ######
# set up mysql server
if ($db_type == 'mysql') {
if ($enabled) {
Class['glance::db::mysql'] -> Class['glance::registry']
}
class { 'openstack::db::mysql':
mysql_root_password => $mysql_root_password,
mysql_bind_address => $mysql_bind_address,
mysql_account_security => $mysql_account_security,
mysql_ssl => $mysql_ssl,
mysql_ca => $mysql_ca,
mysql_cert => $mysql_cert,
mysql_key => $mysql_key,
keystone_db_user => $keystone_db_user,
keystone_db_password => $keystone_db_password,
keystone_db_dbname => $keystone_db_dbname,
glance_db_user => $glance_db_user,
glance_db_password => $glance_db_password,
glance_db_dbname => $glance_db_dbname,
nova_db_user => $nova_db_user,
nova_db_password => $nova_db_password,
nova_db_dbname => $nova_db_dbname,
cinder => $cinder,
cinder_db_user => $cinder_db_user,
cinder_db_password => $cinder_db_password,
cinder_db_dbname => $cinder_db_dbname,
neutron => $neutron,
neutron_db_user => $neutron_db_user,
neutron_db_password => $neutron_db_password,
neutron_db_dbname => $neutron_db_name,
allowed_hosts => $allowed_hosts,
enabled => $enabled,
}
} else {
fail("Unsupported db : ${db_type}")
}
####### KEYSTONE ###########
class { 'openstack::keystone':
debug => $debug,
verbose => $verbose,
db_type => $db_type,
db_host => $db_host,
db_password => $keystone_db_password,
db_name => $keystone_db_dbname,
db_user => $keystone_db_user,
db_ssl => $mysql_ssl,
db_ssl_ca => $mysql_ca,
idle_timeout => $sql_idle_timeout,
admin_token => $keystone_admin_token,
admin_tenant => $keystone_admin_tenant,
admin_email => $admin_email,
admin_password => $admin_password,
token_driver => $keystone_token_driver,
public_address => $public_address,
public_protocol => $public_protocol,
token_format => $token_format,
internal_address => $internal_address_real,
admin_address => $admin_address_real,
region => $region,
glance_user_password => $glance_user_password,
glance_internal_address => $internal_address_real,
glance_admin_address => $admin_address_real,
nova_user_password => $nova_user_password,
nova_internal_address => $internal_address_real,
nova_admin_address => $admin_address_real,
cinder => $cinder,
cinder_user_password => $cinder_user_password,
cinder_internal_address => $internal_address_real,
cinder_admin_address => $admin_address_real,
neutron => $neutron,
neutron_user_password => $neutron_user_password,
neutron_internal_address => $internal_address_real,
neutron_admin_address => $admin_address_real,
swift => $swift,
swift_user_password => $swift_user_password,
swift_public_address => $swift_public_address,
swift_internal_address => $swift_internal_address,
swift_admin_address => $swift_admin_address,
enabled => $enabled,
bind_host => $keystone_bind_address,
use_syslog => $use_syslog,
log_facility => $log_facility,
}
######## BEGIN GLANCE ##########
class { 'openstack::glance':
debug => $debug,
verbose => $verbose,
db_type => $db_type,
db_host => $db_host,
db_ssl => $mysql_ssl,
db_ssl_ca => $mysql_ca,
sql_idle_timeout => $sql_idle_timeout,
keystone_host => $keystone_host,
registry_host => $glance_registry_host,
db_user => $glance_db_user,
db_name => $glance_db_dbname,
db_password => $glance_db_password,
user_password => $glance_user_password,
backend => $glance_backend,
swift_store_user => $swift_store_user,
swift_store_key => $swift_store_key,
rbd_store_user => $glance_rbd_store_user,
rbd_store_pool => $glance_rbd_store_pool,
use_syslog => $use_syslog,
log_facility => $log_facility,
enabled => $enabled,
}
######## BEGIN NOVA ###########
#
# indicates that all nova config entries that we did
# not specifify in Puppet should be purged from file
#
if ($purge_nova_config) {
resources { 'nova_config':
purge => true,
}
}
class { 'openstack::nova::controller':
# Database
db_host => $db_host,
sql_idle_timeout => $sql_idle_timeout,
# Network
network_manager => $network_manager,
network_config => $network_config,
floating_range => $floating_range,
fixed_range => $fixed_range,
public_address => $public_address,
admin_address => $admin_address,
internal_address => $internal_address_real,
auto_assign_floating_ip => $auto_assign_floating_ip,
create_networks => $create_networks,
num_networks => $num_networks,
multi_host => $multi_host,
public_interface => $public_interface,
private_interface => $private_interface,
# Neutron
neutron => $neutron,
neutron_user_password => $neutron_user_password,
metadata_shared_secret => $metadata_shared_secret,
security_group_api => $security_group_api,
# Nova
nova_admin_tenant_name => $nova_admin_tenant_name,
nova_admin_user => $nova_admin_user,
nova_user_password => $nova_user_password,
nova_db_password => $nova_db_password,
nova_db_user => $nova_db_user,
nova_db_dbname => $nova_db_dbname,
memcached_servers => $nova_memcached_servers,
enabled_apis => $enabled_apis,
api_bind_address => $nova_bind_address,
# Rabbit
rabbit_user => $rabbit_user,
rabbit_password => $rabbit_password,
rabbit_hosts => $rabbit_hosts,
rabbit_cluster_nodes => $rabbit_cluster_nodes,
rabbit_virtual_host => $rabbit_virtual_host,
# Glance
glance_api_servers => $glance_api_servers,
# Keystone
keystone_host => $keystone_host,
# VNC
vnc_enabled => $vnc_enabled,
vncproxy_host => $vncproxy_host_real,
# Syslog
use_syslog => $use_syslog,
log_facility => $log_facility,
# General
debug => $debug,
verbose => $verbose,
enabled => $enabled,
}
######### Neutron Controller Services ########
if ($neutron) {
if ! $neutron_user_password {
fail('neutron_user_password must be set when configuring neutron')
}
if ! $neutron_db_password {
fail('neutron_db_password must be set when configuring neutron')
}
if $enable_ovs_agent {
if ! $bridge_interface {
fail('bridge_interface must be set when configuring neutron')
}
if ! $bridge_uplinks {
$bridge_uplinks_real = ["${external_bridge_name}:${bridge_interface}"]
} else {
$bridge_uplinks_real = $bridge_uplinks
}
if ! $bridge_mappings {
$bridge_mappings_real = ["${physical_network}:${external_bridge_name}"]
} else {
$bridge_mappings_real = $bridge_mappings
}
}
class { 'openstack::neutron':
# Database
db_host => $db_host,
sql_idle_timeout => $sql_idle_timeout,
# Rabbit
rabbit_host => $rabbit_host,
rabbit_user => $rabbit_user,
rabbit_password => $rabbit_password,
rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host,
# Neutron OVS
tenant_network_type => $tenant_network_type,
network_vlan_ranges => $network_vlan_ranges,
ovs_enable_tunneling => $ovs_enable_tunneling,
allow_overlapping_ips => $allow_overlapping_ips,
ovs_local_ip => $ovs_local_ip_real,
bridge_uplinks => $bridge_uplinks_real,
bridge_mappings => $bridge_mappings_real,
enable_ovs_agent => $enable_ovs_agent,
firewall_driver => $firewall_driver,
# Database
db_name => $neutron_db_name,
db_user => $neutron_db_user,
db_password => $neutron_db_password,
# Plugin
core_plugin => $neutron_core_plugin,
# Neutron agents
enable_dhcp_agent => $enable_dhcp_agent,
enable_l3_agent => $enable_l3_agent,
enable_metadata_agent => $enable_metadata_agent,
auth_url => $neutron_auth_url,
user_password => $neutron_user_password,
shared_secret => $metadata_shared_secret,
# Keystone
keystone_host => $keystone_host,
# Syslog
use_syslog => $use_syslog,
log_facility => $log_facility,
# General
enabled => $enabled,
enable_server => $enable_neutron_server,
debug => $debug,
verbose => $verbose,
}
}
######### Cinder Controller Services ########
if ($cinder) {
if ! $cinder_db_password {
fail('Must set cinder db password when setting up a cinder controller')
}
if ! $cinder_user_password {
fail('Must set cinder user password when setting up a cinder controller')
}
class { 'openstack::cinder::all':
bind_host => $cinder_bind_address,
sql_idle_timeout => $sql_idle_timeout,
keystone_auth_host => $keystone_host,
keystone_password => $cinder_user_password,
rabbit_userid => $rabbit_user,
rabbit_password => $rabbit_password,
rabbit_host => $rabbit_host,
rabbit_hosts => $rabbit_hosts,
db_password => $cinder_db_password,
db_dbname => $cinder_db_dbname,
db_user => $cinder_db_user,
db_type => $db_type,
db_host => $db_host,
manage_volumes => $manage_volumes,
volume_group => $volume_group,
setup_test_volume => $setup_test_volume,
iscsi_ip_address => $iscsi_ip_address,
use_syslog => $use_syslog,
log_facility => $log_facility,
enabled => $enabled,
debug => $debug,
verbose => $verbose
}
}
######## Horizon ########
if ($horizon) {
class { 'openstack::horizon':
secret_key => $secret_key,
cache_server_ip => $cache_server_ip,
cache_server_port => $cache_server_port,
horizon_app_links => $horizon_app_links,
keystone_host => $keystone_host,
}
}
}

179
manifests/db/mysql.pp
View File

@ -1,179 +0,0 @@
#
# === Class: openstack::db::mysql
#
# Create MySQL databases for all components of
# OpenStack that require a database
#
# === Parameters
#
# [mysql_root_password] Root password for mysql. Required.
# [keystone_db_password] Password for keystone database. Required.
# [glance_db_password] Password for glance database. Required.
# [nova_db_password] Password for nova database. Required.
# [cinder_db_password] Password for cinder database. Required.
# [neutron_db_password] Password for neutron database. Required.
# [ceilometer_db_password] Password for ceilometer database. Required.
# [mysql_bind_address] Address that mysql will bind to. Optional .Defaults to '0.0.0.0'.
# [mysql_account_security] If a secure mysql db should be setup. Optional .Defaults to true.
# [mysql_ssl] Enable SSL in the mysql server. Default is false.
# [mysql_ca] The path to the CA certificate in PEM format.
# [mysql_cert] The path to the server certificate in PEM format.
# [mysql_key] The path to the server private key in PEM format, unencrypted.
# [keystone_db_user] DB user for keystone. Optional. Defaults to 'keystone'.
# [keystone_db_dbname] DB name for keystone. Optional. Defaults to 'keystone'.
# [glance_db_user] DB user for glance. Optional. Defaults to 'glance'.
# [glance_db_dbname]. Name of glance DB. Optional. Defaults to 'glance'.
# [nova_db_user]. Name of nova DB user. Optional. Defaults to 'nova'.
# [nova_db_dbname]. Name of nova DB. Optional. Defaults to 'nova'.
# [cinder]. Whether create cinder db. Optional. Defaults to 'true'.
# [cinder_db_user]. Name of cinder DB user. Optional. Defaults to 'cinder'.
# [cinder_db_dbname]. Name of cinder DB. Optional. Defaults to 'cinder'.
# [neutron]. Whether create neutron db. Optional. Defaults to 'true'.
# [neutron_db_user]. Name of neutron DB user. Optional. Defaults to 'neutron'.
# [neutron_db_dbname]. Name of neutron DB. Optional. Defaults to 'neutron'.
# [ceilometer]. Whether create ceilometer db. Optional. Defaults to 'true'.
# [ceilometer_db_user]. Name of ceilometer DB user. Optional. Defaults to 'ceilometer'.
# [ceilometer_db_dbname]. Name of ceilometer DB. Optional. Defaults to 'ceilometer'.
# [allowed_hosts] List of hosts that are allowed access. Optional. Defaults to false.
# [charset] Name of mysql charset. Optional. Defaults to 'latin1'.
# [enabled] If the db service should be started. Optional. Defaults to true.
#
# === Example
#
# class { 'openstack::db::mysql':
# mysql_root_password => 'changeme',
# keystone_db_password => 'changeme',
# glance_db_password => 'changeme',
# nova_db_password => 'changeme',
# cinder_db_password => 'changeme',
# neutron_db_password => 'changeme',
# allowed_hosts => ['127.0.0.1', '10.0.0.%'],
# }
class openstack::db::mysql (
# Required MySQL
# passwords
$mysql_root_password,
$keystone_db_password,
$glance_db_password,
$nova_db_password,
$cinder_db_password,
$neutron_db_password,
#TODO(yuxcer) b/c ceilometer codes has not been merged in
# openstack::all and some other class which use openstack::db::mysql,
# so if not set default value, it will lead spec test fail.
# This default value should be removed as soon as related
# ceilometer code has been added.
$ceilometer_db_password = false,
# MySQL
$mysql_bind_address = '0.0.0.0',
$mysql_account_security = true,
$mysql_ssl = false,
$mysql_ca = undef,
$mysql_cert = undef,
$mysql_key = undef,
# Keystone
$keystone_db_user = 'keystone',
$keystone_db_dbname = 'keystone',
# Glance
$glance_db_user = 'glance',
$glance_db_dbname = 'glance',
# Nova
$nova_db_user = 'nova',
$nova_db_dbname = 'nova',
# Cinder
$cinder = true,
$cinder_db_user = 'cinder',
$cinder_db_dbname = 'cinder',
# Neutron
$neutron = true,
$neutron_db_user = 'neutron',
$neutron_db_dbname = 'neutron',
# Ceilometer
$ceilometer = false,
$ceilometer_db_user = 'ceilometer',
$ceilometer_db_dbname = 'ceilometer',
# General
$allowed_hosts = false,
$charset = 'latin1',
$enabled = true
) {
# Install and configure MySQL Server
class { 'mysql::server':
config_hash => {
'root_password' => $mysql_root_password,
'bind_address' => $mysql_bind_address,
'ssl' => $mysql_ssl,
'ssl_ca' => $mysql_ca,
'ssl_cert' => $mysql_cert,
'ssl_key' => $mysql_key,
},
enabled => $enabled,
}
# This removes default users and guest access
if $mysql_account_security {
class { 'mysql::server::account_security': }
}
if ($enabled) {
# Create the Keystone db
class { 'keystone::db::mysql':
user => $keystone_db_user,
password => $keystone_db_password,
dbname => $keystone_db_dbname,
allowed_hosts => $allowed_hosts,
charset => $charset,
}
# Create the Glance db
class { 'glance::db::mysql':
user => $glance_db_user,
password => $glance_db_password,
dbname => $glance_db_dbname,
allowed_hosts => $allowed_hosts,
charset => $charset,
}
# Create the Nova db
class { 'nova::db::mysql':
user => $nova_db_user,
password => $nova_db_password,
dbname => $nova_db_dbname,
allowed_hosts => $allowed_hosts,
charset => $charset,
}
# create cinder db
if ($cinder) {
class { 'cinder::db::mysql':
user => $cinder_db_user,
password => $cinder_db_password,
dbname => $cinder_db_dbname,
allowed_hosts => $allowed_hosts,
charset => $charset,
}
}
# create neutron db
if ($neutron) {
class { 'neutron::db::mysql':
user => $neutron_db_user,
password => $neutron_db_password,
dbname => $neutron_db_dbname,
allowed_hosts => $allowed_hosts,
charset => $charset,
}
}
if ($ceilometer) {
class { 'ceilometer::db::mysql':
user => $ceilometer_db_user,
password => $ceilometer_db_password,
dbname => $ceilometer_db_dbname,
allowed_hosts => $allowed_hosts,
charset => $charset,
}
}
}
}

151
manifests/glance.pp
View File

@ -1,151 +0,0 @@
#
# == Class: openstack::glance
#
# Installs and configures Glance
# Assumes the following:
# - Keystone for authentication
# - keystone tenant: services
# - keystone username: glance
# - storage backend: file (default) or Swift
#
# === Parameters
#
# [user_password] Password for glance auth user. Required.
# [db_password] Password for glance DB. Required.
# [db_host] Host where DB resides. Required.
# [keystone_host] Host whre keystone is running. Optional. Defaults to '127.0.0.1'
# [sql_idle_timeout] Timeout for SQL to reap connections. Optional. Defaults to '3600'
# [registry_host] Address used by API to find the Registry service. Optional. Defaults to '0.0.0.0'
# [bind_host] Address for binding API and Registry services. Optional. Defaults to '0.0.0.0'
# [db_type] Type of sql databse to use. Optional. Defaults to 'mysql'
# [db_ssl] Boolean whether to use SSL for database. Defaults to false.
# [db_ssl_ca] If db_ssl is true, this is used in the connection to define the CA. Default undef.
# [db_user] Name of glance DB user. Optional. Defaults to 'glance'
# [db_name] Name of glance DB. Optional. Defaults to 'glance'
# [backend] Backends used to store images. Defaults to file.
# [rbd_store_user] The RBD store user name.
# [rbd_store_pool] The RBD pool name to store images.
# [swift_store_user] The Swift service user account. Defaults to false.
# [swift_store_key] The Swift service user password Defaults to false.
# [swift_store_auth_addres] The URL where the Swift auth service lives. Defaults to "http://${keystone_host}:5000/v2.0/"
# [verbose] Log verbosely. Optional. Defaults to false.
# [debug] Log at a debug-level. Optional. Defaults to false.
# [use_syslog] Use syslog for logging. Optional. Defaults to false.
# [syslog_facility] Syslog facility to receive log lines. Optional. Defaults to LOG_USER.
# [enabled] Used to indicate if the service should be active (true) or passive (false).
# Optional. Defaults to true
#
# === Example
#
# class { 'openstack::glance':
# user_password => 'changeme',
# db_password => 'changeme',
# db_host => '127.0.0.1',
# }
class openstack::glance (
$user_password,
$db_password,
$db_host = '127.0.0.1',
$keystone_host = '127.0.0.1',
$sql_idle_timeout = '3600',
$registry_host = '0.0.0.0',
$bind_host = '0.0.0.0',
$db_type = 'mysql',
$db_ssl = false,
$db_ssl_ca = undef,
$db_user = 'glance',
$db_name = 'glance',
$backend = 'file',
$swift_store_user = false,
$swift_store_key = false,
$swift_store_auth_address = 'http://127.0.0.1:5000/v2.0/',
$rbd_store_user = undef,
$rbd_store_pool = 'images',
$verbose = false,
$debug = false,
$use_syslog = false,
$log_facility = 'LOG_USER',
$enabled = true
) {
# Configure the db string
case $db_type {
'mysql': {
if $db_ssl == true {
$sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?ssl_ca=${db_ssl_ca}"
} else {
$sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}"
}
}
default: {
fail("db_type ${db_type} is not supported")
}
}
# Install and configure glance-api
class { 'glance::api':
verbose => $verbose,
debug => $debug,
registry_host => $registry_host,
bind_host => $bind_host,
auth_type => 'keystone',
auth_port => '35357',
auth_host => $keystone_host,
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => $user_password,
sql_connection => $sql_connection,
sql_idle_timeout => $sql_idle_timeout,
use_syslog => $use_syslog,
log_facility => $log_facility,
enabled => $enabled,
}
# Install and configure glance-registry
class { 'glance::registry':
verbose => $verbose,
debug => $debug,
bind_host => $bind_host,
auth_host => $keystone_host,
auth_port => '35357',
auth_type => 'keystone',
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => $user_password,
sql_connection => $sql_connection,
sql_idle_timeout => $sql_idle_timeout,
use_syslog => $use_syslog,
log_facility => $log_facility,
enabled => $enabled,
}
# Configure file storage backend
if($backend == 'swift') {
if ! $swift_store_user {
fail('swift_store_user must be set when configuring swift as the glance backend')
}
if ! $swift_store_key {
fail('swift_store_key must be set when configuring swift as the glance backend')
}
class { 'glance::backend::swift':
swift_store_user => $swift_store_user,
swift_store_key => $swift_store_key,
swift_store_auth_address => $swift_store_auth_address,
swift_store_create_container_on_put => true,
}
} elsif($backend == 'file') {
# Configure file storage backend
class { 'glance::backend::file': }
} elsif($backend == 'rbd') {
class { 'glance::backend::rbd':
rbd_store_user => $rbd_store_user,
rbd_store_pool => $rbd_store_pool,
}
} else {
fail("Unsupported backend ${backend}")
}
}

