├── .gitignore ├── .gitreview ├── .stestr.conf ├── .testr.conf ├── .zuul.yaml ├── Gemfile ├── LICENSE ├── MANIFEST.in ├── Puppetfile ├── README.rst ├── Rakefile ├── bindep.txt ├── docs ├── Makefile └── source │ ├── conf.py │ └── packstack.rst ├── external_modules.txt ├── openstack_modules.txt ├── packstack ├── __init__.py ├── installer │ ├── .gitignore │ ├── LICENSE │ ├── __init__.py │ ├── basedefs.py │ ├── core │ │ ├── __init__.py │ │ ├── arch.py │ │ ├── drones.py │ │ ├── parameters.py │ │ └── sequences.py │ ├── exceptions.py │ ├── output_messages.py │ ├── processors.py │ ├── run_setup.py │ ├── setup_controller.py │ ├── utils │ │ ├── __init__.py │ │ ├── datastructures.py │ │ ├── decorators.py │ │ ├── network.py │ │ ├── shell.py │ │ ├── shortcuts.py │ │ └── strings.py │ └── validators.py ├── modules │ ├── __init__.py │ ├── common.py │ ├── documentation.py │ ├── ospluginutils.py │ └── puppet.py ├── plugins │ ├── __init__.py │ ├── amqp_002.py │ ├── aodh_810.py │ ├── ceilometer_800.py │ ├── cinder_250.py │ ├── dashboard_500.py │ ├── glance_200.py │ ├── gnocchi_790.py │ ├── heat_650.py │ ├── ironic_275.py │ ├── keystone_100.py │ ├── magnum_920.py │ ├── manila_355.py │ ├── mariadb_003.py │ ├── neutron_350.py │ ├── nova_300.py │ ├── openstack_client_400.py │ ├── postscript_951.py │ ├── prescript_000.py │ ├── provision_700.py │ ├── puppet_950.py │ ├── ssl_001.py │ ├── swift_600.py │ └── trove_850.py ├── puppet │ ├── modules │ │ └── packstack │ │ │ ├── Gemfile │ │ │ ├── Rakefile │ │ │ ├── lib │ │ │ ├── facter │ │ │ │ ├── default_hypervisor.rb │ │ │ │ ├── home_dir.rb │ │ │ │ └── network.rb │ │ │ └── puppet │ │ │ │ ├── functions │ │ │ │ └── parse_hash_from_string.rb │ │ │ │ └── parser │ │ │ │ └── functions │ │ │ │ ├── choose_my_ip.rb │ │ │ │ ├── force_interface.rb │ │ │ │ └── force_ip.rb │ │ │ ├── manifests │ │ │ ├── amqp.pp │ │ │ ├── amqp │ │ │ │ └── enable_rabbitmq.pp │ │ │ ├── aodh.pp │ │ │ ├── aodh │ │ │ │ └── rabbitmq.pp │ │ │ ├── apache.pp │ │ │ ├── ceilometer.pp │ │ │ ├── ceilometer │ │ │ │ ├── nova_disabled.pp │ │ │ │ └── rabbitmq.pp │ │ │ ├── chrony.pp │ │ │ ├── cinder.pp │ │ │ ├── cinder │ │ │ │ ├── backend │ │ │ │ │ ├── lvm.pp │ │ │ │ │ ├── netapp.pp │ │ │ │ │ ├── nfs.pp │ │ │ │ │ └── solidfire.pp │ │ │ │ ├── backup.pp │ │ │ │ └── rabbitmq.pp │ │ │ ├── firewall.pp │ │ │ ├── glance.pp │ │ │ ├── glance │ │ │ │ ├── backend │ │ │ │ │ ├── file.pp │ │ │ │ │ └── swift.pp │ │ │ │ └── ceilometer.pp │ │ │ ├── gnocchi.pp │ │ │ ├── heat.pp │ │ │ ├── heat │ │ │ │ ├── cfn.pp │ │ │ │ └── rabbitmq.pp │ │ │ ├── horizon.pp │ │ │ ├── ironic.pp │ │ │ ├── ironic │ │ │ │ └── rabbitmq.pp │ │ │ ├── keystone.pp │ │ │ ├── keystone │ │ │ │ ├── aodh.pp │ │ │ │ ├── ceilometer.pp │ │ │ │ ├── cinder.pp │ │ │ │ ├── glance.pp │ │ │ │ ├── gnocchi.pp │ │ │ │ ├── heat.pp │ │ │ │ ├── ironic.pp │ │ │ │ ├── magnum.pp │ │ │ │ ├── manila.pp │ │ │ │ ├── neutron.pp │ │ │ │ ├── nova.pp │ │ │ │ ├── placement.pp │ │ │ │ ├── swift.pp │ │ │ │ └── trove.pp │ │ │ ├── magnum.pp │ │ │ ├── magnum │ │ │ │ └── rabbitmq.pp │ │ │ ├── manila.pp │ │ │ ├── manila │ │ │ │ ├── backend │ │ │ │ │ ├── generic.pp │ │ │ │ │ ├── glusternative.pp │ │ │ │ │ ├── glusternfs.pp │ │ │ │ │ └── netapp.pp │ │ │ │ ├── network.pp │ │ │ │ └── rabbitmq.pp │ │ │ ├── mariadb.pp │ │ │ ├── mariadb │ │ │ │ ├── services.pp │ │ │ │ └── services_remote.pp │ │ │ ├── memcached.pp │ │ │ ├── neutron.pp │ │ │ ├── neutron │ │ │ │ ├── api.pp │ │ │ │ ├── bridge.pp │ │ │ │ ├── dhcp.pp │ │ │ │ ├── l3.pp │ │ │ │ ├── metadata.pp │ │ │ │ ├── metering.pp │ │ │ │ ├── ml2.pp │ │ │ │ ├── notifications.pp │ │ │ │ ├── ovn_agent.pp │ │ │ │ ├── ovn_metadata.pp │ │ │ │ ├── ovn_northd.pp │ │ │ │ ├── ovs_agent.pp │ │ │ │ ├── ovs_bridge.pp │ │ │ │ ├── rabbitmq.pp │ │ │ │ ├── sriov.pp │ │ │ │ └── vpnaas.pp │ │ │ ├── nova.pp │ │ │ ├── nova │ │ │ │ ├── api.pp │ │ │ │ ├── cache.pp │ │ │ │ ├── ceilometer.pp │ │ │ │ ├── ceilometer │ │ │ │ │ └── rabbitmq.pp │ │ │ │ ├── common.pp │ │ │ │ ├── compute.pp │ │ │ │ ├── compute │ │ │ │ │ ├── ironic.pp │ │ │ │ │ ├── libvirt.pp │ │ │ │ │ └── vmware.pp │ │ │ │ ├── conductor.pp │ │ │ │ ├── neutron.pp │ │ │ │ ├── nfs.pp │ │ │ │ ├── sched.pp │ │ │ │ ├── sched │ │ │ │ │ └── ironic.pp │ │ │ │ └── vncproxy.pp │ │ │ ├── openstackclient.pp │ │ │ ├── placement.pp │ │ │ ├── prereqs.pp │ │ │ ├── provision.pp │ │ │ ├── provision │ │ │ │ ├── bridge.pp │ │ │ │ ├── glance.pp │ │ │ │ └── tempest.pp │ │ │ ├── redis.pp │ │ │ ├── swift.pp │ │ │ ├── swift │ │ │ │ ├── ceilometer.pp │ │ │ │ ├── fs.pp │ │ │ │ ├── proxy.pp │ │ │ │ ├── ringbuilder.pp │ │ │ │ └── storage.pp │ │ │ ├── trove.pp │ │ │ └── trove │ │ │ │ └── rabbitmq.pp │ │ │ ├── spec │ │ │ ├── spec_helper.rb │ │ │ └── unit │ │ │ │ └── puppet │ │ │ │ └── parser │ │ │ │ └── functions │ │ │ │ └── choose_my_ip_spec.rb │ │ │ └── templates │ │ │ ├── openstack-neutron.modules.erb │ │ │ └── ssl │ │ │ └── generate_ssl_certs.sh.erb │ └── templates │ │ ├── compute.pp │ │ ├── controller.pp │ │ ├── controller_post.pp │ │ └── network.pp └── version.py ├── playbooks ├── packstack-centos9-pre.yaml ├── packstack-integration-tempest.yaml ├── packstack-multinode.yaml ├── packstack-post-compute.yaml └── upload-logs.yaml ├── releasenotes ├── notes │ ├── Add-Panko-service-63a8a966013abeaa.yaml │ ├── Panko-has-been-removed-fb234a047231d84f.yaml │ ├── Remove-CONFIG_NEUTRON_ML2_SUPPORTED_PCI_VENDOR_DEVS-param-926649e4eef08b44.yaml │ ├── Remove-FWaaS-deployment-41cfa0b709cd9a3f.yaml │ ├── Remove-Heat-Cloudwatch-07e55f1c35a16ee4.yaml │ ├── Remove-PKI-and-UUID-Keystone-token-formats-618f4b0dc4cf782f.yaml │ ├── Remove-deprecated-keystone-ldap-params-848d0eaf7a24273e.yaml │ ├── Replace-keystone-token-flush-cron-job-with-fernet-rotation-5b1fccf2bc6add91.yaml │ ├── Support-for-extracted-placement-service-8ae75efbb1ad25b5.yaml │ ├── add-parameter-messages-47d9cf6996f58230.yaml │ ├── add-skip-tempest-tests-option-86cf59ec5a61d349.yaml │ ├── add-support-to-ovn-networking-ae6e0176270265c6.yaml │ ├── add_cinder_solidfire-9b62f78b86a52a09.yaml │ ├── admin-token-removed-64ae39c4ecd28f15.yaml │ ├── aodh-move-to-mariadb-9e36b7cfdbbd2aa5.yaml │ ├── bp-add-magnum-support-74d88638fe4b2c6c.yaml │ ├── ceilometer-with-wsgi-a46d2ff0ceabaaf8.yaml │ ├── change-default-nagios-b190de0737165bf9.yaml │ ├── check-unexpected-options-2f2d26ebe54da6c9.yaml │ ├── create-uec-image-70073744430d1538.yaml │ ├── custom-tempest-flavors-baa5cf02235f78dd.yaml │ ├── demo-allocation-pools-c535e4235c7edcb2.yaml │ ├── demo-image-properties-9994f2981a8c00a1.yaml │ ├── disable-rabbitmq-repositories-d5cb9dc8f1246a39.yaml │ ├── drop-mongodb-a9771fb4f0430a4c.yaml │ ├── gnocchi-and-aodh-00da52a4c45588fd.yaml │ ├── install-tempest-from-rpm-fd59c072011f372b.yaml │ ├── integration-tests-d5f86a29cc037329.yaml │ ├── keystone-evenlet-dropped-6f85670db62f7b91.yaml │ ├── keystone-v3-note-065b6302b49285f3.yaml │ ├── l3-agent-multiple-networks-9d1837c4187055be.yaml │ ├── manifest-execution-refactor-418c27bbc03df064.yaml │ ├── move-to-pymysql-b5f1a40ededa8fb2.yaml │ ├── neutron-ovs-bridges-compute-0aec0e39c1b1b84b.yaml │ ├── nova-cert-86fb2f0ddc53b032.yaml │ ├── nova-cpu-manager-8440f026c4a0165e.yaml │ ├── nova-migration-improvements-85b208c2b45a3fbe.yaml │ ├── nova-placement-api-acf32977978da6fb.yaml │ ├── ovs-bridges-on-network-nodes-890c51cbbddf8f1c.yaml │ ├── ovs-tunnel-subnets-8955593d3004852e.yaml │ ├── packstack-moved-from-stackforge-766c35141b5480c3.yaml │ ├── qpid-removal-f754f589e335ae0c.yaml │ ├── register-satellite6-server-796a5f89b39386a4.yaml │ ├── releasenotes │ │ └── notes │ │ │ └── add-custom-lvm-name-090af5002950706d.yaml │ ├── remove-cinder-gluster-6c54d9f440424259.yaml │ ├── remove-collector-api-5b494f09593197f0.yaml │ ├── remove-config-gnocchi-install-ecfe10ce59f1d0da.yaml │ ├── remove-epel-support-3732f53a2e45d64c.yaml │ ├── remove-glance-registry-6076539ab6ce1a8b.yaml │ ├── remove-keystone-v2-f257cdb7e7e3a4df.yaml │ ├── remove-lbaas-0054d83972c5afcf.yaml │ ├── remove-legacy-nova-filters-d6e21a5e8f5c31a7.yaml │ ├── remove-nagios-deployment-21362a84a3ac446f.yaml │ ├── remove-nova-network-8fe352ac6eb22ecb.yaml │ ├── remove-retry-filter-nova-05e84f3fd020d8ed.yaml │ ├── remove-sahara-79e02a209c7128e9.yaml │ ├── remove-uec-images-d876bd8c805d9633.yaml │ ├── renamed-ssl-subject-parameters-c2a52d17c349a59f.yaml │ ├── reno-for-release-notes-66c17b84c946591f.yaml │ ├── service-workers-and-mariadb-c2a6ba903f36b57e.yaml │ ├── swift-s3-removal-ee3ddc2ee21a56cf.yaml │ ├── switch-default-neutron-driver-to-ovn-0eb7053b81c7794d.yaml │ └── update-puppet-module-usage-4ed869e87e67caaf.yaml └── source │ ├── _static │ └── .placeholder │ ├── _templates │ └── .placeholder │ ├── conf.py │ ├── index.rst │ └── unreleased.rst ├── requirements.txt ├── roles └── packstack-integration-tempest │ └── tasks │ └── main.yaml ├── run_tests.sh ├── setup.cfg ├── setup.py ├── test-requirements.txt ├── tests ├── __init__.py ├── installer │ ├── __init__.py │ ├── test_arch.py │ ├── test_drones.py │ ├── test_processors.py │ ├── test_run_setup.py │ ├── test_sequences.py │ ├── test_setup_params.py │ ├── test_utils.py │ └── test_validators.py ├── modules │ ├── __init__.py │ ├── test_ospluginutils.py │ └── test_puppet.py ├── scenario-py3.sh ├── scenario000.sh ├── scenario001.sh ├── scenario002.sh ├── scenario003.sh └── test_base.py ├── tools ├── copy-logs.sh └── fix_disk_layout.sh └── tox.ini /.gitignore: -------------------------------------------------------------------------------- 1 | *.py[co] 2 | *.swp 3 | *.log 4 | .tox 5 | vendor/* 6 | Gemfile.lock 7 | packstack.egg-info 8 | docs/build 9 | releasenotes/build 10 | .stestr 11 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=x/packstack.git 5 | -------------------------------------------------------------------------------- /.stestr.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | test_path=./tests 3 | top_dir=./ 4 | -------------------------------------------------------------------------------- /.testr.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | test_command=${PYTHON:-python} -m subunit.run discover -t ./ ./tests $LISTOPT $IDOPTION 3 | test_id_option=--load-list $IDFILE 4 | test_list_option=--list 5 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source ENV["GEM_SOURCE"] || "https://rubygems.org" 2 | 3 | group :development, :test do 4 | gem 'puppetlabs_spec_helper', :require => false 5 | 6 | gem 'puppet-lint-param-docs' 7 | gem 'puppet-lint-absolute_classname-check' 8 | gem 'puppet-lint-absolute_template_path' 9 | gem 'puppet-lint-trailing_newline-check' 10 | 11 | # Puppet 4.x related lint checks 12 | gem 'puppet-lint-unquoted_string-check' 13 | gem 'puppet-lint-leading_zero-check' 14 | gem 'puppet-lint-variable_contains_upcase' 15 | gem 'puppet-lint-numericvariable' 16 | 17 | end 18 | 19 | if puppetversion = ENV['PUPPET_GEM_VERSION'] 20 | gem 'puppet', puppetversion, :require => false 21 | else 22 | gem 'puppet', :require => false 23 | end 24 | 25 | # vim:ft=ruby 26 | -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | include docs/* 2 | include LICENSE 3 | include README.md 4 | recursive-include packstack/puppet * 5 | recursive-include packstack/templates * 6 | global-exclude .gitignore 7 | global-exclude .gitmodules 8 | global-exclude .git 9 | prune packstack/puppet/modules/*/.git 10 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | require 'puppet-syntax/tasks/puppet-syntax' 4 | 5 | PuppetLint.configuration.relative = true 6 | PuppetLint.configuration.log_format = "%{path}:%{linenumber}:%{check}:%{KIND}:%{message}" 7 | PuppetLint.configuration.fail_on_warnings = true 8 | PuppetLint.configuration.send('disable_class_parameter_defaults') 9 | PuppetLint.configuration.send('disable_class_inherits_from_params_class') 10 | PuppetLint.configuration.send('disable_80chars') 11 | PuppetLint.configuration.send('disable_containing_dash') 12 | PuppetLint.configuration.send('disable_quoted_booleans') 13 | PuppetLint.configuration.send('disable_documentation') 14 | 15 | exclude_paths = [ 16 | "pkg/**/*", 17 | "vendor/**/*", 18 | "spec/**/*", 19 | ] 20 | 21 | Rake::Task[:lint].clear 22 | PuppetLint.configuration.ignore_paths = exclude_paths 23 | PuppetSyntax.exclude_paths = exclude_paths 24 | 25 | desc "Run syntax, lint" 26 | task :test => [ 27 | :syntax, 28 | :lint, 29 | ] 30 | -------------------------------------------------------------------------------- /bindep.txt: -------------------------------------------------------------------------------- 1 | libffi-dev [platform:dpkg] 2 | libffi-devel [platform:rpm] 3 | libssl-dev [platform:dpkg] 4 | openssl-devel [platform:rpm] 5 | 6 | -------------------------------------------------------------------------------- /external_modules.txt: -------------------------------------------------------------------------------- 1 | puppetlabs/puppetlabs-apache 2 | puppetlabs/puppetlabs-concat 3 | puppetlabs/puppetlabs-firewall 4 | puppetlabs/puppetlabs-inifile 5 | saz/puppet-memcached 6 | puppetlabs/puppetlabs-mysql 7 | rcritten/puppet-nssdb,2ed2a2df59bbeaf9cf628e1a4a499476842282fd 8 | voxpupuli/puppet-rabbitmq 9 | voxpupuli/puppet-redis 10 | paramite/puppet-remote,7420908328b832f4b20e1eba44bcccd926da8faa 11 | puppetlabs/puppetlabs-rsync 12 | puppetlabs/puppetlabs-stdlib 13 | duritong/puppet-sysctl,847ec1c07ed3e231a48d8816971c0bd4afe7a72b 14 | voxpupuli/puppet-systemd 15 | puppetlabs/puppetlabs-vcsrepo 16 | puppetlabs/puppetlabs-xinetd 17 | -------------------------------------------------------------------------------- /openstack_modules.txt: -------------------------------------------------------------------------------- 1 | aodh 2 | ceilometer 3 | cinder 4 | glance 5 | gnocchi 6 | heat 7 | horizon 8 | ironic 9 | keystone 10 | magnum 11 | manila 12 | neutron 13 | nova 14 | openstacklib 15 | oslo 16 | ovn 17 | placement 18 | swift 19 | tempest 20 | trove 21 | vswitch 22 | -------------------------------------------------------------------------------- /packstack/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-openstack/packstack/d1dedfcf3daaf98d2cb3da3830778d0dc4d0fcbb/packstack/__init__.py -------------------------------------------------------------------------------- /packstack/installer/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *.swp 3 | *.log 4 | -------------------------------------------------------------------------------- /packstack/installer/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-openstack/packstack/d1dedfcf3daaf98d2cb3da3830778d0dc4d0fcbb/packstack/installer/__init__.py -------------------------------------------------------------------------------- /packstack/installer/core/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-openstack/packstack/d1dedfcf3daaf98d2cb3da3830778d0dc4d0fcbb/packstack/installer/core/__init__.py -------------------------------------------------------------------------------- /packstack/installer/core/arch.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | """ 15 | Simple routines to map host architectures as expected by various components. 16 | """ 17 | 18 | import os 19 | 20 | 21 | def kernel_arch(): 22 | """Return the kernel arch.""" 23 | return os.uname()[4] 24 | 25 | 26 | def dib_arch(): 27 | """Return the kernel arch or the more appropriate DiB arch.""" 28 | DIB_MAP = { 29 | 'x86_64': 'amd64', 30 | 'aarch64': 'arm64', 31 | } 32 | return DIB_MAP.get(kernel_arch(), kernel_arch()) 33 | 34 | 35 | def cirros_arch(): 36 | """Return the kernel arch or the more appropriate cirros arch.""" 37 | CIRROS_MAP = { 38 | 'ppc64le': 'powerpc', 39 | 'aarch64': 'arm', 40 | } 41 | return CIRROS_MAP.get(kernel_arch(), kernel_arch()) 42 | -------------------------------------------------------------------------------- /packstack/installer/core/parameters.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | """ 15 | Container set for groups and parameters 16 | """ 17 | 18 | from ..utils.datastructures import SortedDict 19 | 20 | 21 | class Parameter(object): 22 | allowed_keys = ('CONF_NAME', 'CMD_OPTION', 'USAGE', 'PROMPT', 23 | 'PROCESSORS', 'VALIDATORS', 'LOOSE_VALIDATION', 24 | 'DEFAULT_VALUE', 'USE_DEFAULT', 'OPTION_LIST', 25 | 'MASK_INPUT', 'NEED_CONFIRM', 'CONDITION', 'DEPRECATES', 26 | 'MESSAGE', 'MESSAGE_VALUES') 27 | 28 | def __init__(self, attributes=None): 29 | attributes = attributes or {} 30 | defaults = {}.fromkeys(self.allowed_keys) 31 | defaults.update(attributes) 32 | 33 | for key, value in defaults.items(): 34 | if key not in self.allowed_keys: 35 | raise KeyError('Given attribute %s is not allowed' % key) 36 | self.__dict__[key] = value 37 | 38 | 39 | class Group(Parameter): 40 | allowed_keys = ('GROUP_NAME', 'DESCRIPTION', 'PRE_CONDITION', 41 | 'PRE_CONDITION_MATCH', 'POST_CONDITION', 42 | 'POST_CONDITION_MATCH') 43 | 44 | def __init__(self, attributes=None, parameters=None): 45 | super(Group, self).__init__(attributes) 46 | self.parameters = SortedDict() 47 | for param in parameters or []: 48 | self.parameters[param['CONF_NAME']] = Parameter(attributes=param) 49 | 50 | def search(self, attr, value): 51 | """ 52 | Returns list of parameters which have given attribute of given 53 | value. 