├── .git-crypt ├── .gitattributes └── keys │ └── default │ └── 0 │ ├── 496F5DE31773D431D932706CFF8D2155E605D693.gpg │ ├── 7672AABAC1A2874C746BBC728306BCD2B30B078C.gpg │ └── 7A38A620E0B50E9FF919407B9D5907A356BEC54E.gpg ├── .gitattributes ├── README.md ├── README.rst ├── ansible ├── group_vars │ ├── all │ ├── compute │ └── controller ├── hosts └── playbooks │ ├── manage-services.yml │ ├── pull-config.yml │ └── update-config.yml ├── baseline.sh ├── bootstrap-compute.sh ├── bootstrap-controller.sh ├── bootstrap-resources.sh ├── create-image.sh ├── docs └── README.rst └── puppet ├── Puppetfile ├── hiera.yaml ├── hiera └── common.yaml └── modules └── centos_cloud ├── files └── limits.conf └── manifests ├── compute.pp ├── compute ├── neutron.pp └── nova.pp ├── controller.pp ├── controller ├── glance.pp ├── keystone.pp ├── mysql.pp ├── neutron.pp ├── nova.pp ├── provision.pp ├── quotas.pp └── rabbitmq.pp ├── server.pp └── server ├── auth_file.pp └── packages.pp /.git-crypt/.gitattributes: -------------------------------------------------------------------------------- 1 | # Do not edit this file. To specify the files to encrypt, create your own 2 | # .gitattributes file in the directory where your files are. 3 | * !filter !diff 4 | -------------------------------------------------------------------------------- /.git-crypt/keys/default/0/496F5DE31773D431D932706CFF8D2155E605D693.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CentOS/centos-cloud/fcc319b9777071ece9db3e9cbb9c27f7468bacd5/.git-crypt/keys/default/0/496F5DE31773D431D932706CFF8D2155E605D693.gpg -------------------------------------------------------------------------------- /.git-crypt/keys/default/0/7672AABAC1A2874C746BBC728306BCD2B30B078C.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CentOS/centos-cloud/fcc319b9777071ece9db3e9cbb9c27f7468bacd5/.git-crypt/keys/default/0/7672AABAC1A2874C746BBC728306BCD2B30B078C.gpg -------------------------------------------------------------------------------- /.git-crypt/keys/default/0/7A38A620E0B50E9FF919407B9D5907A356BEC54E.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CentOS/centos-cloud/fcc319b9777071ece9db3e9cbb9c27f7468bacd5/.git-crypt/keys/default/0/7A38A620E0B50E9FF919407B9D5907A356BEC54E.gpg -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | puppet/hiera/common.yaml filter=git-crypt diff=git-crypt -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Archived git repository 2 | 3 | This repository was used as a PoC to quickly deploy a rdo+centos cloud setup with minimal required services like keystone/neutron/nova/glance. 4 | As we don't use openstack/rdo anymore, archiving this repo and so set to read-only 5 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | centos-cloud 2 | ============ 3 | Setup tl;dr 4 | ----------- 5 | From a CentOS7 minimal installation. 6 | 7 | Controller:: 8 | 9 | ssh root@controller 10 | yum -y install git 11 | git clone https://github.com/CentOS/centos-cloud 12 | cd centos-cloud 13 | ./bootstrap-controller.sh 14 | 15 | Compute Node(s):: 16 | 17 | ssh root@compute01 18 | yum -y install git 19 | git clone https://github.com/CentOS/centos-cloud 20 | cd centos-cloud 21 | ./bootstrap-compute.sh 22 | 23 | To generate test resources (ssh key, image, instance):: 24 | 25 | ssh root@compute01 26 | cd centos-cloud 27 | ./bootstrap-resources.sh 28 | 29 | Architecture tl;dr 30 | ------------------ 31 | - Nova, Neutron, Keystone, Glance only (no Horizon, Swift, Cinder, Heat, Telemetry, etc.) 32 | - No security groups, no floating IPs, no virtual routers, no metadata service 33 | - Flat networking (no VLAN/VXLAN) with DHCP and LinuxBridge 34 | 35 | Notes 36 | ----- 37 | - Non-default credentials to services, databases and such are crypted with git-crypt 38 | inside the puppet/hiera/common.yaml file. 39 | - There is an openrc with credentials generated in /root/ of controller and compute nodes 40 | - To access a novnc console:: 41 | 42 | openstack server list 43 | openstack console url show 44 | # Access the URL via a tunnel or some other mean of reaching the private network 45 | 46 | Ops 47 | --- 48 | Ansible playbooks will be created as needed to help operating the cloud. 49 | 50 | Ansible must be run from the controller node which has network and ssh key 51 | authentication set up to the compute nodes. 52 | 53 | manage-services.yml 54 | ~~~~~~~~~~~~~~~~~~~ 55 | :: 56 | 57 | # Stop all OpenStack services only on compute nodes 58 | ansible-playbook -i hosts -l compute playbooks/manage-services.yml -e "action=stop" 59 | 60 | # Restart all OpenStack services on every host 61 | ansible-playbook -i hosts playbooks/manage-services.yml -e "action=restart" 62 | 63 | # Start all OpenStack services only on controller 64 | ansible-playbook -i hosts -l controller playbooks/manage-services.yml -e "action=start" 65 | 66 | 67 | Create image 68 | ------------ 69 | You can create a base image using the create-image.sh script 70 | :: 71 | 72 | # For instance on Fedora 24 73 | dnf install -y libguestfs-tools 74 | ./create-image.sh 75 | 76 | 77 | Todo 78 | ---- 79 | - SSL everywhere (let's encrypt?) 80 | - Make sure you change the admin password once all the nodes are setup 81 | -------------------------------------------------------------------------------- /ansible/group_vars/all: -------------------------------------------------------------------------------- 1 | source_location: "/root/centos-cloud" -------------------------------------------------------------------------------- /ansible/group_vars/compute: -------------------------------------------------------------------------------- 1 | openstack_services: 2 | - openstack-nova-compute 3 | - openstack-nova-novncproxy 4 | - neutron-dhcp-agent 5 | - neutron-linuxbridge-agent 6 | -------------------------------------------------------------------------------- /ansible/group_vars/controller: -------------------------------------------------------------------------------- 1 | openstack_services: 2 | - neutron-server 3 | - neutron-linuxbridge-agent 4 | - openstack-glance-api 5 | - openstack-glance-registry 6 | - openstack-nova-conductor 7 | - openstack-nova-scheduler 8 | - httpd 9 | -------------------------------------------------------------------------------- /ansible/hosts: -------------------------------------------------------------------------------- 1 | [controller] 2 | n1.humpty.ci.centos.org 3 | 4 | [compute] 5 | n[2:6].humpty.ci.centos.org -------------------------------------------------------------------------------- /ansible/playbooks/manage-services.