110
manifests/horizon.pp
View File

@ -1,110 +0,0 @@
#
# == Class: openstack::horizon
#
# Class to install / configure horizon.
# Will eventually include apache and ssl.
#
# NOTE: Will the inclusion of memcache be an issue?
# Such as if the server already has memcache installed?
# -jtopjian
#
# === Parameters
#
# [*secret_key*]
# (required) A secret key for a particular Django installation. This is used to provide cryptographic signing,
# and should be set to a unique, unpredictable value.
#
# [*configure_memcached*]
# (optional) Enable/disable the use of memcached with Horizon.
# Defaults to true.
#
# [*memcached_listen_ip*]
# (optional) The IP address for binding memcached.
# Defaults to undef.
#
# [*cache_server_ip*]
# (optional) Ip address where the memcache server is listening.
# Defaults to '127.0.0.1'.
#
# [*cache_server_port*]
# (optional) Port that memcache server listens on.
# Defaults to '11211'.
#
# [*horizon_app_links*]
# (optional) External Monitoring links.
# Defaults to undef.
#
# [*keystone_host*]
# (optional) Address of keystone host.
# Defaults to '127.0.0.1'.
#
# [*keystone_scheme*]
# (optional) Protocol for keystone. Accepts http or https.
# Defaults to http.
#
# [*keystone_default_role*]
# (Optional) Default role for keystone authentication.
# Defaults to '_member_'.
#
# [*django_debug*]
# (Optional) Sets Django debug level.
# Defaults to false.
#
# [*api_result_limit*]
# (Optional) Maximum results to show on a page before pagination kicks in.
# Defaults to 1000.
#
# === Examples
#
# class { 'openstack::horizon':
# secret_key => 'dummy_secret_key',
# }
#
class openstack::horizon (
$secret_key,
$configure_memcached = true,
$memcached_listen_ip = undef,
$cache_server_ip = '127.0.0.1',
$cache_server_port = '11211',
$horizon_app_links = undef,
$keystone_host = '127.0.0.1',
$keystone_scheme = 'http',
$keystone_default_role = '_member_',
$django_debug = 'False',
$api_result_limit = 1000
) {
if $configure_memcached {
if $memcached_listen_ip {
$cache_server_ip_real = $memcached_listen_ip
} else {
warning('The cache_server_ip parameter is deprecated. Use memcached_listen_ip instead.')
$cache_server_ip_real = $cache_server_ip
}
class { 'memcached':
listen_ip => $cache_server_ip_real,
tcp_port => $cache_server_port,
udp_port => $cache_server_port,
}
}
class { '::horizon':
cache_server_ip => $cache_server_ip,
cache_server_port => $cache_server_port,
secret_key => $secret_key,
horizon_app_links => $horizon_app_links,
keystone_host => $keystone_host,
keystone_scheme => $keystone_scheme,
keystone_default_role => $keystone_default_role,
django_debug => $django_debug,
api_result_limit => $api_result_limit,
}
if str2bool($::selinux) {
selboolean{'httpd_can_network_connect':
value => on,
persistent => true,
}
}
}

431
manifests/keystone.pp
View File

@ -1,431 +0,0 @@
#
# == Class: openstack::keystone
#
# Installs and configures Keystone
#
# === Parameters
#
# [db_host] Host where DB resides. Optional. Defaults to 127.0.0.1..
# [idle_timeout] Timeout to reap SQL connections. Optional. Defaults to '200'.
# [db_password] Password for keystone DB. Required.
# [admin_token]. Auth token for keystone admin. Required.
# [admin_email] Email address of system admin. Required.
# [admin_password] Auth password for admin user. Required.
# [glance_user_password] Auth password for glance user. Required.
# [nova_user_password] Auth password for nova user. Required.
# [public_address] Public address where keystone can be accessed. Required.
# [public_protocol] Public protocol over which keystone can be accessed. Defaults to 'http'
# [token_format] Format keystone uses for tokens. Optional. Defaults to PKI.
# Supports PKI and UUID.
# [db_type] Type of DB used. Currently only supports mysql. Optional. Defaults to 'mysql'
# [db_ssl] Boolean whether to use SSL for database. Defaults to false.
# [db_ssl_ca] If db_ssl is true, this is used in the connection to define the CA. Default undef.
# [db_user] Name of keystone db user. Optional. Defaults to 'keystone'
# [db_name] Name of keystone DB. Optional. Defaults to 'keystone'
# [admin_tenant] Name of keystone admin tenant. Optional. Defaults to 'admin'
# [verbose] Log verbosely. Optional. Defaults to false.
# [debug] Log at a debug-level. Optional. Defaults to false.
# [token_driver] Driver to use for managing tokens.
# Optional. Defaults to 'keystone.token.backends.sql.Token'
# [bind_host] Address that keystone binds to. Optional. Defaults to '0.0.0.0'
# [internal_address] Internal address for keystone. Optional. Defaults to $public_address
# [admin_address] Keystone admin address. Optional. Defaults to $internal_address
# [glance] Set up glance endpoints and auth. Optional. Defaults to true
# [nova] Set up nova endpoints and auth. Optional. Defaults to true
# [swift] Set up swift endpoints and auth. Optional. Defaults to false
# [swift_user_password]
# Auth password for swift.
# (Optional) Defaults to false.
# [use_syslog] Use syslog for logging. Defaults to false.
# [log_facility] Syslog facility to receive log lines. Defaults to LOG_USER.
# [enabled] If the service is active (true) or passive (false).
# Optional. Defaults to true
#
# === Example
#
# class { 'openstack::keystone':
# db_host => '127.0.0.1',
# db_password => 'changeme',
# admin_token => '12345',
# admin_email => 'root@localhost',
# admin_password => 'changeme',
# glance_user_password => 'glance',
# nova_user_password => 'nova',
# cinder_user_password => 'cinder',
# neutron_user_password => 'neutron',
# public_address => '192.168.1.1',
# }
class openstack::keystone (
$db_password,
$admin_token,
$admin_email,
$admin_password,
$public_address,
$public_protocol = 'http',
$token_format = 'PKI',
$db_host = '127.0.0.1',
$idle_timeout = '200',
$db_type = 'mysql',
$db_user = 'keystone',
$db_name = 'keystone',
$db_ssl = false,
$db_ssl_ca = undef,
$admin_tenant = 'admin',
$verbose = false,
$debug = false,
$bind_host = '0.0.0.0',
$region = 'RegionOne',
$token_driver = 'keystone.token.backends.sql.Token',
$internal_address = false,
$admin_address = false,
$enabled = true,
# nova
$nova = true,
$nova_user_password,
$nova_public_address = false,
$nova_internal_address = false,
$nova_admin_address = false,
# glance
$glance = true,
$glance_user_password,
$glance_public_address = false,
$glance_internal_address = false,
$glance_admin_address = false,
# cinder
$cinder = true,
$cinder_user_password,
$cinder_public_address = false,
$cinder_internal_address = false,
$cinder_admin_address = false,
# neutron
$neutron = true,
$neutron_user_password,
$neutron_public_address = false,
$neutron_internal_address = false,
$neutron_admin_address = false,
# ceilometer
$ceilometer = false,
$ceilometer_user_password = false,
$ceilometer_public_address = false,
$ceilometer_internal_address = false,
$ceilometer_admin_address = false,
# swift
$swift = false,
$swift_user_password = false,
$swift_public_address = false,
$swift_internal_address = false,
$swift_admin_address = false,
# heat
$heat = false,
$heat_user_password = false,
$heat_public_address = false,
$heat_internal_address = false,
$heat_admin_address = false,
# heat-cfn (cloudformation api)
$heat_cfn = false,
$heat_cfn_user_password = false,
$heat_cfn_public_address = false,
$heat_cfn_internal_address = false,
$heat_cfn_admin_address = false,
# logging
$use_syslog = false,
$log_facility = 'LOG_USER'
) {
# Install and configure Keystone
if $db_type == 'mysql' {
if $db_ssl == true {
$sql_conn = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?ssl_ca=${db_ssl_ca}"
} else {
$sql_conn = "mysql://${db_user}:${db_password}@${db_host}/${db_name}"
}
} else {
fail("db_type ${db_type} is not supported")
}
# I have to do all of this crazy munging b/c parameters are not
# set procedurally in Pupet
if($internal_address) {
$internal_real = $internal_address
} else {
$internal_real = $public_address
}
if($admin_address) {
$admin_real = $admin_address
} else {
$admin_real = $internal_real
}
if($glance_public_address) {
$glance_public_real = $glance_public_address
} else {
$glance_public_real = $public_address
}
if($glance_internal_address) {
$glance_internal_real = $glance_internal_address
} else {
$glance_internal_real = $glance_public_real
}
if($glance_admin_address) {
$glance_admin_real = $glance_admin_address
} else {
$glance_admin_real = $glance_internal_real
}
if($nova_public_address) {
$nova_public_real = $nova_public_address
} else {
$nova_public_real = $public_address
}
if($nova_internal_address) {
$nova_internal_real = $nova_internal_address
} else {
$nova_internal_real = $nova_public_real
}
if($nova_admin_address) {
$nova_admin_real = $nova_admin_address
} else {
$nova_admin_real = $nova_internal_real
}
if($cinder_public_address) {
$cinder_public_real = $cinder_public_address
} else {
$cinder_public_real = $public_address
}
if($cinder_internal_address) {
$cinder_internal_real = $cinder_internal_address
} else {
$cinder_internal_real = $cinder_public_real
}
if($cinder_admin_address) {
$cinder_admin_real = $cinder_admin_address
} else {
$cinder_admin_real = $cinder_internal_real
}
if($neutron_public_address) {
$neutron_public_real = $neutron_public_address
} else {
$neutron_public_real = $public_address
}
if($neutron_internal_address) {
$neutron_internal_real = $neutron_internal_address
} else {
$neutron_internal_real = $neutron_public_real
}
if($neutron_admin_address) {
$neutron_admin_real = $neutron_admin_address
} else {
$neutron_admin_real = $neutron_internal_real
}
if($ceilometer_public_address) {
$ceilometer_public_real = $ceilometer_public_address
} else {
$ceilometer_public_real = $public_address
}
if($ceilometer_internal_address) {
$ceilometer_internal_real = $ceilometer_internal_address
} else {
$ceilometer_internal_real = $ceilometer_public_real
}
if($ceilometer_admin_address) {
$ceilometer_admin_real = $ceilometer_admin_address
} else {
$ceilometer_admin_real = $ceilometer_internal_real
}
if($swift_public_address) {
$swift_public_real = $swift_public_address
} else {
$swift_public_real = $public_address
}
if($swift_internal_address) {
$swift_internal_real = $swift_internal_address
} else {
$swift_internal_real = $swift_public_real
}
if($swift_admin_address) {
$swift_admin_real = $swift_admin_address
} else {
$swift_admin_real = $swift_internal_real
}
if($heat_public_address) {
$heat_public_real = $heat_public_address
} else {
$heat_public_real = $public_address
}
if($heat_internal_address) {
$heat_internal_real = $heat_internal_address
} else {
$heat_internal_real = $heat_public_real
}
if($heat_admin_address) {
$heat_admin_real = $heat_admin_address
} else {
$heat_admin_real = $heat_internal_real
}
if($heat_cfn_public_address) {
$heat_cfn_public_real = $heat_cfn_public_address
} else {
$heat_cfn_public_real = $public_address
}
if($heat_cfn_internal_address) {
$heat_cfn_internal_real = $heat_cfn_internal_address
} else {
$heat_cfn_internal_real = $heat_cfn_public_real
}
if($heat_cfn_admin_address) {
$heat_cfn_admin_real = $heat_cfn_admin_address
} else {
$heat_cfn_admin_real = $heat_cfn_internal_real
}
class { '::keystone':
verbose => $verbose,
debug => $debug,
bind_host => $bind_host,
idle_timeout => $idle_timeout,
catalog_type => 'sql',
admin_token => $admin_token,
token_driver => $token_driver,
token_format => $token_format,
enabled => $enabled,
sql_connection => $sql_conn,
use_syslog => $use_syslog,
log_facility => $log_facility,
}
if ($enabled) {
# Setup the admin user
class { 'keystone::roles::admin':
email => $admin_email,
password => $admin_password,
admin_tenant => $admin_tenant,
}
# Setup the Keystone Identity Endpoint
class { 'keystone::endpoint':
public_address => $public_address,
public_protocol => $public_protocol,
admin_address => $admin_real,
internal_address => $internal_real,
region => $region,
}
# Configure Glance endpoint in Keystone
if $glance {
class { 'glance::keystone::auth':
password => $glance_user_password,
public_address => $glance_public_real,
public_protocol => $public_protocol,
admin_address => $glance_admin_real,
internal_address => $glance_internal_real,
region => $region,
}
}
# Configure Nova endpoint in Keystone
if $nova {
class { 'nova::keystone::auth':
password => $nova_user_password,
public_address => $nova_public_real,
public_protocol => $public_protocol,
admin_address => $nova_admin_real,
internal_address => $nova_internal_real,
region => $region,
}
}
# Configure Cinder endpoint in Keystone
if $cinder {
class { 'cinder::keystone::auth':
password => $cinder_user_password,
public_address => $cinder_public_real,
public_protocol => $public_protocol,
admin_address => $cinder_admin_real,
internal_address => $cinder_internal_real,
region => $region,
}
}
if $neutron {
class { 'neutron::keystone::auth':
password => $neutron_user_password,
public_address => $neutron_public_real,
public_protocol => $public_protocol,
admin_address => $neutron_admin_real,
internal_address => $neutron_internal_real,
region => $region,
}
}
if $ceilometer {
if ! $ceilometer_user_password {
fail('Must set a ceilometer_user_password when ceilometer auth is being configured')
}
class { 'ceilometer::keystone::auth':
password => $ceilometer_user_password,
public_address => $ceilometer_public_real,
public_protocol => $public_protocol,
admin_address => $ceilometer_admin_real,
internal_address => $ceilometer_internal_real,
region => $region,
}
}
if $swift {
if ! $swift_user_password {
fail('Must set a swift_user_password when swift auth is being configured')
}
class { 'swift::keystone::auth':
password => $swift_user_password,
public_address => $swift_public_real,
public_protocol => $public_protocol,
admin_address => $swift_admin_real,
internal_address => $swift_internal_real,
region => $region,
}
}
if $heat {
if ! $heat_user_password {
fail('Must set a heat_user_password when heat auth is being configured')
}
class { 'heat::keystone::auth':
password => $heat_user_password,
public_address => $heat_public_real,
public_protocol => $public_protocol,
admin_address => $heat_admin_real,
internal_address => $heat_internal_real,
region => $region,
}
}
if $heat_cfn {
if ! $heat_cfn_user_password {
fail('Must set a heat_cfn_user_password when heat_cfn auth is being configured')
}
class { 'heat::keystone::auth_cfn':
password => $heat_cfn_user_password,
public_address => $heat_cfn_public_real,
public_protocol => $public_protocol,
admin_address => $heat_cfn_admin_real,
internal_address => $heat_cfn_internal_real,
region => $region,
}
}
}
}

289
manifests/neutron.pp
View File

@ -1,289 +0,0 @@
#
# == Class: openstack::neutron
#
# Class to define neutron components for openstack. This class can
# be configured to provide all neutron related functionality.
#
# === Parameters
#
# [user_password]
# Password used for authentication.
# (required)
#
# [rabbit_password]
# Password used to connect to rabbitmq
# (required)
#
# [enabled]
# state of the neutron services.
# (optional) Defaults to true.
#
# [enable_server]
# If the server should be installed.
# (optional) Defaults to true.
#
# [enable_dhcp_agent]
# Whether the dhcp agent should be enabled.
# (optional) Defaults to false.
#
# [enable_l3_agent]
# Whether the l3 agent should be enabled.
# (optional) Defaults to false.
#
# [enable_metadata_agent]
# Whether the metadata agent should be enabled.
# (optional) Defaults to false.
#
# [enable_ovs_agent]
# Whether the ovs agent should be enabled.
# (optional) Defaults to false.
#
# [bridge_uplinks]
# OVS external bridge name and physical bridge interface tuple.
# (optional) Defaults to [].
#
# [bridge_mappings]
# Physical network name and OVS external bridge name tuple. Only needed for flat and VLAN networking.
# (optional) Defaults to [].
#
# [auth_url]
# Url used to contact the authentication service.
# (optional) Defaults to 'http://localhost:35357/v2.0'.
#
# [shared_secret]
# Shared secret used for the metadata service.
# (optional) Defaults to false indicating the metadata service is not configured.
#
# [metadata_ip]
# Ip address of metadata service.
# (optional) Defaults to '127.0.0.1'.
#
# [db_password]
# Password used to connect to neutron database.
# (required)
#
# [db_type]
# Type of database to use. Only accepts mysql at the moment.
# (optional)
#
# [ovs_local_ip]
# Ip address to use for tunnel endpoint.
# Only required when tenant_network_type is 'gre'. No default.
#
# [ovs_enable_tunneling]
# Whether ovs tunnels should be enabled.
# (optional) Defaults to true.
#
# [allow_overlapping_ips]
# Whether IP namespaces are in use
# Optional. Defaults to 'false'.
#
# [tenant_network_type]
# Type of network to allocate for tenant networks
# Optional. Defualts to 'gre'.
#
# [network_vlan_ranges]
# Comma-separated list of <physical_network>[:<vlan_min>:<vlan_max>]
# tuples enumerating ranges of VLAN IDs on named physical networks
# that are available for allocation.
# Optional. Defaults to 'physnet1:1000:2000'.
#
# [firewall_driver]
# Firewall driver to use.
# (optional) Defaults to undef.
#
# [rabbit_user]
# Name of rabbit user.
# (optional) defaults to rabbit_user.
#
# [rabbit_host]
# Host where rabbitmq is running.
# (optional) 127.0.0.1
#
# [rabbit_hosts]
# Enable/disable Qauntum to use rabbitmq mirrored queues.
# Specifies an array of clustered rabbitmq brokers.
# (optional) false
#
# [rabbit_virtual_host]
# Virtual host to use for rabbitmq.
# (optional) Defaults to '/'.
#
# [db_host]
# Host where db is running.
# (optional) Defaults to 127.0.0.1.
#
# [db_name]
# Name of neutron database.
# (optional) Defaults to neutron.
#
# [db_user]
# User to connect to neutron database as.
# (optional) Defaults to neutron.
#
# [bind_address]
# Address neutron api server should bind to.
# (optional) Defaults to 0.0.0.0.
#
# [sql_idle_timeout]
# Timeout for sql to reap connections.
# (optional) Defaults to '3600'.
#
# [keystone_host]
# Host running keystone.
# (optional) Defaults to 127.0.0.1.
#
# [use_syslog]
# Use syslog for logging.
# (optional) Default to false.
#
# [log_facility]
# Syslog facility to receive log lines.
# (optional) Default to LOG_USER.
#
# [verbose]
# Enables verbose for neutron services.
# (optional) Defaults to false.
#
# [debug]
# Enables debug for neutron services.
# (optional) Defaults to false.
#
# === Examples
#
# class { 'openstack::neutron':
# db_password => 'neutron_db_pass',
# user_password => 'keystone_user_pass',
# rabbit_password => 'neutron_rabbit_pass',
# bridge_uplinks => '[br-ex:eth0]',
# bridge_mappings => '[default:br-ex],
# enable_ovs_agent => true,
# ovs_local_ip => '10.10.10.10',
# }
#
class openstack::neutron (
# Passwords
$user_password,
$rabbit_password,
# enable or disable neutron
$enabled = true,
$enable_server = true,
# Set DHCP/L3 Agents on Primary Controller
$enable_dhcp_agent = false,
$enable_l3_agent = false,
$enable_metadata_agent = false,
$enable_ovs_agent = false,
# OVS settings
$tenant_network_type = 'gre',
$network_vlan_ranges = undef,
$ovs_local_ip = false,
$ovs_enable_tunneling = true,
$allow_overlapping_ips = false,
$bridge_uplinks = [],
$bridge_mappings = [],
# rely on the default set in ovs
$firewall_driver = undef,
# networking and Interface Information
# Metadata configuration
$shared_secret = false,
$metadata_ip = '127.0.0.1',
# Neutron Authentication Information
$auth_url = 'http://localhost:35357/v2.0',
# Rabbit Information
$rabbit_user = 'rabbit_user',
$rabbit_host = '127.0.0.1',
$rabbit_hosts = false,
$rabbit_virtual_host = '/',
# Database. Currently mysql is the only option.
$db_type = 'mysql',
$db_password = false,
$db_host = '127.0.0.1',
$db_name = 'neutron',
$db_user = 'neutron',
$sql_idle_timeout = '3600',
# Plugin
$core_plugin = undef,
# General
$bind_address = '0.0.0.0',
$keystone_host = '127.0.0.1',
$use_syslog = false,
$log_facility = 'LOG_USER',
$verbose = false,
$debug = false,
) {
class { '::neutron':
enabled => $enabled,
core_plugin => $core_plugin,
bind_host => $bind_address,
allow_overlapping_ips => $allow_overlapping_ips,
rabbit_host => $rabbit_host,
rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host,
rabbit_user => $rabbit_user,
rabbit_password => $rabbit_password,
use_syslog => $use_syslog,
log_facility => $log_facility,
verbose => $verbose,
debug => $debug,
}
if $enable_server {
if ! $db_password {
fail('db password must be set when configuring a neutron server')
}
if ($db_type == 'mysql') {
$sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?charset=utf8"
} else {
fail("Unsupported db type: ${db_type}. Only mysql is currently supported.")
}
class { 'neutron::server':
auth_host => $keystone_host,
auth_password => $user_password,
}
class { 'neutron::plugins::ovs':
sql_connection => $sql_connection,
sql_idle_timeout => $sql_idle_timeout,
tenant_network_type => $tenant_network_type,
network_vlan_ranges => $network_vlan_ranges,
}
}
if $enable_ovs_agent {
class { 'neutron::agents::ovs':
bridge_uplinks => $bridge_uplinks,
bridge_mappings => $bridge_mappings,
enable_tunneling => $ovs_enable_tunneling,
local_ip => $ovs_local_ip,
firewall_driver => $firewall_driver,
}
}
if $enable_dhcp_agent {
class { 'neutron::agents::dhcp':
use_namespaces => true,
debug => $debug,
}
}
if $enable_l3_agent {
class { 'neutron::agents::l3':
use_namespaces => true,
debug => $debug,
}
}
if $enable_metadata_agent {
if ! $shared_secret {
fail('metadata_shared_secret parameter must be set when using metadata agent')
}
class { 'neutron::agents::metadata':
auth_password => $user_password,
shared_secret => $shared_secret,
auth_url => $auth_url,
metadata_ip => $metadata_ip,
debug => $debug,
}
}
}