54 | """ 55 | result = [] 56 | for param in self.parameters.itervalues(): 57 | if getattr(param, attr) == value: 58 | result.append(param) 59 | return result 60 | -------------------------------------------------------------------------------- /packstack/installer/exceptions.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | __all__ = ( 15 | 'PackStackError', 16 | 17 | 'InstallError', 18 | 'FlagValidationError', 19 | 'MissingRequirements', 20 | 21 | 'PluginError', 22 | 'ParamProcessingError', 23 | 'ParamValidationError', 24 | 25 | 'NetworkError', 26 | 'ScriptRuntimeError', 27 | ) 28 | 29 | 30 | class PackStackError(Exception): 31 | """Default Exception class for packstack installer.""" 32 | def __init__(self, *args, **kwargs): 33 | super(PackStackError, self).__init__(*args) 34 | self.stdout = kwargs.get('stdout', None) 35 | self.stderr = kwargs.get('stderr', None) 36 | 37 | 38 | class PuppetError(Exception): 39 | """Raised when Puppet will have some problems.""" 40 | 41 | 42 | class MissingRequirements(PackStackError): 43 | """Raised when minimum install requirements are not met.""" 44 | pass 45 | 46 | 47 | class InstallError(PackStackError): 48 | """Exception for generic errors during setup run.""" 49 | pass 50 | 51 | 52 | class FlagValidationError(InstallError): 53 | """Raised when single flag validation fails.""" 54 | pass 55 | 56 | 57 | class ParamValidationError(InstallError): 58 | """Raised when parameter value validation fails.""" 59 | pass 60 | 61 | 62 | class PluginError(PackStackError): 63 | pass 64 | 65 | 66 | class ParamProcessingError(PluginError): 67 | pass 68 | 69 | 70 | class NetworkError(PackStackError): 71 | """Should be used for packstack's network failures.""" 72 | pass 73 | 74 | 75 | class ScriptRuntimeError(PackStackError): 76 | """ 77 | Raised when utils.ScriptRunner.execute does not end successfully. 78 | """ 79 | pass 80 | 81 | 82 | class ExecuteRuntimeError(PackStackError): 83 | """Raised when utils.execute does not end successfully.""" 84 | 85 | 86 | class SequenceError(PackStackError): 87 | """Exception for errors during setup sequence run.""" 88 | pass 89 | -------------------------------------------------------------------------------- /packstack/installer/utils/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from .datastructures import SortedDict 15 | from .decorators import retry 16 | from .network import device_from_ip 17 | from .network import force_ip 18 | from .network import get_localhost_ip 19 | from .network import host2ip 20 | from .shell import execute 21 | from .shell import ScriptRunner 22 | from .shortcuts import get_current_user 23 | from .shortcuts import get_current_username 24 | from .shortcuts import host_iter 25 | from .shortcuts import hosts 26 | from .shortcuts import split_hosts 27 | from .strings import color_text 28 | from .strings import COLORS 29 | from .strings import mask_string 30 | from .strings import state_format 31 | from .strings import state_message 32 | 33 | 34 | __all__ = ('SortedDict', 35 | 'retry', 36 | 'device_from_ip', 'force_ip', 'get_localhost_ip', 'host2ip', 37 | 'ScriptRunner', 'execute', 38 | 'get_current_user', 'get_current_username', 'host_iter', 'hosts', 39 | 'split_hosts', 'color_text', 'COLORS', 'mask_string', 40 | 'state_format', 'state_message') 41 | -------------------------------------------------------------------------------- /packstack/installer/utils/decorators.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | import time 15 | 16 | 17 | def retry(count=1, delay=0, retry_on=Exception): 18 | """ 19 | Decorator which tries to run specified fuction if the previous 20 | run ended by given exception. Retry count and delays can be also 21 | specified. 22 | """ 23 | if count < 0 or delay < 0: 24 | raise ValueError('Count and delay has to be positive number.') 25 | 26 | def decorator(func): 27 | def wrapper(*args, **kwargs): 28 | tried = 0 29 | while tried <= count: 30 | try: 31 | return func(*args, **kwargs) 32 | except retry_on: 33 | if tried >= count: 34 | raise 35 | if delay: 36 | time.sleep(delay) 37 | tried += 1 38 | wrapper.__name__ = func.__name__ 39 | return wrapper 40 | return decorator 41 | -------------------------------------------------------------------------------- /packstack/installer/utils/shortcuts.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | import grp 15 | import os 16 | import pwd 17 | 18 | 19 | def host_iter(config): 20 | for key, value in config.items(): 21 | if key.endswith("_HOST"): 22 | host = value.split('/')[0] 23 | if host: 24 | yield key, host 25 | if key.endswith("_HOSTS"): 26 | for i in value.split(","): 27 | host = i.strip().split('/')[0] 28 | if host: 29 | yield key, host 30 | 31 | 32 | def hosts(config): 33 | result = set() 34 | for key, host in host_iter(config): 35 | result.add(host) 36 | return result 37 | 38 | 39 | def get_current_user(): 40 | try: 41 | user = pwd.getpwnam(os.getlogin()) 42 | uid, gid = user.pw_uid, user.pw_gid 43 | except OSError: 44 | # in case program is run by a script 45 | uid, gid = os.getuid(), os.getgid() 46 | return uid, gid 47 | 48 | 49 | def get_current_username(): 50 | uid, gid = get_current_user() 51 | user = pwd.getpwuid(uid).pw_name 52 | group = grp.getgrgid(gid).gr_name 53 | return user, group 54 | 55 | 56 | def split_hosts(hosts_string): 57 | hosts = set() 58 | for host in hosts_string.split(','): 59 | shost = host.strip() 60 | if shost: 61 | hosts.add(shost) 62 | return hosts 63 | -------------------------------------------------------------------------------- /packstack/installer/utils/strings.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from functools import cmp_to_key 15 | import re 16 | 17 | 18 | STR_MASK = '*' * 8 19 | COLORS = {'nocolor': "\033[0m", 'red': "\033[0;31m", 20 | 'green': "\033[32m", 'blue': "\033[34m", 21 | 'yellow': "\033[33m"} 22 | 23 | 24 | def color_text(text, color): 25 | """ 26 | Returns given text string with appropriate color tag. Allowed values 27 | for color parameter are 'red', 'blue', 'green' and 'yellow'. 28 | """ 29 | return '%s%s%s' % (COLORS[color], text, COLORS['nocolor']) 30 | 31 | 32 | def stringcmp(x, y): 33 | return len(y) - len(x) 34 | 35 | 36 | def mask_string(unmasked, mask_list=None, replace_list=None): 37 | """ 38 | Replaces words from mask_list with MASK in unmasked string. 39 | If words are needed to be transformed before masking, transformation 40 | could be describe in replace list. For example [("'","'\\''")] 41 | replaces all ' characters with '\\''. 42 | """ 43 | mask_list = mask_list or [] 44 | replace_list = replace_list or [] 45 | 46 | if isinstance(unmasked, str): 47 | masked = unmasked.encode('utf-8') 48 | else: 49 | masked = unmasked 50 | 51 | for word in sorted(mask_list, key=cmp_to_key(stringcmp)): 52 | if not word: 53 | continue 54 | word = word.encode('utf-8') 55 | for before, after in replace_list: 56 | word = word.replace(before.encode('utf-8'), after.encode('utf-8')) 57 | masked = masked.replace(word, STR_MASK.encode('utf-8')) 58 | return masked.decode('utf-8') 59 | 60 | 61 | def state_format(msg, state, color): 62 | """ 63 | Formats state with offset according to given message. 64 | """ 65 | _msg = '%s' % msg.strip() 66 | for clr in COLORS.values(): 67 | _msg = re.sub(re.escape(clr), '', msg) 68 | 69 | space = 70 - len(_msg) 70 | state = '[ %s ]' % color_text(state, color) 71 | return state.rjust(space) 72 | 73 | 74 | def state_message(msg, state, color): 75 | """ 76 | Formats given message with colored state information. 77 | """ 78 | return '%s%s' % (msg, state_format(msg, state, color)) 79 | -------------------------------------------------------------------------------- /packstack/modules/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-openstack/packstack/d1dedfcf3daaf98d2cb3da3830778d0dc4d0fcbb/packstack/modules/__init__.py -------------------------------------------------------------------------------- /packstack/modules/documentation.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2015 Red Hat, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | from docutils import core 18 | 19 | 20 | # ------------------ helpers to locate option list ------------------ # 21 | def _iter_by_titles(tree): 22 | for i in tree.children: 23 | i = i.asdom() 24 | for child in i.childNodes: 25 | if child.nodeName != 'title': 26 | continue 27 | if child.childNodes and child.childNodes[0].nodeValue: 28 | title = child.childNodes[0].nodeValue 29 | yield title, i 30 | 31 | 32 | def _get_options(tree, section): 33 | for title, node in _iter_by_titles(tree): 34 | if title == section: 35 | return node 36 | 37 | 38 | # --------------------- helper to locate options -------------------- # 39 | def _iter_options(section): 40 | for subsection in section.childNodes: 41 | for subsub in subsection.childNodes: 42 | if subsub.nodeName != 'definition_list': 43 | # TO-DO: log parsing warning 44 | continue 45 | for defitem in subsub.childNodes: 46 | key_node = defitem.getElementsByTagName('strong') 47 | val_node = defitem.getElementsByTagName('paragraph') 48 | if not key_node or not val_node: 49 | # TO-DO: log parsing warning 50 | continue 51 | key_node = key_node[0].childNodes[0] 52 | val_node = val_node[0].childNodes[0] 53 | yield key_node.nodeValue, val_node.nodeValue 54 | 55 | 56 | # ----------------------------- interface --------------------------- # 57 | _rst_cache = {} 58 | 59 | 60 | def update_params_usage(path, params, opt_title='OPTIONS', sectioned=True): 61 | """Updates params dict with USAGE texts parsed from given rst file.""" 62 | def _update(section, rst): 63 | for param in section: 64 | if param['CONF_NAME'] not in rst: 65 | # TO-DO: log warning 66 | continue 67 | param['USAGE'] = rst[param['CONF_NAME']] 68 | 69 | if not _rst_cache: 70 | tree = core.publish_doctree( 71 | source=open(path).read(), source_path=path 72 | ) 73 | for key, value in _iter_options(_get_options(tree, opt_title)): 74 | _rst_cache.setdefault(key, value) 75 | 76 | if sectioned: 77 | for section in params.values(): 78 | _update(section, _rst_cache) 79 | else: 80 | _update(params, _rst_cache) 81 | -------------------------------------------------------------------------------- /packstack/plugins/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-openstack/packstack/d1dedfcf3daaf98d2cb3da3830778d0dc4d0fcbb/packstack/plugins/__init__.py -------------------------------------------------------------------------------- /packstack/plugins/openstack_client_400.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | """ 15 | Installs and configures an OpenStack Client 16 | """ 17 | 18 | import os 19 | 20 | from packstack.installer import utils 21 | 22 | # ------------- OpenStack Client Packstack Plugin Initialization -------------- 23 | 24 | PLUGIN_NAME = "OS-Client" 25 | PLUGIN_NAME_COLORED = utils.color_text(PLUGIN_NAME, 'blue') 26 | 27 | 28 | def initConfig(controller): 29 | group = {"GROUP_NAME": "NOVACLIENT", 30 | "DESCRIPTION": "NOVACLIENT Config parameters", 31 | "PRE_CONDITION": "CONFIG_CLIENT_INSTALL", 32 | "PRE_CONDITION_MATCH": "y", 33 | "POST_CONDITION": False, 34 | "POST_CONDITION_MATCH": True} 35 | controller.addGroup(group, []) 36 | 37 | 38 | def initSequences(controller): 39 | if controller.CONF['CONFIG_CLIENT_INSTALL'] != 'y': 40 | return 41 | 42 | osclientsteps = [ 43 | {'title': 'Preparing OpenStack Client entries', 44 | 'functions': [create_manifest]} 45 | ] 46 | controller.addSequence("Installing OpenStack Client", [], [], 47 | osclientsteps) 48 | 49 | 50 | # -------------------------- step functions -------------------------- 51 | 52 | def create_manifest(config, messages): 53 | client_host = config['CONFIG_CONTROLLER_HOST'].strip() 54 | 55 | server = utils.ScriptRunner(client_host) 56 | server.append('echo $HOME') 57 | rc, root_home = server.execute() 58 | root_home = root_home.strip() 59 | 60 | homedir = os.path.expanduser('~') 61 | config['HOME_DIR'] = homedir 62 | 63 | uname, gname = utils.get_current_username() 64 | config['NO_ROOT_USER'], config['NO_ROOT_GROUP'] = uname, gname 65 | 66 | no_root_allinone = (client_host == utils.get_localhost_ip() and 67 | root_home != homedir) 68 | config['NO_ROOT_USER_ALLINONE'] = no_root_allinone and True or False 69 | 70 | msg = ("File %s/keystonerc_admin has been created on OpenStack client host" 71 | " %s. To use the command line tools you need to source the file.") 72 | messages.append(msg % (root_home, client_host)) 73 | 74 | if no_root_allinone: 75 | msg = ("Copy of keystonerc_admin file has been created for non-root " 76 | "user in %s.") 77 | messages.append(msg % homedir) 78 | -------------------------------------------------------------------------------- /packstack/plugins/postscript_951.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | """ 15 | Plugin responsible for post-installation configuration 16 | """ 17 | 18 | from packstack.installer import utils 19 | from packstack.installer import basedefs 20 | 21 | 22 | # ------------- Postscript Packstack Plugin Initialization -------------- 23 | 24 | PLUGIN_NAME = "Postscript" 25 | PLUGIN_NAME_COLORED = utils.color_text(PLUGIN_NAME, 'blue') 26 | 27 | 28 | def initConfig(controller): 29 | group = {"GROUP_NAME": "POSTSCRIPT", 30 | "DESCRIPTION": "POSTSCRIPT Config parameters", 31 | "PRE_CONDITION": lambda x: 'yes', 32 | "PRE_CONDITION_MATCH": "yes", 33 | "POST_CONDITION": False, 34 | "POST_CONDITION_MATCH": True} 35 | controller.addGroup(group, []) 36 | 37 | 38 | def initSequences(controller): 39 | config = controller.CONF 40 | postscript_steps = [] 41 | if (config['CONFIG_PROVISION_TEMPEST'] == "y" and 42 | config['CONFIG_RUN_TEMPEST'] == "y"): 43 | postscript_steps.append( 44 | {'title': 'Running Tempest', 45 | 'functions': [run_tempest]} 46 | ) 47 | controller.addSequence("Running post install scripts", [], [], 48 | postscript_steps) 49 | 50 | 51 | # -------------------------- step functions -------------------------- 52 | 53 | def run_tempest(config, messages): 54 | logfile = basedefs.DIR_LOG + "/tempest.log" 55 | print("Running Tempest on %s" % config['CONFIG_TEMPEST_HOST']) 56 | server = utils.ScriptRunner(config['CONFIG_TEMPEST_HOST']) 57 | server.append('pushd /var/lib/tempest') 58 | server.append('tempest run --regex \'(%s)\' --black-regex \'%s\' --concurrency 2 > %s' 59 | % (config['CONFIG_RUN_TEMPEST_TESTS'].replace(' ', '|'), 60 | config['CONFIG_SKIP_TEMPEST_TESTS'].replace(' ', '|'), 61 | logfile)) 62 | server.append('popd') 63 | server.execute() 64 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | group :development, :test do 4 | gem 'puppetlabs_spec_helper', :require => false 5 | gem 'puppet-lint', '>= 1.0.0' 6 | gem 'rake', '< 13.0.0' 7 | gem 'rspec' 8 | end 9 | 10 | if puppetversion = ENV['PUPPET_GEM_VERSION'] 11 | gem 'puppet', puppetversion, :require => false 12 | else 13 | gem 'puppet', :require => false 14 | end 15 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | 4 | PuppetLint.configuration.fail_on_warnings = true 5 | PuppetLint.configuration.send('disable_80chars') 6 | PuppetLint.configuration.send('disable_class_parameter_defaults') 7 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/lib/facter/default_hypervisor.rb: -------------------------------------------------------------------------------- 1 | 2 | # Custom fact to keep backwards compatibility to default to qemu when the 3 | # is_virtual fact is true and otherwise default to kvm 4 | # This fact is then used as a default value for the 5 | # CONFIG_NOVA_LIBVIRT_VIRT_TYPE packstack parameter. 6 | 7 | Facter.add(:default_hypervisor) do 8 | setcode do 9 | if Facter.value(:is_virtual) == true 10 | output = 'qemu' 11 | else 12 | output = 'kvm' 13 | end 14 | output 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/lib/facter/home_dir.rb: -------------------------------------------------------------------------------- 1 | 2 | # Current users home directory 3 | 4 | Facter.add("home_dir") do 5 | setcode do 6 | Facter::Util::Resolution.exec('/bin/echo $HOME') 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/lib/facter/network.rb: -------------------------------------------------------------------------------- 1 | require 'facter' 2 | Facter.add(:gateway_device) do 3 | setcode "awk '$2==00000000 && $8==00000000 {print $1}' /proc/net/route|sort -r -n -k 7|head -n 1" 4 | end 5 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/lib/puppet/functions/parse_hash_from_string.rb: -------------------------------------------------------------------------------- 1 | Puppet::Functions.create_function(:parse_hash_from_string) do 2 | def parse_hash_from_string(*args) 3 | if args.length > 1 4 | raise Puppet::Error, 'Argument must be one' 5 | elsif !(args[0].kind_of?(String)) 6 | raise Puppet::Error, 'Argument must be a string' 7 | end 8 | 9 | value = args[0] 10 | return Hash[value.scan(/(\S+)='([^']*)'/)] 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/lib/puppet/parser/functions/choose_my_ip.rb: -------------------------------------------------------------------------------- 1 | 2 | # Function returns host's IP selected from list of IPs 3 | module Puppet::Parser::Functions 4 | newfunction(:choose_my_ip, :type => :rvalue) do |args| 5 | 6 | if args.size < 1 7 | raise( 8 | Puppet::ParseError, 9 | "choose_my_ip(): Wrong number of arguments given (#{args.size} for 1)" 10 | ) 11 | end 12 | 13 | host_list = args[0] 14 | if not host_list.kind_of?