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Manage services 3 | hosts: all 4 | gather_facts: yes 5 | tasks: 6 | - name: Stop services 7 | service: 8 | name: "{{ item }}" 9 | state: "stopped" 10 | with_items: "{{ openstack_services }}" 11 | when: action is defined and action == "stop" 12 | 13 | - name: Start services 14 | service: 15 | name: "{{ item }}" 16 | state: "started" 17 | with_items: "{{ openstack_services }}" 18 | when: action is defined and action == "start" 19 | 20 | - name: Restart services 21 | service: 22 | name: "{{ item }}" 23 | state: "restarted" 24 | with_items: "{{ openstack_services }}" 25 | when: action is defined and action == "restart" 26 | -------------------------------------------------------------------------------- /ansible/playbooks/pull-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure centos-cloud repository is up to date 3 | hosts: all 4 | gather_facts: no 5 | tasks: 6 | - git: 7 | repo: "https://github.com/CentOS/centos-cloud" 8 | dest: "{{ source_location }}" 9 | update: "yes" 10 | force: "yes" 11 | -------------------------------------------------------------------------------- /ansible/playbooks/update-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update puppet modules 3 | hosts: all 4 | gather_facts: yes 5 | tasks: 6 | - shell: | 7 | r10k puppetfile install --puppetfile {{ source_location }}/puppet/Puppetfile --moduledir /etc/puppet/modules -v 8 | cp -a {{ source_location }}/puppet/modules/centos_cloud /etc/puppet/modules/ 9 | 10 | - name: Update controller 11 | hosts: controller 12 | gather_facts: no 13 | tasks: 14 | - shell: puppet apply -e "include ::centos_cloud::controller" 15 | 16 | - name: Update compute nodes 17 | hosts: compute 18 | gather_facts: no 19 | tasks: 20 | - shell: puppet apply -e "include ::centos_cloud::compute" 21 | -------------------------------------------------------------------------------- /baseline.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cwd=$(cd `dirname $0` && pwd -P) 3 | # Where OpenStack puppet modules are actually installed from packages 4 | MODULEPATH="/usr/share/openstack-puppet/modules" 5 | 6 | # This script will do the basic common stuff needed everywhere 7 | if rpm -q NetworkManager; then 8 | service NetworkManager stop 9 | yum -y remove Network\* 10 | service network restart 11 | fi 12 | 13 | if rpm -q firewalld; then 14 | yum -y remove firewalld 15 | fi 16 | 17 | ping -c 3 8.8.8.8 > /dev/null 2>&1 18 | if [ $? -ne 0 ]; then 19 | echo 'We lost network, exiting now' 20 | exit 1 21 | fi 22 | 23 | # Add own fqdn to hosts file 24 | if ! grep -q "127.0.0.1 $(hostname -f)" /etc/hosts; then 25 | echo "127.0.0.1 $(hostname -f)" >>/etc/hosts 26 | echo "Added to hosts file: 127.0.0.1 $(hostname -f)" 27 | fi 28 | 29 | yum -y install yum-plugin-priorities centos-release-openstack-newton 30 | yum -y install puppet python-openstackclient openstack-selinux 31 | 32 | # Install OpenStack puppet modules 33 | yum -y install puppet-keystone puppet-glance puppet-neutron puppet-nova \ 34 | puppet-openstacklib puppet-openstack_extras puppet-oslo 35 | 36 | # Install "external" puppet modules 37 | yum -y install puppet-apache puppet-concat puppet-inifile puppet-kmod \ 38 | puppet-memcached puppet-mysql puppet-ntp puppet-rabbitmq \ 39 | puppet-staging puppet-stdlib puppet-sysctl 40 | 41 | # Install overlay module 42 | cp -a ${cwd}/puppet/modules/centos_cloud ${MODULEPATH}/ 43 | 44 | # Install hiera configuration files 45 | cp -a ${cwd}/puppet/hiera.yaml /etc/puppet/ 46 | ln -sf /etc/puppet/hiera.yaml /etc/hiera.yaml 47 | cp -a ${cwd}/puppet/hiera /etc/puppet/ 48 | -------------------------------------------------------------------------------- /bootstrap-compute.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Helper script to repetitively test things quickly 3 | 4 | . baseline.sh 5 | if [ $? -ne 0 ]; then 6 | echo 'Something broke in the baseline' 7 | exit 1 8 | fi 9 | 10 | puppet apply --modulepath=${MODULEPATH} -e "include ::centos_cloud::compute" || exit 1 11 | 12 | # Sanity check 13 | source /root/openrc 14 | openstack hypervisor list | grep -i $(hostname) 15 | if [ $? -eq 0 ]; then 16 | echo 'Sanity check successful!' 17 | fi 18 | -------------------------------------------------------------------------------- /bootstrap-controller.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Helper script to repetitively test things quickly 3 | 4 | . baseline.sh 5 | if [ $? -ne 0 ]; then 6 | echo 'Something broke in the baseline' 7 | exit 1 8 | fi 9 | 10 | # Add controller.openstack.ci.centos.org to hosts file 11 | if ! grep -q "127.0.0.1 controller.openstack.ci.centos.org" /etc/hosts; then 12 | echo "127.0.0.1 controller.openstack.ci.centos.org" >>/etc/hosts 13 | echo "Added to hosts file: 127.0.0.1 controller.openstack.ci.centos.org" 14 | fi 15 | 16 | puppet apply --modulepath=${MODULEPATH} -e "include ::centos_cloud::controller" || exit 1 17 | 18 | # Sanity check 19 | source /root/openrc 20 | openstack endpoint list 21 | if [ $? -eq 0 ]; then 22 | echo 'Sanity check successful!' 23 | fi 24 | -------------------------------------------------------------------------------- /bootstrap-resources.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Provisioning test resources" 3 | source /root/openrc 4 | 5 | # Ensure we have a ssh key configured 6 | mkdir -p /root/.ssh 7 | if [ ! -f /root/.ssh/id_rsa ]; then 8 | ssh-keygen -f /root/.ssh/id_rsa -t rsa -N '' 9 | fi 10 | if ! grep -q centos-cloud-key <<<"$(openstack keypair list -f value)"; then 11 | openstack keypair create --public-key /root/.ssh/id_rsa.pub centos-cloud-key 12 | fi 13 | 14 | net_id=$(openstack network list -f value |grep public |awk '{print $1}') 15 | openstack server create --flavor medium --image 'CentOS 7' --nic net-id=${net_id} --key-name centos-cloud-key test-server1 16 | openstack server create --flavor small --image 'CentOS 6' --nic net-id=${net_id} --key-name centos-cloud-key test-server2 17 | openstack server create --flavor tiny --image 'Fedora 24' --nic net-id=${net_id} --key-name centos-cloud-key test-server3 18 | openstack server list -------------------------------------------------------------------------------- /create-image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script creates an image with built-in fixes and expectations for 3 | # consumption in the ci.centos.org OpenStack environment. 