268
manifests/nova/controller.pp
View File

@ -1,268 +0,0 @@
#
# == Class: openstack::nova::controller
#
# Class to define nova components used in a controller architecture.
# Basically everything but nova-compute and nova-volume
#
# === Parameters
#
# [memcached_servers]
# Use memcached instead of in-process cache.
# Supply a list of memcached server IP's:Memcached Port.
# (optional) Defaults to false.
#
# [api_bind_address]
# IP address to use for binding Nova API's.
# (optional) Defaults to '0.0.0.0'.
#
# [rabbit_hosts] An array of IP addresses or Virttual IP address for connecting to a RabbitMQ Cluster.
# Optional. Defaults to false.
#
# [rabbit_cluster_nodes] An array of Rabbit Broker IP addresses within the Cluster.
# Optional. Defaults to false.
#
# [neutron]
# Specifies if nova should be configured to use neutron.
# (optional) Defaults to false (indicating nova-networks should be used)
#
# [neutron_user_password]
# password that nova uses to authenticate with neutron.
#
# [metadata_shared_secret] Secret used to authenticate between nova and the
# neutron metadata services.
# (Optional). Defaults to undef.
#
# [sql_idle_timeout]
# Timeout for sql to reap connections.
# (Optional) Defaults to '3600'.
#
# [use_syslog]
# Use syslog for logging.
# (Optional) Defaults to false.
#
# [log_facility]
# Syslog facility to receive log lines.
# (Optional) Defaults to LOG_USER.
#
# === Examples
#
# class { 'openstack::nova::controller':
# public_address => '192.168.1.1',
# db_host => '127.0.0.1',
# rabbit_password => 'changeme',
# nova_user_password => 'changeme',
# nova_db_password => 'changeme',
# }
#
class openstack::nova::controller (
# Network Required
$public_address,
# Database Required
$db_host,
# Rabbit Required
$rabbit_password,
# Nova Required
$nova_user_password,
$nova_db_password,
# Network
$network_manager = 'nova.network.manager.FlatDHCPManager',
$network_config = {},
$floating_range = false,
$fixed_range = '10.0.0.0/24',
$admin_address = $public_address,
$internal_address = $public_address,
$auto_assign_floating_ip = false,
$create_networks = true,
$num_networks = 1,
$multi_host = false,
$public_interface = undef,
$private_interface = undef,
# neutron
$neutron = true,
$neutron_user_password = false,
$metadata_shared_secret = undef,
$security_group_api = 'neutron',
# Nova
$nova_admin_tenant_name = 'services',
$nova_admin_user = 'nova',
$nova_db_user = 'nova',
$nova_db_dbname = 'nova',
$enabled_apis = 'ec2,osapi_compute,metadata',
$memcached_servers = false,
$api_bind_address = '0.0.0.0',
# Rabbit
$rabbit_user = 'openstack',
$rabbit_virtual_host = '/',
$rabbit_hosts = false,
$rabbit_cluster_nodes = false,
# Database
$db_type = 'mysql',
$db_ssl = false,
$db_ssl_ca = undef,
$sql_idle_timeout = '3600',
# Glance
$glance_api_servers = undef,
# VNC
$vnc_enabled = true,
$vncproxy_host = undef,
# Keystone
$keystone_host = '127.0.0.1',
# Syslog
$use_syslog = false,
$log_facility = 'LOG_USER',
# General
$debug = false,
$verbose = false,
$enabled = true
) {
# Configure the db string
case $db_type {
'mysql': {
if $db_ssl == true {
$nova_db = "mysql://${nova_db_user}:${nova_db_password}@${db_host}/${nova_db_dbname}?ssl_ca=${db_ssl_ca}"
} else {
$nova_db = "mysql://${nova_db_user}:${nova_db_password}@${db_host}/${nova_db_dbname}"
}
}
default: {
fail("db_type ${db_type} is not supported")
}
}
if ($glance_api_servers == undef) {
$real_glance_api_servers = "${public_address}:9292"
} else {
$real_glance_api_servers = $glance_api_servers
}
if $vncproxy_host {
$vncproxy_host_real = $vncproxy_host
} else {
$vncproxy_host_real = $public_address
}
$sql_connection = $nova_db
$glance_connection = $real_glance_api_servers
$rabbit_connection = $internal_address
# Install / configure rabbitmq
class { 'nova::rabbitmq':
userid => $rabbit_user,
password => $rabbit_password,
enabled => $enabled,
cluster_disk_nodes => $rabbit_cluster_nodes,
virtual_host => $rabbit_virtual_host,
}
# Configure Nova
class { 'nova':
sql_connection => $sql_connection,
sql_idle_timeout => $sql_idle_timeout,
rabbit_userid => $rabbit_user,
rabbit_password => $rabbit_password,
rabbit_virtual_host => $rabbit_virtual_host,
image_service => 'nova.image.glance.GlanceImageService',
glance_api_servers => $glance_connection,
memcached_servers => $memcached_servers,
debug => $debug,
verbose => $verbose,
rabbit_host => $rabbit_connection,
rabbit_hosts => $rabbit_hosts,
use_syslog => $use_syslog,
log_facility => $log_facility,
}
# Configure nova-api
class { 'nova::api':
enabled => $enabled,
admin_tenant_name => $nova_admin_tenant_name,
admin_user => $nova_admin_user,
admin_password => $nova_user_password,
enabled_apis => $enabled_apis,
api_bind_address => $api_bind_address,
auth_host => $keystone_host,
neutron_metadata_proxy_shared_secret => $metadata_shared_secret,
}
if $enabled {
$really_create_networks = $create_networks
} else {
$really_create_networks = false
}
if $neutron == false {
# Configure nova-network
if $multi_host {
nova_config { 'DEFAULT/multi_host': value => true }
$enable_network_service = true
} else {
nova_config { 'DEFAULT/multi_host': value => false }
if $enabled {
$enable_network_service = true
} else {
$enable_network_service = false
}
}
if ! $private_interface {
fail('private interface must be set when nova networking is used')
}
if ! $public_interface {
fail('public interface must be set when nova networking is used')
}
class { 'nova::network':
private_interface => $private_interface,
public_interface => $public_interface,
fixed_range => $fixed_range,
floating_range => $floating_range,
network_manager => $network_manager,
config_overrides => $network_config,
create_networks => $really_create_networks,
num_networks => $num_networks,
enabled => $enable_network_service,
install_service => $enable_network_service,
}
} else {
# Configure Nova for Neutron networking
if ! $neutron_user_password {
fail('neutron_user_password must be specified when neutron is configured')
}
class { 'nova::network::neutron':
neutron_admin_password => $neutron_user_password,
neutron_auth_strategy => 'keystone',
neutron_url => "http://${keystone_host}:9696",
neutron_admin_tenant_name => 'services',
neutron_admin_username => 'neutron',
neutron_admin_auth_url => "http://${keystone_host}:35357/v2.0",
security_group_api => $security_group_api,
}
}
if $auto_assign_floating_ip {
nova_config { 'DEFAULT/auto_assign_floating_ip': value => true }
}
# a bunch of nova services that require no configuration
class { [
'nova::scheduler',
'nova::objectstore',
'nova::cert',
'nova::consoleauth',
'nova::conductor'
]:
enabled => $enabled,
}
if $vnc_enabled {
class { 'nova::vncproxy':
host => $vncproxy_host_real,
enabled => $enabled,
}
}
}

252
manifests/provision.pp
View File

@ -1,252 +0,0 @@
# == Class: openstack::provision
#
# This class provides basic provisioning of a bare openstack
# deployment. A non-admin user is created, an image is uploaded, and
# neutron networking is configured. Once complete, it should be
# possible for the non-admin user to create a boot a VM that can be
# logged into via vnc (ssh may require extra configuration).
#
# This module is currently limited to targetting an all-in-one
# deployment for the following reasons:
#
# - puppet-{keystone,glance,neutron} rely on their configuration files being
# available on localhost which is not guaranteed for multi-host.
#
# - the gateway configuration only supports a host that uses the same
# interface for both management and tenant traffic.
#
# - the gateway configuration makes the assumption that the local host is the
# gateway host, which is not guaranteed to be true for multi-host.
#
# === Parameters
#
# Document parameters here.
#
# [*setup_ovs_bridge*]
# Whether to configure the bridge specified by *public_bridge_name*
# with the ip address of the subnet identified by
# *public_subnet_name*. This must be enabled if VMs are to be
# reachable via floating ips.
#
# [*configure_tempest*]
# Whether to use the provisioning details to configure Tempest, the
# OpenStack integration test suite.
#
class openstack::provision(
## Keystone
# non admin user
$username = 'demo',
$password = 'pass',
$tenant_name = 'demo',
# another non-admin user
$alt_username = 'alt_demo',
$alt_password = 'pass',
$alt_tenant_name = 'alt_demo',
# admin user
$admin_username = 'admin',
$admin_password = 'pass',
$admin_tenant_name = 'admin',
## Glance
$image_name = 'cirros',
$image_source = 'http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img',
$image_ssh_user = 'cirros',
## Neutron
$tenant_name = 'demo',
$public_network_name = 'public',
$public_subnet_name = 'public_subnet',
$floating_range = '172.24.4.224/28',
$private_network_name = 'private',
$private_subnet_name = 'private_subnet',
$fixed_range = '10.0.0.0/24',
$router_name = 'router1',
$setup_ovs_bridge = false,
$public_bridge_name = 'br-ex',
## Tempest
$configure_tempest = false,
$image_name_alt = false,
$image_source_alt = false,
$image_ssh_user_alt = false,
$identity_uri = undef,
$tempest_repo_uri = 'git://github.com/openstack/tempest.git',
$tempest_repo_revision = undef,
$tempest_clone_path = '/var/lib/tempest',
$tempest_clone_owner = 'root',
$setup_venv = false,
$resize_available = undef,
$change_password_available = undef,
$cinder_available = undef,
$glance_available = true,
$heat_available = undef,
$horizon_available = undef,
$neutron_available = true,
$nova_available = true,
$swift_available = undef
) {
## Users
keystone_tenant { $tenant_name:
ensure => present,
enabled => true,
description => 'default tenant',
}
keystone_user { $username:
ensure => present,
enabled => true,
tenant => $tenant_name,
password => $password,
}
keystone_tenant { $alt_tenant_name:
ensure => present,
enabled => true,
description => 'alt tenant',
}
keystone_user { $alt_username:
ensure => present,
enabled => true,
tenant => $alt_tenant_name,
password => $alt_password,
}
## Images
glance_image { $image_name:
ensure => present,
is_public => 'yes',
container_format => 'bare',
disk_format => 'qcow2',
source => $image_source,
}
# Support creation of a second glance image
# distinct from the first, for tempest. It
# doesn't need to be a different image, just
# have a different name and ref in glance.
if $image_name_alt {
$image_name_alt_real = $image_name_alt
if ! $image_source_alt {
# Use the same source by default
$image_source_alt_real = $image_source
} else {
$image_source_alt_real = $image_source_alt
}
if ! $image_ssh_user_alt {
# Use the same user by default
$image_alt_ssh_user_real = $image_ssh_user
} else {
$image_alt_ssh_user_real = $image_ssh_user_alt
}
glance_image { $image_name_alt:
ensure => present,
is_public => 'yes',
container_format => 'bare',
disk_format => 'qcow2',
source => $image_source_alt_real,
}
} else {
$image_name_alt_real = $image_name
}
## Neutron
if $neutron_available {
$neutron_deps = [Neutron_network[$public_network_name]]
neutron_network { $public_network_name:
ensure => present,
router_external => true,
tenant_name => $admin_tenant_name,
}
neutron_subnet { $public_subnet_name:
ensure => 'present',
cidr => $floating_range,
enable_dhcp => false,
network_name => $public_network_name,
tenant_name => $admin_tenant_name,
}
neutron_network { $private_network_name:
ensure => present,
tenant_name => $tenant_name,
}
neutron_subnet { $private_subnet_name:
ensure => present,
cidr => $fixed_range,
network_name => $private_network_name,
tenant_name => $tenant_name,
}
# Tenant-owned router - assumes network namespace isolation
neutron_router { $router_name:
ensure => present,
tenant_name => $tenant_name,
gateway_network_name => $public_network_name,
# A neutron_router resource must explicitly declare a dependency on
# the first subnet of the gateway network.
require => Neutron_subnet[$public_subnet_name],
}
neutron_router_interface { "${router_name}:${private_subnet_name}":
ensure => present,
}
if $setup_ovs_bridge {
neutron_l3_ovs_bridge { $public_bridge_name:
ensure => present,
subnet_name => $public_subnet_name,
}
}
}
else {
$neutron_deps = []
#TODO(marun): Provision for nova network
}
## Tempest
if $configure_tempest {
$tempest_requires = concat([
Keystone_user[$username],
Keystone_user[$alt_username],
Glance_image[$image_name],
], $neutron_deps)
class { 'tempest':
tempest_repo_uri => $tempest_repo_uri,
tempest_clone_path => $tempest_clone_path,
tempest_clone_owner => $tempest_clone_owner,
setup_venv => $setup_venv,
tempest_repo_revision => $tempest_repo_revision,
image_name => $image_name,
image_name_alt => $image_name_alt_real,
image_ssh_user => $image_ssh_user,
image_alt_ssh_user => $image_alt_ssh_user_real,
identity_uri => $identity_uri,
username => $username,
password => $password,
tenant_name => $tenant_name,
alt_username => $alt_username,
alt_password => $alt_password,
alt_tenant_name => $alt_tenant_name,
admin_username => $admin_username,
admin_password => $admin_password,
admin_tenant_name => $admin_tenant_name,
public_network_name => $public_network_name,
resize_available => $resize_available,
change_password_available => $change_password_available,
cinder_available => $cinder_available,
glance_available => $glance_available,
heat_available => $heat_available,
horizon_available => $horizon_available,
neutron_available => $neutron_available,
nova_available => $nova_available,
swift_available => $swift_available,
require => $tempest_requires,
}
}
}

27
manifests/repo.pp
View File

@ -1,27 +0,0 @@
#
# Sets up the package repos necessary to use OpenStack
# on RHEL-alikes and Ubuntu
#
class openstack::repo(
$release = 'havana'
) {
case $release {
'havana', 'grizzly': {
if $::osfamily == 'RedHat' {
class {'openstack::repo::rdo': release => $release }
} elsif $::operatingsystem == 'Ubuntu' {
class {'openstack::repo::uca': release => $release }
}
}
'folsom': {
if $::osfamily == 'RedHat' {
include openstack::repo::epel
} elsif $::operatingsystem == 'Ubuntu' {
class {'openstack::repo::uca': release => $release }
}
}
default: {
notify { "WARNING: openstack::repo parameter 'release' of '${release}' not recognized; please use one of 'havana', 'grizzly' or 'folsom'.": }
}
}
}

26
manifests/repo/epel.pp
View File

@ -1,26 +0,0 @@
# EPEL repo (RHEL-alikes only, _not_ Fedora)
class openstack::repo::epel {
if ($::osfamily == 'RedHat' and
$::operatingsystem != 'Fedora' and
$::operatingsystemrelease =~ /^6\..*$/) {
include openstack::repo::yum_refresh
yumrepo { 'epel':
mirrorlist => 'https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch',
descr => 'Extra Packages for Enterprise Linux 6 - $basearch',
enabled => 1,
gpgcheck => 1,
gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6',
failovermethod => priority,
notify => Exec['yum_refresh']
}
file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6':
source => 'puppet:///modules/openstack/RPM-GPG-KEY-EPEL-6',
owner => root,
group => root,
mode => '0644',
before => Yumrepo['epel'],
}
Yumrepo['epel'] -> Package<||>
}
}

35
manifests/repo/rdo.pp
View File

@ -1,35 +0,0 @@
# RDO repo (supports Grizzly on both RHEL-alikes and Fedora, requires EPEL)
class openstack::repo::rdo(
$release = 'grizzly'
) {
include openstack::repo::epel
$release_cap = capitalize($release)
if $::osfamily == 'RedHat' {
case $::operatingsystem {
centos, redhat, scientific, slc: { $dist = 'epel' }
fedora: { $dist = 'fedora' }
}
# $lsbmajdistrelease is only available with redhat-lsb installed
$osver = regsubst($::operatingsystemrelease, '(\d+)\..*', '\1')
yumrepo { 'rdo-release':
baseurl => "http://repos.fedorapeople.org/repos/openstack/openstack-${release}/${dist}-${osver}/",
descr => "OpenStack ${release_cap} Repository",
enabled => 1,
gpgcheck => 1,
gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-${release_cap}",
priority => 98,
notify => Exec['yum_refresh'],
}
file { "/etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-${release_cap}":
source => "puppet:///modules/openstack/RPM-GPG-KEY-RDO-${release_cap}",
owner => root,
group => root,
mode => '0644',
before => Yumrepo['rdo-release'],
}
Yumrepo['rdo-release'] -> Package<||>
}
}

19
manifests/repo/uca.pp
View File

@ -1,19 +0,0 @@
# Ubuntu Cloud Archive repo (supports either Folsom or Grizzly)
class openstack::repo::uca(
$release = 'grizzly',
$repo = 'updates'
) {
if ($::operatingsystem == 'Ubuntu' and
$::lsbdistdescription =~ /^.*LTS.*$/) {
include apt::update
apt::source { 'ubuntu-cloud-archive':
location => 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
release => "${::lsbdistcodename}-${repo}/${release}",
repos => 'main',
required_packages => 'ubuntu-cloud-keyring',
}
Exec['apt_update'] -> Package<||>
}
}

8
manifests/repo/yum_refresh.pp
View File

@ -1,8 +0,0 @@
# Make sure to refresh yum database after adding repos and before installing packages
class openstack::repo::yum_refresh {
exec { 'yum_refresh':
command => '/usr/bin/yum clean all',
refreshonly => true,
}
Exec['yum_refresh'] -> Package<||>
}

17
manifests/swift/device_endpoint.pp
View File

@ -1,17 +0,0 @@
#
# Exports endpoints for all swift devices
#
define openstack::swift::device_endpoint ($swift_local_net_ip, $zone, $weight) {
@@ring_object_device { "${swift_local_net_ip}:6000/${name}":
zone => $zone,
weight => $weight,
}
@@ring_container_device { "${swift_local_net_ip}:6001/${name}":
zone => $zone,
weight => $weight,
}
@@ring_account_device { "${swift_local_net_ip}:6002/${name}":
zone => $zone,
weight => $weight,
}
}

119
manifests/swift/proxy.pp
View File

@ -1,119 +0,0 @@
class openstack::swift::proxy (
$swift_admin_tenant = 'services',
$swift_admin_user = 'swift',
$swift_user_password = 'swift_pass',
$swift_hash_suffix = 'swift_secret',
$swift_local_net_ip = $::ipaddress_eth0,
$swift_proxy_net_ip = $::ipaddress_eth0,
$ring_part_power = 18,
$ring_replicas = 3,
$ring_min_part_hours = 1,
$proxy_pipeline = ['catch_errors', 'healthcheck', 'cache', 'ratelimit', 'swift3', 's3token', 'authtoken', 'keystone', 'proxy-server'],
$proxy_workers = $::processorcount,
$proxy_port = '8080',
$proxy_allow_account_management = true,
$proxy_account_autocreate = true,
$ratelimit_clock_accuracy = 1000,
$ratelimit_max_sleep_time_seconds = 60,
$ratelimit_log_sleep_time_seconds = 0,
$ratelimit_rate_buffer_seconds = 5,
$ratelimit_account_ratelimit = 0,
$package_ensure = 'present',
$controller_node_address = '10.0.0.1',
$keystone_host = '10.0.0.1',
$memcached = true,
$swift_memcache_servers = ['127.0.0.1:11211'],
$memcached_listen_ip = '127.0.0.1'
) {
if $controller_node_address !='10.0.0.1' {
warning('The param controller_node_address has been deprecated, use keystone_host instead')
$real_keystone_host = $controller_node_address
} else {
$real_keystone_host = $keystone_host
}
ensure_resource('class', 'swift',
{ swift_hash_suffix => $swift_hash_suffix,
package_ensure => $package_ensure,
}
)
if $memcached {
class { 'memcached':
listen_ip => $memcached_listen_ip,
}
}
class { '::swift::proxy':
proxy_local_net_ip => $swift_proxy_net_ip,
pipeline => $proxy_pipeline,
port => $proxy_port,
workers => $proxy_workers,
allow_account_management => $proxy_allow_account_management,
account_autocreate => $proxy_account_autocreate,
package_ensure => $package_ensure,
require => Class['swift::ringbuilder'],
}
# configure all of the middlewares
class { [
'::swift::proxy::catch_errors',
'::swift::proxy::healthcheck',
'::swift::proxy::swift3',
]: }
class { 'swift::proxy::cache':
memcache_servers => $swift_memcache_servers,
}
class { '::swift::proxy::ratelimit':
clock_accuracy => $ratelimit_clock_accuracy,
max_sleep_time_seconds => $ratelimit_max_sleep_time_seconds,
log_sleep_time_seconds => $ratelimit_log_sleep_time_seconds,
rate_buffer_seconds => $ratelimit_rate_buffer_seconds,
account_ratelimit => $ratelimit_account_ratelimit,
}
class { '::swift::proxy::s3token':
auth_host => $real_keystone_host,
auth_port => '35357',
}
class { '::swift::proxy::keystone':
operator_roles => ['admin', 'SwiftOperator'],
}
class { '::swift::proxy::authtoken':
admin_user => $swift_admin_user,
admin_tenant_name => $swift_admin_tenant,
admin_password => $swift_user_password,
auth_host => $real_keystone_host,
}
# collect all of the resources that are needed
# to balance the ring
Ring_object_device <<| |>>
Ring_container_device <<| |>>
Ring_account_device <<| |>>
# create the ring
class { 'swift::ringbuilder':
# the part power should be determined by assuming 100 partitions per drive
part_power => $ring_part_power,
replicas => $ring_replicas,
min_part_hours => $ring_min_part_hours,
require => Class['swift'],
}
# sets up an rsync db that can be used to sync the ring DB
class { 'swift::ringserver':
local_net_ip => $swift_local_net_ip,
}
# deploy a script that can be used for testing
class {'swift::test_file':
auth_server => $real_keystone_host,
tenant => $swift_admin_tenant,
user => $swift_admin_user,
password => $swift_user_password,
}
}