(Array) 15 | host_list = [host_list] 16 | end 17 | my_ips = Array.new 18 | lookupvar('interfaces').split(',').each do |interface| 19 | interface.strip! 20 | my_ips.push(lookupvar("ipaddress_#{interface}")) 21 | my_ips.push(lookupvar("ipaddress6_#{interface}")) 22 | end 23 | 24 | result = nil 25 | host_list.each do |ip| 26 | if my_ips.include? ip 27 | result = ip 28 | end 29 | end 30 | result 31 | end 32 | end 33 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/lib/puppet/parser/functions/force_interface.rb: -------------------------------------------------------------------------------- 1 | 2 | require 'ipaddr' 3 | 4 | # Returns value 5 | module Puppet::Parser::Functions 6 | newfunction(:force_interface, :type => :rvalue) do |args| 7 | 8 | if args.size < 2 9 | raise( 10 | Puppet::ParseError, 11 | "force_interface(): Wrong number of arguments given (#{args.size} for 2)" 12 | ) 13 | end 14 | 15 | value = args[0] 16 | allow = args[1] 17 | 18 | was_array = value.kind_of?(Array) 19 | if not was_array 20 | value = [value] 21 | end 22 | 23 | result = [] 24 | if allow 25 | value.each do |val| 26 | translated = [] 27 | val.split(':').each do |fragment| 28 | if fragment.include?('/') # this is CIDR, so translate it 29 | cidr = IPAddr.new fragment 30 | lookupvar('interfaces').split(',').each do |interface| 31 | interface.strip! 32 | ifaddr = lookupvar("ipaddress_#{interface}") 33 | if ifaddr == nil 34 | next 35 | end 36 | ifcidr = IPAddr.new ifaddr 37 | if cidr.include?(ifcidr) 38 | translated.push(interface) 39 | end 40 | end 41 | else 42 | translated.push(fragment) 43 | end 44 | end 45 | result.push(translated.join(':')) 46 | end 47 | else 48 | result = value 49 | end 50 | if not was_array 51 | result = result[0] 52 | end 53 | result 54 | end 55 | end 56 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/lib/puppet/parser/functions/force_ip.rb: -------------------------------------------------------------------------------- 1 | 2 | require 'resolv' 3 | require 'ipaddr' 4 | 5 | 6 | module Puppet::Parser::Functions 7 | newfunction(:force_ip, :type => :rvalue) do |args| 8 | if args.size < 1 9 | raise( 10 | Puppet::ParseError, 11 | "force_ip(): Wrong number of arguments given (#{args.size} for 1)" 12 | ) 13 | end 14 | if (!!IPAddr.new(args[0]) rescue false) 15 | args[0] 16 | else 17 | Resolv.getaddress args[0] 18 | end 19 | end 20 | end 21 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/amqp.pp: -------------------------------------------------------------------------------- 1 | class packstack::amqp () 2 | { 3 | $amqp = lookup('CONFIG_AMQP_BACKEND') 4 | 5 | case $amqp { 6 | 'rabbitmq': { 7 | packstack::amqp::enable_rabbitmq { 'rabbitmq': } 8 | 9 | # The following kernel parameters help alleviate some RabbitMQ 10 | # connection issues 11 | 12 | sysctl::value { 'net.ipv4.tcp_keepalive_intvl': 13 | value => '1', 14 | } 15 | 16 | sysctl::value { 'net.ipv4.tcp_keepalive_probes': 17 | value => '5', 18 | } 19 | 20 | sysctl::value { 'net.ipv4.tcp_keepalive_time': 21 | value => '5', 22 | } 23 | } 24 | default: {} 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/amqp/enable_rabbitmq.pp: -------------------------------------------------------------------------------- 1 | define packstack::amqp::enable_rabbitmq { 2 | create_resources(packstack::firewall, lookup('FIREWALL_AMQP_RULES', undef, undef, {})) 3 | $amqp_enable_ssl = lookup('CONFIG_AMQP_SSL_ENABLED') 4 | 5 | if $amqp_enable_ssl { 6 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 7 | $kombu_ssl_keyfile = '/etc/pki/tls/private/ssl_amqp.key' 8 | $kombu_ssl_certfile = '/etc/pki/tls/certs/ssl_amqp.crt' 9 | 10 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 11 | file { $files_to_set_owner: 12 | owner => 'rabbitmq', 13 | group => 'rabbitmq', 14 | require => Package['rabbitmq-server'], 15 | notify => Service['rabbitmq-server'], 16 | } 17 | 18 | file { $kombu_ssl_ca_certs: 19 | mode => '0644', 20 | require => Package['rabbitmq-server'], 21 | notify => Service['rabbitmq-server'], 22 | } 23 | 24 | class { 'rabbitmq': 25 | port => undef, 26 | ssl_port => 0 + lookup('CONFIG_AMQP_CLIENTS_PORT'), 27 | ssl_only => true, 28 | ssl => true, 29 | ssl_cacert => $kombu_ssl_ca_certs, 30 | ssl_cert => $kombu_ssl_certfile, 31 | ssl_key => $kombu_ssl_keyfile, 32 | default_user => lookup('CONFIG_AMQP_AUTH_USER'), 33 | default_pass => lookup('CONFIG_AMQP_AUTH_PASSWORD'), 34 | package_provider => 'yum', 35 | repos_ensure => false, 36 | admin_enable => false, 37 | loopback_users => [], 38 | ssl_verify => 'verify_peer', 39 | ssl_fail_if_no_peer_cert => true, 40 | config_ranch => false, 41 | tcp_keepalive => true, 42 | tcp_backlog => 128, 43 | } 44 | } else { 45 | class { 'rabbitmq': 46 | port => 0 + lookup('CONFIG_AMQP_CLIENTS_PORT'), 47 | ssl => false, 48 | default_user => lookup('CONFIG_AMQP_AUTH_USER'), 49 | default_pass => lookup('CONFIG_AMQP_AUTH_PASSWORD'), 50 | package_provider => 'yum', 51 | repos_ensure => false, 52 | admin_enable => false, 53 | loopback_users => [], 54 | config_ranch => false, 55 | tcp_keepalive => true, 56 | tcp_backlog => 128, 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/aodh.pp: -------------------------------------------------------------------------------- 1 | class packstack::aodh () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_AODH_RULES', undef, undef, {})) 4 | 5 | $config_aodh_coordination_backend = lookup('CONFIG_CEILOMETER_COORDINATION_BACKEND') 6 | 7 | if $config_aodh_coordination_backend == 'redis' { 8 | $coordination_url = os_url({ 9 | 'scheme' => 'redis', 10 | 'host' => lookup('CONFIG_REDIS_HOST_URL'), 11 | 'port' => lookup('CONFIG_REDIS_PORT'), 12 | }) 13 | Service<| title == 'redis' |> -> Anchor['aodh::service::begin'] 14 | } else { 15 | $coordination_url = undef 16 | } 17 | 18 | class { 'aodh::keystone::authtoken': 19 | password => lookup('CONFIG_AODH_KS_PW'), 20 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 21 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 22 | } 23 | 24 | class { 'aodh::api': 25 | enabled => true, 26 | service_name => 'httpd', 27 | sync_db => true, 28 | } 29 | 30 | class { 'aodh::wsgi::apache': 31 | workers => lookup('CONFIG_SERVICE_WORKERS'), 32 | ssl => false 33 | } 34 | 35 | class { 'aodh::service_credentials': 36 | password => lookup('CONFIG_AODH_KS_PW'), 37 | auth_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 38 | region_name => lookup('CONFIG_KEYSTONE_REGION'), 39 | } 40 | class { 'aodh::coordination': 41 | backend_url => $coordination_url, 42 | } 43 | class { 'aodh::evaluator': } 44 | class { 'aodh::notifier': } 45 | class { 'aodh::listener': } 46 | class { 'aodh::client': } 47 | } 48 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/aodh/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class packstack::aodh::rabbitmq () 2 | { 3 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 4 | $kombu_ssl_keyfile = lookup('CONFIG_AODH_SSL_KEY', undef, undef, undef) 5 | $kombu_ssl_certfile = lookup('CONFIG_AODH_SSL_CERT', undef, undef, undef) 6 | 7 | if $kombu_ssl_keyfile { 8 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 9 | file { $files_to_set_owner: 10 | owner => 'aodh', 11 | group => 'aodh', 12 | require => Package['aodh'], 13 | } 14 | File[$files_to_set_owner] ~> Service<| tag == 'aodh-service' |> 15 | } 16 | Service<| name == 'rabbitmq-server' |> -> Service<| tag == 'aodh-service' |> 17 | 18 | class { 'aodh::logging': 19 | debug => lookup('CONFIG_DEBUG_MODE'), 20 | } 21 | 22 | class { 'aodh::db': 23 | database_connection => os_database_connection({ 24 | 'dialect' => 'mysql+pymysql', 25 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 26 | 'username' => 'aodh', 27 | 'password' => lookup('CONFIG_AODH_DB_PW'), 28 | 'database' => 'aodh', 29 | }) 30 | } 31 | 32 | class { 'aodh': 33 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 34 | default_transport_url => os_transport_url({ 35 | 'transport' => 'rabbit', 36 | 'host' => lookup('CONFIG_AMQP_HOST_URL'), 37 | 'port' => lookup('CONFIG_AMQP_CLIENTS_PORT'), 38 | 'username' => lookup('CONFIG_AMQP_AUTH_USER'), 39 | 'password' => lookup('CONFIG_AMQP_AUTH_PASSWORD') 40 | }), 41 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 42 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 43 | kombu_ssl_certfile => $kombu_ssl_certfile, 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/apache.pp: -------------------------------------------------------------------------------- 1 | class packstack::apache () 2 | { 3 | class { 'apache': } 4 | } 5 | 6 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/ceilometer.pp: -------------------------------------------------------------------------------- 1 | class packstack::ceilometer () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_CEILOMETER_RULES', undef, undef, {})) 4 | 5 | $config_ceilometer_coordination_backend = lookup('CONFIG_CEILOMETER_COORDINATION_BACKEND') 6 | 7 | $config_gnocchi_host = lookup('CONFIG_KEYSTONE_HOST_URL') 8 | 9 | if $config_ceilometer_coordination_backend == 'redis' { 10 | $coordination_url = os_url({ 11 | 'scheme' => 'redis', 12 | 'host' => lookup('CONFIG_REDIS_HOST_URL'), 13 | 'port' => lookup('CONFIG_REDIS_PORT'), 14 | }) 15 | Service<| title == 'redis' |> -> Anchor['ceilometer::service::begin'] 16 | } else { 17 | $coordination_url = undef 18 | } 19 | 20 | include ceilometer 21 | 22 | include ceilometer::db::sync 23 | 24 | Keystone::Resource::Service_identity<||> -> Anchor['ceilometer::dbsync::begin'] 25 | 26 | class { 'ceilometer::agent::notification': 27 | manage_event_pipeline => true, 28 | event_pipeline_publishers => ['gnocchi://'], 29 | } 30 | 31 | class { 'ceilometer::agent::service_credentials': 32 | auth_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 33 | password => lookup('CONFIG_CEILOMETER_KS_PW'), 34 | region_name => lookup('CONFIG_KEYSTONE_REGION'), 35 | } 36 | 37 | class { 'ceilometer::coordination': 38 | backend_url => $coordination_url, 39 | } 40 | 41 | class { 'ceilometer::agent::polling': 42 | manage_polling => true, 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/ceilometer/nova_disabled.pp: -------------------------------------------------------------------------------- 1 | class packstack::ceilometer::nova_disabled () 2 | { 3 | group { 'nova': 4 | ensure => present, 5 | } 6 | 7 | Group['nova'] -> Class['ceilometer'] 8 | } 9 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/ceilometer/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class packstack::ceilometer::rabbitmq () 2 | { 3 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 4 | $kombu_ssl_keyfile = lookup('CONFIG_CEILOMETER_SSL_KEY', undef, undef, undef) 5 | $kombu_ssl_certfile = lookup('CONFIG_CEILOMETER_SSL_CERT', undef, undef, undef) 6 | 7 | if $kombu_ssl_keyfile { 8 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 9 | file { $files_to_set_owner: 10 | owner => 'ceilometer', 11 | group => 'ceilometer', 12 | require => Package['ceilometer-common'], 13 | } 14 | File[$files_to_set_owner] ~> Service<| tag == 'ceilometer-service' |> 15 | } 16 | Service<| name == 'rabbitmq-server' |> -> Service<| tag == 'ceilometer-service' |> 17 | 18 | class { 'ceilometer::logging': 19 | debug => lookup('CONFIG_DEBUG_MODE'), 20 | } 21 | 22 | class { 'ceilometer': 23 | telemetry_secret => lookup('CONFIG_CEILOMETER_SECRET'), 24 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 25 | default_transport_url => os_transport_url({ 26 | 'transport' => 'rabbit', 27 | 'host' => lookup('CONFIG_AMQP_HOST_URL'), 28 | 'port' => lookup('CONFIG_AMQP_CLIENTS_PORT'), 29 | 'username' => lookup('CONFIG_AMQP_AUTH_USER'), 30 | 'password' => lookup('CONFIG_AMQP_AUTH_PASSWORD') 31 | }), 32 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 33 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 34 | kombu_ssl_certfile => $kombu_ssl_certfile, 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/chrony.pp: -------------------------------------------------------------------------------- 1 | class packstack::chrony () 2 | { 3 | $cfg_ntp_server_def = lookup('CONFIG_NTP_SERVER_DEF') 4 | $cfg_ntp_servers = lookup('CONFIG_NTP_SERVERS') 5 | 6 | $config_content = " 7 | # Use public servers from the pool.ntp.org project. 8 | # Please consider joining the pool (http://www.pool.ntp.org/join.html). 9 | ${cfg_ntp_server_def} 10 | 11 | # Ignore stratum in source selection. 12 | stratumweight 0 13 | 14 | # Record the rate at which the system clock gains/losses time. 15 | driftfile /var/lib/chrony/drift 16 | 17 | # Enable kernel RTC synchronization. 18 | rtcsync 19 | 20 | # In first three updates step the system clock instead of slew 21 | # if the adjustment is larger than 10 seconds. 22 | makestep 10 3 23 | 24 | # Allow NTP client access from local network. 25 | #allow 192.168/16 26 | 27 | # Listen for commands only on localhost. 28 | bindcmdaddress 127.0.0.1 29 | bindcmdaddress ::1 30 | 31 | # Serve time even if not synchronized to any NTP server. 32 | #local stratum 10 33 | 34 | keyfile /etc/chrony.keys 35 | 36 | # Specify the key used as password for chronyc. 37 | commandkey 1 38 | 39 | # Generate command key if missing. 40 | generatecommandkey 41 | 42 | # Disable logging of client accesses. 43 | noclientlog 44 | 45 | # Send a message to syslog if a clock adjustment is larger than 0.5 seconds. 46 | logchange 0.5 47 | 48 | logdir /var/log/chrony 49 | #log measurements statistics tracking 50 | " 51 | 52 | package { 'chrony': 53 | ensure => 'installed', 54 | name => 'chrony', 55 | } 56 | 57 | file { 'chrony_conf': 58 | ensure => file, 59 | path => '/etc/chrony.conf', 60 | mode => '0644', 61 | content => $config_content, 62 | } 63 | 64 | exec { 'stop-chronyd': 65 | path => '/bin:/usr/bin:/sbin:/usr/sbin', 66 | command => 'systemctl stop chronyd.service', 67 | onlyif => 'systemctl status chronyd.service' 68 | } 69 | 70 | exec { 'ntpdate': 71 | command => "/usr/bin/chronyc makestep", 72 | tries => 3, 73 | } 74 | 75 | service { 'chronyd': 76 | ensure => running, 77 | enable => true, 78 | name => 'chronyd', 79 | hasstatus => true, 80 | hasrestart => true, 81 | } 82 | 83 | Package['chrony'] 84 | -> File['chrony_conf'] 85 | -> Exec['stop-chronyd'] 86 | -> Service['chronyd'] 87 | -> Exec['ntpdate'] 88 | } 89 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/cinder.pp: -------------------------------------------------------------------------------- 1 | class packstack::cinder () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_CINDER_RULES', undef, undef, {})) 4 | create_resources(packstack::firewall, lookup('FIREWALL_CINDER_API_RULES', undef, undef, {})) 5 | 6 | $cinder_backends = lookup('CONFIG_CINDER_BACKEND', { merge => 'unique' }) 7 | 8 | case $cinder_backends[0] { 9 | 'lvm': { $default_volume_type = 'lvm' } 10 | 'nfs': { $default_volume_type = 'nfs' } 11 | 'netapp': { $default_volume_type = 'netapp' } 12 | 'solidfire': { $default_volume_type = 'solidfire' } 13 | default: { $default_volume_type = 'lvm' } 14 | } 15 | 16 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 17 | 'ipv6' => '::0', 18 | default => '0.0.0.0', 19 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 20 | } 21 | 22 | class { 'cinder::keystone::authtoken': 23 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 24 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 25 | password => lookup('CONFIG_CINDER_KS_PW'), 26 | } 27 | 28 | class { 'cinder::api': 29 | service_name => 'httpd', 30 | default_volume_type => $default_volume_type, 31 | } 32 | class { 'cinder::wsgi::apache': 33 | bind_host => $bind_host, 34 | workers => lookup('CONFIG_SERVICE_WORKERS'), 35 | } 36 | 37 | class { 'cinder::scheduler': } 38 | 39 | class { 'cinder::volume': } 40 | 41 | class { 'cinder::client': } 42 | 43 | class { 'cinder::glance': } 44 | 45 | class { 'cinder::nova': 46 | auth_type => 'password', 47 | password => lookup('CONFIG_NOVA_KS_PW'), 48 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 49 | } 50 | 51 | class { 'cinder::keystone::service_user': 52 | send_service_user_token => true, 53 | password => lookup('CONFIG_CINDER_KS_PW'), 54 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 55 | } 56 | 57 | class { 'cinder::backends': 58 | enabled_backends => lookup('CONFIG_CINDER_BACKEND', { merge => 'unique' }), 59 | } 60 | 61 | $db_purge = lookup('CONFIG_CINDER_DB_PURGE_ENABLE') 62 | if $db_purge { 63 | class { 'cinder::cron::db_purge': 64 | hour => '*/24', 65 | destination => '/dev/null', 66 | age => 1 67 | } 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/cinder/backend/lvm.pp: -------------------------------------------------------------------------------- 1 | class packstack::cinder::backend::lvm () 2 | { 3 | $create_cinder_volume = lookup('CONFIG_CINDER_VOLUMES_CREATE') 4 | $cinder_volume_name = lookup('CONFIG_CINDER_VOLUME_NAME') 5 | 6 | if $create_cinder_volume == 'y' { 7 | # Find an available loop device 8 | $loop_dev = chomp(generate('/usr/sbin/losetup', '-f')) 9 | 10 | class { 'cinder::setup_test_volume': 11 | size => lookup('CONFIG_CINDER_VOLUMES_SIZE'), 12 | loopback_device => $loop_dev, 13 | volume_path => '/var/lib/cinder', 14 | volume_name => $cinder_volume_name, 15 | } 16 | 17 | file { 'openstack-losetup': 18 | path => '/usr/lib/systemd/system/openstack-losetup.service', 19 | before => Service['openstack-losetup'], 20 | notify => Exec['reload systemd files for cinder-volume'], 21 | content => "[Unit] 22 | Description=Setup cinder-volume loop device 23 | DefaultDependencies=false 24 | Before=openstack-cinder-volume.service 25 | After=local-fs.target 26 | 27 | [Service] 28 | Type=oneshot 29 | ExecStart=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/${cinder_volume_name} | /usr/bin/grep /var/lib/cinder/${cinder_volume_name} || /usr/sbin/losetup -f /var/lib/cinder/${cinder_volume_name}\' 30 | ExecStop=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/${cinder_volume_name} | /usr/bin/cut -d : -f 1 | /usr/bin/xargs /usr/sbin/losetup -d\' 31 | TimeoutSec=60 32 | RemainAfterExit=yes 33 | 34 | [Install] 35 | RequiredBy=openstack-cinder-volume.service", 36 | } 37 | 38 | exec { 'reload systemd files for cinder-volume': 39 | command => '/usr/bin/systemctl daemon-reload', 40 | refreshonly => true, 41 | before => Service['openstack-losetup'], 42 | } 43 | 44 | service { 'openstack-losetup': 45 | ensure => running, 46 | enable => true, 47 | require => Class['cinder::setup_test_volume'], 48 | } 49 | } 50 | else { 51 | ensure_packages(['lvm2'], {'ensure' => 'present'}) 52 | } 53 | 54 | 55 | file_line { 'snapshot_autoextend_threshold': 56 | path => '/etc/lvm/lvm.conf', 57 | match => '^\s*snapshot_autoextend_threshold +=.