4 | # 5 | # Requirements: 6 | # yum -y install libguestfs-tools wget libvirt 7 | # systemctl start libvirtd 8 | # 9 | # The image is created at /tmp/centos7.qcow2. 10 | # Once the image has been downloaded and setup, it can be uploaded to OpenStack 11 | # as follows: 12 | # source openrc 13 | # openstack image create --disk-format qcow2 --file /tmp/centos7.qcow2 centos7 14 | 15 | echo "Downloading image..." 16 | wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2 -O /tmp/centos7.qcow2 17 | 18 | # Description of image customization: 19 | # - Enable macros to ensure the image starts from a clean state 20 | # - Disable ec2_metadata, it is not available so prevent cloud-init to try and look for it 21 | # - Have cloud-init manage /etc/hosts so that the hostname/name of the VM resolves in /etc/hosts 22 | # - Toggle fix for SSE 4.2 CPU flag issue (https://access.redhat.com/articles/2050743) 23 | # - Have cloud-init setup and use the root user instead of 'centos'. 24 | 25 | cat > /tmp/99_users.cfg << 'EOF' 26 | disable_root: false 27 | ssh_pwauth: false 28 | chpasswd: { expire: false } 29 | user: root 30 | users: 31 | - name: root 32 | gecos: root 33 | inactive: false 34 | system: true 35 | lock_passwd: false 36 | no_create_home: true 37 | no_create_group: true 38 | EOF 39 | 40 | virt-sysprep --enable=ssh-hostkeys,udev-persistent-net,net-hwaddr,dhcp-client-state,dhcp-server-state,customize \ 41 | --write '/etc/cloud/cloud.cfg.d/00_disable_ec2_metadata.cfg:disable_ec2_metadata: True' \ 42 | --write '/etc/cloud/cloud.cfg.d/99_manage_etc_hosts.cfg:manage_etc_hosts: True' \ 43 | --write '/etc/sysconfig/64bit_strstr_via_64bit_strstr_sse2_unaligned:# Fix for SSE 4.2 CPU flag https://access.redhat.com/articles/2050743' \ 44 | --upload '/tmp/99_users.cfg:/etc/cloud/cloud.cfg.d/99_users.cfg' \ 45 | -a /tmp/centos7.qcow2 46 | -------------------------------------------------------------------------------- /docs/README.rst: -------------------------------------------------------------------------------- 1 | Creating a project 2 | ================== 3 | Creating a project is an administrator-only task. 4 | 5 | :: 6 | 7 | # Create the project 8 | openstack project create projectname 9 | # Create the user and add it to the project 10 | openstack user create username --project projectname --password "duffy-api-key" --email "email@domain.tld" 11 | # Add the member role for the new user on the new project 12 | openstack role add _member_ --user username --project projectname 13 | # Allow admin to authenticate inside this project 14 | openstack role add _member_ --user admin --project projectname 15 | 16 | The ``openrc`` file to use based on the above configuration would be: 17 | 18 | :: 19 | 20 | #!/bin/sh 21 | export OS_NO_CACHE='true' 22 | export OS_PROJECT_NAME='projectname' 23 | export OS_USERNAME='username' 24 | export OS_PASSWORD='duffy-api-key' 25 | export OS_AUTH_URL='http://controller.openstack.ci.centos.org:5000/v3/' 26 | export OS_AUTH_STRATEGY='keystone' 27 | export OS_REGION_NAME='RegionOne' 28 | export OS_PROJECT_DOMAIN_NAME='default' 29 | export OS_USER_DOMAIN_NAME='default' 30 | export CINDER_ENDPOINT_TYPE='publicURL' 31 | export GLANCE_ENDPOINT_TYPE='publicURL' 32 | export KEYSTONE_ENDPOINT_TYPE='publicURL' 33 | export NOVA_ENDPOINT_TYPE='publicURL' 34 | export NEUTRON_ENDPOINT_TYPE='publicURL' 35 | export OS_IDENTITY_API_VERSION='3' 36 | 37 | Modifying quotas for a project 38 | ============================== 39 | Modifying quotas for a project is an administrator-only task. 40 | 41 | Those are the default quotas: 42 | 43 | :: 44 | 45 | +----------------------+----------------------------------+ 46 | | Field | Value | 47 | +----------------------+----------------------------------+ 48 | | cores | 20 | 49 | | fixed-ips | 20 | 50 | | floating-ips | 10 | 51 | | injected-file-size | 10240 | 52 | | injected-files | 5 | 53 | | injected-path-size | 255 | 54 | | instances | 20 | 55 | | key-pairs | 100 | 56 | | network | 1 | 57 | | port | 20 | 58 | | project | 09a01c4d114f440abdd66cba92270ac9 | 59 | | properties | 128 | 60 | | ram | 40960 | 61 | | rbac_policy | 10 | 62 | | secgroup-rules | 100 | 63 | | secgroups | 10 | 64 | | security_group_rules | 0 | 65 | | security_groups | 0 | 66 | | server_group_members | 10 | 67 | | server_groups | 10 | 68 | | subnet | 1 | 69 | | subnetpool | -1 | 70 | +----------------------+----------------------------------+ 71 | 72 | To modify a quota: 73 | 74 | :: 75 | 76 | $ openstack help quota set 77 | usage: openstack quota set [-h] [--class] [--properties ] 78 | [--ram ] [--secgroup-rules ] 79 | [--instances ] [--key-pairs ] 80 | [--fixed-ips ] [--secgroups ] 81 | [--injected-file-size ] 82 | [--floating-ips ] 83 | [--injected-files ] 84 | [--cores ] 85 | [--injected-path-size ] 86 | [--gigabytes ] [--volumes ] 87 | [--snapshots ] 88 | [--volume-type ] 89 | 90 | 91 | Creating a virtual machine (without Duffy) 92 | ========================================== 93 | To create and use a virtual machine, you first need to browse through the 94 | existing images, networks and flavors to know what configuration to pick. 95 | You also need to have a SSH keypair setup. 96 | 97 | SSH keypair 98 | ----------- 99 | Public keys can be added to Nova. This will allow you to have Nova configure 100 | ssh key authentication on newly created virtual machines automatically. 