56
manifests/swift/storage-node.pp
View File

@ -1,56 +0,0 @@
class openstack::swift::storage-node (
$swift_zone,
$ring_server,
$swift_hash_suffix = 'swift_secret',
$swift_local_net_ip = $::ipaddress_eth0,
$storage_type = 'loopback',
$storage_base_dir = '/srv/loopback-device',
$storage_mnt_base_dir = '/srv/node',
$storage_devices = ['1', '2'],
$storage_weight = 1,
$package_ensure = 'present',
$byte_size = '1024',
) {
ensure_resource('class', 'swift',
{ swift_hash_suffix => $swift_hash_suffix,
package_ensure => $package_ensure,
}
)
case $storage_type {
'loopback': {
# create xfs partitions on a loopback device and mount them
swift::storage::loopback { $storage_devices:
base_dir => $storage_base_dir,
mnt_base_dir => $storage_mnt_base_dir,
require => Class['swift'],
}
}
# make xfs filesystem on physical disk and mount them
'disk': {
swift::storage::disk {$storage_devices:
mnt_base_dir => $storage_mnt_base_dir,
byte_size => $byte_size,
}
}
default: {
}
}
# install all swift storage servers together
class { 'swift::storage::all':
storage_local_net_ip => $swift_local_net_ip,
}
openstack::swift::device_endpoint { $storage_devices:
swift_local_net_ip => $swift_local_net_ip,
zone => $swift_zone,
weight => $storage_weight,
}
# rsync rings from the ring server
swift::ringsync { ['account','container','object']:
ring_server => $ring_server,
}
}

30
manifests/test_file.pp
View File

@ -1,30 +0,0 @@
#
# Class that can be used to create a test script for testing an
# installed openstack environment.
#
# == Parameters
#
# [path] Path of test file to be created. Optional. Defaults to /tmp/test_nova.sh
# [rc_file_path] Path of openrc file that sets up all authentication environment
# variables. Optional. Defaults to /root/openrc.
# [image_type] Type of image to download. Accepts cirros or ubuntu. Optional.
# Defaults to cirros.
# [sleep_time] Used to tune how long to sleep for. Optional. Defaults to 60.
# [floating_ip] Rather to test flating ip address allocation. Optional.
# Defaults to true.
#
class openstack::test_file(
$path = '/tmp/test_nova.sh',
$rc_file_path = '/root/openrc',
$image_type = 'cirros',
$sleep_time = '15',
$floating_ip = false,
$neutron = true
) {
file { $path:
content => template('openstack/test_nova.sh.erb'),
mode => '0751',
}
}

525
spec/classes/openstack_all_spec.rb
View File

@ -1,525 +0,0 @@
require 'spec_helper'
describe 'openstack::all' do
# minimum set of default parameters
let :params do
{
:public_address => '10.0.0.1',
:public_interface => 'eth0',
:admin_email => 'some_user@some_fake_email_address.foo',
:admin_password => 'ChangeMe',
:rabbit_password => 'rabbit_pw',
:keystone_db_password => 'keystone_pass',
:keystone_admin_token => 'keystone_admin_token',
:glance_db_password => 'glance_pass',
:glance_user_password => 'glance_pass',
:nova_db_password => 'nova_pass',
:nova_user_password => 'nova_pass',
:secret_key => 'secret_key',
:mysql_root_password => 'sql_pass',
}
end
let :facts do
{
:operatingsystem => 'Ubuntu',
:osfamily => 'Debian',
:operatingsystemrelease => '12.04',
:puppetversion => '2.7.x',
:memorysize => '2GB',
:processorcount => '2',
:concat_basedir => '/var/lib/puppet/concat'
}
end
context 'neutron enabled (which is the default)' do
before do
params.merge!(:cinder => false)
end
it 'raises an error if no neutron_user_password is set' do
expect { catalogue }.to raise_error(Puppet::Error, /neutron_user_password must be specified when neutron is configured/)
end
context 'with neutron_user_password set' do
before do
params.merge!(:neutron_user_password => 'neutron_user_password')
end
it 'raises an error if no neutron_db_password is set' do
expect { catalogue }.to raise_error(Puppet::Error, /neutron_db_password must be set when configuring neutron/)
end
end
context 'with neutron_user_password and neutron_db_password set' do
before do
params.merge!(
:neutron_user_password => 'neutron_user_password',
:neutron_db_password => 'neutron_db_password'
)
end
it 'raises an error if no bridge_interface is set' do
expect { catalogue }.to raise_error(Puppet::Error, /bridge_interface must be set when configuring neutron/)
end
end
context 'with neutron_user_password, neutron_db_password, and bridge_interface set' do
before do
params.merge!(
:neutron_user_password => 'neutron_user_password',
:neutron_db_password => 'neutron_db_password',
:bridge_interface => 'eth0'
)
end
end
context 'with neutron_user_password, neutron_db_password, bridge_interface, and ovs_local_ip set' do
before do
params.merge!(
:neutron_user_password => 'neutron_user_password',
:neutron_db_password => 'neutron_db_password',
:bridge_interface => 'eth0',
:ovs_enable_tunneling => true,
:ovs_local_ip => '10.0.1.1'
)
end
it 'raises an error if no shared metadata key is set' do
expect { catalogue }.to raise_error(Puppet::Error, /metadata_shared_secret parameter must be set when using metadata agent/)
end
end
context 'with neutron_user_password, neutron_db_password, bridge_interface, ovs_local_ip, and shared_secret set' do
before do
params.merge!(
:neutron_user_password => 'neutron_user_password',
:neutron_db_password => 'neutron_db_password',
:bridge_interface => 'eth0',
:ovs_enable_tunneling => true,
:ovs_local_ip => '10.0.1.1',
:metadata_shared_secret => 'shared_md_secret'
)
end
it 'contains an openstack::neutron class' do
is_expected.to contain_class('openstack::neutron').with(
:db_host => '127.0.0.1',
:rabbit_host => '127.0.0.1',
:rabbit_user => 'openstack',
:rabbit_password => 'rabbit_pw',
:rabbit_virtual_host => '/',
:ovs_enable_tunneling => true,
:ovs_local_ip => '10.0.1.1',
:bridge_uplinks => 'br-ex:eth0',
:bridge_mappings => 'default:br-ex',
:enable_ovs_agent => true,
:firewall_driver => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
:db_name => 'neutron',
:db_user => 'neutron',
:db_password => 'neutron_db_password',
:enable_dhcp_agent => true,
:enable_l3_agent => true,
:enable_metadata_agent => true,
:auth_url => 'http://127.0.0.1:35357/v2.0',
:user_password => 'neutron_user_password',
:shared_secret => 'shared_md_secret',
:keystone_host => '127.0.0.1',
:enabled => true,
:enable_server => true,
:debug => false,
:verbose => false
)
end
end
context 'with neutron_user_password, neutron_db_password, bridge_interface, ovs_local_ip, metadata_shared_secret, and force_config_drive set' do
before do
params.merge!(
:neutron_user_password => 'neutron_user_password',
:neutron_db_password => 'neutron_db_password',
:bridge_interface => 'eth0',
:ovs_enable_tunneling => true,
:ovs_local_ip => '10.0.1.1',
:metadata_shared_secret => 'shared_md_secret',
:force_config_drive => true
)
end
it 'contains a nova::compute class with force_config_drive set' do
is_expected.to contain_class('nova::compute').with(
:enabled => true,
:force_config_drive => true
)
end
end
context 'with neutron_user_password, neutron_db_password, bridge_interface, ovs_local_ip, bridge_mappings, bridge_uplinks, and shared_secret set' do
before do
params.merge!(
:neutron_user_password => 'neutron_user_password',
:neutron_db_password => 'neutron_db_password',
:bridge_interface => 'eth0',
:ovs_enable_tunneling => true,
:ovs_local_ip => '10.0.1.1',
:network_vlan_ranges => '1:1000',
:bridge_mappings => ['intranet:br-intra','extranet:br-extra'],
:bridge_uplinks => ['intranet:eth1','extranet:eth2'],
:tenant_network_type => 'vlan',
:metadata_shared_secret => 'shared_md_secret'
)
end
it 'contains an openstack::neutron class' do
is_expected.to contain_class('openstack::neutron').with(
:db_host => '127.0.0.1',
:rabbit_host => '127.0.0.1',
:rabbit_user => 'openstack',
:rabbit_password => 'rabbit_pw',
:rabbit_virtual_host => '/',
:ovs_enable_tunneling => true,
:ovs_local_ip => '10.0.1.1',
:network_vlan_ranges => '1:1000',
:bridge_uplinks => ['intranet:eth1','extranet:eth2'],
:bridge_mappings => ['intranet:br-intra','extranet:br-extra'],
:tenant_network_type => 'vlan',
:enable_ovs_agent => true,
:firewall_driver => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
:db_name => 'neutron',
:db_user => 'neutron',
:db_password => 'neutron_db_password',
:enable_dhcp_agent => true,
:enable_l3_agent => true,
:enable_metadata_agent => true,
:auth_url => 'http://127.0.0.1:35357/v2.0',
:user_password => 'neutron_user_password',
:shared_secret => 'shared_md_secret',
:keystone_host => '127.0.0.1',
:enabled => true,
:enable_server => true,
:debug => false,
:verbose => false
)
end
end
end
context 'cinder enabled (which is the default)' do
before do
params.merge!(
:neutron_user_password => 'neutron_user_password',
:neutron_db_password => 'neutron_db_password',
:bridge_interface => 'eth0',
:ovs_enable_tunneling => true,
:ovs_local_ip => '10.0.1.1',
:metadata_shared_secret => 'shared_md_secret'
)
end
it 'raises an error if no cinder_db_password is set' do
expect { catalogue }.to raise_error(Puppet::Error, /Must set cinder db password when setting up a cinder controller/)
end
context 'with cinder_db_password set' do
before do
params.merge!(:cinder_db_password => 'cinder_db_password')
end
it 'raises an error if no cinder_user_password is set' do
expect { catalogue }.to raise_error(Puppet::Error, /Must set cinder user password when setting up a cinder controller/)
end
end
context 'with cinder_db_password and cinder_user_password set' do
before do
params.merge!(
:cinder_db_password => 'cinder_db_password',
:cinder_user_password => 'cinder_user_password'
)
end
it 'raises an error if no cinder_user_password is set' do
is_expected.to contain_class('openstack::cinder::all').with(
:bind_host => '0.0.0.0',
:keystone_auth_host => '127.0.0.1',
:keystone_password => 'cinder_user_password',
:rabbit_userid => 'openstack',
:rabbit_host => '127.0.0.1',
:db_password => 'cinder_db_password',
:db_dbname => 'cinder',
:db_user => 'cinder',
:db_type => 'mysql',
:iscsi_ip_address => '127.0.0.1',
:setup_test_volume => false,
:manage_volumes => true,
:volume_group => 'cinder-volumes',
:debug => false,
:verbose => false
)
is_expected.to contain_nova_config('DEFAULT/volume_api_class').with(:value => 'nova.volume.cinder.API')
end
end
end
context 'cinder enabled and Ceph RBD as the backend' do
before do
params.merge!(
:neutron_user_password => 'neutron_user_password',
:neutron_db_password => 'neutron_db_password',
:bridge_interface => 'eth0',
:ovs_enable_tunneling => true,
:ovs_local_ip => '10.0.1.1',
:metadata_shared_secret => 'shared_md_secret',
:cinder_db_password => 'cinder_db_password',
:cinder_user_password => 'cinder_user_password',
:cinder_volume_driver => 'rbd',
:cinder_rbd_secret_uuid => 'e80afa94-a64c-486c-9e34-d55e85f26406'
)
end
it 'should have cinder::volume::rbd' do
is_expected.to contain_class('cinder::volume::rbd').with(
:rbd_pool => 'volumes',
:rbd_user => 'volumes',
:rbd_secret_uuid => 'e80afa94-a64c-486c-9e34-d55e85f26406'
)
end
end
context 'cinder and neutron enabled (which is the default)' do
before do
params.merge!(
:neutron_user_password => 'neutron_user_password',
:neutron_db_password => 'neutron_db_password',
:bridge_interface => 'eth0',
:ovs_enable_tunneling => true,
:ovs_local_ip => '10.0.1.1',
:metadata_shared_secret => 'shared_md_secret',
:cinder_db_password => 'cinder_db_password',
:cinder_user_password => 'cinder_user_password'
)
end
it 'should have openstack::db::mysql configured' do
is_expected.to contain_class('openstack::db::mysql').with(
:charset => 'latin1',
:mysql_root_password => 'sql_pass',
:mysql_bind_address => '0.0.0.0',
:mysql_account_security => true,
:keystone_db_user => 'keystone',
:keystone_db_password => 'keystone_pass',
:keystone_db_dbname => 'keystone',
:glance_db_user => 'glance',
:glance_db_password => 'glance_pass',
:glance_db_dbname => 'glance',
:nova_db_user => 'nova',
:nova_db_password => 'nova_pass',
:nova_db_dbname => 'nova',
:cinder => true,
:cinder_db_user => 'cinder',
:cinder_db_password => 'cinder_db_password',
:cinder_db_dbname => 'cinder',
:neutron => true,
:neutron_db_user => 'neutron',
:neutron_db_password => 'neutron_db_password',
:neutron_db_dbname => 'neutron',
:allowed_hosts => '%',
:enabled => true
)
end
it 'should have openstack::keystone configured' do
is_expected.to contain_class('openstack::keystone').with(
:debug => false,
:verbose => false,
:db_type => 'mysql',
:db_host => '127.0.0.1',
:db_password => 'keystone_pass',
:db_name => 'keystone',
:db_user => 'keystone',
:admin_token => 'keystone_admin_token',
:admin_tenant => 'admin',
:admin_email => 'some_user@some_fake_email_address.foo',
:admin_password => 'ChangeMe',
:public_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:admin_address => '10.0.0.1',
:region => 'RegionOne',
:glance_user_password => 'glance_pass',
:nova_user_password => 'nova_pass',
:cinder => true,
:cinder_user_password => 'cinder_user_password',
:neutron => true,
:neutron_user_password => 'neutron_user_password',
:enabled => true,
:bind_host => '0.0.0.0'
)
end
it 'should have openstack::glance configured' do
is_expected.to contain_class('openstack::glance').with(
:debug => false,
:verbose => false,
:db_type => 'mysql',
:db_host => '127.0.0.1',
:keystone_host => '127.0.0.1',
:db_user => 'glance',
:db_name => 'glance',
:db_password => 'glance_pass',
:user_password => 'glance_pass',
:backend => 'file',
:enabled => true
)
end
it 'should have nova::compute configured' do
is_expected.to contain_class('nova::compute').with(
:enabled => true,
:vnc_enabled => true,
:vncserver_proxyclient_address => '10.0.0.1',
:vncproxy_host => '10.0.0.1'
)
end
it 'should have nova::compute::libvirt configured' do
is_expected.to contain_class('nova::compute::libvirt').with(
:libvirt_type => 'kvm',
:vncserver_listen => '10.0.0.1',
:migration_support => false
)
end
it 'should have openstack::nova::controller configured' do
is_expected.to contain_class('openstack::nova::controller').with(
:db_host => '127.0.0.1',
:network_manager => 'nova.network.manager.FlatDHCPManager',
:network_config => {},
:floating_range => false,
:fixed_range => '10.0.0.0/24',
:public_address => '10.0.0.1',
:admin_address => false,
:internal_address => '10.0.0.1',
:auto_assign_floating_ip => false,
:create_networks => true,
:num_networks => 1,
:multi_host => false,
:public_interface => 'eth0',
:private_interface => false,
:neutron => true,
:neutron_user_password => 'neutron_user_password',
:metadata_shared_secret => 'shared_md_secret',
:nova_admin_tenant_name => 'services',
:nova_admin_user => 'nova',
:nova_user_password => 'nova_pass',
:nova_db_password => 'nova_pass',
:nova_db_user => 'nova',
:nova_db_dbname => 'nova',
:enabled_apis => 'ec2,osapi_compute,metadata',
:rabbit_user => 'openstack',
:rabbit_password => 'rabbit_pw',
:rabbit_virtual_host => '/',
:glance_api_servers => '10.0.0.1:9292',
:vnc_enabled => true,
:vncproxy_host => '10.0.0.1',
:debug => false,
:verbose => false,
:enabled => true
)
end
it 'should configure horizon' do
is_expected.to contain_class('openstack::horizon').with(
:secret_key => 'secret_key',
:cache_server_ip => '127.0.0.1',
:cache_server_port => 11211,
:horizon_app_links => nil
)
end
end
context 'without neutron' do
before do
params.merge!(
:cinder => false,
:neutron => false,
:private_interface => 'eth1')
end
context 'without fixed_range' do
before do
params.merge!(
:fixed_range => false
)
end
it 'raises an error if no fixed_range is given' do
expect { catalogue }.to raise_error(Puppet::Error, /Must specify the fixed range when using nova-network/)
end
end
context 'without private_interface' do
before do
params.merge!(:private_interface => false)
end
it 'raises an error if no private_interface is given' do
expect { catalogue }.to raise_error(Puppet::Error, /private interface must be set when nova networking is used/)
end
end
context 'with multi_host enabled' do
before do
params.merge!(
:multi_host => true
)
end
it 'sets send_arp_for_ha' do
is_expected.to contain_nova_config('DEFAULT/send_arp_for_ha').with(:value => true)
end
end
context 'with multi_host disabled' do
before do
params.merge!(
:multi_host => false
)
end
it 'unsets multi_host and send_arp_for_ha' do
is_expected.to contain_nova_config('DEFAULT/multi_host').with(:value => false)
is_expected.to contain_nova_config('DEFAULT/send_arp_for_ha').with(:value => false)
end
end
it 'configures nova::network' do
is_expected.to contain_class('nova::network').with(
:private_interface => 'eth1',
:public_interface => 'eth0',
:fixed_range => '10.0.0.0/24',
:floating_range => false,
:network_manager => 'nova.network.manager.FlatDHCPManager',
:config_overrides => {},
:create_networks => true,
:enabled => true,
:install_service => true
)
end
end
context 'glance enabled and rbd as the backend' do
before do
params.merge!(
:neutron_user_password => 'neutron_user_password',
:neutron_db_password => 'neutron_db_password',
:bridge_interface => 'eth0',
:ovs_enable_tunneling => true,
:ovs_local_ip => '10.0.1.1',
:metadata_shared_secret => 'shared_md_secret',
:cinder_db_password => 'cinder_db_password',
:cinder_user_password => 'cinder_user_password',
:glance_backend => 'rbd'
)
end
it 'should have glance::backend::rbd with default user/pool' do
is_expected.to contain_class('glance::backend::rbd').with(
:rbd_store_user => 'images',
:rbd_store_pool => 'images'
)
end
end
end