*', 58 | line => ' snapshot_autoextend_threshold = 80', 59 | require => Package['lvm2'], 60 | } 61 | 62 | file_line { 'snapshot_autoextend_percent': 63 | path => '/etc/lvm/lvm.conf', 64 | match => '^\s*snapshot_autoextend_percent +=.*', 65 | line => ' snapshot_autoextend_percent = 20', 66 | require => Package['lvm2'], 67 | } 68 | 69 | cinder::backend::iscsi { 'lvm': 70 | target_ip_address => lookup('CONFIG_STORAGE_HOST_URL'), 71 | require => Package['lvm2'], 72 | volume_group => $cinder_volume_name, 73 | manage_volume_type => true, 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/cinder/backend/nfs.pp: -------------------------------------------------------------------------------- 1 | class packstack::cinder::backend::nfs () 2 | { 3 | ensure_packages(['nfs-utils'], {'ensure' => 'present'}) 4 | 5 | cinder::backend::nfs { 'nfs': 6 | nfs_servers => lookup('CONFIG_CINDER_NFS_MOUNTS', { merge => 'unique' }), 7 | require => Package['nfs-utils'], 8 | nfs_shares_config => '/etc/cinder/nfs_shares.conf', 9 | nfs_snapshot_support => true, 10 | manage_volume_type => true, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/cinder/backend/solidfire.pp: -------------------------------------------------------------------------------- 1 | # Copyright (c) – 2016, Edward Balduf. All rights reserved. 2 | class packstack::cinder::backend::solidfire () 3 | { 4 | $solidfire_backend_name = 'solidfire' 5 | 6 | cinder::backend::solidfire { $solidfire_backend_name : 7 | san_ip => lookup('CONFIG_CINDER_SOLIDFIRE_LOGIN'), 8 | san_login => lookup('CONFIG_CINDER_SOLIDFIRE_PASSWORD'), 9 | san_password => lookup('CONFIG_CINDER_SOLIDFIRE_HOSTNAME'), 10 | volume_backend_name => $solidfire_backend_name, 11 | manage_volume_type => true, 12 | } 13 | 14 | ensure_packages(['iscsi-initiator-utils'], {'ensure' => 'present'}) 15 | } 16 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/cinder/backup.pp: -------------------------------------------------------------------------------- 1 | class packstack::cinder::backup () 2 | { 3 | class { 'cinder::backup': } 4 | 5 | $cinder_backup_conf_ctrl_host = lookup('CONFIG_KEYSTONE_HOST_URL') 6 | 7 | class { 'cinder::backup::swift': 8 | backup_swift_url => "http://${cinder_backup_conf_ctrl_host}:8080/v1/AUTH_", 9 | backup_swift_service_auth => true 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/cinder/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class packstack::cinder::rabbitmq () 2 | { 3 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 4 | $kombu_ssl_keyfile = lookup('CONFIG_CINDER_SSL_KEY', undef, undef, undef) 5 | $kombu_ssl_certfile = lookup('CONFIG_CINDER_SSL_CERT', undef, undef, undef) 6 | 7 | if $kombu_ssl_keyfile { 8 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 9 | file { $files_to_set_owner: 10 | owner => 'cinder', 11 | group => 'cinder', 12 | require => Class['cinder'], 13 | } 14 | File[$files_to_set_owner] ~> Service<| tag == 'cinder-service' |> 15 | } 16 | Service<| name == 'rabbitmq-server' |> -> Service<| tag == 'cinder-service' |> 17 | 18 | class { 'cinder::logging': 19 | debug => lookup('CONFIG_DEBUG_MODE'), 20 | } 21 | 22 | class { 'cinder::db': 23 | database_connection => os_database_connection({ 24 | 'dialect' => 'mysql+pymysql', 25 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 26 | 'username' => 'cinder', 27 | 'password' => lookup('CONFIG_CINDER_DB_PW'), 28 | 'database' => 'cinder', 29 | }) 30 | } 31 | 32 | class { 'cinder': 33 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 34 | default_transport_url => os_transport_url({ 35 | 'transport' => 'rabbit', 36 | 'host' => lookup('CONFIG_AMQP_HOST_URL'), 37 | 'port' => lookup('CONFIG_AMQP_CLIENTS_PORT'), 38 | 'username' => lookup('CONFIG_AMQP_AUTH_USER'), 39 | 'password' => lookup('CONFIG_AMQP_AUTH_PASSWORD') 40 | }), 41 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 42 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 43 | kombu_ssl_certfile => $kombu_ssl_certfile, 44 | notification_driver => 'messagingv2', 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/firewall.pp: -------------------------------------------------------------------------------- 1 | # Create firewall rules to allow only the FIREWALL_ALLOWED 2 | # hosts that need to connect via FIREWALL_PORTS 3 | # using FIREWALL_CHAIN 4 | 5 | define packstack::firewall ( 6 | $host, 7 | $service_name, 8 | $chain = 'INPUT', 9 | $ports = undef, 10 | $proto = 'tcp' 11 | ) { 12 | $ip_version = lookup('CONFIG_IP_VERSION') 13 | 14 | $protocol = $ip_version ? { 15 | 'ipv6' => 'ip6tables', 16 | default => 'iptables', 17 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 18 | } 19 | 20 | $source = $host ? { 21 | 'ALL' => $ip_version ? { 22 | 'ipv6' => '::/0', 23 | default => '0.0.0.0/0' 24 | }, 25 | default => $host, 26 | } 27 | 28 | $heading = $chain ? { 29 | 'OUTPUT' => 'outgoing', 30 | default => 'incoming', 31 | } 32 | 33 | if $ports == undef { 34 | firewall { "001 ${service_name} ${heading} ${title}": 35 | chain => $chain, 36 | proto => $proto, 37 | jump => 'accept', 38 | source => $source, 39 | protocol => $protocol, 40 | } 41 | } 42 | else { 43 | firewall { "001 ${service_name} ${heading} ${title}": 44 | chain => $chain, 45 | proto => $proto, 46 | dport => $ports, 47 | jump => 'accept', 48 | source => $source, 49 | protocol => $protocol, 50 | } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/glance.pp: -------------------------------------------------------------------------------- 1 | class packstack::glance () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_GLANCE_RULES', undef, undef, {})) 4 | 5 | # glance option bind_host requires address without brackets 6 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 7 | 'ipv6' => '::0', 8 | default => '0.0.0.0', 9 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 10 | } 11 | 12 | $default_store = lookup('CONFIG_GLANCE_BACKEND') ? { 13 | 'swift' => 'swift', 14 | default => 'file', 15 | } 16 | 17 | class { 'glance::api::authtoken': 18 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 19 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 20 | password => lookup('CONFIG_GLANCE_KS_PW'), 21 | } 22 | 23 | class { 'glance::api::logging': 24 | debug => lookup('CONFIG_DEBUG_MODE'), 25 | } 26 | 27 | class { 'glance::api::db': 28 | database_connection => os_database_connection({ 29 | 'dialect' => 'mysql+pymysql', 30 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 31 | 'username' => 'glance', 32 | 'password' => lookup('CONFIG_GLANCE_DB_PW'), 33 | 'database' => 'glance', 34 | }) 35 | } 36 | 37 | class { 'glance::api': 38 | service_name => 'httpd', 39 | enabled_backends => ["${default_store}:${default_store}", "http:http"], 40 | default_backend => $default_store, 41 | } 42 | class { 'glance::wsgi::apache': 43 | bind_host => $bind_host, 44 | workers => lookup('CONFIG_SERVICE_WORKERS'), 45 | } 46 | 47 | glance::backend::multistore::http { 'http': } 48 | } 49 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/glance/backend/file.pp: -------------------------------------------------------------------------------- 1 | class packstack::glance::backend::file () 2 | { 3 | glance::backend::multistore::file { 'file': 4 | filesystem_store_datadir => '/var/lib/glance/images/', 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/glance/backend/swift.pp: -------------------------------------------------------------------------------- 1 | class packstack::glance::backend::swift () 2 | { 3 | Service<| tag == 'swift-service' |> -> Service['glance-api'] 4 | 5 | $swift_auth_version = lookup('CONFIG_KEYSTONE_API_VERSION') ? { 6 | 'v2.0' => '2', 7 | default => '3', 8 | } 9 | 10 | glance::backend::multistore::swift { 'swift': 11 | swift_store_user => 'services:glance', 12 | swift_store_key => lookup('CONFIG_GLANCE_KS_PW'), 13 | swift_store_auth_address => lookup('CONFIG_KEYSTONE_PUBLIC_URL'), 14 | swift_store_container => 'glance', 15 | swift_store_auth_version => $swift_auth_version, 16 | swift_store_large_object_size => '5120', 17 | swift_store_create_container_on_put => true, 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/glance/ceilometer.pp: -------------------------------------------------------------------------------- 1 | class packstack::glance::ceilometer () 2 | { 3 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 4 | $kombu_ssl_keyfile = lookup('CONFIG_GLANCE_SSL_KEY', undef, undef, undef) 5 | $kombu_ssl_certfile = lookup('CONFIG_GLANCE_SSL_CERT', undef, undef, undef) 6 | 7 | if $kombu_ssl_keyfile { 8 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 9 | file { $files_to_set_owner: 10 | owner => 'glance', 11 | group => 'glance', 12 | require => Class['::glance::notify::rabbitmq'], 13 | notify => Service['glance-api'], 14 | } 15 | } 16 | Service<| name == 'rabbitmq-server' |> -> Service['glance-api'] 17 | 18 | class { 'glance::notify::rabbitmq': 19 | rabbit_notification_topic => 'notifications', 20 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 21 | default_transport_url => os_transport_url({ 22 | 'transport' => 'rabbit', 23 | 'host' => lookup('CONFIG_AMQP_HOST_URL'), 24 | 'port' => lookup('CONFIG_AMQP_CLIENTS_PORT'), 25 | 'username' => lookup('CONFIG_AMQP_AUTH_USER'), 26 | 'password' => lookup('CONFIG_AMQP_AUTH_PASSWORD') 27 | }), 28 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 29 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 30 | kombu_ssl_certfile => $kombu_ssl_certfile, 31 | notification_driver => 'messagingv2', 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/gnocchi.pp: -------------------------------------------------------------------------------- 1 | class packstack::gnocchi () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_GNOCCHI_RULES', undef, undef, {})) 4 | 5 | $config_gnocchi_coordination_backend = lookup('CONFIG_CEILOMETER_COORDINATION_BACKEND') 6 | 7 | if $config_gnocchi_coordination_backend == 'redis' { 8 | $coordination_url = os_url({ 9 | 'scheme' => 'redis', 10 | 'host' => lookup('CONFIG_REDIS_HOST_URL'), 11 | 'port' => lookup('CONFIG_REDIS_PORT'), 12 | }) 13 | Service<| title == 'redis' |> -> Anchor['gnocchi::service::begin'] 14 | } else { 15 | $coordination_url = uhdef 16 | } 17 | 18 | class { 'gnocchi::wsgi::apache': 19 | workers => lookup('CONFIG_SERVICE_WORKERS'), 20 | ssl => false 21 | } 22 | 23 | class { 'gnocchi': 24 | coordination_url => $coordination_url, 25 | } 26 | 27 | class { 'gnocchi::keystone::authtoken': 28 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'), 29 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 30 | password => lookup('CONFIG_GNOCCHI_KS_PW') 31 | } 32 | 33 | class { 'gnocchi::db': 34 | database_connection => os_database_connection({ 35 | 'dialect' => 'mysql+pymysql', 36 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 37 | 'username' => 'gnocchi', 38 | 'password' => lookup('CONFIG_GNOCCHI_DB_PW'), 39 | 'database' => 'gnocchi', 40 | 'charset' => 'utf8', 41 | }) 42 | } 43 | 44 | class { 'gnocchi::api': 45 | service_name => 'httpd', 46 | sync_db => true, 47 | } 48 | 49 | class { 'gnocchi::storage': } 50 | class { 'gnocchi::storage::file': } 51 | 52 | class { 'gnocchi::metricd': } 53 | 54 | class { 'gnocchi::statsd': 55 | resource_id => '5e3fcbe2-7aab-475d-b42c-a440aa42e5ad', 56 | archive_policy_name => 'high', 57 | } 58 | 59 | include gnocchi::client 60 | } 61 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/heat.pp: -------------------------------------------------------------------------------- 1 | class packstack::heat () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_HEAT_RULES', undef, undef, {})) 4 | 5 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 6 | 'ipv6' => '::0', 7 | default => '0.0.0.0', 8 | } 9 | 10 | class { 'heat::api': 11 | service_name => 'httpd', 12 | } 13 | class { 'heat::wsgi::apache_api': 14 | bind_host => $bind_host, 15 | workers => lookup('CONFIG_SERVICE_WORKERS'), 16 | } 17 | 18 | $memcache_servers = lookup('CONFIG_IP_VERSION') ? { 19 | 'ipv6' => ['[::1]:11211'], 20 | default => ['127.0.0.1:11211'], 21 | } 22 | class {'heat::cache': 23 | enabled => true, 24 | backend => 'dogpile.cache.pymemcache', 25 | memcache_servers => $memcache_servers, 26 | } 27 | include packstack::memcached 28 | Class['memcached'] -> Anchor['heat::service::begin'] 29 | 30 | $heat_cfg_ctrl_host = lookup('CONFIG_KEYSTONE_HOST_URL') 31 | 32 | class { 'heat::engine': 33 | heat_metadata_server_url => "http://${heat_cfg_ctrl_host}:8000", 34 | heat_waitcondition_server_url => "http://${heat_cfg_ctrl_host}:8000/v1/waitcondition", 35 | auth_encryption_key => lookup('CONFIG_HEAT_AUTH_ENC_KEY'), 36 | num_engine_workers => lookup('CONFIG_SERVICE_WORKERS'), 37 | } 38 | 39 | class { 'heat::keystone::domain': 40 | domain_name => lookup('CONFIG_HEAT_DOMAIN'), 41 | domain_admin => lookup('CONFIG_HEAT_DOMAIN_ADMIN'), 42 | domain_password => lookup('CONFIG_HEAT_DOMAIN_PASSWORD'), 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/heat/cfn.pp: -------------------------------------------------------------------------------- 1 | class packstack::heat::cfn () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_HEAT_CFN_RULES', undef, undef, {})) 4 | 5 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 6 | 'ipv6' => '::0', 7 | default => '0.0.0.0', 8 | } 9 | 10 | class { 'heat::api_cfn': 11 | service_name => 'httpd', 12 | } 13 | class { 'heat::wsgi::apache_api_cfn': 14 | bind_host => $bind_host, 15 | workers => lookup('CONFIG_SERVICE_WORKERS'), 16 | } 17 | 18 | $heat_cfn_cfg_ctrl_host = lookup('CONFIG_KEYSTONE_HOST_URL') 19 | 20 | class { 'heat::keystone::auth_cfn': 21 | admin_url => "http://${heat_cfn_cfg_ctrl_host}:8000/v1", 22 | public_url => "http://${heat_cfn_cfg_ctrl_host}:8000/v1", 23 | internal_url => "http://${heat_cfn_cfg_ctrl_host}:8000/v1", 24 | password => lookup('CONFIG_HEAT_KS_PW'), 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class packstack::heat::rabbitmq () 2 | { 3 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 4 | $kombu_ssl_keyfile = lookup('CONFIG_HEAT_SSL_KEY', undef, undef, undef) 5 | $kombu_ssl_certfile = lookup('CONFIG_HEAT_SSL_CERT', undef, undef, undef) 6 | 7 | if $kombu_ssl_keyfile { 8 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 9 | file { $files_to_set_owner: 10 | owner => 'heat', 11 | group => 'heat', 12 | require => Package['heat-common'], 13 | } 14 | File[$files_to_set_owner] ~> Service<| tag == 'heat-service' |> 15 | } 16 | Service<| name == 'rabbitmq-server' |> -> Service<| tag == 'heat-service' |> 17 | 18 | if lookup('CONFIG_CEILOMETER_INSTALL') == 'y' { 19 | $heat_notification_driver = 'messagingv2' 20 | } else { 21 | $heat_notification_driver = $facts['os_service_default'] 22 | } 23 | 24 | class { 'heat::trustee': 25 | password => lookup('CONFIG_HEAT_KS_PW'), 26 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 27 | } 28 | class { 'heat::keystone::authtoken': 29 | password => lookup('CONFIG_HEAT_KS_PW'), 30 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 31 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 32 | } 33 | 34 | class { 'heat::logging': 35 | debug => lookup('CONFIG_DEBUG_MODE'), 36 | } 37 | 38 | class { 'heat::db': 39 | database_connection => os_database_connection({ 40 | 'dialect' => 'mysql+pymysql', 41 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 42 | 'username' => 'heat', 43 | 'password' => lookup('CONFIG_HEAT_DB_PW'), 44 | 'database' => 'heat', 45 | }) 46 | } 47 | 48 | class { 'heat': 49 | keystone_ec2_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'), 50 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 51 | default_transport_url => os_transport_url({ 52 | 'transport' => 'rabbit', 53 | 'host' => lookup('CONFIG_AMQP_HOST_URL'), 54 | 