101 | 102 | :: 103 | 104 | openstack keypair create keypairname --public-key 105 | 106 | +-------------+-------------------------------------------------+ 107 | | Field | Value | 108 | +-------------+-------------------------------------------------+ 109 | | fingerprint | dd:96:d7:c5:e1:12:6f:15:8a:7c:fe:29:ea:2d:8e:47 | 110 | | name | keypairname | 111 | | user_id | 7a68bb53f1f0499d9ab64c4bca697bce | 112 | +-------------+-------------------------------------------------+ 113 | 114 | Image 115 | ----- 116 | Images are what your virtual machines will use to boot. These have generally 117 | been provisioned in advance for you. You need to select and choose one: 118 | 119 | :: 120 | 121 | $ openstack image list 122 | +--------------------------------------+-----------+--------+ 123 | | ID | Name | Status | 124 | +--------------------------------------+-----------+--------+ 125 | | 61c0afed-c9e6-4e1f-b749-d274793bff2b | CentOS 6 | active | 126 | | f04bd64c-5c64-4ad2-a9a3-c8921d2c0f71 | Fedora 24 | active | 127 | | 1f8015ef-a6a1-4882-aa99-6c63375d4c3a | CentOS 7 | active | 128 | +--------------------------------------+-----------+--------+ 129 | 130 | Network 131 | ------- 132 | Networks are where your virtual machine will get it's IP address from. 133 | These have generally been provisioned in advance for you. You need to select 134 | and choose one: 135 | 136 | :: 137 | 138 | $ openstack network list 139 | +--------------------------------------+-----------+--------------------------------------+ 140 | | ID | Name | Subnets | 141 | +--------------------------------------+-----------+--------------------------------------+ 142 | | 4fef18ca-6f42-4e9d-b2af-063bd3d320fe | publicnet | ee3b905e-70af-4c5f-8355-11dbc7e10808 | 143 | +--------------------------------------+-----------+--------------------------------------+ 144 | 145 | Flavor 146 | ------ 147 | Flavors define the specifications of your virtual machines. How much vCPUs, RAM 148 | and disk space it will have. You need to select and choose one: 149 | 150 | :: 151 | 152 | $ openstack flavor list 153 | +--------------------------------------+--------+------+------+-----------+-------+-----------+ 154 | | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | 155 | +--------------------------------------+--------+------+------+-----------+-------+-----------+ 156 | | 21ab27b0-aa65-4403-ba9d-89c866a1c181 | tiny | 1940 | 10 | 0 | 1 | True | 157 | | 6b0f60f5-d916-4d9a-bbf0-57acda2b7f0e | small | 3875 | 20 | 0 | 2 | True | 158 | | bc0f875d-f77b-4453-9916-d67ce6723693 | medium | 7750 | 40 | 0 | 4 | True | 159 | +--------------------------------------+--------+------+------+-----------+-------+-----------+ 160 | 161 | Creating the virtual machine 162 | ---------------------------- 163 | Based on the above, creating a virtual machine with the following configuration: 164 | 165 | - ``name``: test-server 166 | - ``keypair``: keypairname 167 | - ``image``: CentOS 7 168 | - ``network``: publicnet (4fef18ca-6f42-4e9d-b2af-063bd3d320fe) 169 | - ``flavor``: small 170 | 171 | The appropriate command line to create it would be: 172 | 173 | :: 174 | 175 | openstack server create test-server \ 176 | --key-name keypairname \ 177 | --image 'CentOS 7' \ 178 | --nic net-id=4fef18ca-6f42-4e9d-b2af-063bd3d320fe \ 179 | --flavor small 180 | 181 | +--------------------------------------+-------------------------------------------------+ 182 | | Field | Value | 183 | +--------------------------------------+-------------------------------------------------+ 184 | | OS-DCF:diskConfig | MANUAL | 185 | | OS-EXT-AZ:availability_zone | | 186 | | OS-EXT-SRV-ATTR:host | None | 187 | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | 188 | | OS-EXT-SRV-ATTR:instance_name | instance-00000001 | 189 | | OS-EXT-STS:power_state | NOSTATE | 190 | | OS-EXT-STS:task_state | scheduling | 191 | | OS-EXT-STS:vm_state | building | 192 | | OS-SRV-USG:launched_at | None | 193 | | OS-SRV-USG:terminated_at | None | 194 | | accessIPv4 | | 195 | | accessIPv6 | | 196 | | addresses | | 197 | | adminPass | AAQDbueW82uD | 198 | | config_drive | | 199 | | created | 2016-10-15T13:22:38Z | 200 | | flavor | small (6b0f60f5-d916-4d9a-bbf0-57acda2b7f0e) | 201 | | hostId | | 202 | | id | b7eddf6b-4807-49ff-8fb0-e66b42386289 | 203 | | image | CentOS 7 (1f8015ef-a6a1-4882-aa99-6c63375d4c3a) | 204 | | key_name | keypairname | 205 | | name | test-server | 206 | | os-extended-volumes:volumes_attached | [] | 207 | | progress | 0 | 208 | | project_id | bdee047b7a0b4f4d8a98f66b2377d9bb | 209 | | properties | | 210 | | security_groups | [{u'name': u'default'}] | 211 | | status | BUILD | 212 | | updated | 2016-10-15T13:22:39Z | 213 | | user_id | 7a68bb53f1f0499d9ab64c4bca697bce | 214 | +--------------------------------------+-------------------------------------------------+ 215 | -------------------------------------------------------------------------------- /puppet/Puppetfile: -------------------------------------------------------------------------------- 1 | # Note: This file is for reference when wanting to install Pupppet modules 2 | # from source with r10k. Puppet modules are actually installed from packages 3 | # through the RDO repository. 4 | # To use r10k: 5 | # yum -y install rubygems 6 | # gem install r10k 7 | # r10k puppetfile install --puppetfile Puppetfile --moduledir /etc/puppet/modules -v 8 | # Overlay module 9 | mod 'centos_cloud', 10 | :local => true 11 | 12 | # OpenStack modules 13 | mod 'glance', 14 | :git => 'https://git.openstack.org/openstack/puppet-glance', 15 | :ref => 'stable/newton' 16 | 17 | mod 'keystone', 18 | :git => 'https://git.openstack.org/openstack/puppet-keystone', 19 | :ref => 'stable/newton' 20 | 21 | mod 'neutron', 22 | :git => 'https://git.openstack.org/openstack/puppet-neutron', 23 | :ref => 'stable/newton' 24 | 25 | mod 'nova', 26 | :git => 'https://git.openstack.org/openstack/puppet-nova', 27 | :ref => 'stable/newton' 28 | 29 | mod 'openstacklib', 30 | :git => 'https://git.openstack.org/openstack/puppet-openstacklib', 31 | :ref => 'stable/newton' 32 | 33 | mod 'openstack_extras', 34 | :git => 'https://git.openstack.org/openstack/puppet-openstack_extras', 35 | :ref => 'stable/newton' 36 | 37 | mod 'oslo', 38 | :git => 'https://git.openstack.org/openstack/puppet-oslo', 39 | :ref => 'stable/newton' 40 | 41 | # External modules 42 | mod 'apache', 43 | :git => 'https://github.com/puppetlabs/puppetlabs-apache', 44 | :branch => '1.10.0' 45 | 46 | mod 'concat', 47 | :git => 'https://github.com/puppetlabs/puppetlabs-concat', 48 | :branch => '2.2.0' 49 | 50 | mod 'inifile', 51 | :git => 'https://github.com/puppetlabs/puppetlabs-inifile', 52 | :branch => '1.6.0' 53 | 54 | mod 'kmod', 55 | :git => 'https://github.com/camptocamp/puppet-kmod', 56 | :ref => '2.1.1' 57 | 58 | mod 'memcached', 59 | :git => 'https://github.com/saz/puppet-memcached', 60 | :tag => 'v2.8.1' 61 | 62 | mod 'mysql', 63 | :git => 'https://github.com/puppetlabs/puppetlabs-mysql', 64 | :branch => '3.9.0' 65 | 66 | mod "ntp", 67 | :git => "https://github.com/puppetlabs/puppetlabs-ntp.git", 68 | :ref => "4.1.x" 69 | 70 | mod 'rabbitmq', 71 | :git => 'https://github.com/puppetlabs/puppetlabs-rabbitmq', 72 | :tag => '5.5.0' 73 | 74 | mod 'staging', 75 | :git => 'https://github.com/nanliu/puppet-staging', 76 | :tag => '1.0.4' 77 | 78 | mod 'stdlib', 79 | :git => 'https://github.com/puppetlabs/puppetlabs-stdlib', 80 | :branch => '4.12.0' 81 | 82 | mod 'sysctl', 83 | :git => 'https://github.com/duritong/puppet-sysctl', 84 | :tag => 'v0.0.11' 85 | -------------------------------------------------------------------------------- /puppet/hiera.