82
spec/classes/openstack_auth_file_spec.rb
View File

@ -1,82 +0,0 @@
require 'spec_helper'
describe 'openstack::auth_file' do
describe "when only passing default class parameters" do
let :params do
{ :admin_password => 'admin' }
end
it 'should create a openrc file' do
verify_contents(catalogue, '/root/openrc', [
'export OS_NO_CACHE=\'true\'',
'export OS_TENANT_NAME=\'openstack\'',
'export OS_USERNAME=\'admin\'',
'export OS_PASSWORD=\'admin\'',
'export OS_AUTH_URL=\'http://127.0.0.1:5000/v2.0/\'',
'export OS_AUTH_STRATEGY=\'keystone\'',
'export OS_REGION_NAME=\'RegionOne\'',
'export CINDER_ENDPOINT_TYPE=\'publicURL\'',
'export GLANCE_ENDPOINT_TYPE=\'publicURL\'',
'export KEYSTONE_ENDPOINT_TYPE=\'publicURL\'',
'export NOVA_ENDPOINT_TYPE=\'publicURL\'',
'export NEUTRON_ENDPOINT_TYPE=\'publicURL\''
])
end
end
describe 'when overriding parameters' do
let :params do
{
:controller_node => '127.0.0.2',
:admin_password => 'admin',
:admin_tenant => 'admin',
:keystone_admin_token => 'keystone',
:cinder_endpoint_type => 'privateURL',
:glance_endpoint_type => 'privateURL',
:keystone_endpoint_type => 'privateURL',
:nova_endpoint_type => 'privateURL',
:neutron_endpoint_type => 'privateURL',
}
end
it 'should create a openrc file' do
verify_contents(catalogue, '/root/openrc', [
'export OS_SERVICE_TOKEN=\'keystone\'',
'export OS_SERVICE_ENDPOINT=\'http://127.0.0.2:35357/v2.0/\'',
'export OS_NO_CACHE=\'true\'',
'export OS_TENANT_NAME=\'admin\'',
'export OS_USERNAME=\'admin\'',
'export OS_PASSWORD=\'admin\'',
'export OS_AUTH_URL=\'http://127.0.0.2:5000/v2.0/\'',
'export OS_AUTH_STRATEGY=\'keystone\'',
'export OS_REGION_NAME=\'RegionOne\'',
'export CINDER_ENDPOINT_TYPE=\'privateURL\'',
'export GLANCE_ENDPOINT_TYPE=\'privateURL\'',
'export KEYSTONE_ENDPOINT_TYPE=\'privateURL\'',
'export NOVA_ENDPOINT_TYPE=\'privateURL\'',
'export NEUTRON_ENDPOINT_TYPE=\'privateURL\''
])
end
end
describe "handle password and token with single quotes" do
let :params do
{
:admin_password => 'singlequote\'',
:keystone_admin_token => 'key\'stone'
}
end
it 'should create a openrc file' do
verify_contents(catalogue, '/root/openrc', [
'export OS_SERVICE_TOKEN=\'key\\\'stone\'',
'export OS_PASSWORD=\'singlequote\\\'\'',
])
end
end
end

145
spec/classes/openstack_cinder_all_spec.rb
View File

@ -1,145 +0,0 @@
require 'spec_helper'
describe 'openstack::cinder::all' do
let :params do
{
:db_password => 'db_password',
:rabbit_password => 'rabpass',
:keystone_password => 'user_pass'
}
end
let :facts do
{ :osfamily => 'Debian' }
end
it 'is_expected.to configure using the default values' do
is_expected.to contain_class('cinder').with(
:sql_connection => "mysql://cinder:#{params[:db_password]}@127.0.0.1/cinder?charset=utf8",
:sql_idle_timeout => '3600',
:rpc_backend => 'cinder.openstack.common.rpc.impl_kombu',
:rabbit_userid => 'openstack',
:rabbit_password => params[:rabbit_password],
:rabbit_host => '127.0.0.1',
:rabbit_port => '5672',
:rabbit_hosts => false,
:rabbit_virtual_host => '/',
:package_ensure => 'present',
:api_paste_config => '/etc/cinder/api-paste.ini',
:use_syslog => false,
:log_facility => 'LOG_USER',
:debug => false,
:verbose => false
)
is_expected.to contain_class('cinder::api').with(
:keystone_password => params[:keystone_password],
:keystone_enabled => true,
:keystone_user => 'cinder',
:keystone_auth_host => 'localhost',
:keystone_auth_port => '35357',
:keystone_auth_protocol => 'http',
:service_port => '5000',
:package_ensure => 'present',
:bind_host => '0.0.0.0',
:enabled => true
)
is_expected.to contain_class('cinder::scheduler').with(
:scheduler_driver => 'cinder.scheduler.simple.SimpleScheduler',
:package_ensure => 'present',
:enabled => true
)
is_expected.to contain_class('cinder::volume').with(
:package_ensure => 'present',
:enabled => true
)
is_expected.to contain_class('cinder::volume::iscsi').with(
:iscsi_ip_address => '127.0.0.1',
:volume_group => 'cinder-volumes'
)
is_expected.to contain_class('cinder::glance').with(
:glance_api_servers => '127.0.0.1:9292'
)
is_expected.to_not contain_class('cinder::setup_test_volume')
end
describe 'with manage_volumes set to false' do
before do
params.merge!(
:manage_volumes => false
)
end
it { is_expected.to_not contain_class('cinder::volume') }
end
describe 'with a volume driver other than iscsi' do
before do
params.merge!(
:volume_driver => 'netapp'
)
end
it { is_expected.to_not contain_class('cinder::volume::iscsi') }
end
describe 'with a volume driver other than rbd' do
before do
params.merge!(
:volume_driver => 'netapp'
)
end
it { is_expected.to_not contain_class('cinder::volume::rbd') }
end
describe 'with the rbd volume driver' do
before do
params.merge!(
:volume_driver => 'rbd'
)
end
it { is_expected.to contain_class('cinder::volume::rbd') }
end
describe 'when setting up test volumes for iscsi' do
before do
params.merge!(
:setup_test_volume => true
)
end
it { is_expected.to contain_class('cinder::setup_test_volume').with(
:volume_name => 'cinder-volumes'
)}
describe 'when volume_group is set' do
before do
params.merge!(:volume_group => 'foo')
end
it { is_expected.to contain_class('cinder::setup_test_volume').with(
:volume_name => 'foo'
)}
end
end
describe 'with custom syslog settings' do
before do
params.merge!(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
it { is_expected.to contain_class('cinder').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)}
end
context 'with unsupported db type' do
before do
params.merge!({:db_type => 'sqlite'})
end
it do
expect { catalogue }.to raise_error(Puppet::Error, /Unsupported db_type sqlite/)
end
end
end

84
spec/classes/openstack_cinder_controller_spec.rb
View File

@ -1,84 +0,0 @@
require 'spec_helper'
describe 'openstack::cinder::controller' do
let :params do
{
:db_password => 'db_password',
:rabbit_password => 'rabpass',
:keystone_password => 'user_pass'
}
end
let :facts do
{ :osfamily => 'RedHat' }
end
it 'should configure using the default values' do
is_expected.to contain_class('cinder').with(
:sql_connection => "mysql://cinder:#{params[:db_password]}@127.0.0.1/cinder?charset=utf8",
:sql_idle_timeout => '3600',
:rpc_backend => 'cinder.openstack.common.rpc.impl_kombu',
:rabbit_userid => 'guest',
:rabbit_password => params[:rabbit_password],
:rabbit_host => '127.0.0.1',
:rabbit_port => '5672',
:rabbit_hosts => false,
:rabbit_virtual_host => '/',
:package_ensure => 'present',
:api_paste_config => '/etc/cinder/api-paste.ini',
:use_syslog => false,
:log_facility => 'LOG_USER',
:debug => false,
:verbose => false
)
is_expected.to contain_class('cinder::api').with(
:keystone_password => params[:keystone_password],
:keystone_enabled => true,
:keystone_user => 'cinder',
:keystone_auth_host => 'localhost',
:keystone_auth_port => '35357',
:keystone_auth_protocol => 'http',
:service_port => '5000',
:package_ensure => 'present',
:bind_host => '0.0.0.0',
:enabled => true
)
is_expected.to contain_class('cinder::scheduler').with(
:scheduler_driver => 'cinder.scheduler.simple.SimpleScheduler',
:package_ensure => 'present',
:enabled => true
)
is_expected.to contain_class('cinder::glance').with(
:glance_api_servers => '127.0.0.1:9292'
)
end
describe 'with custom syslog settings' do
before do
params.merge!({
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
})
end
it do
is_expected.to contain_class('cinder').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
end
context 'with unsupported db type' do
before do
params.merge!({:db_type => 'sqlite'})
end
it do
expect { catalogue }.to raise_error(Puppet::Error, /Unsupported db_type sqlite/)
end
end
end

106
spec/classes/openstack_cinder_storage_spec.rb
View File

@ -1,106 +0,0 @@
require 'spec_helper'
describe 'openstack::cinder::storage' do
let :params do
{
:sql_connection => 'mysql://cinder:pass@127.0.0.1/cinder?charset=utf8',
:rabbit_password => 'rabpass'
}
end
let :facts do
{ :osfamily => 'RedHat' }
end
it 'should configure cinder and cinder::volume using defaults and required parameters' do
is_expected.to contain_class('cinder').with(
:sql_connection => params[:sql_connection],
:rabbit_userid => 'guest',
:rabbit_password => params[:rabbit_password],
:rabbit_host => '127.0.0.1',
:rabbit_port => '5672',
:rabbit_hosts => false,
:rabbit_virtual_host => '/',
:package_ensure => 'present',
:api_paste_config => '/etc/cinder/api-paste.ini',
:use_syslog => false,
:log_facility => 'LOG_USER',
:debug => false,
:verbose => false
)
is_expected.to contain_class('cinder::volume').with(
:package_ensure => 'present',
:enabled => true
)
is_expected.to contain_class('cinder::volume::iscsi').with(
:iscsi_ip_address => '127.0.0.1',
:volume_group => 'cinder-volumes'
)
is_expected.to contain_class('cinder::glance').with(
:glance_api_servers => '127.0.0.1:9292'
)
is_expected.to_not contain_class('cinder::setup_test_volume')
end
describe 'with a volume driver other than iscsi' do
before do
params.merge!(
:volume_driver => 'netapp'
)
end
it { is_expected.to_not contain_class('cinder::volume::iscsi') }
end
describe 'when setting up test volumes for iscsi' do
before do
params.merge!(
:setup_test_volume => true
)
end
it { is_expected.to contain_class('cinder::setup_test_volume').with(
:volume_name => 'cinder-volumes'
)}
describe 'when volume_group is set' do
before do
params.merge!(:volume_group => 'foo')
end
it { is_expected.to contain_class('cinder::setup_test_volume').with(
:volume_name => 'foo'
)}
end
end
describe 'when setting up test volumes for rbd' do
before do
params.merge!(
:volume_driver => 'rbd',
:rbd_user => 'rbd',
:rbd_pool => 'rbd_pool',
:rbd_secret_uuid => 'secret'
)
end
it { is_expected.to contain_class('cinder::volume::rbd').with(
:rbd_user => 'rbd',
:rbd_pool => 'rbd_pool',
:rbd_secret_uuid => 'secret'
) }
end
describe 'with custom syslog parameters' do
before do
params.merge!(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
it { is_expected.to contain_class('cinder').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
) }
end
end

47
spec/classes/openstack_client_spec.rb
View File

@ -1,47 +0,0 @@
require 'spec_helper'
describe 'openstack::client' do
let :facts do
{ :osfamily => 'Debian', :operatingsystem => 'Ubuntu' }
end
describe 'with default params' do
it { is_expected.to contain_class('ceilometer::client') }
it { is_expected.to contain_class('cinder::client') }
it { is_expected.to contain_class('glance::client') }
it { is_expected.to contain_class('keystone::client') }
it { is_expected.to contain_class('nova::client') }
it { is_expected.to contain_class('neutron::client') }
end
describe 'without ceilometer' do
let (:params) { {:ceilometer => false }}
it { is_expected.to_not contain_class('ceilometer::client') }
end
describe 'without cinder' do
let (:params) { {:cinder => false }}
it { is_expected.to_not contain_class('cinder::client') }
end
describe 'without glance' do
let (:params) { {:glance => false }}
it { is_expected.to_not contain_class('glance::client') }
end
describe 'without keystone' do
let (:params) { {:keystone => false }}
it { is_expected.to_not contain_class('keystone::client') }
end
describe 'without nova' do
let (:params) { {:nova => false }}
it { is_expected.to_not contain_class('nova::client') }
end
describe 'without neutron' do
let (:params) { {:neutron => false }}
it { is_expected.to_not contain_class('neutron::client') }
end
end

368
spec/classes/openstack_compute_spec.rb
View File

@ -1,368 +0,0 @@
require 'spec_helper'
describe 'openstack::compute' do
let :params do
{
:private_interface => 'eth0',
:internal_address => '127.0.0.2',
:nova_user_password => 'nova_pass',
:rabbit_password => 'rabbit_pw',
:rabbit_host => '127.0.0.1',
:rabbit_hosts => false,
:rabbit_virtual_host => '/',
:nova_admin_tenant_name => 'services',
:nova_admin_user => 'nova',
:enabled_apis => 'ec2,osapi_compute,metadata',
:nova_db_password => 'pass',
:cinder_db_password => 'cinder_pass',
:neutron => false,
:fixed_range => '10.0.0.0/16'
}
end
let :facts do
{
:operatingsystem => 'Ubuntu',
:osfamily => 'Debian',
}
end
describe "when using default class parameters" do
it {
is_expected.to contain_class('nova').with(
:sql_connection => 'mysql://nova:pass@127.0.0.1/nova',
:rabbit_host => '127.0.0.1',
:rabbit_hosts => false,
:rabbit_userid => 'openstack',
:rabbit_password => 'rabbit_pw',
:rabbit_virtual_host => '/',
:image_service => 'nova.image.glance.GlanceImageService',
:glance_api_servers => false,
:use_syslog => false,
:log_facility => 'LOG_USER',
:verbose => false
)
is_expected.to_not contain_resources('nova_config').with_purge(true)
is_expected.to contain_class('nova::compute').with(
:enabled => true,
:vnc_enabled => true,
:vncserver_proxyclient_address => '127.0.0.2',
:vncproxy_host => false,
:force_config_drive => false
)
is_expected.to contain_class('nova::compute::libvirt').with(
:libvirt_type => 'kvm',
:vncserver_listen => '127.0.0.2'
)
is_expected.to contain_nova_config('DEFAULT/multi_host').with( :value => false )
is_expected.to contain_nova_config('DEFAULT/send_arp_for_ha').with( :value => false )
is_expected.to_not contain_class('nova::api')
is_expected.to contain_class('nova::network').with({
:enabled => false,
:install_service => false,
:private_interface => 'eth0',
:public_interface => nil,
:fixed_range => '10.0.0.0/16',
:floating_range => false,
:network_manager => 'nova.network.manager.FlatDHCPManager',
:config_overrides => {},
:create_networks => false,
:enabled => false,
:install_service => false
})
is_expected.to contain_class('openstack::cinder::storage').with(
:sql_connection => 'mysql://cinder:cinder_pass@127.0.0.1/cinder',
:rabbit_password => 'rabbit_pw',
:rabbit_userid => 'openstack',
:rabbit_host => '127.0.0.1',
:rabbit_hosts => false,
:rabbit_virtual_host => '/',
:volume_group => 'cinder-volumes',
:iscsi_ip_address => '127.0.0.1',
:enabled => true,
:verbose => false,
:setup_test_volume => false,
:volume_driver => 'iscsi',
:use_syslog => false,
:log_facility => 'LOG_USER'
)
}
end
describe "when overriding parameters, but not enabling multi-host or volume management" do
before do
params.merge!(
:private_interface => 'eth1',
:internal_address => '127.0.0.1',
:public_interface => 'eth2',
:nova_user_password => 'nova_pass',
:nova_db_user => 'nova_user',
:nova_db_name => 'novadb',
:rabbit_host => 'my_host',
:rabbit_hosts => ['rabbit:5673', 'rabbit2:5674'],
:rabbit_password => 'my_rabbit_pw',
:rabbit_user => 'my_rabbit_user',
:rabbit_virtual_host => '/foo',
:glance_api_servers => ['controller:9292'],
:libvirt_type => 'qemu',
:vncproxy_host => '127.0.0.2',
:vnc_enabled => false,
:force_config_drive => true,
:verbose => true
)
end
it do
is_expected.to contain_class('nova').with(
:sql_connection => 'mysql://nova_user:pass@127.0.0.1/novadb',
:rabbit_host => 'my_host',
:rabbit_hosts => ['rabbit:5673', 'rabbit2:5674'],
:rabbit_userid => 'my_rabbit_user',
:rabbit_password => 'my_rabbit_pw',
:rabbit_virtual_host => '/foo',
:image_service => 'nova.image.glance.GlanceImageService',
:glance_api_servers => ['controller:9292'],
:verbose => true
)
is_expected.to contain_class('nova::compute').with(
:enabled => true,
:vnc_enabled => false,
:vncserver_proxyclient_address => '127.0.0.1',
:vncproxy_host => '127.0.0.2',
:force_config_drive => true
)
is_expected.to contain_class('nova::compute::libvirt').with(
:libvirt_type => 'qemu',
:vncserver_listen => '127.0.0.1'
)
is_expected.to contain_nova_config('DEFAULT/multi_host').with( :value => false )
is_expected.to contain_nova_config('DEFAULT/send_arp_for_ha').with( :value => false )
is_expected.to_not contain_class('nova::api')
is_expected.to contain_class('nova::network').with({
:enabled => false,
:install_service => false,
:private_interface => 'eth1',
:public_interface => 'eth2',
:create_networks => false,
:enabled => false,
:install_service => false
})
end
end
context 'with cinder' do
before do
params.merge!(
:manage_volumes => false
)
end
it { is_expected.to_not contain_class('openstack::cinder::storage') }
end
context 'with rbd storage' do
before do
params.merge!(
:cinder_volume_driver => 'rbd',
:cinder_rbd_user => 'volumes',
:cinder_rbd_pool => 'volumes'
)
end
it do
is_expected.to contain_class('openstack::cinder::storage').with(
:sql_connection => 'mysql://cinder:cinder_pass@127.0.0.1/cinder',
:rabbit_password => 'rabbit_pw',
:rabbit_userid => 'openstack',
:rabbit_host => '127.0.0.1',
:rabbit_virtual_host => '/',
:volume_group => 'cinder-volumes',
:iscsi_ip_address => '127.0.0.1',
:enabled => true,
:verbose => false,
:setup_test_volume => false,
:rbd_user => 'volumes',
:rbd_pool => 'volumes',
:volume_driver => 'rbd',
:use_syslog => false,
:log_facility => 'LOG_USER'
)
end
end
describe 'when neutron is false' do
describe 'configuring for multi host' do
before do
params.merge!(
:multi_host => true,
:public_interface => 'eth0',
:neutron => false
)
end
it 'should configure nova for multi-host' do
#is_expected.to contain_class('keystone::python')
is_expected.to contain_nova_config('DEFAULT/multi_host').with(:value => true)
is_expected.to contain_nova_config('DEFAULT/send_arp_for_ha').with( :value => true)
is_expected.to contain_class('nova::network').with({
'enabled' => true,
'install_service' => true
})
is_expected.to_not contain_class('openstack::neutron')
end
describe 'with defaults' do
it { is_expected.to contain_class('nova::api').with(
:enabled => true,
:admin_tenant_name => 'services',
:admin_user => 'nova',
:admin_password => 'nova_pass',
:enabled_apis => 'ec2,osapi_compute,metadata'
)}
end
end
describe 'when overriding network params' do
before do
params.merge!(
:multi_host => true,
:public_interface => 'eth0',
:manage_volumes => true,
:private_interface => 'eth1',
:public_interface => 'eth2',
:fixed_range => '12.0.0.0/24',
:network_manager => 'nova.network.manager.VlanManager',
:network_config => {'vlan_interface' => 'eth0'}
)
end
it { is_expected.to contain_class('nova::network').with({
:private_interface => 'eth1',
:public_interface => 'eth2',
:fixed_range => '12.0.0.0/24',
:floating_range => false,
:network_manager => 'nova.network.manager.VlanManager',
:config_overrides => {'vlan_interface' => 'eth0'},
:create_networks => false,
'enabled' => true,
'install_service' => true
})}
end
end
describe "when configuring for multi host without a public interface" do
before do
params.merge!( :multi_host => true )
end
it {
expect { is_expected.to raise_error(Puppet::Error) }
}
end
describe "when enabling volume management and using multi host" do
before do
params.merge!(
:multi_host => true,
:public_interface => 'eth0',
:manage_volumes => true
)
end
it {
is_expected.to contain_nova_config('DEFAULT/multi_host').with({ 'value' => true})
is_expected.to contain_class('nova::api')
is_expected.to contain_class('nova::network').with({
'enabled' => true,
'install_service' => true
})
}
end
describe 'when configuring neutron' do
before do
params.merge!(
:internal_address => '127.0.0.1',
:public_interface => 'eth3',
:neutron => true,
:keystone_host => '127.0.0.3',
:neutron_host => '127.0.0.2',
:ovs_enable_tunneling => true,
:neutron_user_password => 'neutron_user_password',
:neutron_firewall_driver => false
)
end
it 'should configure neutron' do
is_expected.to contain_class('openstack::neutron').with(
:db_host => '127.0.0.1',
:ovs_local_ip => params[:internal_address],
:rabbit_host => params[:rabbit_host],
:rabbit_hosts => params[:rabbit_hosts],
:rabbit_user => 'openstack',
:rabbit_password => params[:rabbit_password],
:enable_ovs_agent => true,
:ovs_enable_tunneling => params[:ovs_enable_tunneling],
:firewall_driver => params[:neutron_firewall_driver],
:enable_l3_agent => false,
:enable_dhcp_agent => false,
:auth_url => 'http://127.0.0.1:35357/v2.0',
:user_password => params[:neutron_user_password],
:keystone_host => params[:keystone_host],
:enabled => true,
:enable_server => false,
:use_syslog => false,
:log_facility => 'LOG_USER',
:verbose => false
)
is_expected.to contain_class('nova::compute::neutron').with(
:libvirt_vif_driver => 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver'
)
is_expected.to contain_class('nova::network::neutron').with(
:neutron_admin_password => 'neutron_user_password',
:neutron_auth_strategy => 'keystone',
:neutron_url => "http://127.0.0.2:9696",
:neutron_admin_tenant_name => 'services',
:neutron_admin_username => 'neutron',
:neutron_admin_auth_url => "http://127.0.0.3:35357/v2.0",
:security_group_api => 'neutron'
)
is_expected.to_not contain_class('neutron::server')
is_expected.to_not contain_class('neutron::plugins::ovs')
is_expected.to_not contain_class('neutron::agents::dhcp')
is_expected.to_not contain_class('neutron::agents::l3')
end
end
describe 'with custom syslog settings' do
before do
params.merge!({
:use_syslog => true,
:log_facility => 'LOG_LOCAL0',
:neutron => true,
:neutron_user_password => 'foobar'
})
end
it do
is_expected.to contain_class('nova').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
is_expected.to contain_class('openstack::neutron').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
is_expected.to contain_class('openstack::cinder::storage').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
end
end