'port' => lookup('CONFIG_AMQP_CLIENTS_PORT'), 55 | 'username' => lookup('CONFIG_AMQP_AUTH_USER'), 56 | 'password' => lookup('CONFIG_AMQP_AUTH_PASSWORD') 57 | }), 58 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 59 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 60 | kombu_ssl_certfile => $kombu_ssl_certfile, 61 | notification_driver => $heat_notification_driver, 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/horizon.pp: -------------------------------------------------------------------------------- 1 | class packstack::horizon () 2 | { 3 | $log_level = lookup('CONFIG_DEBUG_MODE') ? { 4 | true => 'DEBUG', 5 | default => 'INFO', 6 | } 7 | 8 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 9 | 'ipv6' => '::0', 10 | default => '0.0.0.0', 11 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 12 | } 13 | 14 | $horizon_ssl = lookup('CONFIG_HORIZON_SSL') ? { 15 | 'y' => true, 16 | default => false, 17 | } 18 | 19 | include packstack::memcached 20 | $cache_server_ip = lookup('CONFIG_IP_VERSION') ? { 21 | 'ipv6' => '::1', 22 | default => '127.0.0.1', 23 | } 24 | 25 | class { 'horizon': 26 | secret_key => lookup('CONFIG_HORIZON_SECRET_KEY'), 27 | keystone_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL'), 28 | server_aliases => [lookup('CONFIG_CONTROLLER_HOST'), $facts['networking']['fqdn'], 'localhost'], 29 | allowed_hosts => '*', 30 | django_session_engine => 'django.contrib.sessions.backends.cache', 31 | cache_backend => 'django.core.cache.backends.memcached.PyMemcacheCache', 32 | cache_server_ip => $cache_server_ip, 33 | cache_server_port => '11211', 34 | file_upload_temp_dir => '/var/tmp', 35 | listen_ssl => $horizon_ssl, 36 | ssl_cert => lookup('CONFIG_HORIZON_SSL_CERT', undef, undef, undef), 37 | ssl_key => lookup('CONFIG_HORIZON_SSL_KEY', undef, undef, undef), 38 | ssl_ca => lookup('CONFIG_HORIZON_SSL_CACERT', undef, undef, undef), 39 | ssl_verify_client => 'optional', 40 | log_level => $log_level, 41 | django_log_level => 'INFO', 42 | neutron_options => { 43 | 'enable_vpn' => lookup('CONFIG_HORIZON_NEUTRON_VPN'), 44 | }, 45 | } 46 | 47 | if lookup('CONFIG_MAGNUM_INSTALL') == 'y' { 48 | horizon::dashboard { 'magnum': } 49 | } 50 | 51 | if lookup('CONFIG_IRONIC_INSTALL') == 'y' { 52 | include horizon::dashboards::ironic 53 | } 54 | 55 | if lookup('CONFIG_TROVE_INSTALL') == 'y' { 56 | horizon::dashboard { 'trove': } 57 | } 58 | 59 | if lookup('CONFIG_HEAT_INSTALL') == 'y' { 60 | include horizon::dashboards::heat 61 | } 62 | 63 | if lookup('CONFIG_MANILA_INSTALL') == 'y' { 64 | include horizon::dashboards::manila 65 | } 66 | 67 | $firewall_port = lookup('CONFIG_HORIZON_PORT') 68 | 69 | firewall { "001 horizon ${firewall_port} incoming": 70 | proto => 'tcp', 71 | dport => [$firewall_port], 72 | jump => 'accept', 73 | } 74 | 75 | if str2bool($facts['os']['selinux']['enabled']) { 76 | selboolean{ 'httpd_can_network_connect': 77 | value => on, 78 | persistent => true, 79 | } 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/ironic.pp: -------------------------------------------------------------------------------- 1 | class packstack::ironic () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_IRONIC_API_RULES', undef, undef, {})) 4 | 5 | class { 'ironic::api::authtoken': 6 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 7 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 8 | password => lookup('CONFIG_IRONIC_KS_PW'), 9 | } 10 | 11 | class { 'ironic::api': } 12 | 13 | class { 'ironic::client': } 14 | 15 | class { 'ironic::conductor': } 16 | } 17 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/ironic/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class packstack::ironic::rabbitmq () 2 | { 3 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 4 | $kombu_ssl_keyfile = lookup('CONFIG_IRONIC_SSL_KEY', undef, undef, undef) 5 | $kombu_ssl_certfile = lookup('CONFIG_IRONIC_SSL_CERT', undef, undef, undef) 6 | 7 | if $kombu_ssl_keyfile { 8 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 9 | file { $files_to_set_owner: 10 | owner => 'ironic', 11 | group => 'ironic', 12 | require => Package['ironic-common'], 13 | } 14 | File[$files_to_set_owner] ~> Service<| tag == 'ironic-service' |> 15 | } 16 | Service<| name == 'rabbitmq-server' |> -> Service<| tag == 'ironic-service' |> 17 | 18 | class { 'ironic::logging': 19 | debug => true, 20 | } 21 | 22 | class { 'ironic::db': 23 | database_connection => os_database_connection({ 24 | 'dialect' => 'mysql+pymysql', 25 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 26 | 'username' => 'ironic', 27 | 'password' => lookup('CONFIG_IRONIC_DB_PW'), 28 | 'database' => 'ironic', 29 | }) 30 | } 31 | 32 | class { 'ironic': 33 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 34 | default_transport_url => os_transport_url({ 35 | 'transport' => 'rabbit', 36 | 'host' => lookup('CONFIG_AMQP_HOST_URL'), 37 | 'port' => lookup('CONFIG_AMQP_CLIENTS_PORT'), 38 | 'username' => lookup('CONFIG_AMQP_AUTH_USER'), 39 | 'password' => lookup('CONFIG_AMQP_AUTH_PASSWORD') 40 | }), 41 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 42 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 43 | kombu_ssl_certfile => $kombu_ssl_certfile, 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/aodh.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::aodh () 2 | { 3 | $keystone_host_url = lookup('CONFIG_KEYSTONE_HOST_URL') 4 | 5 | class { 'aodh::keystone::auth': 6 | region => lookup('CONFIG_KEYSTONE_REGION'), 7 | password => lookup('CONFIG_AODH_KS_PW'), 8 | public_url => "http://${keystone_host_url}:8042", 9 | admin_url => "http://${keystone_host_url}:8042", 10 | internal_url => "http://${keystone_host_url}:8042", 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/ceilometer.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::ceilometer () 2 | { 3 | class { 'ceilometer::keystone::auth': 4 | region => lookup('CONFIG_KEYSTONE_REGION'), 5 | password => lookup('CONFIG_CEILOMETER_KS_PW'), 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/cinder.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::cinder () 2 | { 3 | $cinder_protocol = 'http' 4 | $cinder_host = lookup('CONFIG_STORAGE_HOST_URL') 5 | $cinder_port = '8776' 6 | $cinder_url = "${cinder_protocol}://${cinder_host}:${cinder_port}" 7 | 8 | class { 'cinder::keystone::auth': 9 | region => lookup('CONFIG_KEYSTONE_REGION'), 10 | password => lookup('CONFIG_CINDER_KS_PW'), 11 | roles => ['admin', 'service'], 12 | public_url_v3 => "${cinder_url}/v3", 13 | internal_url_v3 => "${cinder_url}/v3", 14 | admin_url_v3 => "${cinder_url}/v3", 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/glance.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::glance () 2 | { 3 | $glance_protocol = 'http' 4 | $glance_port = '9292' 5 | $glance_api_host = lookup('CONFIG_STORAGE_HOST_URL') 6 | $glance_url = "${glance_protocol}://${glance_api_host}:${glance_port}" 7 | 8 | class { 'glance::keystone::auth': 9 | region => lookup('CONFIG_KEYSTONE_REGION'), 10 | password => lookup('CONFIG_GLANCE_KS_PW'), 11 | public_url => $glance_url, 12 | admin_url => $glance_url, 13 | internal_url => $glance_url, 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/gnocchi.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::gnocchi () 2 | { 3 | $gnocchi_keystone_host_url = lookup('CONFIG_KEYSTONE_HOST_URL') 4 | 5 | class { 'gnocchi::keystone::auth': 6 | region => lookup('CONFIG_KEYSTONE_REGION'), 7 | password => lookup('CONFIG_GNOCCHI_KS_PW'), 8 | public_url => "http://${gnocchi_keystone_host_url}:8041", 9 | admin_url => "http://${gnocchi_keystone_host_url}:8041", 10 | internal_url => "http://${gnocchi_keystone_host_url}:8041", 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/heat.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::heat () 2 | { 3 | $heat_protocol = 'http' 4 | $heat_port = '8004' 5 | $heat_api_host = lookup('CONFIG_KEYSTONE_HOST_URL') 6 | $heat_url = "${heat_protocol}://${heat_api_host}:${heat_port}/v1/%(tenant_id)s" 7 | 8 | # heat::keystone::auth 9 | class { 'heat::keystone::auth': 10 | region => lookup('CONFIG_KEYSTONE_REGION'), 11 | password => lookup('CONFIG_HEAT_KS_PW'), 12 | public_url => $heat_url, 13 | admin_url => $heat_url, 14 | internal_url => $heat_url, 15 | configure_delegated_roles => true, 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/ironic.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::ironic () 2 | { 3 | $ironic_protocol = 'http' 4 | $ironic_host = lookup('CONFIG_KEYSTONE_HOST_URL') 5 | $ironic_port = '6385' 6 | $ironic_url = "${ironic_protocol}://${ironic_host}:${ironic_port}" 7 | 8 | class { 'ironic::keystone::auth': 9 | region => lookup('CONFIG_KEYSTONE_REGION'), 10 | password => lookup('CONFIG_IRONIC_KS_PW'), 11 | public_url => $ironic_url, 12 | admin_url => $ironic_url, 13 | internal_url => $ironic_url, 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/magnum.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::magnum () 2 | { 3 | $magnum_protocol = 'http' 4 | $magnum_host = lookup('CONFIG_KEYSTONE_HOST_URL') 5 | $magnum_port = '9511' 6 | $magnum_url = "${magnum_protocol}://${magnum_host}:${magnum_port}/v1" 7 | 8 | class { 'magnum::keystone::auth': 9 | region => lookup('CONFIG_KEYSTONE_REGION'), 10 | password => lookup('CONFIG_MAGNUM_KS_PW'), 11 | public_url => $magnum_url, 12 | admin_url => $magnum_url, 13 | internal_url => $magnum_url 14 | } 15 | 16 | class { 'magnum::keystone::domain': 17 | domain_password => lookup('CONFIG_MAGNUM_KS_PW'), 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/manila.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::manila () 2 | { 3 | $manila_protocol = 'http' 4 | $manila_host = lookup('CONFIG_STORAGE_HOST_URL') 5 | $manila_port = '8786' 6 | $manila_url = "${manila_protocol}://${manila_host}:${manila_port}/v1/%(tenant_id)s" 7 | $manila_url_v2 = "${manila_protocol}://${manila_host}:${manila_port}/v2/" 8 | 9 | class { 'manila::keystone::auth': 10 | password => lookup('CONFIG_MANILA_KS_PW'), 11 | public_url => $manila_url, 12 | admin_url => $manila_url, 13 | internal_url => $manila_url, 14 | public_url_v2 => $manila_url_v2, 15 | admin_url_v2 => $manila_url_v2, 16 | internal_url_v2 => $manila_url_v2, 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/neutron.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::neutron () 2 | { 3 | $neutron_protocol = 'http' 4 | $neutron_host = lookup('CONFIG_KEYSTONE_HOST_URL') 5 | $neutron_port = '9696' 6 | $neutron_url = "${neutron_protocol}://${neutron_host}:${neutron_port}" 7 | 8 | class { 'neutron::keystone::auth': 9 | region => lookup('CONFIG_KEYSTONE_REGION'), 10 | password => lookup('CONFIG_NEUTRON_KS_PW'), 11 | public_url => $neutron_url, 12 | admin_url => $neutron_url, 13 | internal_url => $neutron_url, 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/nova.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::nova () 2 | { 3 | $nova_protocol = 'http' 4 | $nova_host = lookup('CONFIG_KEYSTONE_HOST_URL') 5 | $nova_port = '8774' 6 | $nova_url = "${nova_protocol}://${nova_host}:${nova_port}/v2.1" 7 | 8 | 9 | class { 'nova::keystone::auth': 10 | roles => ['admin', 'service'], 11 | region => lookup('CONFIG_KEYSTONE_REGION'), 12 | password => lookup('CONFIG_NOVA_KS_PW'), 13 | public_url => $nova_url, 14 | admin_url => $nova_url, 15 | internal_url => $nova_url, 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/placement.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::placement () 2 | { 3 | $placement_protocol = 'http' 4 | $placement_host = lookup('CONFIG_KEYSTONE_HOST_URL') 5 | $placement_port = '8778' 6 | $placement_url = "${placement_protocol}://${placement_host}:${placement_port}" 7 | 8 | class { 'placement::keystone::authtoken': 9 | password => lookup('CONFIG_NOVA_KS_PW'), 10 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 11 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 12 | } 13 | 14 | class { 'placement::keystone::auth': 15 | public_url => $placement_url, 16 | internal_url => $placement_url, 17 | admin_url => $placement_url, 18 | password => lookup('CONFIG_NOVA_KS_PW'), 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/swift.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::swift () 2 | { 3 | $swift_protocol = 'http' 4 | $swift_host = lookup('CONFIG_STORAGE_HOST_URL') 5 | $swift_port = '8080' 6 | $swift_url = "${swift_protocol}://${swift_host}:${swift_port}/v1/AUTH_%(tenant_id)s" 7 | 8 | class { 'swift::keystone::auth': 9 | region => lookup('CONFIG_KEYSTONE_REGION'), 10 | password => lookup('CONFIG_SWIFT_KS_PW'), 11 | operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'], 12 | public_url => $swift_url, 13 | internal_url => $swift_url, 14 | admin_url => $swift_url, 15 | configure_s3_endpoint => false, 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/keystone/trove.pp: -------------------------------------------------------------------------------- 1 | class packstack::keystone::trove () 2 | { 3 | $trove_protocol = 'http' 4 | $trove_host = lookup('CONFIG_KEYSTONE_HOST_URL') 5 | $trove_port = '8779' 6 | $trove_url = "${trove_protocol}://${trove_host}:${trove_port}/v1.0/%(tenant_id)s" 7 | 8 | class { 'trove::keystone::auth': 9 | region => lookup('CONFIG_KEYSTONE_REGION'), 10 | password => lookup('CONFIG_TROVE_KS_PW'), 11 | public_url => $trove_url, 12 | admin_url => $trove_url, 13 | internal_url => $trove_url, 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/magnum.pp: -------------------------------------------------------------------------------- 1 | class packstack::magnum () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_MAGNUM_API_RULES', undef, undef, {})) 4 | 5 | class { 'magnum::db': 6 | database_connection => os_database_connection({ 7 | 'dialect' => 'mysql+pymysql', 8 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 9 | 'username' => 'magnum', 10 | 'password' => lookup('CONFIG_MAGNUM_DB_PW'), 11 | 'database' => 'magnum', 12 | }) 13 | } 14 | 15 | $magnum_host = lookup('CONFIG_KEYSTONE_HOST_URL') 16 | class { 'magnum::keystone::authtoken': 17 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 18 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 19 | password => lookup('CONFIG_MAGNUM_KS_PW'), 20 | } 21 | 22 | class { 'magnum::keystone::keystone_auth': 23 | username => 'magnum', 24 | password => lookup('CONFIG_MAGNUM_KS_PW'), 25 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 26 | project_name => 'services', 27 | user_domain_name => 'Default', 28 | project_domain_name => 'Default', 29 | } 30 | 31 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 32 | 'ipv6' => '::0', 33 | default => '0.0.0.0', 34 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 35 | } 36 | 37 | class { 'magnum::api': 38 | service_name => 'httpd', 39 | } 40 | class { 'magnum::wsgi::apache': 41 | bind_host => $bind_host, 42 | workers => lookup('CONFIG_SERVICE_WORKERS'), 43 | } 44 | 45 | class { 'magnum::conductor': 46 | } 47 | 48 | class { 'magnum::client': 49 | } 50 | 51 | class { 'magnum::clients': 52 | region_name => lookup('CONFIG_KEYSTONE_REGION') 53 | } 54 | 55 | class { 'magnum::certificates': 56 | cert_manager_type => 'local' 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/magnum/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class packstack::magnum::rabbitmq () 2 | { 3 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 4 | $kombu_ssl_keyfile = lookup('CONFIG_MAGNUM_SSL_KEY', undef, undef, undef) 5 | $kombu_ssl_certfile = lookup('CONFIG_MAGNUM_SSL_CERT', undef, undef, undef) 6 | 7 | if $kombu_ssl_keyfile { 8 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 9 | file { $files_to_set_owner: 10 | owner => 'magnum', 11 | group => 'magnum', 12 | require => Package['magnum-common'], 13 | } 14 | File[$files_to_set_owner] ~> Service<| tag == 'magnum-service' |> 15 | } 16 | Service<| name == 'rabbitmq-server' |> -> Service<| tag == 'magnum-service' |> 17 | 18 | class { 'magnum': 19 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 20 | default_transport_url => os_transport_url({ 21 | 'transport' => 'rabbit', 22 | 'host' => lookup('CONFIG_AMQP_HOST_URL'), 23 | 'port' => lookup('CONFIG_AMQP_CLIENTS_PORT'), 24 | 'username' => lookup('CONFIG_AMQP_AUTH_USER'), 25 | 'password' => lookup('CONFIG_AMQP_AUTH_PASSWORD') 26 | }), 27 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 28 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 29 | kombu_ssl_certfile => $kombu_ssl_certfile, 30 | notification_driver => 'messagingv2' 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/manila.pp: -------------------------------------------------------------------------------- 1 | class packstack::manila () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_MANILA_API_RULES', undef, undef, {})) 4 | 5 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 6 | 'ipv6' => '::0', 7 | default => '0.0.0.0', 8 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 9 | } 10 | 11 | class { 'manila::keystone::authtoken': 12 | password => lookup('CONFIG_MANILA_KS_PW'), 13 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 14 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 15 | } 16 | 17 | class { 'manila::api': 18 | service_name => 'httpd', 19 | } 20 | class { 