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | :backends: 3 | - yaml 4 | :yaml: 5 | :datadir: "/etc/puppet/hiera" 6 | :hierarchy: 7 | - "%{::operatingsystem}" 8 | - "%{::osfamily}" 9 | - common 10 | -------------------------------------------------------------------------------- /puppet/hiera/common.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CentOS/centos-cloud/fcc319b9777071ece9db3e9cbb9c27f7468bacd5/puppet/hiera/common.yaml -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/files/limits.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | LimitNOFILE=4096 3 | EOF -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/compute.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::compute { 2 | include centos_cloud::server 3 | include centos_cloud::compute::nova 4 | include centos_cloud::compute::neutron 5 | 6 | include ::kmod 7 | kmod::load { 'kvm_intel': } 8 | kmod::option { 'kvm_intel': 9 | option => 'nested', 10 | value => '1' 11 | } 12 | 13 | kmod::load { 'vhost_net': } 14 | } 15 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/compute/neutron.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::compute::neutron ( 2 | $controller = 'controller.openstack.ci.centos.org', 3 | $memcache_servers = ['127.0.0.1:11211'], 4 | $bind_host = '0.0.0.0', 5 | $rabbit_port = '5672', 6 | $user = 'neutron', 7 | $password = 'neutron', 8 | ) { 9 | class { '::neutron': 10 | allow_overlapping_ips => false, 11 | bind_host => $bind_host, 12 | core_plugin => 'ml2', 13 | dhcp_agent_notification => true, 14 | memcache_servers => $memcache_servers, 15 | rabbit_user => $user, 16 | rabbit_password => $password, 17 | rabbit_host => $controller, 18 | rabbit_port => $rabbit_port 19 | } 20 | 21 | class { '::neutron::plugins::ml2': 22 | type_drivers => ['flat'], 23 | tenant_network_types => [], 24 | mechanism_drivers => ['linuxbridge'], 25 | flat_networks => ['physnet0'], 26 | } 27 | 28 | class { '::neutron::agents::ml2::linuxbridge': 29 | firewall_driver => 'neutron.agent.firewall.NoopFirewallDriver', 30 | physical_interface_mappings => ['physnet0:eth1'], 31 | } 32 | 33 | class { '::neutron::agents::dhcp': 34 | interface_driver => 'neutron.agent.linux.interface.BridgeInterfaceDriver', 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/compute/nova.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::compute::nova ( 2 | $controller = 'controller.openstack.ci.centos.org', 3 | $rabbit_port = '5672', 4 | $user = 'nova', 5 | $user_api = 'nova_api', 6 | $password = 'nova', 7 | $password_api = 'nova_api', 8 | $neutron_password = 'neutron', 9 | $cpu_allocation_ratio = '1.0', 10 | $ram_allocation_ratio = '1.1', 11 | $disk_allocation_ratio = '1.1', 12 | $reserved_host_memory = '1024' 13 | ) { 14 | 15 | class { '::nova': 16 | api_database_connection => "mysql+pymysql://${user_api}:${password_api}@${controller}/nova_api?charset=utf8", 17 | database_connection => "mysql+pymysql://${user}:${password}@${controller}/nova?charset=utf8", 18 | glance_api_servers => "http://${controller}:9292", 19 | notification_driver => 'messagingv2', 20 | notify_on_state_change => 'vm_and_task_state', 21 | rabbit_host => $controller, 22 | rabbit_password => $password, 23 | rabbit_port => $rabbit_port, 24 | rabbit_userid => $user, 25 | rabbit_use_ssl => false, 26 | cpu_allocation_ratio => $cpu_allocation_ratio, 27 | ram_allocation_ratio => $ram_allocation_ratio, 28 | disk_allocation_ratio => $disk_allocation_ratio 29 | } 30 | 31 | class { '::nova::compute': 32 | force_config_drive => true, 33 | instance_usage_audit => true, 34 | instance_usage_audit_period => 'hour', 35 | vnc_enabled => true, 36 | reserved_host_memory => $reserved_host_memory 37 | } 38 | 39 | class { '::nova::compute::libvirt': 40 | libvirt_virt_type => 'kvm', 41 | migration_support => true, 42 | vncserver_listen => '0.0.0.0', 43 | } 44 | 45 | class { '::nova::compute::neutron': 46 | libvirt_vif_driver => 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver', 47 | } 48 | 49 | class { '::nova::network::neutron': 50 | firewall_driver => 'nova.virt.firewall.NoopFirewallDriver', 51 | neutron_auth_url => "http://${controller}:35357/v3", 52 | neutron_url => "http://${controller}:9696", 53 | neutron_password => $neutron_password, 54 | } 55 | 56 | include ::nova::vncproxy 57 | include ::nova::consoleauth 58 | } 59 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/controller.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::controller { 2 | include centos_cloud::server 3 | include centos_cloud::controller::rabbitmq 4 | include centos_cloud::controller::mysql 5 | include centos_cloud::controller::keystone 6 | include centos_cloud::controller::glance 7 | include centos_cloud::controller::neutron 8 | include centos_cloud::controller::nova 9 | include centos_cloud::controller::provision 10 | include centos_cloud::controller::quotas 11 | } 12 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/controller/glance.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::controller::glance ( 2 | $allowed_hosts = '172.22.6.%', 3 | $backend = 'file', 4 | $bind_host = '0.0.0.0', 5 | $controller = 'controller.openstack.ci.centos.org', 6 | $memcached_servers = ['127.0.0.1:11211'], 7 | $password = 'glance', 8 | $rabbit_port = '5672', 9 | $stores = ['http', 'file'], 10 | $user = 'glance', 11 | $workers = '8', 12 | ) { 13 | 14 | rabbitmq_user { $user: 15 | admin => true, 16 | password => $password, 17 | provider => 'rabbitmqctl', 18 | require => Class['::rabbitmq'] 19 | } 20 | 21 | rabbitmq_user_permissions { "${user}@/": 22 | configure_permission => '.