916
spec/classes/openstack_controller_spec.rb
View File

@ -1,916 +0,0 @@
require 'spec_helper'
describe 'openstack::controller' do
# minimum set of default parameters
let :default_params do
{
:private_interface => 'eth0',
:public_interface => 'eth1',
:internal_address => '127.0.0.1',
:public_address => '10.0.0.1',
:admin_email => 'some_user@some_fake_email_address.foo',
:admin_password => 'ChangeMe',
:rabbit_password => 'rabbit_pw',
:rabbit_cluster_nodes => false,
:rabbit_virtual_host => '/',
:keystone_db_password => 'keystone_pass',
:keystone_admin_token => 'keystone_admin_token',
:keystone_token_driver => 'keystone.token.backends.sql.Token',
:keystone_host => '127.0.0.1',
:glance_registry_host => '0.0.0.0',
:glance_db_password => 'glance_pass',
:glance_user_password => 'glance_pass',
:nova_bind_address => '0.0.0.0',
:nova_db_password => 'nova_pass',
:nova_user_password => 'nova_pass',
:nova_memcached_servers => false,
:cinder_db_password => 'cinder_pass',
:cinder_user_password => 'cinder_pass',
:secret_key => 'secret_key',
:mysql_root_password => 'sql_pass',
:neutron => false,
:vncproxy_host => '10.0.0.1',
:nova_admin_tenant_name => 'services',
:nova_admin_user => 'nova',
:enabled_apis => 'ec2,osapi_compute,metadata',
:physical_network => 'default'
}
end
let :facts do
{
:operatingsystem => 'Ubuntu',
:osfamily => 'Debian',
:operatingsystemrelease => '12.04',
:puppetversion => '2.7.x',
:memorysize => '2GB',
:processorcount => '2',
:concat_basedir => '/var/lib/puppet/concat',
}
end
let :params do
default_params
end
context 'database' do
context 'with unsupported db type' do
let :params do
default_params.merge({:db_type => 'sqlite'})
end
it do
expect { catalogue }.to raise_error(Puppet::Error)
end
end
context 'with default mysql params' do
let :params do
default_params.merge(
:enabled => true,
:db_type => 'mysql',
:neutron => true,
:metadata_shared_secret => 'secret',
:bridge_interface => 'eth1',
:neutron_user_password => 'q_pass',
:neutron_db_password => 'q_db_pass',
:cinder => true
)
end
it 'should configure mysql server' do
expect(param_value(catalogue, 'class', 'mysql::server', 'enabled')).to eq(true)
config_hash = param_value(catalogue, 'class', 'mysql::server', 'config_hash')
expect(config_hash['bind_address']).to eq('0.0.0.0')
expect(config_hash['root_password']).to eq('sql_pass')
end
it 'should contain openstack db config' do
is_expected.to contain_class('keystone::db::mysql').with(
:user => 'keystone',
:password => 'keystone_pass',
:dbname => 'keystone',
:allowed_hosts => '%'
)
is_expected.to contain_class('glance::db::mysql').with(
:user => 'glance',
:password => 'glance_pass',
:dbname => 'glance',
:allowed_hosts => '%'
)
is_expected.to contain_class('nova::db::mysql').with(
:user => 'nova',
:password => 'nova_pass',
:dbname => 'nova',
:allowed_hosts => '%'
)
is_expected.to contain_class('cinder::db::mysql').with(
:user => 'cinder',
:password => 'cinder_pass',
:dbname => 'cinder',
:allowed_hosts => '%'
)
is_expected.to contain_class('neutron::db::mysql').with(
:user => 'neutron',
:password => 'q_db_pass',
:dbname => 'neutron',
:allowed_hosts => '%'
)
end
it { is_expected.to contain_class('mysql::server::account_security')}
end
context 'when cinder and neutron are false' do
let :params do
default_params.merge(
:neutron => false,
:cinder => false
)
end
it do
is_expected.to_not contain_class('neutron::db::mysql')
is_expected.to_not contain_class('cinder::db::mysql')
end
end
context 'when not enabled' do
let :params do
default_params.merge(
{:enabled => false}
)
end
it 'should configure mysql server' do
expect(param_value(catalogue, 'class', 'mysql::server', 'enabled')).to eq(false)
config_hash = param_value(catalogue, 'class', 'mysql::server', 'config_hash')
expect(config_hash['bind_address']).to eq('0.0.0.0')
expect(config_hash['root_password']).to eq('sql_pass')
end
['keystone', 'nova', 'glance', 'cinder', 'neutron'].each do |x|
it { is_expected.to_not contain_class("#{x}::db::mysql") }
end
end
context 'when account security is not enabled' do
let :params do
default_params.merge(
{:mysql_account_security => false}
)
end
it { is_expected.to_not contain_class('mysql::server::account_security')}
end
context 'with default SSL params, disabled' do
it 'SSL in mysql is_expected.to be disabled' do
config_hash = param_value(catalogue, 'class', 'mysql::server', 'config_hash')
expect(config_hash['ssl']).to eq(false)
end
end
context 'SSL is enabled' do
let :params do
default_params.merge(
:mysql_ssl => true,
:mysql_ca => '/etc/mysql/ca.pem',
:mysql_cert => '/etc/mysql/server.pem',
:mysql_key => '/etc/mysql/server.key'
)
end
it 'should configure mysql server' do
config_hash = param_value(catalogue, 'class', 'mysql::server', 'config_hash')
expect(config_hash['ssl']).to eq(true)
expect(config_hash['ssl_ca']).to eq('/etc/mysql/ca.pem')
expect(config_hash['ssl_cert']).to eq('/etc/mysql/server.pem')
expect(config_hash['ssl_key']).to eq('/etc/mysql/server.key')
end
end
end
context 'keystone' do
context 'with default params' do
let :params do
default_params
end
it 'should configure default keystone configuration' do
is_expected.to contain_class('openstack::keystone').with(
:swift => false,
:swift_user_password => false,
:swift_public_address => false,
:swift_internal_address => false,
:swift_admin_address => false,
:use_syslog => false,
:log_facility => 'LOG_USER'
)
is_expected.to contain_class('keystone').with(
:verbose => false,
:debug => false,
:catalog_type => 'sql',
:enabled => true,
:admin_token => 'keystone_admin_token',
:token_driver => 'keystone.token.backends.sql.Token',
:token_format => 'PKI',
:sql_connection => "mysql://keystone:keystone_pass@127.0.0.1/keystone"
)
is_expected.to contain_class('keystone::roles::admin').with(
:email => 'some_user@some_fake_email_address.foo',
:password => 'ChangeMe',
:admin_tenant => 'admin'
)
is_expected.to contain_class('keystone::endpoint').with(
:public_address => '10.0.0.1',
:public_protocol => 'http',
:internal_address => '127.0.0.1',
:admin_address => '127.0.0.1',
:region => 'RegionOne'
)
{
'nova' => 'nova_pass',
'cinder' => 'cinder_pass',
'glance' => 'glance_pass'
}.each do |type, pw|
is_expected.to contain_class("#{type}::keystone::auth").with(
:password => pw,
:public_address => '10.0.0.1',
:public_protocol => 'http',
:internal_address => '127.0.0.1',
:admin_address => '127.0.0.1',
:region => 'RegionOne'
)
end
end
context 'when configuring swift' do
before :each do
params.merge!(
:swift => true,
:swift_user_password => 'foo',
:swift_public_address => '10.0.0.2',
:swift_internal_address => '10.0.0.2',
:swift_admin_address => '10.0.0.2'
)
end
it 'should configure swift auth in keystone' do
is_expected.to contain_class('openstack::keystone').with(
:swift => true,
:swift_user_password => 'foo',
:swift_public_address => '10.0.0.2',
:swift_internal_address => '10.0.0.2',
:swift_admin_address => '10.0.0.2'
)
end
end
end
context 'when not enabled' do
let :params do
default_params.merge(:enabled => false)
end
it 'should not configure endpoints' do
is_expected.to contain_class('keystone').with(:enabled => false)
is_expected.to_not contain_class('keystone::roles::admin')
is_expected.to_not contain_class('keystone::endpoint')
is_expected.to_not contain_class('glance::keystone::auth')
is_expected.to_not contain_class('nova::keystone::auth')
end
end
context 'when public_protocol is set to https' do
let :params do
default_params.merge(:public_protocol => 'https')
end
it 'should propagate it to the endpoints' do
is_expected.to contain_class('keystone::endpoint').with(:public_protocol => 'https')
is_expected.to contain_class('glance::keystone::auth').with(:public_protocol => 'https')
is_expected.to contain_class('nova::keystone::auth').with(:public_protocol => 'https')
is_expected.to contain_class('cinder::keystone::auth').with(:public_protocol => 'https')
end
end
context 'with different public, internal and admin addresses' do
let :params do
default_params.merge(
:public_address => '1.1.1.1',
:internal_address => '2.2.2.2',
:admin_address => '3.3.3.3'
)
end
it 'should set addresses in subclasses' do
is_expected.to contain_class('keystone::endpoint').with(
:public_address => '1.1.1.1',
:internal_address => '2.2.2.2',
:admin_address => '3.3.3.3'
)
['nova', 'cinder', 'glance'].each do |type|
is_expected.to contain_class("#{type}::keystone::auth").with(
:public_address => '1.1.1.1',
:internal_address => '2.2.2.2',
:admin_address => '3.3.3.3'
)
end
end
end
context 'with mysql SSL enabled' do
let :params do
default_params.merge(
:mysql_ssl => true,
:mysql_ca => '/etc/mysql/ca.pem',
:mysql_cert => '/etc/mysql/server.pem',
:mysql_key => '/etc/mysql/server.key'
)
end
it 'should configure keystone with SSL mysql connection' do
is_expected.to contain_class('keystone').with(
:sql_connection => "mysql://keystone:keystone_pass@127.0.0.1/keystone?ssl_ca=/etc/mysql/ca.pem"
)
end
end
end
it do
is_expected.to contain_class('memcached').with(
:listen_ip => '127.0.0.1'
)
end
context 'config for glance' do
context 'when enabled' do
it 'should contain enabled glance with defaults' do
is_expected.to contain_class('openstack::glance').with(
:verbose => false,
:debug => false,
:registry_host => '0.0.0.0',
:enabled => true,
:use_syslog => false,
:log_facility => 'LOG_USER'
)
is_expected.to contain_class('glance::api').with(
:verbose => false,
:debug => false,
:auth_type => 'keystone',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'glance_pass',
:registry_host => '0.0.0.0',
:sql_connection => 'mysql://glance:glance_pass@127.0.0.1/glance',
:enabled => true
)
is_expected.to contain_class('glance::registry').with(
:verbose => false,
:debug => false,
:auth_type => 'keystone',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'glance_pass',
:sql_connection => "mysql://glance:glance_pass@127.0.0.1/glance",
:enabled => true
)
is_expected.to contain_class('glance::backend::file')
end
end
context 'when not enabled' do
let :params do
default_params.merge(:enabled => false)
end
it 'should disable glance services' do
is_expected.to contain_class('glance::api').with(
:enabled => false
)
is_expected.to contain_class('glance::registry').with(
:enabled => false
)
end
end
context 'when params are overridden' do
let :params do
default_params.merge(
:verbose => false,
:debug => false,
:glance_registry_host => '127.0.0.2',
:glance_user_password => 'glance_pass2',
:glance_db_password => 'glance_pass3',
:db_host => '127.0.0.2',
:sql_idle_timeout => '30',
:glance_db_user => 'dan',
:glance_db_dbname => 'name',
:glance_backend => 'rbd',
:glance_rbd_store_user => 'myuser',
:glance_rbd_store_pool => 'mypool',
:db_host => '127.0.0.2',
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
it 'should override params for glance' do
is_expected.to contain_class('openstack::glance').with(
:verbose => false,
:debug => false,
:registry_host => '127.0.0.2',
:enabled => true,
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
is_expected.to contain_class('glance::api').with(
:verbose => false,
:debug => false,
:registry_host => '127.0.0.2',
:auth_type => 'keystone',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'glance_pass2',
:sql_connection => 'mysql://dan:glance_pass3@127.0.0.2/name',
:sql_idle_timeout => '30'
)
is_expected.to contain_class('glance::registry').with(
:verbose => false,
:debug => false,
:auth_type => 'keystone',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'glance_pass2',
:sql_connection => "mysql://dan:glance_pass3@127.0.0.2/name"
)
end
end
context 'when the RBD backend is configured' do
let :params do
default_params.merge(
:glance_backend => 'rbd',
:glance_rbd_store_user => 'myuser',
:glance_rbd_store_pool => 'mypool'
)
is_expected.to contain_class('glance::backend::rbd').with(
:rbd_store_user => 'myuser',
:rbd_store_pool => 'mypool'
)
end
end
context 'with mysql SSL enabled' do
let :params do
default_params.merge(
:mysql_ssl => true,
:mysql_ca => '/etc/mysql/ca.pem',
:mysql_cert => '/etc/mysql/server.pem',
:mysql_key => '/etc/mysql/server.key'
)
end
it 'should configure glance with SSL mysql connection' do
is_expected.to contain_class('glance::api').with(
:sql_connection => "mysql://glance:glance_pass@127.0.0.1/glance?ssl_ca=/etc/mysql/ca.pem"
)
end
end
end
context 'config for nova' do
let :facts do
{
:operatingsystem => 'Ubuntu',
:osfamily => 'Debian',
:operatingsystemrelease => '12.04',
:puppetversion => '2.7.x',
:memorysize => '2GB',
:processorcount => '2',
:concat_basedir => '/var/lib/puppet/concat',
}
end
context 'with default params' do
it 'should contain enabled nova services' do
is_expected.to contain_class('openstack::nova::controller').with(
:db_host => '127.0.0.1',
:sql_idle_timeout => '3600',
:network_manager => 'nova.network.manager.FlatDHCPManager',
:network_config => {},
:floating_range => false,
:fixed_range => '10.0.0.0/24',
:public_address => '10.0.0.1',
:admin_address => false,
:internal_address => '127.0.0.1',
:auto_assign_floating_ip => false,
:create_networks => true,
:num_networks => 1,
:multi_host => false,
:public_interface => 'eth1',
:private_interface => 'eth0',
:neutron => false,
:neutron_user_password => false,
:metadata_shared_secret => false,
:security_group_api => 'neutron',
:nova_admin_tenant_name => 'services',
:nova_admin_user => 'nova',
:nova_user_password => 'nova_pass',
:nova_db_password => 'nova_pass',
:nova_db_user => 'nova',
:nova_db_dbname => 'nova',
:enabled_apis => 'ec2,osapi_compute,metadata',
:api_bind_address => '0.0.0.0',
:rabbit_user => 'openstack',
:rabbit_password => 'rabbit_pw',
:rabbit_hosts => false,
:rabbit_cluster_nodes => false,
:rabbit_virtual_host => '/',
:glance_api_servers => nil,
:vnc_enabled => true,
:vncproxy_host => '10.0.0.1',
:use_syslog => false,
:log_facility => 'LOG_USER',
:debug => false,
:verbose => false,
:enabled => true
)
is_expected.to_not contain_resources('nova_config').with_purge(true)
is_expected.to contain_class('nova::rabbitmq').with(
:userid => 'openstack',
:password => 'rabbit_pw',
:cluster_disk_nodes => false,
:virtual_host => '/',
:enabled => true
)
is_expected.to contain_class('nova').with(
:sql_connection => 'mysql://nova:nova_pass@127.0.0.1/nova',
:rabbit_host => '127.0.0.1',
:rabbit_hosts => false,
:rabbit_userid => 'openstack',
:rabbit_password => 'rabbit_pw',
:rabbit_virtual_host => '/',
:image_service => 'nova.image.glance.GlanceImageService',
:glance_api_servers => '10.0.0.1:9292',
:debug => false,
:verbose => false,
:memcached_servers => false
)
is_expected.to contain_class('nova::api').with(
:enabled => true,
:admin_tenant_name => 'services',
:admin_user => 'nova',
:admin_password => 'nova_pass',
:enabled_apis => 'ec2,osapi_compute,metadata',
:auth_host => '127.0.0.1',
:api_bind_address => '0.0.0.0'
)
is_expected.to contain_class('nova::cert').with(:enabled => true)
is_expected.to contain_class('nova::consoleauth').with(:enabled => true)
is_expected.to contain_class('nova::scheduler').with(:enabled => true)
is_expected.to contain_class('nova::objectstore').with(:enabled => true)
is_expected.to contain_class('nova::conductor').with(:enabled => true)
is_expected.to contain_class('nova::vncproxy').with(
:enabled => true,
:host => '10.0.0.1'
)
end
it { is_expected.to_not contain_nova_config('DEFAULT/auto_assign_floating_ip') }
end
context 'when auto assign floating ip is assigned' do
let :params do
default_params.merge(:auto_assign_floating_ip => true)
end
it { is_expected.to contain_nova_config('DEFAULT/auto_assign_floating_ip').with(:value => true)}
end
context 'when not enabled' do
let :params do
default_params.merge(:enabled => false)
end
it 'should disable everything' do
is_expected.to contain_class('nova::rabbitmq').with(:enabled => false)
is_expected.to contain_class('nova::api').with(:enabled => false)
is_expected.to contain_class('nova::cert').with(:enabled => false)
is_expected.to contain_class('nova::consoleauth').with(:enabled => false)
is_expected.to contain_class('nova::scheduler').with(:enabled => false)
is_expected.to contain_class('nova::objectstore').with(:enabled => false)
is_expected.to contain_class('nova::vncproxy').with(:enabled => false)
end
end
context 'when params are overridden' do
let :params do
default_params.merge(
:sql_idle_timeout => '30',
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
it 'should override params for nova' do
is_expected.to contain_class('openstack::nova::controller').with(
:sql_idle_timeout => '30',
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
is_expected.to contain_class('nova').with(
:sql_idle_timeout => '30'
)
end
end
end
context 'config for horizon' do
it 'should contain enabled horizon' do
is_expected.to contain_class('horizon').with(
:secret_key => 'secret_key',
:cache_server_ip => '127.0.0.1',
:cache_server_port => '11211',
:horizon_app_links => false,
:keystone_host => '127.0.0.1'
)
end
describe 'when horizon is disabled' do
let :params do
default_params.merge(:horizon => false)
end
it { is_expected.to_not contain_class('horizon') }
end
end
context 'cinder' do
context 'when disabled' do
let :params do
default_params.merge(:cinder => false)
end
it 'should not contain cinder classes' do
is_expected.to_not contain_class('openstack::cinder::all')
is_expected.to_not contain_class('cinder')
is_expected.to_not contain_class('cinder::api')
is_expected.to_not contain_class('cinder::scheduler')
is_expected.to_not contain_class('cinder::volume')
end
end
context 'when enabled' do
let :params do
default_params
end
it 'should configure cinder using defaults' do
is_expected.to contain_class('openstack::cinder::all').with(
:bind_host => '0.0.0.0',
:sql_idle_timeout => '3600',
:keystone_password => 'cinder_pass',
:rabbit_userid => 'openstack',
:rabbit_password => 'rabbit_pw',
:rabbit_host => '127.0.0.1',
:rabbit_hosts => false,
:db_password => 'cinder_pass',
:db_dbname => 'cinder',
:db_user => 'cinder',
:db_type => 'mysql',
:db_host => '127.0.0.1',
:manage_volumes => false,
:volume_group => 'cinder-volumes',
:setup_test_volume => false,
:iscsi_ip_address => '127.0.0.1',
:use_syslog => false,
:log_facility => 'LOG_USER',
:enabled => true,
:debug => false,
:verbose => false
)
is_expected.to contain_class('cinder').with(
:debug => false,
:verbose => false,
:sql_connection => 'mysql://cinder:cinder_pass@127.0.0.1/cinder?charset=utf8',
:rabbit_password => 'rabbit_pw'
)
is_expected.to contain_class('cinder::api').with_keystone_password('cinder_pass')
is_expected.to contain_class('cinder::scheduler')
end
end
context 'when overriding config' do
let :params do
default_params.merge(
:debug => true,
:verbose => true,
:rabbit_host => '127.0.0.1',
:rabbit_hosts => false,
:rabbit_user => 'rabbituser',
:rabbit_password => 'rabbit_pw2',
:cinder_user_password => 'foo',
:cinder_db_password => 'bar',
:cinder_db_user => 'baz',
:cinder_db_dbname => 'blah',
:sql_idle_timeout => '30',
:db_host => '127.0.0.2',
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
it 'should configure cinder using custom parameters' do
is_expected.to contain_class('openstack::cinder::all').with(
:sql_idle_timeout => '30',
:keystone_password => 'foo',
:rabbit_userid => 'rabbituser',
:rabbit_password => 'rabbit_pw2',
:rabbit_host => '127.0.0.1',
:rabbit_hosts => false,
:db_password => 'bar',
:db_dbname => 'blah',
:db_user => 'baz',
:db_type => 'mysql',
:db_host => '127.0.0.2',
:use_syslog => true,
:log_facility => 'LOG_LOCAL0',
:debug => true,
:verbose => true
)
is_expected.to contain_class('cinder').with(
:debug => true,
:verbose => true,
:sql_connection => 'mysql://baz:bar@127.0.0.2/blah?charset=utf8',
:sql_idle_timeout => '30',
:rabbit_password => 'rabbit_pw2',
:rabbit_userid => 'rabbituser'
)
is_expected.to contain_class('cinder::api').with_keystone_password('foo')
is_expected.to contain_class('cinder::scheduler')
end
end
end
context 'network config' do
context 'when neutron' do
let :params do
default_params.merge({
:neutron => true,
:debug => true,
:verbose => true,
:sql_idle_timeout => '30',
:neutron_user_password => 'q_pass',
:bridge_interface => 'eth_27',
:allow_overlapping_ips => false,
:internal_address => '10.0.0.3',
:neutron_db_password => 'q_db_pass',
:metadata_shared_secret => 'secret',
:external_bridge_name => 'br-ex'
})
end
context 'when ovs is not enabled' do
let :params do
default_params.merge({
:enable_ovs_agent => false,
:neutron => true,
:neutron_user_password => 'q_pass',
:allow_overlapping_ips => false,
:internal_address => '10.0.0.3',
:neutron_db_password => 'q_db_pass',
:metadata_shared_secret => 'secret',
:external_bridge_name => 'br-ex'
})
end
it 'should not fail when required ovs parameters are not set' do
is_expected.to contain_class('openstack::controller')
end
end
it { is_expected.to_not contain_class('nova::network') }
it { is_expected.to contain_class('nova::network::neutron').with(:security_group_api => 'neutron') }
it 'should configure neutron' do
is_expected.to contain_class('openstack::neutron').with(
:db_host => '127.0.0.1',
:sql_idle_timeout => '30',
:rabbit_host => '127.0.0.1',
:rabbit_hosts => false,
:rabbit_user => 'openstack',
:rabbit_password => 'rabbit_pw',
:rabbit_virtual_host => '/',
:tenant_network_type => 'gre',
:ovs_enable_tunneling => true,
:allow_overlapping_ips => false,
:ovs_local_ip => '10.0.0.3',
:bridge_uplinks => ["br-ex:eth_27"],
:bridge_mappings => ["default:br-ex"],
:enable_ovs_agent => true,
:firewall_driver => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
:db_name => 'neutron',
:db_user => 'neutron',
:db_password => 'q_db_pass',
:enable_dhcp_agent => true,
:enable_l3_agent => true,
:enable_metadata_agent => true,
:auth_url => 'http://127.0.0.1:35357/v2.0',
:user_password => 'q_pass',
:shared_secret => 'secret',
:keystone_host => '127.0.0.1',
:enabled => true,
:enable_server => true,
:use_syslog => false,
:log_facility => 'LOG_USER',
:debug => true,
:verbose => true
)
end
end
context 'when nova network' do
context 'when multi-host is not set' do
let :params do
default_params.merge(:neutron => false, :multi_host => false)
end
it {is_expected.to contain_class('nova::network').with(
:private_interface => 'eth0',
:public_interface => 'eth1',
:fixed_range => '10.0.0.0/24',
:floating_range => false,
:network_manager => 'nova.network.manager.FlatDHCPManager',
:config_overrides => {},
:create_networks => true,
:num_networks => 1,
:enabled => true,
:install_service => true
)}
end
context 'when multi-host is set' do
let :params do
default_params.merge(:neutron => false, :multi_host => true)
end
it { is_expected.to contain_nova_config('DEFAULT/multi_host').with(:value => true)}
it {is_expected.to contain_class('nova::network').with(
:create_networks => true,
:enabled => true,
:install_service => true
)}
end
end
end
end