'manila::wsgi::apache': 21 | bind_host => $bind_host, 22 | workers => lookup('CONFIG_SERVICE_WORKERS'), 23 | } 24 | 25 | class { 'manila::scheduler': 26 | } 27 | 28 | class { 'manila::share': 29 | } 30 | 31 | class { 'manila::backends': 32 | enabled_share_backends => lookup('CONFIG_MANILA_BACKEND'), 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp: -------------------------------------------------------------------------------- 1 | class packstack::manila::backend::generic () 2 | { 3 | ensure_packages(['nfs-utils'], {'ensure' => 'present'}) 4 | 5 | manila::backend::generic{ 'generic': 6 | driver_handles_share_servers => lookup('CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS'), 7 | volume_name_template => lookup('CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE'), 8 | share_mount_path => lookup('CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH'), 9 | } 10 | 11 | packstack::manila::network{ 'generic': } 12 | 13 | $admin_username = lookup('CONFIG_KEYSTONE_ADMIN_USERNAME') 14 | $admin_password = lookup('CONFIG_KEYSTONE_ADMIN_PW') 15 | $admin_tenant = 'admin' 16 | $keystone_url = lookup('CONFIG_KEYSTONE_PUBLIC_URL') 17 | 18 | nova_flavor { 'm1.manila': 19 | ensure => present, 20 | id => '66', 21 | ram => '512', 22 | disk => '1', 23 | vcpus => '1', 24 | } 25 | manila::backend::service_instance{ 'generic': 26 | service_image_location => lookup('CONFIG_MANILA_SERVICE_IMAGE_LOCATION'), 27 | service_instance_user => lookup('CONFIG_MANILA_SERVICE_INSTANCE_USER'), 28 | service_instance_password => lookup('CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD'), 29 | service_instance_flavor_id => 66, 30 | } 31 | 32 | class { 'manila::compute::nova': 33 | auth_type => 'password', 34 | auth_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 35 | password => lookup('CONFIG_NOVA_KS_PW'), 36 | } 37 | 38 | class { 'manila::volume::cinder': 39 | auth_type => 'password', 40 | auth_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 41 | password => lookup('CONFIG_CINDER_KS_PW'), 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/manila/backend/glusternative.pp: -------------------------------------------------------------------------------- 1 | class packstack::manila::backend::glusternative () 2 | { 3 | manila::backend::glusternative{ 'glusternative': 4 | glusterfs_servers => lookup('CONFIG_MANILA_GLUSTERFS_SERVERS'), 5 | glusterfs_path_to_private_key => lookup('CONFIG_MANILA_GLUSTERFS_NATIVE_PATH_TO_PRIVATE_KEY'), 6 | glusterfs_volume_pattern => lookup('CONFIG_MANILA_GLUSTERFS_VOLUME_PATTERN'), 7 | } 8 | 9 | packstack::manila::network{ 'glusternative': } 10 | } 11 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/manila/backend/glusternfs.pp: -------------------------------------------------------------------------------- 1 | class packstack::manila::backend::glusternfs () 2 | { 3 | manila::backend::glusternfs{ 'glusternfs': 4 | glusterfs_target => lookup('CONFIG_MANILA_GLUSTERFS_TARGET'), 5 | glusterfs_mount_point_base => lookup('CONFIG_MANILA_GLUSTERFS_MOUNT_POINT_BASE'), 6 | glusterfs_nfs_server_type => lookup('CONFIG_MANILA_GLUSTERFS_NFS_SERVER_TYPE'), 7 | glusterfs_path_to_private_key => lookup('CONFIG_MANILA_GLUSTERFS_PATH_TO_PRIVATE_KEY'), 8 | glusterfs_ganesha_server_ip => lookup('CONFIG_MANILA_GLUSTERFS_GANESHA_SERVER_IP'), 9 | } 10 | 11 | packstack::manila::network{ 'glusternfs': } 12 | 13 | include '::manila::ganesha' 14 | } 15 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/manila/backend/netapp.pp: -------------------------------------------------------------------------------- 1 | class packstack::manila::backend::netapp () 2 | { 3 | manila::backend::netapp{ 'netapp': 4 | driver_handles_share_servers => lookup('CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS'), 5 | netapp_transport_type => lookup('CONFIG_MANILA_NETAPP_TRANSPORT_TYPE'), 6 | netapp_login => lookup('CONFIG_MANILA_NETAPP_LOGIN'), 7 | netapp_password => lookup('CONFIG_MANILA_NETAPP_PASSWORD'), 8 | netapp_server_hostname => lookup('CONFIG_MANILA_NETAPP_SERVER_HOSTNAME'), 9 | netapp_storage_family => lookup('CONFIG_MANILA_NETAPP_STORAGE_FAMILY'), 10 | netapp_server_port => lookup('CONFIG_MANILA_NETAPP_SERVER_PORT'), 11 | netapp_vserver => lookup('CONFIG_MANILA_NETAPP_VSERVER', undef, undef, undef), 12 | netapp_aggregate_name_search_pattern => lookup('CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN'), 13 | netapp_root_volume_aggregate => lookup('CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE', undef, undef, undef), 14 | netapp_root_volume_name => lookup('CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME', undef, undef, undef), 15 | } 16 | 17 | packstack::manila::network{ 'netapp': } 18 | } 19 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/manila/network.pp: -------------------------------------------------------------------------------- 1 | 2 | define packstack::manila::network ($backend_name = $name) { 3 | $manila_network_type = lookup('CONFIG_MANILA_NETWORK_TYPE') 4 | 5 | case $manila_network_type { 6 | 'neutron': { 7 | class { 'manila::network::neutron': 8 | auth_type => 'password', 9 | auth_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 10 | password => lookup('CONFIG_NEUTRON_KS_PW'), 11 | } 12 | } 13 | 'standalone': { 14 | manila::network::standalone{ $backend_name: 15 | standalone_network_plugin_gateway => lookup('CONFIG_MANILA_NETWORK_STANDALONE_GATEWAY'), 16 | standalone_network_plugin_mask => lookup('CONFIG_MANILA_NETWORK_STANDALONE_NETMASK'), 17 | standalone_network_plugin_segmentation_id => lookup('CONFIG_MANILA_NETWORK_STANDALONE_SEG_ID'), 18 | standalone_network_plugin_allowed_ip_ranges => lookup('CONFIG_MANILA_NETWORK_STANDALONE_IP_RANGE'), 19 | standalone_network_plugin_ip_version => lookup('CONFIG_MANILA_NETWORK_STANDALONE_IP_VERSION'), 20 | } 21 | } 22 | default: { 23 | fail("The value ${manila_network_type} is not a valid value for the Manila network type.") 24 | } 25 | } 26 | } 27 | 28 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/manila/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class packstack::manila::rabbitmq () 2 | { 3 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 4 | $kombu_ssl_keyfile = lookup('CONFIG_MANILA_SSL_KEY', undef, undef, undef) 5 | $kombu_ssl_certfile = lookup('CONFIG_MANILA_SSL_CERT', undef, undef, undef) 6 | 7 | $rabbit_host = lookup('CONFIG_AMQP_HOST_URL') 8 | $rabbit_port = lookup('CONFIG_AMQP_CLIENTS_PORT') 9 | $rabbit_userid = lookup('CONFIG_AMQP_AUTH_USER') 10 | $rabbit_password = lookup('CONFIG_AMQP_AUTH_PASSWORD') 11 | 12 | if $kombu_ssl_keyfile { 13 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 14 | file { $files_to_set_owner: 15 | owner => 'manila', 16 | group => 'manila', 17 | # manila user on RH/Fedora is provided by python-manila 18 | require => Package['manila'], 19 | } 20 | File[$files_to_set_owner] ~> Service<| tag == 'manila-service' |> 21 | } 22 | Service<| name == 'rabbitmq-server' |> -> Service<| tag == 'manila-service' |> 23 | 24 | class { 'manila::logging': 25 | debug => lookup('CONFIG_DEBUG_MODE'), 26 | } 27 | 28 | class { 'manila::db': 29 | database_connection => os_database_connection({ 30 | 'dialect' => 'mysql+pymysql', 31 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 32 | 'username' => 'manila', 33 | 'password' => lookup('CONFIG_MANILA_DB_PW'), 34 | 'database' => 'manila', 35 | }) 36 | } 37 | 38 | class { 'manila': 39 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 40 | default_transport_url => "rabbit://${rabbit_userid}:${rabbit_password}@${rabbit_host}:${rabbit_port}/", 41 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 42 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 43 | kombu_ssl_certfile => $kombu_ssl_certfile, 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/mariadb.pp: -------------------------------------------------------------------------------- 1 | class packstack::mariadb () 2 | { 3 | if lookup('CONFIG_MARIADB_INSTALL') == 'y' { 4 | create_resources(packstack::firewall, lookup('FIREWALL_MARIADB_RULES', undef, undef, {})) 5 | $max_connections = lookup('CONFIG_SERVICE_WORKERS') * 128 6 | 7 | $bind_address = lookup('CONFIG_IP_VERSION') ? { 8 | 'ipv6' => '::0', 9 | default => '0.0.0.0', 10 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 11 | } 12 | 13 | $mysql_root_password = lookup('CONFIG_MARIADB_PW') 14 | 15 | class { 'mysql::server': 16 | package_name => 'mariadb-server-galera', 17 | restart => true, 18 | root_password => $mysql_root_password, 19 | override_options => { 20 | 'mysqld' => { 21 | 'bind_address' => $bind_address, 22 | 'default_storage_engine' => 'InnoDB', 23 | 'max_connections' => $max_connections, 24 | 'open_files_limit' => '-1', 25 | # galera options 26 | 'wsrep_provider' => 'none', 27 | 'wsrep_cluster_name' => 'galera_cluster', 28 | 'wsrep_sst_method' => 'rsync', 29 | 'wsrep_sst_auth' => "root:${mysql_root_password}", 30 | }, 31 | }, 32 | } 33 | 34 | # deleting database users for security 35 | # this is done in mysql::server::account_security but has problems 36 | # when there is no fqdn, so we're defining a slightly different one here 37 | mysql_user { [ 'root@127.0.0.1', 'root@::1', '@localhost', '@%' ]: 38 | ensure => 'absent', 39 | require => Class['mysql::server'], 40 | } 41 | 42 | $fqdn = $facts['networking']['fqdn'] 43 | $hostname = $facts['networking']['hostname'] 44 | 45 | if ($fqdn != '' and $fqdn != 'localhost') { 46 | mysql_user { [ "root@${fqdn}", "@${fqdn}"]: 47 | ensure => 'absent', 48 | require => Class['mysql::server'], 49 | } 50 | } 51 | if ($fqdn != $hostname and $hostname != 'localhost') { 52 | mysql_user { ["root@${hostname}", "@${hostname}"]: 53 | ensure => 'absent', 54 | require => Class['mysql::server'], 55 | } 56 | } 57 | } else { 58 | class { 'remote::db': } 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/memcached.pp: -------------------------------------------------------------------------------- 1 | class packstack::memcached () 2 | { 3 | $memcached_bind_host = lookup('CONFIG_IP_VERSION') ? { 4 | 'ipv6' => '::', 5 | default => '0.0.0.0', 6 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 7 | } 8 | 9 | class { 'memcached': 10 | listen_ip => $memcached_bind_host, 11 | max_memory => '10%', 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron () 2 | { 3 | } 4 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/api.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::api () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_NEUTRON_SERVER_RULES', undef, undef, {})) 4 | 5 | $neutron_vpnaas_enabled = str2bool(lookup('CONFIG_NEUTRON_VPNAAS')) 6 | 7 | class { 'neutron::keystone::authtoken': 8 | password => lookup('CONFIG_NEUTRON_KS_PW'), 9 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 10 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 11 | } 12 | 13 | class { 'neutron::db': 14 | database_connection => os_database_connection({ 15 | 'dialect' => 'mysql+pymysql', 16 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 17 | 'username' => 'neutron', 18 | 'password' => lookup('CONFIG_NEUTRON_DB_PW'), 19 | 'database' => lookup('CONFIG_NEUTRON_L2_DBNAME'), 20 | }) 21 | } 22 | 23 | class { 'neutron::server': 24 | sync_db => true, 25 | enabled => true, 26 | api_workers => lookup('CONFIG_SERVICE_WORKERS'), 27 | rpc_workers => lookup('CONFIG_SERVICE_WORKERS'), 28 | service_providers => lookup('SERVICE_PROVIDERS', { merge => 'unique' }), 29 | } 30 | 31 | if $neutron_vpnaas_enabled { 32 | class { 'neutron::services::vpnaas': } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/bridge.pp: -------------------------------------------------------------------------------- 1 | 2 | # Loads bridge modules and sets appropriate sysctl.conf variables 3 | 4 | class packstack::neutron::bridge { 5 | file { 'bridge-module-loader': 6 | ensure => file, 7 | path => '/etc/sysconfig/modules/openstack-neutron.modules', 8 | mode => '0700', 9 | content => template('packstack/openstack-neutron.modules.erb'), 10 | } -> exec { 'load-bridge': 11 | path => ['/sbin', '/usr/sbin'], 12 | command => 'modprobe -b bridge', 13 | logoutput => 'on_failure', 14 | } -> exec { 'load-bridge-netfilter': 15 | path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'], 16 | command => 'modprobe -b br_netfilter', 17 | logoutput => 'on_failure', 18 | unless => 'test -d /proc/sys/net/bridge', 19 | } -> file_line { '/etc/sysctl.conf bridge-nf-call-ip6tables': 20 | path => '/etc/sysctl.conf', 21 | line => 'net.bridge.bridge-nf-call-ip6tables=1', 22 | match => 'net.bridge.bridge-nf-call-ip6tables\s*=', 23 | } -> file_line { '/etc/sysctl.conf bridge-nf-call-iptables': 24 | path => '/etc/sysctl.conf', 25 | line => 'net.bridge.bridge-nf-call-iptables=1', 26 | match => 'net.bridge.bridge-nf-call-iptables\s*=', 27 | } -> file_line { '/etc/sysctl.conf bridge-nf-call-arptables': 28 | path => '/etc/sysctl.conf', 29 | line => 'net.bridge.bridge-nf-call-arptables=1', 30 | match => 'net.bridge.bridge-nf-call-arptables\s*=', 31 | } -> exec { 'sysctl_refresh': 32 | path => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'], 33 | command => 'sysctl -p /etc/sysctl.conf', 34 | logoutput => 'on_failure', 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/dhcp.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::dhcp () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_NEUTRON_DHCPIN_RULES', undef, undef, {})) 4 | create_resources(packstack::firewall, lookup('FIREWALL_NEUTRON_DHCPOUT_RULES', undef, undef, {})) 5 | 6 | class { 'neutron::agents::dhcp': 7 | interface_driver => lookup('CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'), 8 | debug => lookup('CONFIG_DEBUG_MODE'), 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/l3.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::l3 () 2 | { 3 | $start_l3_agent = lookup('CONFIG_NEUTRON_VPNAAS') ? { 4 | 'y' => false, 5 | default => true 6 | } 7 | 8 | class { 'neutron::agents::l3': 9 | interface_driver => lookup('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'), 10 | manage_service => $start_l3_agent, 11 | enabled => $start_l3_agent, 12 | debug => lookup('CONFIG_DEBUG_MODE'), 13 | } 14 | 15 | sysctl::value { 'net.ipv4.ip_forward': 16 | value => '1', 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/metadata.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::metadata () 2 | { 3 | class { 'neutron::agents::metadata': 4 | shared_secret => lookup('CONFIG_NEUTRON_METADATA_PW'), 5 | metadata_host => force_ip(lookup('CONFIG_KEYSTONE_HOST_URL')), 6 | debug => lookup('CONFIG_DEBUG_MODE'), 7 | metadata_workers => lookup('CONFIG_SERVICE_WORKERS'), 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/metering.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::metering () 2 | { 3 | class { 'neutron::agents::metering': 4 | interface_driver => lookup('CONFIG_NEUTRON_METERING_IFCE_DRIVER'), 5 | debug => lookup('CONFIG_DEBUG_MODE'), 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/ml2.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::ml2 () 2 | { 3 | if lookup('CONFIG_NEUTRON_ML2_VXLAN_GROUP') == '' { 4 | $vxlan_group_value = undef 5 | } else { 6 | $vxlan_group_value = lookup('CONFIG_NEUTRON_ML2_VXLAN_GROUP') 7 | } 8 | 9 | class { 'neutron::plugins::ml2': 10 | type_drivers => lookup('CONFIG_NEUTRON_ML2_TYPE_DRIVERS', { merge => 'unique' }), 11 | tenant_network_types => lookup('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES', { merge => 'unique' }), 12 | mechanism_drivers => lookup('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', { merge => 'unique' }), 13 | flat_networks => lookup('CONFIG_NEUTRON_ML2_FLAT_NETWORKS', { merge => 'unique' }), 14 | network_vlan_ranges => lookup('CONFIG_NEUTRON_ML2_VLAN_RANGES', { merge => 'unique' }), 15 | tunnel_id_ranges => lookup('CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES', { merge => 'unique' }), 16 | vxlan_group => $vxlan_group_value, 17 | vni_ranges => lookup('CONFIG_NEUTRON_ML2_VNI_RANGES', { merge => 'unique' }), 18 | enable_security_group => true, 19 | extension_drivers => 'port_security,qos', 20 | max_header_size => 38, 21 | } 22 | 23 | if lookup('CONFIG_NEUTRON_L2_AGENT') == 'ovn' { 24 | class { 'neutron::plugins::ml2::ovn': 25 | ovn_nb_connection => "tcp:${lookup('CONFIG_CONTROLLER_HOST')}:6641", 26 | ovn_sb_connection => "tcp:${lookup('CONFIG_CONTROLLER_HOST')}:6642", 27 | ovn_metadata_enabled => true, 28 | } 29 | } 30 | 31 | # For cases where "neutron-db-manage upgrade" command is called 32 | # we need to fill config file first 33 | if defined(Exec['neutron-db-manage upgrade']) { 34 | Neutron_plugin_ml2<||> 35 | -> File['/etc/neutron/plugin.ini'] 36 | -> Exec['neutron-db-manage upgrade'] 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/notifications.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::notifications () 2 | { 3 | $neutron_notif_cfg_ctrl_host = lookup('CONFIG_KEYSTONE_HOST_URL') 4 | 5 | # Configure nova notifications system 6 | class { 'neutron::server::notifications': 7 | } 8 | 9 | class { 'neutron::server::notifications::nova': 10 | username => 'nova', 11 | password => lookup('CONFIG_NOVA_KS_PW'), 12 | project_name => 'services', 13 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 14 | region_name => lookup('CONFIG_KEYSTONE_REGION'), 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/ovn_agent.