*', 23 | read_permission => '.*', 24 | write_permission => '.*', 25 | provider => 'rabbitmqctl', 26 | require => Class['::rabbitmq'] 27 | } 28 | 29 | class { '::glance::db::mysql': 30 | allowed_hosts => [$controller, $allowed_hosts], 31 | password => $password, 32 | user => $user 33 | } 34 | 35 | include ::glance 36 | include ::glance::client 37 | include ::glance::backend::file 38 | 39 | class { '::glance::keystone::auth': 40 | admin_url => "http://${controller}:9292", 41 | internal_url => "http://${controller}:9292", 42 | public_url => "http://${controller}:9292", 43 | password => $password 44 | } 45 | 46 | class { '::glance::api::authtoken': 47 | password => $password, 48 | user_domain_name => 'Default', 49 | project_domain_name => 'Default', 50 | auth_url => "http://${controller}:35357", 51 | auth_uri => "http://${controller}:5000", 52 | memcached_servers => $memcached_servers, 53 | } 54 | 55 | class { '::glance::api': 56 | bind_host => $bind_host, 57 | database_connection => "mysql+pymysql://${user}:${password}@${controller}/glance?charset=utf8", 58 | default_store => $backend, 59 | registry_host => $controller, 60 | stores => $stores, 61 | workers => $workers 62 | } 63 | 64 | class { '::glance::registry::authtoken': 65 | password => $password, 66 | user_domain_name => 'Default', 67 | project_domain_name => 'Default', 68 | auth_url => "http://${controller}:35357", 69 | auth_uri => "http://${controller}:5000", 70 | memcached_servers => $memcached_servers, 71 | } 72 | 73 | class { '::glance::registry': 74 | bind_host => $bind_host, 75 | database_connection => "mysql+pymysql://${user}:${password}@${controller}/glance?charset=utf8", 76 | workers => $workers 77 | } 78 | 79 | class { '::glance::notify::rabbitmq': 80 | rabbit_userid => $user, 81 | rabbit_password => $password, 82 | rabbit_host => $controller, 83 | rabbit_port => $rabbit_port, 84 | rabbit_use_ssl => false, 85 | notification_driver => 'messagingv2' 86 | } 87 | } 88 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/controller/keystone.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::controller::keystone ( 2 | $allowed_hosts = '172.22.6.%', 3 | $bind_host = '0.0.0.0', 4 | $controller = 'controller.openstack.ci.centos.org', 5 | $password = 'keystone', 6 | $user = 'keystone', 7 | $admin_token = 'admintoken', 8 | $admin_password = 'admin', 9 | $token_provider = 'fernet', 10 | $enable_fernet_setup = true, 11 | $admin_workers = '16', 12 | $public_workers = '16', 13 | $workers = '16', 14 | $threads = '1' 15 | ) { 16 | 17 | include ::keystone::client 18 | 19 | class { '::keystone::db::mysql': 20 | allowed_hosts => [$controller, $allowed_hosts], 21 | password => $password, 22 | user => $user 23 | } 24 | 25 | class { '::keystone': 26 | admin_bind_host => $bind_host, 27 | admin_token => $admin_token, 28 | database_connection => "mysql+pymysql://${user}:${password}@${controller}/keystone", 29 | enabled => true, 30 | public_bind_host => $bind_host, 31 | service_name => 'httpd', 32 | token_provider => $token_provider, 33 | enable_fernet_setup => $enable_fernet_setup, 34 | admin_workers => $admin_workers, 35 | public_workers => $public_workers 36 | } 37 | 38 | include ::apache 39 | class { '::keystone::wsgi::apache': 40 | admin_bind_host => $bind_host, 41 | bind_host => $bind_host, 42 | servername => $controller, 43 | ssl => false, 44 | workers => $workers, 45 | threads => $threads 46 | } 47 | 48 | class { '::keystone::roles::admin': 49 | email => 'ci@centos.org', 50 | password => $admin_password 51 | } 52 | 53 | class { '::keystone::endpoint': 54 | admin_url => "http://${controller}:35357", 55 | internal_url => "http://${controller}:5000", 56 | public_url => "http://${controller}:5000" 57 | } 58 | 59 | include ::keystone::disable_admin_token_auth 60 | 61 | keystone_role { '_member_': 62 | ensure => present 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/controller/mysql.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::controller::mysql ( 2 | $root_password = 'mysql' 3 | ) { 4 | 5 | file { '/etc/systemd/system/mariadb.service.d/': 6 | ensure => directory 7 | }-> 8 | file { '/etc/systemd/system/mariadb.service.d/limits.conf': 9 | ensure => present, 10 | source => "puppet:///modules/${module_name}/limits.conf", 11 | notify => [ Exec['Reload systemctl'], Service['mysqld'] ] 12 | } 13 | 14 | exec { 'Reload systemctl': 15 | command => '/usr/bin/systemctl daemon-reload', 16 | refreshonly => true 17 | } 18 | 19 | class { '::mysql::server': 20 | root_password => $root_password, 21 | remove_default_accounts => true, 22 | override_options => { 23 | 'mysqld' => { 24 | 'bind-address' => '0.0.0.0', 25 | 'max_connections' => '512', 26 | } 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/controller/neutron.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::controller::neutron ( 2 | $allowed_hosts = '172.22.6.%', 3 | $controller = 'controller.openstack.ci.centos.org', 4 | $memcached_servers = ['127.0.0.1:11211'], 5 | $bind_host = '0.0.0.0', 6 | $rabbit_port = '5672', 7 | $user = 'neutron', 8 | $password = 'neutron', 9 | $nova_password = 'nova', 10 | $api_workers = '8', 11 | $rpc_workers = '8' 12 | ) { 13 | 14 | rabbitmq_user { $user: 15 | admin => true, 16 | password => $password, 17 | provider => 'rabbitmqctl', 18 | require => Class['::rabbitmq'] 19 | } 20 | 21 | rabbitmq_user_permissions { "${user}@/": 22 | configure_permission => '.*', 23 | read_permission => '.*', 24 | write_permission => '.