177
spec/classes/openstack_glance_spec.rb
View File

@ -1,177 +0,0 @@
require 'spec_helper'
describe 'openstack::glance' do
let :facts do
{
:operatingsystem => 'Ubuntu',
:osfamily => 'Debian'
}
end
let :params do
{
:user_password => 'glance_user_pass',
:db_password => 'glance_db_pass',
:keystone_host => '127.0.1.1'
}
end
describe 'with only required parameters' do
it 'should configure with applicable defaults' do
is_expected.to contain_class('glance::api').with(
:verbose => false,
:debug => false,
:registry_host => '0.0.0.0',
:bind_host => '0.0.0.0',
:auth_type => 'keystone',
:auth_port => '35357',
:auth_host => '127.0.1.1',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'glance_user_pass',
:sql_connection => 'mysql://glance:glance_db_pass@127.0.0.1/glance',
:sql_idle_timeout => '3600',
:use_syslog => false,
:log_facility => 'LOG_USER',
:enabled => true
)
is_expected.to contain_class('glance::registry').with(
:verbose => false,
:debug => false,
:bind_host => '0.0.0.0',
:auth_host => '127.0.1.1',
:auth_port => '35357',
:auth_type => 'keystone',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'glance_user_pass',
:sql_connection => 'mysql://glance:glance_db_pass@127.0.0.1/glance',
:sql_idle_timeout => '3600',
:use_syslog => false,
:log_facility => 'LOG_USER',
:enabled => true
)
is_expected.to contain_class('glance::backend::file')
end
end
describe 'with an invalid db_type' do
before do
params.merge!(:db_type => 'sqlite' )
end
it 'should fail' do
expect { catalogue }.to raise_error(Puppet::Error, /db_type sqlite is not supported/)
end
end
describe 'with an invalid backend' do
before do
params.merge!(:backend => 'ceph')
end
it 'should fail' do
expect { catalogue }.to raise_error(Puppet::Error, /Unsupported backend ceph/)
end
end
describe 'when configuring swift as the backend' do
before do
params.merge!({
:backend => 'swift',
:swift_store_user => 'dan',
:swift_store_key => '123'
})
end
it 'should configure swift as the backend' do
is_expected.to_not contain_class('glance::backend::file')
is_expected.to contain_class('glance::backend::swift').with(
:swift_store_user => 'dan',
:swift_store_key => '123',
:swift_store_auth_address => 'http://127.0.0.1:5000/v2.0/',
:swift_store_create_container_on_put => true
)
end
describe 'user key must be set' do
before do
params.delete(:swift_store_key)
end
it 'should fail' do
expect do
catalogue
end.to raise_error(Puppet::Error, /swift_store_key must be set when configuring swift/)
end
end
describe 'user name must be set' do
before do
params.delete(:swift_store_user)
end
it 'should fail' do
expect do
catalogue
end.to raise_error(Puppet::Error, /swift_store_user must be set when configuring swift/)
end
end
end
describe 'when configuring rbd as the backend' do
before do
params.merge!({
:backend => 'rbd',
:rbd_store_user => 'don',
:rbd_store_pool => 'images'
})
end
it 'should configure rbd as the backend' do
is_expected.to_not contain_class('glance::backend::file')
is_expected.to_not contain_class('glance::backend::swift')
is_expected.to contain_class('glance::backend::rbd').with(
:rbd_store_user => 'don',
:rbd_store_pool => 'images'
)
end
end
describe 'when configuring mysql with SSL' do
before do
params.merge!({
:db_ssl => true,
:db_ssl_ca => '/etc/mysql/ca.pem'
})
end
it 'should configure mysql properly' do
is_expected.to contain_class('glance::registry').with(
:sql_connection => 'mysql://glance:glance_db_pass@127.0.0.1/glance?ssl_ca=/etc/mysql/ca.pem'
)
end
end
describe 'with custom syslog settings' do
before do
params.merge!({
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
})
end
it 'should set parameters in included classes' do
is_expected.to contain_class('glance::api').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
is_expected.to contain_class('glance::registry').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
end
end

77
spec/classes/openstack_horizon_spec.rb
View File

@ -1,77 +0,0 @@
require 'spec_helper'
describe 'openstack::horizon' do
let :required_params do
{ :secret_key => 'super_secret' }
end
let :params do
required_params
end
let :facts do
{
:osfamily => 'RedHat',
:memorysize => '1GB',
:processorcount => '1',
:concat_basedir => '/tmp',
:operatingsystemrelease => '5'
}
end
it 'should configure horizon and memcache using default parameters and secret key' do
is_expected.to contain_class('memcached').with(
:listen_ip => '127.0.0.1',
:tcp_port => '11211',
:udp_port => '11211'
)
is_expected.to contain_class('horizon').with(
:cache_server_ip => '127.0.0.1',
:cache_server_port => '11211',
:secret_key => 'super_secret',
:horizon_app_links => false,
:keystone_host => '127.0.0.1',
:keystone_scheme => 'http',
:keystone_default_role => '_member_',
:django_debug => 'False',
:api_result_limit => 1000
)
end
context 'when memcached is disabled' do
let :params do
required_params.merge(
:configure_memcached => false
)
end
it 'should configure horizon without memcached using default parameters and secret key' do
is_expected.to_not contain_class('memcached')
is_expected.to contain_class('horizon').with(
:cache_server_ip => '127.0.0.1',
:cache_server_port => '11211',
:secret_key => 'super_secret',
:horizon_app_links => false,
:keystone_host => '127.0.0.1',
:keystone_scheme => 'http',
:keystone_default_role => '_member_',
:django_debug => 'False',
:api_result_limit => 1000
)
end
end
context 'when memcached listen ip is overridden' do
let :params do
required_params.merge(
:configure_memcached => true,
:memcached_listen_ip => '10.10.10.10'
)
end
it 'should override params for memcached' do
is_expected.to contain_class('memcached').with(
:listen_ip => '10.10.10.10'
)
end
end
end

192
spec/classes/openstack_keystone_spec.rb
View File

@ -1,192 +0,0 @@
require 'spec_helper'
describe 'openstack::keystone' do
# set the parameters that absolutely must be set for the class to even compile
let :required_params do
{
:admin_token => 'token',
:db_password => 'pass',
:admin_password => 'pass',
:glance_user_password => 'pass',
:nova_user_password => 'pass',
:cinder_user_password => 'pass',
:neutron_user_password => 'pass',
:public_address => '127.0.0.1',
:db_host => '127.0.0.1',
:admin_email => 'root@localhost'
}
end
# set the class parameters to only be those that are required
let :params do
required_params
end
let :facts do
{ :osfamily => 'Debian', :operatingsystem => 'Ubuntu' }
end
describe 'with only required params (and defaults for everything else)' do
it 'should configure keystone and all default endpoints' do
is_expected.to contain_class('keystone').with(
:verbose => false,
:debug => false,
:bind_host => '0.0.0.0',
:idle_timeout => '200',
:catalog_type => 'sql',
:admin_token => 'token',
:token_format => 'PKI',
:enabled => true,
:token_driver => 'keystone.token.backends.sql.Token',
:sql_connection => 'mysql://keystone:pass@127.0.0.1/keystone',
:use_syslog => false,
:log_facility => 'LOG_USER'
)
[ 'glance', 'cinder', 'neutron' ].each do |type|
is_expected.to contain_class("#{type}::keystone::auth").with(
:password => params["#{type}_user_password".intern],
:public_address => params[:public_address],
:admin_address => params[:public_address],
:internal_address => params[:public_address],
:region => 'RegionOne'
)
end
is_expected.to contain_class('nova::keystone::auth').with(
:password => params[:nova_user_password],
:public_address => params[:public_address],
:admin_address => params[:public_address],
:internal_address => params[:public_address],
:region => 'RegionOne'
)
end
end
describe 'without nova' do
let :params do
required_params.merge(:nova => false)
end
it { is_expected.to_not contain_class('nova::keystone::auth') }
end
describe 'without swift' do
it { is_expected.to_not contain_class('swift::keystone::auth') }
end
describe 'swift' do
describe 'without password' do
let :params do
required_params.merge(:swift => true)
end
it 'should fail when the password is not set' do
expect do
catalogue
end.to raise_error(Puppet::Error)
end
end
describe 'with password' do
let :params do
required_params.merge(:swift => true, :swift_user_password => 'dude')
end
it do
is_expected.to contain_class('swift::keystone::auth').with(
:password => 'dude',
:region => 'RegionOne'
)
end
end
end
describe 'without heat' do
it { is_expected.to_not contain_class('heat::keystone::auth') }
end
describe 'heat' do
describe 'without password' do
let :params do
required_params.merge(:heat => true)
end
it 'should fail when the password is not set' do
expect do
catalogue
end.to raise_error(Puppet::Error)
end
end
describe 'with password' do
let :params do
required_params.merge(:heat => true, :heat_user_password => 'dude')
end
it do
is_expected.to contain_class('heat::keystone::auth').with(
:password => 'dude',
:public_address => '127.0.0.1',
:region => 'RegionOne'
)
end
end
end
describe 'without heat_cfn' do
it { is_expected.to_not contain_class('heat::keystone::auth_cfn') }
end
describe 'heat_cfn' do
describe 'without password' do
let :params do
required_params.merge(:heat_cfn => true)
end
it 'should fail when the password is not set' do
expect do
catalogue
end.to raise_error(Puppet::Error)
end
end
describe 'with password' do
let :params do
required_params.merge(:heat_cfn => true, :heat_cfn_user_password => 'dude')
end
it do
is_expected.to contain_class('heat::keystone::auth_cfn').with(
:password => 'dude',
:public_address => '127.0.0.1',
:region => 'RegionOne'
)
end
end
end
describe 'when configuring mysql with SSL' do
let :params do
required_params.merge(
:db_ssl => true,
:db_ssl_ca => '/etc/mysql/ca.pem'
)
end
it 'should configure mysql properly' do
is_expected.to contain_class('keystone').with(
:sql_connection => 'mysql://keystone:pass@127.0.0.1/keystone?ssl_ca=/etc/mysql/ca.pem'
)
end
end
describe 'with custom syslog settings' do
let :params do
required_params.merge(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
it 'should set parameters in included classes' do
is_expected.to contain_class('keystone').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
end
end

153
spec/classes/openstack_neutron_spec.rb
View File

@ -1,153 +0,0 @@
require 'spec_helper'
describe 'openstack::neutron' do
let :facts do
{:osfamily => 'RedHat'}
end
let :params do
{
:user_password => 'q_user_pass',
:rabbit_password => 'rabbit_pass',
:db_password => 'bar'
}
end
context 'install neutron with default settings' do
before do
params.delete(:db_password)
end
it 'should fail b/c database password is required' do
expect do
catalogue
end.to raise_error(Puppet::Error, /db password must be set/)
end
end
context 'install neutron with default and database password' do
it 'should perform default configuration' do
is_expected.to contain_class('neutron').with(
:enabled => true,
:bind_host => '0.0.0.0',
:rabbit_host => '127.0.0.1',
:rabbit_hosts => false,
:rabbit_virtual_host => '/',
:rabbit_user => 'rabbit_user',
:rabbit_password => 'rabbit_pass',
:use_syslog => false,
:log_facility => 'LOG_USER',
:allow_overlapping_ips => false,
:verbose => false,
:debug => false
)
is_expected.to contain_class('neutron::server').with(
:auth_host => '127.0.0.1',
:auth_password => 'q_user_pass'
)
is_expected.to contain_class('neutron::plugins::ovs').with(
:sql_connection => "mysql://neutron:bar@127.0.0.1/neutron?charset=utf8",
:tenant_network_type => 'gre'
)
end
end
context 'when server is disabled' do
before do
params.merge!(:enable_server => false)
end
it 'should not configure server' do
is_expected.to_not contain_class('neutron::server')
is_expected.to_not contain_class('neutron::plugins::ovs')
end
end
context 'when ovs agent is enabled with all required params' do
before do
params.merge!(
:enable_ovs_agent => true,
:bridge_uplinks => ['br-ex:eth0'],
:bridge_mappings => ['default:br-ex'],
:ovs_local_ip => '10.0.0.2'
)
end
it { is_expected.to contain_class('neutron::agents::ovs').with(
:bridge_uplinks => ['br-ex:eth0'],
:bridge_mappings => ['default:br-ex'],
:enable_tunneling => true,
:local_ip => '10.0.0.2',
:firewall_driver => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
)}
end
context 'when dhcp agent is enabled' do
before do
params.merge!(:enable_dhcp_agent => true)
end
it { is_expected.to contain_class('neutron::agents::dhcp').with(
:use_namespaces => true,
:debug => false
) }
end
context 'when l3 agent is enabled' do
before do
params.merge!(:enable_l3_agent => true)
end
it { is_expected.to contain_class('neutron::agents::l3').with(
:use_namespaces => true,
:debug => false
) }
end
context 'when metadata agent is enabled' do
before do
params.merge!(
:enable_metadata_agent => true
)
end
it 'should fail' do
expect do
catalogue
end.to raise_error(Puppet::Error, /metadata_shared_secret parameter must be set/)
end
context 'with a shared secret' do
before do
params.merge!(
:shared_secret => 'foo'
)
end
it { is_expected.to contain_class('neutron::agents::metadata').with(
:auth_password => 'q_user_pass',
:shared_secret => 'foo',
:auth_url => 'http://localhost:35357/v2.0',
:metadata_ip => '127.0.0.1',
:debug => false
) }
end
end
context 'with custom syslog settings' do
before do
params.merge!(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
it { is_expected.to contain_class('neutron').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
) }
end
context 'with invalid db_type' do
before do
params.merge!(:db_type => 'foo', :db_password => 'bar')
end
it 'should fail' do
expect do
catalogue
end.to raise_error(Puppet::Error, /Unsupported db type: foo./)
end
end
end

131
spec/classes/openstack_nova_controller_spec.rb
View File

@ -1,131 +0,0 @@
require 'spec_helper'
describe 'openstack::nova::controller' do
let :default_params do
{
:public_address => '127.0.0.1',
:db_host => '127.0.0.1',
:api_bind_address => '0.0.0.0',
:rabbit_password => 'rabbit_pass',
:nova_user_password => 'nova_user_pass',
:neutron_user_password => 'neutron_user_pass',
:nova_db_password => 'nova_db_pass',
:neutron => true,
:memcached_servers => false,
:metadata_shared_secret => 'secret'
}
end
let :facts do
{:osfamily => 'Debian' }
end
let :params do
default_params
end
it { is_expected.to contain_class('openstack::nova::controller') }
context 'when configuring neutron' do
it 'should configure nova with neutron' do
is_expected.to contain_class('nova::rabbitmq').with(
:userid => 'openstack',
:password => 'rabbit_pass',
:enabled => true,
:cluster_disk_nodes => false,
:virtual_host => '/'
)
is_expected.to contain_class('nova').with(
:sql_connection => 'mysql://nova:nova_db_pass@127.0.0.1/nova',
:rabbit_userid => 'openstack',
:rabbit_password => 'rabbit_pass',
:rabbit_virtual_host => '/',
:image_service => 'nova.image.glance.GlanceImageService',
:glance_api_servers => '127.0.0.1:9292',
:debug => false,
:verbose => false,
:rabbit_hosts => false,
:rabbit_host => '127.0.0.1',
:memcached_servers => false,
:use_syslog => false,
:log_facility => 'LOG_USER'
)
is_expected.to contain_class('nova::api').with(
:enabled => true,
:admin_tenant_name => 'services',
:admin_user => 'nova',
:admin_password => 'nova_user_pass',
:enabled_apis => 'ec2,osapi_compute,metadata',
:api_bind_address => '0.0.0.0',
:auth_host => '127.0.0.1',
:neutron_metadata_proxy_shared_secret => 'secret'
)
is_expected.to contain_class('nova::network::neutron').with(
:neutron_admin_password => 'neutron_user_pass',
:neutron_auth_strategy => 'keystone',
:neutron_url => "http://127.0.0.1:9696",
:neutron_admin_tenant_name => 'services',
:neutron_admin_username => 'neutron',
:neutron_admin_auth_url => "http://127.0.0.1:35357/v2.0",
:security_group_api => 'neutron'
)
['nova::scheduler', 'nova::objectstore', 'nova::cert', 'nova::consoleauth', 'nova::conductor'].each do |x|
is_expected.to contain_class(x).with_enabled(true)
end
is_expected.to contain_class('nova::vncproxy').with(
:host => '127.0.0.1',
:enabled => true
)
end
end
context 'when configuring memcached' do
let :params do
default_params.merge(
:memcached_servers => ['memcached01:11211', 'memcached02:11211']
)
end
it 'should configure nova with memcached' do
is_expected.to contain_class('nova').with(
:memcached_servers => ['memcached01:11211', 'memcached02:11211']
)
end
end
context 'when configuring SSL' do
let :params do
default_params.merge(
:db_ssl => true,
:db_ssl_ca => '/etc/mysql/ca.pem'
)
end
it 'should configure SSL' do
is_expected.to contain_class('nova').with(
:sql_connection => 'mysql://nova:nova_db_pass@127.0.0.1/nova?ssl_ca=/etc/mysql/ca.pem'
)
end
end
context 'with custom syslog settings' do
let :params do
default_params.merge(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
it do
is_expected.to contain_class('nova').with(
:use_syslog => true,
:log_facility => 'LOG_LOCAL0'
)
end
end
end