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::ovn_agent () 2 | { 3 | $my_ip = choose_my_ip(lookup('HOST_LIST')) 4 | $my_ip_without_dot = regsubst($my_ip, '[\.\:]', '_', 'G') 5 | $neutron_tunnel_rule_name = "FIREWALL_NEUTRON_TUNNEL_RULES_${my_ip_without_dot}" 6 | create_resources(packstack::firewall, lookup($neutron_tunnel_rule_name, undef, undef, {})) 7 | 8 | $neutron_ovn_tunnel_if = lookup('CONFIG_NEUTRON_OVN_TUNNEL_IF', undef, undef, undef) 9 | 10 | $use_subnets_value = lookup('CONFIG_USE_SUBNETS') 11 | $use_subnets = $use_subnets_value ? { 12 | 'y' => true, 13 | default => false, 14 | } 15 | 16 | if $neutron_ovn_tunnel_if { 17 | $ovn_agent_tunnel_cfg_neut_ovs_tun_if = force_interface($neutron_ovn_tunnel_if, $use_subnets) 18 | } else { 19 | $ovn_agent_tunnel_cfg_neut_ovs_tun_if = undef 20 | } 21 | 22 | if $ovn_agent_tunnel_cfg_neut_ovs_tun_if != '' { 23 | $iface = regsubst($ovn_agent_tunnel_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G') 24 | $localip = inline_template("<%= scope.lookupvar('::ipaddress_${iface}') %>") 25 | } else { 26 | $localip = choose_my_ip(lookup('HOST_LIST')) 27 | } 28 | 29 | $network_hosts = split(lookup('CONFIG_NETWORK_HOSTS'),',') 30 | if member($network_hosts, choose_my_ip(lookup('HOST_LIST'))) { 31 | $bridge_ifaces_param = 'CONFIG_NEUTRON_OVS_BRIDGE_IFACES' 32 | $bridge_mappings_param = 'CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS' 33 | } else { 34 | $bridge_ifaces_param = 'CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE' 35 | $bridge_mappings_param = 'CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE' 36 | } 37 | 38 | if lookup('CREATE_BRIDGES') == 'y' { 39 | $bridge_uplinks = lookup($bridge_ifaces_param, { merge => 'unique' }) 40 | $bridge_mappings = lookup($bridge_mappings_param, { merge => 'unique' }) 41 | } else { 42 | $bridge_uplinks = [] 43 | $bridge_mappings = [] 44 | } 45 | 46 | $ovn_southd = "tcp:${lookup('CONFIG_CONTROLLER_HOST')}:6642" 47 | 48 | class { 'ovn::controller': 49 | ovn_remote => $ovn_southd, 50 | ovn_bridge_mappings => $bridge_mappings, 51 | bridge_interface_mappings => $bridge_uplinks, 52 | ovn_encap_ip => force_ip($localip), 53 | hostname => $facts['networking']['fqdn'], 54 | ovn_cms_options => 'enable-chassis-as-gw', 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/ovn_metadata.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::ovn_metadata () 2 | { 3 | $ovn_southd = "tcp:${lookup('CONFIG_CONTROLLER_HOST')}:6642" 4 | 5 | class { 'neutron::agents::ovn_metadata': 6 | ovn_sb_connection => $ovn_southd, 7 | shared_secret => lookup('CONFIG_NEUTRON_METADATA_PW'), 8 | metadata_host => force_ip(lookup('CONFIG_KEYSTONE_HOST_URL')), 9 | debug => lookup('CONFIG_DEBUG_MODE'), 10 | metadata_workers => lookup('CONFIG_SERVICE_WORKERS'), 11 | } 12 | Service<| title == 'controller' |> -> Service<| title == 'ovn-metadata' |> 13 | } 14 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/ovn_northd.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::ovn_northd () 2 | { 3 | include ovn::northd 4 | } 5 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::ovs_agent () 2 | { 3 | $my_ip = choose_my_ip(lookup('HOST_LIST')) 4 | $my_ip_without_dot = regsubst($my_ip, '[\.\:]', '_', 'G') 5 | $neutron_tunnel_rule_name = "FIREWALL_NEUTRON_TUNNEL_RULES_${my_ip_without_dot}" 6 | create_resources(packstack::firewall, lookup($neutron_tunnel_rule_name, undef, undef, {})) 7 | 8 | $neutron_ovs_tunnel_if = lookup('CONFIG_NEUTRON_OVS_TUNNEL_IF', undef, undef, undef) 9 | 10 | $use_subnets_value = lookup('CONFIG_USE_SUBNETS') 11 | $use_subnets = $use_subnets_value ? { 12 | 'y' => true, 13 | default => false, 14 | } 15 | 16 | if $neutron_ovs_tunnel_if { 17 | $ovs_agent_vxlan_cfg_neut_ovs_tun_if = force_interface($neutron_ovs_tunnel_if, $use_subnets) 18 | } else { 19 | $ovs_agent_vxlan_cfg_neut_ovs_tun_if = undef 20 | } 21 | 22 | if $ovs_agent_vxlan_cfg_neut_ovs_tun_if != '' { 23 | $iface = regsubst($ovs_agent_vxlan_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G') 24 | $localip = inline_template("<%= scope.lookupvar('::ipaddress_${iface}') %>") 25 | } else { 26 | $localip = choose_my_ip(lookup('HOST_LIST')) 27 | } 28 | 29 | $network_hosts = split(lookup('CONFIG_NETWORK_HOSTS'),',') 30 | if member($network_hosts, choose_my_ip(lookup('HOST_LIST'))) { 31 | $bridge_ifaces_param = 'CONFIG_NEUTRON_OVS_BRIDGE_IFACES' 32 | $bridge_mappings_param = 'CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS' 33 | } else { 34 | $bridge_ifaces_param = 'CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE' 35 | $bridge_mappings_param = 'CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE' 36 | } 37 | 38 | if lookup('CREATE_BRIDGES') == 'y' { 39 | $bridge_uplinks = lookup($bridge_ifaces_param, { merge => 'unique' }) 40 | $bridge_mappings = lookup($bridge_mappings_param, { merge => 'unique' }) 41 | } else { 42 | $bridge_uplinks = [] 43 | $bridge_mappings = [] 44 | } 45 | 46 | class { 'neutron::agents::ml2::ovs': 47 | bridge_uplinks => $bridge_uplinks, 48 | bridge_mappings => $bridge_mappings, 49 | tunnel_types => lookup('CONFIG_NEUTRON_OVS_TUNNEL_TYPES', { merge => 'unique' }), 50 | local_ip => force_ip($localip), 51 | vxlan_udp_port => lookup('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT', undef, undef, undef), 52 | l2_population => lookup('CONFIG_NEUTRON_USE_L2POPULATION'), 53 | firewall_driver => lookup('FIREWALL_DRIVER'), 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/ovs_bridge.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::ovs_bridge () 2 | { 3 | $agent_service = 'neutron-ovs-agent-service' 4 | 5 | $config_neutron_ovs_bridge = lookup('CONFIG_NEUTRON_OVS_BRIDGE') 6 | 7 | vs_bridge { $config_neutron_ovs_bridge: 8 | ensure => present, 9 | require => Service[$agent_service], 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::rabbitmq () 2 | { 3 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 4 | 'ipv6' => '::0', 5 | default => '0.0.0.0', 6 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 7 | } 8 | 9 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 10 | $kombu_ssl_keyfile = lookup('CONFIG_NEUTRON_SSL_KEY', undef, undef, undef) 11 | $kombu_ssl_certfile = lookup('CONFIG_NEUTRON_SSL_CERT', undef, undef, undef) 12 | 13 | if $kombu_ssl_keyfile { 14 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 15 | file { $files_to_set_owner: 16 | owner => 'neutron', 17 | group => 'neutron', 18 | require => Package['neutron'], 19 | } 20 | File[$files_to_set_owner] ~> Service<| tag == 'neutron-service' |> 21 | } 22 | Service<| name == 'rabbitmq-server' |> -> Service<| tag == 'neutron-service' |> 23 | 24 | class { 'neutron::logging': 25 | debug => lookup('CONFIG_DEBUG_MODE'), 26 | } 27 | 28 | class { 'neutron': 29 | bind_host => $bind_host, 30 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 31 | default_transport_url => os_transport_url({ 32 | 'transport' => 'rabbit', 33 | 'host' => lookup('CONFIG_AMQP_HOST_URL'), 34 | 'port' => lookup('CONFIG_AMQP_CLIENTS_PORT'), 35 | 'username' => lookup('CONFIG_AMQP_AUTH_USER'), 36 | 'password' => lookup('CONFIG_AMQP_AUTH_PASSWORD') 37 | }), 38 | core_plugin => lookup('CONFIG_NEUTRON_CORE_PLUGIN'), 39 | service_plugins => lookup('SERVICE_PLUGINS', { merge => 'unique' }), 40 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 41 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 42 | kombu_ssl_certfile => $kombu_ssl_certfile, 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/sriov.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::sriov () 2 | { 3 | class { 'neutron::agents::ml2::sriov' : 4 | physical_device_mappings => lookup('CONFIG_NEUTRON_ML2_SRIOV_INTERFACE_MAPPINGS', { merge => 'unique' }), 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/neutron/vpnaas.pp: -------------------------------------------------------------------------------- 1 | class packstack::neutron::vpnaas () 2 | { 3 | class { 'neutron::agents::vpnaas': 4 | vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver', 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/api.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::api () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_NOVA_API_RULES', undef, undef, {})) 4 | 5 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 6 | 'ipv6' => '::0', 7 | default => '0.0.0.0', 8 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 9 | } 10 | 11 | $admin_password = lookup('CONFIG_NOVA_KS_PW') 12 | 13 | class { 'nova::keystone::authtoken': 14 | password => $admin_password, 15 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 16 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 17 | } 18 | 19 | $pci_alias = parsejson(lookup('CONFIG_NOVA_PCI_ALIAS')) 20 | 21 | class { 'nova::pci': 22 | aliases => $pci_alias, 23 | } 24 | 25 | class { 'nova::api': 26 | api_bind_address => $bind_host, 27 | enabled => true, 28 | sync_db => false, 29 | sync_db_api => false, 30 | osapi_compute_workers => lookup('CONFIG_SERVICE_WORKERS'), 31 | allow_resize_to_same_host => lookup('CONFIG_NOVA_ALLOW_RESIZE_TO_SAME'), 32 | service_name => 'httpd', 33 | } 34 | 35 | include packstack::nova::cache 36 | class { 'nova::metadata': 37 | neutron_metadata_proxy_shared_secret => lookup('CONFIG_NEUTRON_METADATA_PW_UNQUOTED', undef, undef, undef), 38 | } 39 | 40 | class { 'nova::wsgi::apache_api': 41 | bind_host => $bind_host, 42 | ssl => false, 43 | workers => lookup('CONFIG_SERVICE_WORKERS'), 44 | } 45 | 46 | class { 'nova::wsgi::apache_metadata': 47 | bind_host => $bind_host, 48 | ssl => false, 49 | workers => lookup('CONFIG_SERVICE_WORKERS'), 50 | } 51 | 52 | class { 'nova::db::sync': 53 | db_sync_timeout => 600, 54 | } 55 | 56 | class { 'nova::db::sync_api': 57 | db_sync_timeout => 600, 58 | } 59 | 60 | class { 'nova::placement': 61 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 62 | password => $admin_password, 63 | region_name => lookup('CONFIG_KEYSTONE_REGION'), 64 | } 65 | 66 | $db_purge = lookup('CONFIG_NOVA_DB_PURGE_ENABLE') 67 | if $db_purge { 68 | class { 'nova::cron::archive_deleted_rows': 69 | hour => '*/12', 70 | destination => '/dev/null', 71 | } 72 | } 73 | 74 | include nova::cell_v2::simple_setup 75 | 76 | $manage_flavors = str2bool(lookup('CONFIG_NOVA_MANAGE_FLAVORS')) 77 | if $manage_flavors { 78 | nova_flavor { 'm1.tiny': 79 | ensure => present, 80 | id => '1', 81 | ram => '512', 82 | disk => '1', 83 | vcpus => '1', 84 | } 85 | 86 | nova_flavor { 'm1.small': 87 | ensure => present, 88 | id => '2', 89 | ram => '2048', 90 | disk => '20', 91 | vcpus => '1', 92 | } 93 | 94 | nova_flavor { 'm1.medium': 95 | ensure => present, 96 | id => '3', 97 | ram => '4096', 98 | disk => '40', 99 | vcpus => '2', 100 | } 101 | 102 | nova_flavor { 'm1.large': 103 | ensure => present, 104 | id => '4', 105 | ram => '8192', 106 | disk => '80', 107 | vcpus => '4', 108 | } 109 | 110 | nova_flavor { 'm1.xlarge': 111 | ensure => present, 112 | id => '5', 113 | ram => '16384', 114 | disk => '160', 115 | vcpus => '8', 116 | } 117 | } 118 | } 119 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/cache.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::cache () 2 | { 3 | $memcache_servers = lookup('CONFIG_IP_VERSION') ? { 4 | 'ipv6' => ['[::1]:11211'], 5 | default => ['127.0.0.1:11211'], 6 | } 7 | class { 'nova::cache': 8 | enabled => true, 9 | backend => 'dogpile.cache.pymemcache', 10 | memcache_servers => $memcache_servers, 11 | } 12 | include packstack::memcached 13 | Class['memcached'] -> Anchor['nova::service::begin'] 14 | } 15 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/ceilometer.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::ceilometer () 2 | { 3 | class { 'ceilometer::agent::service_credentials': 4 | auth_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 5 | password => lookup('CONFIG_CEILOMETER_KS_PW'), 6 | region_name => lookup('CONFIG_KEYSTONE_REGION'), 7 | } 8 | 9 | ensure_packages(['openstack-ceilometer-ipmi'], {'ensure' => 'present'}) 10 | 11 | class { 'ceilometer::agent::polling': } 12 | 13 | Package['openstack-ceilometer-ipmi'] -> Service['ceilometer-polling'] 14 | } 15 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/ceilometer/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::ceilometer::rabbitmq () 2 | { 3 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 4 | $kombu_ssl_keyfile = lookup('CONFIG_CEILOMETER_SSL_KEY', undef, undef, undef) 5 | $kombu_ssl_certfile = lookup('CONFIG_CEILOMETER_SSL_CERT', undef, undef, undef) 6 | 7 | if $kombu_ssl_keyfile { 8 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 9 | file { $files_to_set_owner: 10 | owner => 'ceilometer', 11 | group => 'ceilometer', 12 | require => Package['nova-common'], 13 | } 14 | File[$files_to_set_owner] ~> Service<| tag == 'ceilometer-service' |> 15 | } 16 | Service<| name == 'rabbitmq-server' |> -> Service<| tag == 'ceilometer-service' |> 17 | 18 | class { 'ceilometer::logging': 19 | debug => lookup('CONFIG_DEBUG_MODE'), 20 | } 21 | 22 | class { 'ceilometer': 23 | telemetry_secret => lookup('CONFIG_CEILOMETER_SECRET'), 24 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 25 | default_transport_url => os_transport_url({ 26 | 'transport' => 'rabbit', 27 | 'host' => lookup('CONFIG_AMQP_HOST_URL'), 28 | 'port' => lookup('CONFIG_AMQP_CLIENTS_PORT'), 29 | 'username' => lookup('CONFIG_AMQP_AUTH_USER'), 30 | 'password' => lookup('CONFIG_AMQP_AUTH_PASSWORD') 31 | }), 32 | # for some strange reason ceilometer needs to be in nova group 33 | require => Package['nova-common'], 34 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 35 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 36 | kombu_ssl_certfile => $kombu_ssl_certfile, 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/common.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::common () 2 | { 3 | # Ensure Firewall changes happen before nova services start 4 | # preventing a clash with rules being set by nova-compute and nova-network 5 | Firewall <| |> -> Class['nova'] 6 | } 7 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/compute/ironic.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::compute::ironic () 2 | { 3 | $ironic_config_controller_host = lookup('CONFIG_KEYSTONE_HOST_URL') 4 | $ironic_config_keystone_admin = lookup('CONFIG_KEYSTONE_ADMIN_URL') 5 | 6 | class { 'nova::ironic::common': 7 | username => 'ironic', 8 | password => lookup('CONFIG_IRONIC_KS_PW'), 9 | auth_url => $ironic_config_keystone_admin, 10 | project_name => 'services', 11 | api_endpoint => "http://${ironic_config_controller_host}:6385/v1", 12 | } 13 | 14 | include nova::compute::ironic 15 | } 16 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/compute/libvirt.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::compute::libvirt () 2 | { 3 | # Ensure Firewall changes happen before libvirt service start 4 | # preventing a clash with rules being set by libvirt 5 | Firewall <| |> -> Class['::nova::compute::libvirt'] 6 | 7 | $libvirt_vnc_bind_host = lookup('CONFIG_IP_VERSION') ? { 8 | 'ipv6' => '::0', 9 | default => '0.0.0.0', 10 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 11 | } 12 | 13 | $libvirt_virt_type = lookup('CONFIG_NOVA_LIBVIRT_VIRT_TYPE') 14 | if $libvirt_virt_type == 'kvm' { 15 | # Workaround for bad /dev/kvm permissions 16 | # https://bugzilla.redhat.com/show_bug.cgi?id=950436 17 | file { '/dev/kvm': 18 | owner => 'root', 19 | group => 'kvm', 20 | mode => '0666', 21 | } 22 | 23 | # We have to fix the permissions after the installation has been done 24 | # and before the service is started. 25 | Package <| title == 'libvirt' |> 26 | -> File['/dev/kvm'] 27 | -> Service <| title == 'libvirt' |> 28 | } 29 | 30 | $migrate_transport = lookup('CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL') 31 | if $migrate_transport == 'ssh' { 32 | $client_extraparams = { 33 | keyfile => '/etc/nova/migration/identity', 34 | } 35 | } else { 36 | $client_extraparams = {} 37 | } 38 | 39 | class { 'nova::migration::libvirt': 40 | transport => $migrate_transport, 41 | client_user => 'nova_migration', 42 | client_extraparams => $client_extraparams, 43 | require => Class['::nova::compute::libvirt'] 44 | } 45 | 46 | class { 'nova::compute::libvirt': 47 | virt_type => $libvirt_virt_type, 48 | vncserver_listen => $libvirt_vnc_bind_host, 49 | migration_support => true, 50 | } 51 | 52 | # Remove libvirt's default network (usually virbr0) as it's unnecessary and 53 | # can be confusing 54 | exec {'virsh-net-destroy-default': 55 | onlyif => '/usr/bin/virsh net-list | grep default', 56 | command => '/usr/bin/virsh net-destroy default', 57 | require => Service['libvirt'], 58 | } 59 | 60 | exec {'virsh-net-undefine-default': 61 | onlyif => '/usr/bin/virsh net-list --inactive | grep default', 62 | command => '/usr/bin/virsh net-undefine default', 63 | require => Exec['virsh-net-destroy-default'], 64 | } 65 | 66 | $libvirt_debug = lookup('CONFIG_DEBUG_MODE') 67 | if $libvirt_debug { 68 | file_line { '/etc/libvirt/libvirt.conf log_filters': 69 | path => '/etc/libvirt/libvirtd.conf', 70 | line => 'log_filters = "1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 1:util"', 71 | match => 'log_filters =', 72 | notify => Service['libvirt'], 73 | } 74 | 75 | file_line { '/etc/libvirt/libvirt.conf log_outputs': 76 | path => '/etc/libvirt/libvirtd.conf', 77 | line => 'log_outputs = "1:file:/var/log/libvirt/libvirtd.log"', 78 | match => 'log_outputs =', 79 | notify => Service['libvirt'], 80 | } 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/compute/vmware.