*', 25 | provider => 'rabbitmqctl', 26 | require => Class['::rabbitmq'] 27 | } 28 | 29 | class { '::neutron::db::mysql': 30 | allowed_hosts => [$controller, $allowed_hosts], 31 | password => $password, 32 | user => $user 33 | } 34 | 35 | class { '::neutron::keystone::auth': 36 | admin_url => "http://${controller}:9696", 37 | internal_url => "http://${controller}:9696", 38 | public_url => "http://${controller}:9696", 39 | password => $password 40 | } 41 | 42 | class { '::neutron': 43 | allow_overlapping_ips => false, 44 | bind_host => $bind_host, 45 | core_plugin => 'ml2', 46 | dhcp_agent_notification => true, 47 | rabbit_user => $user, 48 | rabbit_password => $password, 49 | rabbit_host => $controller, 50 | rabbit_port => $rabbit_port 51 | } 52 | 53 | include ::neutron::client 54 | 55 | class { '::neutron::keystone::authtoken': 56 | password => $password, 57 | user_domain_name => 'Default', 58 | project_domain_name => 'Default', 59 | auth_url => "http://${controller}:35357", 60 | auth_uri => "http://${controller}:5000", 61 | memcached_servers => $memcached_servers, 62 | } 63 | 64 | class { '::neutron::server': 65 | api_workers => $api_workers, 66 | database_connection => "mysql+pymysql://${user}:${password}@${controller}/neutron?charset=utf8", 67 | rpc_workers => $rpc_workers, 68 | sync_db => true 69 | } 70 | 71 | class { '::neutron::server::notifications': 72 | auth_url => "http://${controller}:35357", 73 | password => $nova_password 74 | } 75 | 76 | class { '::neutron::plugins::ml2': 77 | type_drivers => ['flat'], 78 | tenant_network_types => [], 79 | mechanism_drivers => ['linuxbridge'], 80 | flat_networks => ['physnet0'], 81 | } 82 | 83 | class { '::neutron::agents::ml2::linuxbridge': 84 | firewall_driver => 'neutron.agent.firewall.NoopFirewallDriver', 85 | local_ip => $::ipaddress, 86 | physical_interface_mappings => ['physnet0:eth0'], 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/controller/nova.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::controller::nova ( 2 | $allowed_hosts = '172.22.6.%', 3 | $bind_host = '0.0.0.0', 4 | $controller = 'controller.openstack.ci.centos.org', 5 | $memcached_servers = ['127.0.0.1:11211'], 6 | $password = 'nova', 7 | $password_api = 'nova_api', 8 | $rabbit_port = '5672', 9 | $user = 'nova', 10 | $user_api = 'nova_api', 11 | $neutron_password = 'neutron', 12 | $workers = '8', 13 | $threads = '1' 14 | ) { 15 | 16 | rabbitmq_user { $user: 17 | admin => true, 18 | password => $password, 19 | provider => 'rabbitmqctl', 20 | require => Class['::rabbitmq'] 21 | } 22 | 23 | rabbitmq_user_permissions { "${user}@/": 24 | configure_permission => '.*', 25 | read_permission => '.*', 26 | write_permission => '.*', 27 | provider => 'rabbitmqctl', 28 | require => Class['::rabbitmq'] 29 | } 30 | 31 | class { '::nova::db::mysql': 32 | allowed_hosts => [$controller, $allowed_hosts], 33 | password => $password, 34 | user => $user 35 | } 36 | 37 | class { '::nova::db::mysql_api': 38 | allowed_hosts => [$controller, $allowed_hosts], 39 | password => $password_api, 40 | user => $user_api 41 | } 42 | 43 | class { '::nova::keystone::auth': 44 | admin_url => "http://${controller}:8774/v2/%(tenant_id)s", 45 | internal_url => "http://${controller}:8774/v2/%(tenant_id)s", 46 | public_url => "http://${controller}:8774/v2/%(tenant_id)s", 47 | password => $password 48 | } 49 | 50 | class { '::nova::keystone::authtoken': 51 | password => $password, 52 | user_domain_name => 'Default', 53 | project_domain_name => 'Default', 54 | auth_url => "http://${controller}:35357", 55 | auth_uri => "http://${controller}:5000", 56 | memcached_servers => $memcached_servers, 57 | } 58 | 59 | class { '::nova': 60 | api_database_connection => "mysql+pymysql://${user_api}:${password_api}@${controller}/nova_api?charset=utf8", 61 | database_connection => "mysql+pymysql://${user}:${password}@${controller}/nova?charset=utf8", 62 | glance_api_servers => "http://${controller}:9292", 63 | notification_driver => 'messagingv2', 64 | notify_on_state_change => 'vm_and_task_state', 65 | rabbit_host => $controller, 66 | rabbit_password => $password, 67 | rabbit_port => $rabbit_port, 68 | rabbit_userid => $user, 69 | rabbit_use_ssl => false 70 | } 71 | 72 | class { '::nova::api': 73 | api_bind_address => $bind_host, 74 | enabled_apis => ['osapi_compute'], 75 | service_name => 'httpd', 76 | sync_db_api => true, 77 | osapi_compute_workers => $workers, 78 | install_cinder_client => false 79 | } 80 | 81 | include ::apache 82 | class { '::nova::wsgi::apache': 83 | bind_host => $bind_host, 84 | servername => $controller, 85 | ssl => false, 86 | workers => $workers, 87 | threads => $threads 88 | } 89 | 90 | class { '::nova::network::neutron': 91 | firewall_driver => 'nova.virt.firewall.NoopFirewallDriver', 92 | neutron_auth_url => "http://${controller}:35357/v3", 93 | neutron_url => "http://${controller}:9696", 94 | neutron_password => $neutron_password, 95 | } 96 | 97 | include ::nova::client 98 | class { '::nova::conductor': 99 | workers => $workers, 100 | } 101 | include ::nova::cron::archive_deleted_rows 102 | include ::nova::scheduler 103 | include ::nova::scheduler::filter 104 | } 105 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/controller/provision.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::controller::provision ( 2 | $provision_images = false, 3 | ) { 4 | ### 5 | # Nova 6 | ### 7 | Keystone_user_role['admin@openstack'] -> Nova_flavor<||> 8 | 9 | # Flavors are designed after compute nodes with 32 cores, 64 GB RAM and 10 | # 320 GB of disk space allocation with no oversubscription for maximum 11 | # performance. This allows for 32 tiny, 16 small or 8 medium VMs. 12 | # RAM allocation is truncated on purpose to ensure reserve ~2GB of RAM to 13 | # the compute node, especially considering KVM RAM overhead. 14 | nova_flavor { 'tiny': 15 | ensure => present, 16 | ram => '1940', 17 | disk => '10', 18 | vcpus => '1', 19 | } 20 | 21 | nova_flavor { 'small': 22 | ensure => present, 23 | ram => '3875', 24 | disk => '20', 25 | vcpus => '2', 26 | } 27 | 28 | nova_flavor { 'medium': 29 | ensure => present, 30 | ram => '7750', 31 | disk => '40', 32 | vcpus => '4', 33 | } 34 | 35 | ### 36 | # Neutron 37 | ### 38 | Keystone_user_role['admin@openstack'] -> Neutron_network<||> 39 | Keystone_user_role['admin@openstack'] -> Neutron_subnet<||> 40 | 41 | neutron_network { 'publicnet': 42 | shared => true, 43 | provider_network_type => 'flat', 44 | provider_physical_network => 'physnet0', 45 | } 46 | 47 | neutron_subnet { 'publicsubnet': 48 | cidr => '172.19.0.0/21', 49 | gateway_ip => '172.19.3.254', 50 | network_name => 'publicnet', 51 | dns_nameservers => ['172.19.0.12'], 52 | allocation_pools => ['start=172.19.4.10,end=172.19.7.250'], 53 | } 54 | 55 | ### 56 | # Glance 57 | ### 58 | if $provision_images { 59 | Keystone_user_role['admin@openstack'] -> Glance_image<||> 60 | 61 | glance_image { 'CentOS 7': 62 | ensure => present, 63 | container_format => 'bare', 64 | disk_format => 'qcow2', 65 | is_public => 'yes', 66 | source => 'http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2' 67 | } 68 | 69 | glance_image { 'CentOS 6': 70 | ensure => present, 71 | container_format => 'bare', 72 | disk_format => 'qcow2', 73 | is_public => 'yes', 74 | source => 'http://cloud.centos.org/centos/6/images/CentOS-6-x86_64-GenericCloud.qcow2' 75 | } 76 | 77 | glance_image { 'Fedora 24': 78 | ensure => present, 79 | container_format => 'bare', 80 | disk_format => 'qcow2', 81 | is_public => 'yes', 82 | source => 'https://download.fedoraproject.org/pub/fedora/linux/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-24-1.2.x86_64.qcow2' 83 | } 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/controller/quotas.pp: -------------------------------------------------------------------------------- 1 | # == Class: centos_cloud::controller::quotas 2 | # 3 | # Configures the default project quotas. 