101
spec/classes/openstack_provision_spec.rb
View File

@ -1,101 +0,0 @@
require 'spec_helper'
describe 'openstack::provision' do
let :facts do
{
:osfamily => 'Debian'
}
end
describe 'creates a glance image and an alt' do
let :params do
{
:image_name => 'cirros',
:image_source => 'http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img',
:image_name_alt => 'cirros2',
}
end
it { is_expected.to contain_glance_image(params[:image_name_alt]).with(
:ensure => 'present',
:is_public => 'yes',
:container_format => 'bare',
:disk_format => 'qcow2',
:source => params[:image_source]
)
}
it { is_expected.to contain_glance_image(params[:image_name]).with(
:ensure => 'present',
:is_public => 'yes',
:container_format => 'bare',
:disk_format => 'qcow2',
:source => params[:image_source]
)
}
end
describe 'creates a glance image' do
let :params do
{
:image_name => 'cirros',
:image_source => 'http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img',
}
end
it { is_expected.to contain_glance_image(params[:image_name]).with(
:ensure => 'present',
:is_public => 'yes',
:container_format => 'bare',
:disk_format => 'qcow2',
:source => params[:image_source]
)
}
end
describe 'should be possible to override resize_available' do
let :params do
{
:configure_tempest => true,
:resize_available => true,
:change_password_available => true,
:tempest_repo_revision => 'stable/grizzly'
}
end
it { is_expected.to contain_class('tempest').with(
:resize_available => true,
:change_password_available => true,
:tempest_repo_revision => 'stable/grizzly'
) }
it 'should configure neutron networks' do
is_expected.to contain_neutron_network('public').with(
'ensure' => 'present',
'router_external' => true,
'tenant_name' => 'admin'
)
is_expected.to contain_neutron_network('private').with(
'ensure' => 'present',
'tenant_name' => 'demo'
)
end
end
describe 'should be possible to provision with neutron disabled' do
let :params do
{
:configure_tempest => true,
:neutron_available => false,
:tempest_repo_revision => 'stable/grizzly'
}
end
it { is_expected.to contain_class('tempest').with(
:tempest_repo_revision => 'stable/grizzly'
) }
end
end

135
spec/classes/openstack_repo_spec.rb
View File

@ -1,135 +0,0 @@
require 'spec_helper'
describe 'openstack::repo' do
describe 'RHEL and havana' do
let :params do
{ :release => 'havana' }
end
let :facts do
{
:osfamily => 'RedHat',
:operatingsystem => 'CentOS',
:operatingsystemrelease => '6.4',
}
end
it do
is_expected.to contain_yumrepo('rdo-release').with(
:baseurl => 'http://repos.fedorapeople.org/repos/openstack/openstack-havana/epel-6/'
)
is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-Havana')
is_expected.to contain_yumrepo('epel')
is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6')
end
end
describe 'RHEL and grizzly' do
let :params do
{ :release => 'grizzly' }
end
let :facts do
{
:osfamily => 'RedHat',
:operatingsystem => 'CentOS',
:operatingsystemrelease => '6.4',
}
end
it do
is_expected.to contain_yumrepo('rdo-release').with(
:baseurl => 'http://repos.fedorapeople.org/repos/openstack/openstack-grizzly/epel-6/'
)
is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-Grizzly')
is_expected.to contain_yumrepo('epel')
is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6')
end
end
describe 'Fedora and havana' do
let :params do
{ :release => 'havana' }
end
let :facts do
{
:osfamily => 'RedHat',
:operatingsystem => 'Fedora',
:operatingsystemrelease => '18',
}
end
it do
is_expected.to contain_yumrepo('rdo-release').with(
:baseurl => 'http://repos.fedorapeople.org/repos/openstack/openstack-havana/fedora-18/'
)
is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-Havana')
end
end
describe 'Fedora and grizzly' do
let :params do
{ :release => 'grizzly' }
end
let :facts do
{
:osfamily => 'RedHat',
:operatingsystem => 'Fedora',
:operatingsystemrelease => '18',
}
end
it do
is_expected.to contain_yumrepo('rdo-release').with(
:baseurl => 'http://repos.fedorapeople.org/repos/openstack/openstack-grizzly/fedora-18/'
)
is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-Grizzly')
end
end
describe 'Ubuntu and havana' do
let :params do
{ :release => 'havana' }
end
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Ubuntu',
:operatingsystemrelease => '12.04',
:lsbdistdescription => 'Ubuntu 12.04.1 LTS',
:lsbdistcodename => 'precise',
:lsbdistid => 'ubuntu',
}
end
it do
is_expected.to contain_apt__source('ubuntu-cloud-archive').with_release('precise-updates/havana')
end
end
describe 'Ubuntu and grizzly' do
let :params do
{ :release => 'grizzly' }
end
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Ubuntu',
:operatingsystemrelease => '12.04',
:lsbdistdescription => 'Ubuntu 12.04.1 LTS',
:lsbdistcodename => 'precise',
:lsbdistid => 'ubuntu',
}
end
it do
is_expected.to contain_apt__source('ubuntu-cloud-archive').with_release('precise-updates/grizzly')
end
end
end

47
spec/classes/openstack_repo_uca_spec.rb
View File

@ -1,47 +0,0 @@
require 'spec_helper'
describe 'openstack::repo::uca' do
describe 'Ubuntu with defaults' do
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Ubuntu',
:operatingsystemrelease => '12.04',
:lsbdistdescription => 'Ubuntu 12.04.1 LTS',
:lsbdistcodename => 'precise',
:lsbdistid => 'ubuntu',
}
end
it do
is_expected.to contain_apt__source('ubuntu-cloud-archive').with(
:release => 'precise-updates/grizzly'
)
end
end
describe 'Ubuntu and grizzly' do
let :params do
{ :release => 'folsom', :repo => 'proposed' }
end
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Ubuntu',
:operatingsystemrelease => '12.04',
:lsbdistdescription => 'Ubuntu 12.04.1 LTS',
:lsbdistcodename => 'precise',
:lsbdistid => 'ubuntu',
}
end
it do
is_expected.to contain_apt__source('ubuntu-cloud-archive').with(
:release => 'precise-proposed/folsom'
)
end
end
end

51
spec/classes/openstack_swift_storage-node.rb
View File

@ -1,51 +0,0 @@
require 'spec_helper'
describe 'openstack::swift::storage-node' do
let :params do
{
:swift_zone => '1',
:storage_devices => '1',
}
end
let :facts do
{ :ipaddress_eth0 => '192.168.1.2' }
end
it 'should configure using the default values' do
is_expected.to contain_class('swift').with(
:swift_hash_suffix => 'swift_secret',
:package_ensure => 'present',
)
is_expected.to contain_define('swift::storage::loopback').with(
:base_dir => '/srv/loopback-device',
:mnt_base_dir => '/srv/node',
)
is_expected.to contain_class('swift::storage::all').with(
:storage_local_net_ip => '192.168.1.2',
)
end
describe 'when setting up dsik for storage_type' do
before do
params.merge!(
:storage_type => 'disk',
:storage_devices => 'sda',
)
end
it 'should configure using the configured values' do
is_expected.to contain_class('swift').with(
:swift_hash_suffix => 'swift_secret',
:package_ensure => 'present',
)
is_expected.to contain_define('swift::storage::disk').with(
:mnt_base_dir => '/srv/node',
:byte_size => '1024',
)
is_expected.to contain_class('swift::storage::all').with(
:storage_local_net_ip => '192.168.1.2',
)
end
end

9
spec/classes/openstack_test_file_spec.rb
View File

@ -1,9 +0,0 @@
require 'spec_helper'
describe 'openstack::test_file' do
it do
is_expected.to contain_file('/tmp/test_nova.sh').with_mode('0751')
is_expected.to_not contain_file('/tmp/test_nova.sh').with_content(/add-floating-ip/)
is_expected.to contain_file('/tmp/test_nova.sh').with_content(/floatingip-create/)
end
end

1
spec/spec_helper.rb
View File

@ -1 +0,0 @@
require 'puppetlabs_spec_helper/module_spec_helper'

17
templates/openrc.erb
View File

@ -1,17 +0,0 @@
#!/bin/sh
<% if @keystone_admin_token -%>
export OS_SERVICE_TOKEN='<%= @keystone_admin_token.gsub(/'/){ %q(\') } %>'
export OS_SERVICE_ENDPOINT='http://<%= @controller_node %>:35357/v2.0/'
<% end -%>
export OS_NO_CACHE='<%= @use_no_cache %>'
export OS_TENANT_NAME='<%= @admin_tenant %>'
export OS_USERNAME='<%= @admin_user %>'
export OS_PASSWORD='<%= @admin_password.gsub(/'/){ %q(\') } %>'
export OS_AUTH_URL='http://<%= @controller_node %>:5000/v2.0/'
export OS_AUTH_STRATEGY='keystone'
export OS_REGION_NAME='<%= @region_name %>'
export CINDER_ENDPOINT_TYPE='<%= @cinder_endpoint_type %>'
export GLANCE_ENDPOINT_TYPE='<%= @glance_endpoint_type %>'
export KEYSTONE_ENDPOINT_TYPE='<%= @keystone_endpoint_type %>'
export NOVA_ENDPOINT_TYPE='<%= @nova_endpoint_type %>'
export NEUTRON_ENDPOINT_TYPE='<%= @neutron_endpoint_type %>'

108
templates/test_nova.sh.erb
View File

@ -1,108 +0,0 @@
#!/bin/bash
#
# assumes that openstack credentails are set in this file
source <%= @rc_file_path %>
<% if @image_type == 'cirros' -%>
# Grab an image. Cirros is a nice small Linux that's easy to deploy
wget --quiet http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
# Add it to glance so that we can use it in Openstack
glance add name='cirros image' is_public=true container_format=bare disk_format=qcow2 < cirros-0.3.2-x86_64-disk.img
# Caputre the Image ID so taht we can call the right UUID for this image
IMAGE_ID=`glance index | grep 'cirros image' | head -1 | awk -F' ' '{print $1}'`
login_user='cirros'
<% else -%>
# otherwise, use an Ubuntu precise image. This is a larger image, but a little more
# feature-full and realistic
wget --quiet http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img
# import that image into glance
glance add name="precise-amd64" is_public=true container_format=ovf disk_format=qcow2 < precise-server-cloudimg-amd64-disk1.img
# Caputre the Image ID so taht we can call the right UUID for this image
IMAGE_ID=`glance index | grep 'precise-amd64' | head -1 | awk -F' ' '{print $1}'`
login_user='ubuntu'
<% end -%>
# create a pub/priv keypair
key_path=/tmp/id_rsa
if [ ! -f $key_path ]; then
ssh-keygen -f $key_path -t rsa -N ''
fi
#add the public key to nova.
nova keypair-add --pub_key /tmp/id_rsa.pub key_cirros
instance_name='<%= @image_type %>_test_vm'
<% if @neutron -%>
neutron net-create public --router:external=True
neutron subnet-create --allocation-pool start=172.16.2.128,end=172.16.2.150 public 172.16.2.0/24
neutron net-create net1
neutron subnet-create net1 10.0.0.0/24
neutron_net=`neutron net-list | grep net1 | awk -F' ' '{print $2}'`
neutron_public_net=`neutron net-list | grep public | awk -F' ' '{print $2}'`
neutron_prv_subnet=`neutron subnet-list | grep '10.0.0.0/24' | awk -F' ' '{print $2}'`
neutron router-create router1
neutron router-interface-add router1 $neutron_prv_subnet
neutron router-gateway-set router1 $neutron_public_net
nova boot --flavor 1 --image $IMAGE_ID --key_name key_cirros --nic net-id=$neutron_net $instance_name
<% else -%>
<% if @floating_ip -%>
# create a security group so that we can allow ssh, http, and ping traffic
# when we add a floating IP (assuming you are adding floating IPs)
nova secgroup-create nova_test 'Cirros test security group'
nova secgroup-add-rule nova_test tcp 22 22 0.0.0.0/0
nova secgroup-add-rule nova_test tcp 80 80 0.0.0.0/0
nova secgroup-add-rule nova_test icmp -1 -1 0.0.0.0/0
# request a floating IP address, and extract the address from the results message
floating_ip=`nova floating-ip-create | grep None | awk '{print $2}'`
<% end -%>
# Boot the added image against the "1" flavor which by default maps to a micro instance. <% if @floating_ip -%> Include the cirros_test group so our address will work when we add it later <% end %>
nova boot --flavor 1 <% if @floating_ip -%>--security_groups nova_test<% end %> --image ${IMAGE_ID} --key_name key_cirros $instance_name
<% end -%>
# let the system catch up
sleep <%= @sleep_time %>
# Show the state of the system we just requested.
nova show $instance_name
# wait for the server to boot
sleep <%= @sleep_time %>
<% if @floating_ip -%>
# Now add the floating IP we reserved earlier to the machine.
# if not neutron
nova add-floating-ip $instance_name $floating_ip
# Wait and then try to SSH to the node, leveraging the private key
# we generated earlier.
sleep <%= @sleep_time %>
ssh $login_user@$floating_ip -i /tmp/id_rsa -o StrictHostKeyChecking=no hostname
<% end -%>
<% if @neutron %>
# get port
ip_addr=`nova show $instance_name | grep 'net1 network' | awk -F'|' '{print $3}'`
port_id=`neutron port-list | grep $ip_addr | awk -F' ' '{print $2}'`
floating_ip=`neutron floatingip-create --port_id $port_id $neutron_public_net | grep floating_ip_address | awk '{print $4}'`
neutron security-group-create test_sec_group
nova add-secgroup $instance_name test_sec_group
neutron security-group-rule-create --protocol icmp --direction ingress test_sec_group
neutron security-group-rule-create --protocol tcp --port-range-min 22 \
--port-range-max 22 --direction ingress test_sec_group
sleep <%= @sleep_time %>
ssh $login_user@$floating_ip -i /tmp/id_rsa -o StrictHostKeyChecking=no hostname
<% end %>
exit 0

20
tests/all.pp
View File

@ -1,20 +0,0 @@
class { 'openstack::all':
admin_email => 'root@localhost',
admin_password => 'password',
cinder_db_password => 'password',
cinder_user_password => 'password',
glance_db_password => 'password',
glance_user_password => 'password',
keystone_admin_token => '12345',
keystone_db_password => 'password',
libvirt_type => 'qemu',
mysql_root_password => 'password',
nova_db_password => 'password',
nova_user_password => 'password',
private_interface => 'eth1',
public_address => $::ipaddress_eth0,
public_interface => 'eth0',
neutron => false,
rabbit_password => 'password',
secret_key => '12345',
}

5
tests/auth_file.pp
View File

@ -1,5 +0,0 @@
class { 'openstack::auth_file':
admin_password => 'password',
keystone_admin_token => '12345',
controller_node => '127.0.0.1',
}

20
tests/cloudcontroller.pp
View File

@ -1,20 +0,0 @@
class { 'openstack::controller':
admin_email => 'root@localhost',
admin_password => 'password',
allowed_hosts => ['127.0.0.%', '192.168.1.%'],
cinder_db_password => 'password',
cinder_user_password => 'password',
glance_db_password => 'password',
glance_user_password => 'password',
keystone_admin_token => '12345',
keystone_db_password => 'password',
mysql_root_password => 'password',
nova_db_password => 'password',
nova_user_password => 'password',
private_interface => 'eth1',
public_address => $::ipaddress_eth0,
public_interface => 'eth0',
neutron => false,
rabbit_password => 'password',
secret_key => '12345',
}

12
tests/compute.pp
View File

@ -1,12 +0,0 @@
class { 'openstack::compute':
cinder_db_password => 'password',
fixed_range => '192.168.101.64/28',
glance_api_servers => '192.168.1.1:9292',
internal_address => $::ipaddress_eth1,
libvirt_type => 'qemu',
nova_db_password => 'password',
nova_user_password => 'password',
neutron => false,
rabbit_password => 'password',
vncproxy_host => '192.168.1.1',
}

164
tests/site.pp
View File

@ -1,164 +0,0 @@
#
# This document serves as an example of how to deploy
# basic single and multi-node openstack environments.
#
# deploy a script that can be used to test nova
class { 'openstack::test_file': }
####### shared variables ##################
# this section is used to specify global variables that will
# be used in the deployment of multi and single node openstack
# environments
# assumes that eth0 is the public interface
$public_interface = 'eth0'
# assumes that eth1 is the interface that will be used for the vm network
# this configuration assumes this interface is active but does not have an
# ip address allocated to it.
$private_interface = 'eth1'
# credentials
$admin_email = 'root@localhost'
$admin_password = 'keystone_admin'
$cinder_user_password = 'cinder_pass'
$cinder_db_password = 'cinder_pass'
$keystone_db_password = 'keystone_db_pass'
$keystone_admin_token = 'keystone_admin_token'
$nova_db_password = 'nova_pass'
$nova_user_password = 'nova_pass'
$glance_db_password = 'glance_pass'
$glance_user_password = 'glance_pass'
$rabbit_password = 'openstack_rabbit_password'
$rabbit_user = 'openstack_rabbit_user'
$fixed_network_range = '10.0.0.0/24'
$floating_network_range = '192.168.101.64/28'
$secret_key = 'secret_key'
$mysql_root_password = 'secret'
# switch this to true to have all service log at verbose
$verbose = false
# by default it does not enable atomatically adding floating IPs
$auto_assign_floating_ip = false
#### end shared variables #################
# all nodes whose certname matches openstack_all should be
# deployed as all-in-one openstack installations.
node /openstack_all/ {
include 'apache'
class { 'openstack::all':
public_address => $ipaddress_eth0,
public_interface => $public_interface,
private_interface => $private_interface,
admin_email => $admin_email,
admin_password => $admin_password,
cinder_db_password => $cinder_db_password,
cinder_user_password => $cinder_user_password,
keystone_db_password => $keystone_db_password,
keystone_admin_token => $keystone_admin_token,
nova_db_password => $nova_db_password,
nova_user_password => $nova_user_password,
glance_db_password => $glance_db_password,
glance_user_password => $glance_user_password,
rabbit_password => $rabbit_password,
rabbit_user => $rabbit_user,
libvirt_type => 'kvm',
floating_range => $floating_network_range,
fixed_range => $fixed_network_range,
verbose => $verbose,
auto_assign_floating_ip => $auto_assign_floating_ip,
secret_key => $secret_key,
neutron => false,
mysql_root_password => $mysql_root_password,
}
class { 'openstack::auth_file':
admin_password => $admin_password,
keystone_admin_token => $keystone_admin_token,
controller_node => '127.0.0.1',
}
}
# multi-node specific parameters
$controller_node_address = '192.168.101.11'
$controller_node_public = $controller_node_address
$controller_node_internal = $controller_node_address
node /openstack_controller/ {
# class { 'nova::volume': enabled => true }
# class { 'nova::volume::iscsi': }
class { 'openstack::controller':
public_address => $controller_node_public,
public_interface => $public_interface,
private_interface => $private_interface,
internal_address => $controller_node_internal,
floating_range => $floating_network_range,
fixed_range => $fixed_network_range,
# by default it does not enable multi-host mode
multi_host => true,
# by default is assumes flat dhcp networking mode
network_manager => 'nova.network.manager.FlatDHCPManager',
verbose => $verbose,
auto_assign_floating_ip => $auto_assign_floating_ip,
mysql_root_password => $mysql_root_password,
admin_email => $admin_email,
admin_password => $admin_password,
keystone_db_password => $keystone_db_password,
keystone_admin_token => $keystone_admin_token,
cinder_db_password => $cinder_db_password,
cinder_user_password => $cinder_user_password,
glance_db_password => $glance_db_password,
glance_user_password => $glance_user_password,
neutron => false,
nova_db_password => $nova_db_password,
nova_user_password => $nova_user_password,
rabbit_password => $rabbit_password,
rabbit_user => $rabbit_user,
secret_key => $secret_key,
}
class { 'openstack::auth_file':
admin_password => $admin_password,
keystone_admin_token => $keystone_admin_token,
controller_node => $controller_node_internal,
}
}
node /openstack_compute/ {
class { 'openstack::compute':
public_interface => $public_interface,
private_interface => $private_interface,
internal_address => $ipaddress_eth0,
libvirt_type => 'kvm',
fixed_range => $fixed_network_range,
network_manager => 'nova.network.manager.FlatDHCPManager',
multi_host => true,
cinder_db_password => $cinder_db_password,
nova_db_password => $nova_db_password,
nova_user_password => $nova_user_password,
neutron => false,
rabbit_host => $controller_node_internal,
rabbit_password => $rabbit_password,
rabbit_user => $rabbit_user,
glance_api_servers => "${controller_node_internal}:9292",
vncproxy_host => $controller_node_public,
vnc_enabled => true,
verbose => $verbose,
manage_volumes => true,
volume_group => 'cinder-volumes'
}
}

1
tests/testfile.pp
View File

@ -1 +0,0 @@
include openstack::test_file