4 | # These default project quotas are based the flavors that are provisioned. 5 | # We have the tiny, small and medium flavors. 6 | # The quotas are based around being able to provide: 7 | # - 5 medium instances, or 8 | # - 10 small instances, or 9 | # - 20 tiny instances 10 | # 11 | # These defaults can be overridden per-project by an administrator. 12 | # 13 | # === Parameters: 14 | # 15 | # ## Nova 16 | # 17 | # [*instances*] 18 | # (optional) Max amount of instances per project. 19 | # Defaults to 20. 20 | # 21 | # [*cores*] 22 | # (optional) Max amount of vCPUs per project. 23 | # Defaults to 20. 24 | # 25 | # [*ram*] 26 | # (optional) Max amount of RAM per project. 27 | # Defaults to 40960MB. 28 | # 29 | # [*fixed_ips*] 30 | # (optional) Max amount of fixed IPs per project. 31 | # Defaults to 20 (number of instances) 32 | # 33 | # [*security_groups*] 34 | # (optional) Max amount of security groups per project. 35 | # Defaults to 0 (security groups are not enabled on this deployment) 36 | # 37 | # [*security_group_rules*] 38 | # (optional) Max amount of security group rules per project. 39 | # Defaults to 0 (security groups are not enabled on this deployment) 40 | # 41 | # ## Neutron 42 | # 43 | # [*port*] 44 | # (optional) Max amount of ports per project. 45 | # Defaults to 20 (number of instances) 46 | # 47 | # [*network*] 48 | # (optional) Max amount of networks per project. 49 | # Defaults to 1 50 | # 51 | # [*subnet*] 52 | # (optional) Max amount of subnets per project. 53 | # Defaults to 1 54 | # 55 | # [*network_gateway*] 56 | # (optional) Max amount of network gateways per project. 57 | # There are no L3 agents on this deployment, it uses flat provider networks. 58 | # Defaults to 0 59 | # 60 | # [*router*] 61 | # (optional) Max amount of routers per project. 62 | # There are no L3 agents on this deployment, it uses flat provider networks. 63 | # Defaults to 0 64 | # 65 | # [*floating_ip*] 66 | # (optional) Max amount of floating IPs per project. 67 | # There are no L3 agents on this deployment, it uses flat provider networks. 68 | # Defaults to 0 69 | # 70 | # ## Glance 71 | # 72 | # [*image_storage*] 73 | # (optional) Max size of image storage (images and snapshots) per project. 74 | # Defaults to '5GB' 75 | 76 | class centos_cloud::controller::quotas ( 77 | # Nova 78 | $instances = 20, 79 | $cores = 20, 80 | $ram = 40960, 81 | $fixed_ips = 20, 82 | $security_groups = 0, 83 | $security_group_rules = 0, 84 | # Neutron 85 | $port = 20, 86 | $network = 1, 87 | $subnet = 1, 88 | $network_gateway = 0, 89 | $router = 0, 90 | $floatingip = 0, 91 | # Glance 92 | $image_storage = '5GB' 93 | ){ 94 | class { '::nova::quota': 95 | quota_instances => $instances, 96 | quota_cores => $cores, 97 | quota_ram => $ram, 98 | quota_fixed_ips => $fixed_ips, 99 | quota_security_groups => $security_groups, 100 | quota_security_group_rules => $security_group_rules, 101 | } 102 | 103 | class { '::neutron::quota': 104 | quota_port => $port, 105 | quota_network => $network, 106 | quota_subnet => $subnet, 107 | quota_network_gateway => $network_gateway, 108 | quota_router => $router, 109 | quota_floatingip => $floatingip 110 | } 111 | 112 | glance_api_config { 'DEFAULT/user_storage_quota': 113 | value => $image_storage; 114 | } 115 | } 116 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/controller/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::controller::rabbitmq { 2 | class { '::rabbitmq': 3 | delete_guest_user => true, 4 | repos_ensure => false, 5 | package_provider => 'yum' 6 | } 7 | 8 | rabbitmq_vhost { '/': 9 | provider => 'rabbitmqctl', 10 | require => Class['::rabbitmq'], 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/server.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::server { 2 | include ::centos_cloud::server::packages 3 | include ::centos_cloud::server::auth_file 4 | include ::ntp 5 | include ::memcached 6 | 7 | sysctl::value { 8 | 'net.ipv4.tcp_keepalive_time': value => '30'; 9 | 'net.ipv4.tcp_keepalive_intvl': value => '1'; 10 | 'net.ipv4.tcp_keepalive_probes': value => '5'; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/server/auth_file.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::server::auth_file ( 2 | $controller = 'controller.openstack.ci.centos.org', 3 | $password = 'keystone', 4 | $path = '/root/openrc' 5 | ){ 6 | class { '::openstack_extras::auth_file': 7 | auth_url => "http://${controller}:5000/v3/", 8 | password => $password, 9 | path => $path, 10 | project_domain => 'default', 11 | user_domain => 'default' 12 | } -> 13 | 14 | exec { 'Setup openstackclient bash completion': 15 | command => "/usr/bin/bash -c 'source ${path}; /usr/bin/openstack complete >> ${path}'", 16 | unless => "/usr/bin/grep -q '_openstack()' ${path}" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /puppet/modules/centos_cloud/manifests/server/packages.pp: -------------------------------------------------------------------------------- 1 | class centos_cloud::server::packages { 2 | package { [ 3 | 'bash-completion', 4 | 'deltarpm', 5 | 'libguestfs-tools', 6 | 'libselinux-python', 7 | 'lsof', 8 | 'net-tools', 9 | 'policycoreutils-python', 10 | 'psmisc', 11 | 'redhat-lsb-core', 12 | 'screen', 13 | 'sysfsutils', 14 | 'sysstat', 15 | 'tcpdump', 16 | 'wget', 17 | 'mtr', 18 | 'nmap' 19 | ]: 20 | ensure => 'latest' 21 | } 22 | } 23 | --------------------------------------------------------------------------------