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::compute::vmware () 2 | { 3 | $cluster_list = lookup('CONFIG_VCENTER_CLUSTERS') 4 | $my_ip = choose_my_ip(lookup('HOST_LIST')) 5 | $nova_vcenter_cluster_name = $cluster_list[$my_ip] 6 | 7 | class { 'nova::compute::vmware': 8 | host_ip => lookup('CONFIG_VCENTER_HOST'), 9 | host_username => lookup('CONFIG_VCENTER_USER'), 10 | host_password => lookup('CONFIG_VCENTER_PASSWORD'), 11 | cluster_name => $nova_vcenter_cluster_name, 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/conductor.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::conductor () 2 | { 3 | include packstack::nova::cache 4 | class { 'nova::conductor': 5 | enabled => true, 6 | workers => lookup('CONFIG_SERVICE_WORKERS'), 7 | } 8 | 9 | Keystone_endpoint <||> -> Service['nova-conductor'] 10 | Keystone_service <||> -> Service['nova-conductor'] 11 | } 12 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/neutron.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::neutron () 2 | { 3 | $nova_neutron_cfg_ctrl_host = lookup('CONFIG_KEYSTONE_HOST_URL') 4 | $neutron_auth_url = lookup('CONFIG_KEYSTONE_ADMIN_URL') 5 | 6 | class { 'nova::network::neutron': 7 | default_floating_pool => 'public', 8 | password => lookup('CONFIG_NEUTRON_KS_PW'), 9 | auth_type => 'v3password', 10 | project_name => 'services', 11 | auth_url => "${neutron_auth_url}/v3", 12 | region_name => lookup('CONFIG_KEYSTONE_REGION'), 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/nfs.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::nfs () 2 | { 3 | ensure_packages(['nfs-utils'], {'ensure' => 'present'}) 4 | } 5 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/sched.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::sched () 2 | { 3 | include packstack::nova::cache 4 | include nova::scheduler::filter 5 | class { 'nova::scheduler': 6 | enabled => true, 7 | } 8 | 9 | Keystone_endpoint <||> -> Service['nova-scheduler'] 10 | Keystone_service <||> -> Service['nova-scheduler'] 11 | 12 | } 13 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/sched/ironic.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::sched::ironic () 2 | { 3 | class { 'nova::scheduler': 4 | enabled => true, 5 | } 6 | } -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/nova/vncproxy.pp: -------------------------------------------------------------------------------- 1 | class packstack::nova::vncproxy () 2 | { 3 | $vnc_bind_host = lookup('CONFIG_IP_VERSION') ? { 4 | 'ipv6' => '::0', 5 | default => '0.0.0.0', 6 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 7 | } 8 | 9 | class { 'nova::vncproxy': 10 | enabled => true, 11 | host => $vnc_bind_host, 12 | } 13 | 14 | firewall { '001 novncproxy incoming': 15 | proto => 'tcp', 16 | dport => ['6080'], 17 | jump => 'accept', 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/openstackclient.pp: -------------------------------------------------------------------------------- 1 | class packstack::openstackclient () 2 | { 3 | $clientlibs = ['/usr/bin/nova', 4 | '/usr/bin/glance', 5 | '/usr/bin/cinder', '/usr/bin/openstack'] 6 | 7 | ensure_packages($clientlibs, {'ensure' => 'present'}) 8 | 9 | if lookup('CONFIG_MANILA_INSTALL') == 'y' { 10 | ensure_packages(['/usr/bin/manila'], {'ensure' => 'present'}) 11 | } 12 | 13 | $ost_cl_keystone_admin_username = lookup('CONFIG_KEYSTONE_ADMIN_USERNAME') 14 | $ost_cl_keystone_admin_pw = lookup('CONFIG_KEYSTONE_ADMIN_PW') 15 | $ost_cl_ctrl_keystone_url = lookup('CONFIG_KEYSTONE_PUBLIC_URL') 16 | $ost_cl_keystone_region = lookup('CONFIG_KEYSTONE_REGION') 17 | $ost_cl_keystone_demo_pw = lookup('CONFIG_KEYSTONE_DEMO_PW') 18 | 19 | $config_keystone_api_version = lookup('CONFIG_KEYSTONE_API_VERSION') 20 | if $config_keystone_api_version =~ /^v(\d+).*$/ { 21 | # we need to force integer here 22 | $int_api_version = 0 + $1 23 | } else { 24 | fail("${config_keystone_api_version} is an incorrect Keystone API Version!") 25 | } 26 | 27 | $rcadmin_common_content = "unset OS_SERVICE_TOKEN 28 | export OS_USERNAME=${ost_cl_keystone_admin_username} 29 | export OS_PASSWORD='${ost_cl_keystone_admin_pw}' 30 | export OS_REGION_NAME=${ost_cl_keystone_region} 31 | export OS_AUTH_URL=${ost_cl_ctrl_keystone_url} 32 | export PS1='[\\u@\\h \\W(keystone_admin)]\\$ ' 33 | " 34 | 35 | if $int_api_version < 3 { 36 | $rcadmin_content = "${rcadmin_common_content} 37 | export OS_TENANT_NAME=admin 38 | " 39 | } 40 | else { 41 | $rcadmin_content = "${rcadmin_common_content} 42 | export OS_PROJECT_NAME=admin 43 | export OS_USER_DOMAIN_NAME=Default 44 | export OS_PROJECT_DOMAIN_NAME=Default 45 | export OS_IDENTITY_API_VERSION=${int_api_version} 46 | " 47 | } 48 | 49 | file { "${::home_dir}/keystonerc_admin": 50 | ensure => file, 51 | mode => '0600', 52 | content => $rcadmin_content, 53 | } 54 | 55 | if lookup('CONFIG_PROVISION_DEMO') == 'y' { 56 | $demo_common_content = "unset OS_SERVICE_TOKEN 57 | export OS_USERNAME=demo 58 | export OS_PASSWORD='${ost_cl_keystone_demo_pw}' 59 | export PS1='[\\u@\\h \\W(keystone_demo)]\\$ ' 60 | export OS_AUTH_URL=${ost_cl_ctrl_keystone_url} 61 | " 62 | 63 | if $int_api_version < 3 { 64 | $demo_content = "${demo_common_content} 65 | export OS_TENANT_NAME=demo 66 | export OS_IDENTITY_API_VERSION=${int_api_version}.0 67 | " 68 | } else { 69 | $demo_content = "${demo_common_content} 70 | export OS_PROJECT_NAME=demo 71 | export OS_USER_DOMAIN_NAME=Default 72 | export OS_PROJECT_DOMAIN_NAME=Default 73 | export OS_IDENTITY_API_VERSION=${int_api_version} 74 | " 75 | } 76 | 77 | file { "${::home_dir}/keystonerc_demo": 78 | ensure => file, 79 | mode => '0600', 80 | content => $demo_content, 81 | } 82 | } 83 | 84 | if lookup('NO_ROOT_USER_ALLINONE') == true { 85 | $ost_cl_home_dir = lookup('HOME_DIR') 86 | file { "${ost_cl_home_dir}/keystonerc_admin": 87 | ensure => file, 88 | owner => lookup('NO_ROOT_USER'), 89 | group => lookup('NO_ROOT_GROUP'), 90 | mode => '0600', 91 | content => $rcadmin_content, 92 | } 93 | } 94 | } 95 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/placement.pp: -------------------------------------------------------------------------------- 1 | class packstack::placement () 2 | { 3 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 4 | 'ipv6' => '::0', 5 | default => '0.0.0.0', 6 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 7 | } 8 | 9 | include packstack::keystone::placement 10 | include placement 11 | 12 | class { 'placement::logging': 13 | debug => lookup('CONFIG_DEBUG_MODE'), 14 | } 15 | 16 | class { 'placement::db': 17 | database_connection => os_database_connection({ 18 | 'dialect' => 'mysql+pymysql', 19 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 20 | 'username' => 'placement', 21 | 'password' => lookup('CONFIG_NOVA_DB_PW'), 22 | 'database' => 'placement', 23 | }) 24 | } 25 | 26 | include placement::db::sync 27 | include placement::api 28 | 29 | class { 'placement::wsgi::apache': 30 | bind_host => $bind_host, 31 | ssl => false, 32 | workers => lookup('CONFIG_SERVICE_WORKERS'), 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/prereqs.pp: -------------------------------------------------------------------------------- 1 | class packstack::prereqs () 2 | { 3 | package{ 'openstack-selinux': 4 | ensure => present, 5 | } 6 | 7 | package { 'sos': 8 | ensure => present, 9 | } 10 | 11 | package { 'audit': 12 | ensure => present, 13 | } 14 | -> service { 'auditd': 15 | ensure => running, 16 | enable => true, 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/provision/bridge.pp: -------------------------------------------------------------------------------- 1 | class packstack::provision::bridge () 2 | { 3 | $provision_neutron_br = str2bool(lookup('CONFIG_NEUTRON_INSTALL')) 4 | $setup_ovs_bridge = str2bool(lookup('CONFIG_PROVISION_OVS_BRIDGE')) 5 | $public_bridge_name = lookup('CONFIG_NEUTRON_L3_EXT_BRIDGE', undef, undef, 'br-ex') 6 | $provision_tempest_br = str2bool(lookup('CONFIG_PROVISION_TEMPEST')) 7 | $provision_demo_br = str2bool(lookup('CONFIG_PROVISION_DEMO')) 8 | 9 | $neutron_user_password = lookup('CONFIG_NEUTRON_KS_PW') 10 | 11 | if $provision_demo_br { 12 | $floating_range_br = lookup('CONFIG_PROVISION_DEMO_FLOATRANGE') 13 | } elsif $provision_tempest_br { 14 | $floating_range_br = lookup('CONFIG_PROVISION_TEMPEST_FLOATRANGE') 15 | } 16 | 17 | if $provision_neutron_br and $setup_ovs_bridge { 18 | Neutron_config<||> -> Neutron_l3_ovs_bridge['demo_bridge'] 19 | neutron_l3_ovs_bridge { 'demo_bridge': 20 | ensure => present, 21 | name => $public_bridge_name, 22 | subnet_name => 'public_subnet', 23 | } 24 | 25 | firewall { '000 nat': 26 | chain => 'POSTROUTING', 27 | jump => 'MASQUERADE', 28 | source => $floating_range_br, 29 | outiface => $facts['gateway_device'], 30 | table => 'nat', 31 | proto => 'all', 32 | } 33 | 34 | 35 | if $public_bridge_name != '' { 36 | firewall { '000 forward out': 37 | chain => 'FORWARD', 38 | jump => 'accept', 39 | outiface => $public_bridge_name, 40 | proto => 'all', 41 | } 42 | 43 | firewall { '000 forward in': 44 | chain => 'FORWARD', 45 | jump => 'accept', 46 | iniface => $public_bridge_name, 47 | proto => 'all', 48 | } 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/provision/glance.pp: -------------------------------------------------------------------------------- 1 | class packstack::provision::glance () 2 | { 3 | $image_name = lookup('CONFIG_PROVISION_IMAGE_NAME') 4 | $image_source = lookup('CONFIG_PROVISION_IMAGE_URL') 5 | $image_format = lookup('CONFIG_PROVISION_IMAGE_FORMAT') 6 | $image_properties = lookup('CONFIG_PROVISION_IMAGE_PROPERTIES') 7 | 8 | glance_image { $image_name: 9 | ensure => present, 10 | is_public => 'yes', 11 | container_format => 'bare', 12 | disk_format => $image_format, 13 | source => $image_source, 14 | properties => parse_hash_from_string($image_properties) 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/redis.pp: -------------------------------------------------------------------------------- 1 | class packstack::redis () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_REDIS_RULES', undef, undef, {})) 4 | 5 | $redis_port = Integer(lookup('CONFIG_REDIS_PORT')) 6 | $redis_host = lookup('CONFIG_REDIS_HOST') 7 | 8 | class { 'redis': 9 | bind => $redis_host, 10 | port => $redis_port, 11 | appendonly => true, 12 | daemonize => false, 13 | unixsocket => '', 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/swift.pp: -------------------------------------------------------------------------------- 1 | class packstack::swift () 2 | { 3 | # Class['swift'] -> Service <| |> 4 | 5 | class { 'swift': 6 | # not sure how I want to deal with this shared secret 7 | swift_hash_path_suffix => lookup('CONFIG_SWIFT_HASH'), 8 | package_ensure => latest, 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/swift/ceilometer.pp: -------------------------------------------------------------------------------- 1 | class packstack::swift::ceilometer () 2 | { 3 | Service<| name == 'rabbitmq-server' |> -> Service['swift-proxy-server'] 4 | 5 | class { 'swift::proxy::ceilometer': 6 | default_transport_url => os_transport_url({ 7 | 'transport' => 'rabbit', 8 | 'host' => lookup('CONFIG_AMQP_HOST_URL'), 9 | 'port' => lookup('CONFIG_AMQP_CLIENTS_PORT'), 10 | 'username' => lookup('CONFIG_AMQP_AUTH_USER'), 11 | 'password' => lookup('CONFIG_AMQP_AUTH_PASSWORD') 12 | }), 13 | topic => 'notifications', 14 | control_exchange => 'swift', 15 | driver => 'messaging', 16 | ignore_projects => ['service'], 17 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 18 | password => lookup('CONFIG_SWIFT_KS_PW'), 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/swift/fs.pp: -------------------------------------------------------------------------------- 1 | define packstack::swift::fs ( 2 | $device, 3 | $dev, 4 | $fstype 5 | ) 6 | { 7 | case $fstype { 8 | 'xfs': { swift::storage::xfs {$device: device => $dev } } 9 | 'ext4': { swift::storage::ext4 {$device: device => $dev } } 10 | default: { fail('Unsupported fs for Swift storage') } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/swift/ringbuilder.pp: -------------------------------------------------------------------------------- 1 | class packstack::swift::ringbuilder () 2 | { 3 | class { 'swift::ringbuilder': 4 | part_power => '18', 5 | replicas => lookup('CONFIG_SWIFT_STORAGE_REPLICAS'), 6 | min_part_hours => 1, 7 | require => Class['swift'], 8 | } 9 | 10 | # sets up an rsync db that can be used to sync the ring DB 11 | class { 'swift::ringserver': 12 | local_net_ip => lookup('CONFIG_STORAGE_HOST_URL'), 13 | } 14 | 15 | if str2bool($::selinux) { 16 | selboolean { 'rsync_export_all_ro': 17 | value => on, 18 | persistent => true, 19 | } 20 | } 21 | 22 | create_resources(ring_account_device, lookup('SWIFT_RING_ACCOUNT_DEVICES', undef, undef, {})) 23 | create_resources(ring_object_device, lookup('SWIFT_RING_OBJECT_DEVICES', undef, undef, {})) 24 | create_resources(ring_container_device, lookup('SWIFT_RING_CONTAINER_DEVICES', undef, undef, {})) 25 | } 26 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/swift/storage.pp: -------------------------------------------------------------------------------- 1 | class packstack::swift::storage () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_SWIFT_STORAGE_RULES', undef, undef, {})) 4 | 5 | # install all swift storage servers together 6 | class { 'swift::storage::all': 7 | # looks like ipv6 address without brackets is required here 8 | storage_local_net_ip => lookup('CONFIG_STORAGE_HOST'), 9 | require => Class['swift'], 10 | } 11 | 12 | if (!defined(File['/srv/node'])) { 13 | file { '/srv/node': 14 | ensure => directory, 15 | owner => 'swift', 16 | group => 'swift', 17 | require => Package['swift'], 18 | } 19 | } 20 | 21 | swift::ringsync{ ['account', 'container', 'object']: 22 | ring_server => lookup('CONFIG_STORAGE_HOST_URL'), 23 | before => Class['swift::storage::all'], 24 | require => Class['swift'], 25 | } 26 | 27 | if lookup('CONFIG_SWIFT_LOOPBACK') == 'y' { 28 | swift::storage::loopback { 'swiftloopback': 29 | base_dir => '/srv/loopback-device', 30 | mnt_base_dir => '/srv/node', 31 | require => Class['swift'], 32 | fstype => lookup('CONFIG_SWIFT_STORAGE_FSTYPE'), 33 | seek => lookup('CONFIG_SWIFT_STORAGE_SEEK'), 34 | } 35 | } 36 | else { 37 | create_resources(packstack::swift::fs, lookup('CONFIG_SWIFT_STORAGE_DEVICES', undef, undef, {})) 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/trove.pp: -------------------------------------------------------------------------------- 1 | class packstack::trove () 2 | { 3 | create_resources(packstack::firewall, lookup('FIREWALL_TROVE_API_RULES', undef, undef, {})) 4 | 5 | $bind_host = lookup('CONFIG_IP_VERSION') ? { 6 | 'ipv6' => '::0', 7 | default => '0.0.0.0', 8 | # TO-DO(mmagr): Add IPv6 support when hostnames are used 9 | } 10 | 11 | class { 'trove::keystone::authtoken': 12 | password => lookup('CONFIG_TROVE_KS_PW'), 13 | www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 14 | auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'), 15 | } 16 | 17 | class { 'trove::logging': 18 | debug => lookup('CONFIG_DEBUG_MODE'), 19 | } 20 | 21 | class { 'trove::service_credentials': 22 | password => lookup('CONFIG_TROVE_KS_PW'), 23 | auth_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 24 | } 25 | 26 | class { 'trove::api': 27 | service_name => 'httpd', 28 | } 29 | class { 'trove::wsgi::apache': 30 | bind_host => $bind_host, 31 | workers => lookup('CONFIG_SERVICE_WORKERS'), 32 | } 33 | 34 | class { 'trove::conductor': 35 | workers => lookup('CONFIG_SERVICE_WORKERS'), 36 | } 37 | 38 | class { 'trove::guestagent::service_credentials': 39 | password => lookup('CONFIG_TROVE_KS_PW'), 40 | auth_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), 41 | } 42 | class { 'trove::taskmanager': } 43 | } 44 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/manifests/trove/rabbitmq.pp: -------------------------------------------------------------------------------- 1 | class packstack::trove::rabbitmq () 2 | { 3 | $kombu_ssl_ca_certs = lookup('CONFIG_AMQP_SSL_CACERT_FILE', undef, undef, undef) 4 | $kombu_ssl_keyfile = lookup('CONFIG_TROVE_SSL_KEY', undef, undef, undef) 5 | $kombu_ssl_certfile = lookup('CONFIG_TROVE_SSL_CERT', undef, undef, undef) 6 | 7 | $rabbit_host = lookup('CONFIG_AMQP_HOST_URL') 8 | $rabbit_port = lookup('CONFIG_AMQP_CLIENTS_PORT') 9 | $rabbit_userid = lookup('CONFIG_AMQP_AUTH_USER') 10 | $rabbit_password = lookup('CONFIG_AMQP_AUTH_PASSWORD') 11 | 12 | if $kombu_ssl_keyfile { 13 | $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] 14 | file { $files_to_set_owner: 15 | owner => 'trove', 16 | group => 'trove', 17 | } 18 | Package<|tag=='trove'|> -> File[$files_to_set_owner] 19 | File[$files_to_set_owner] ~> Service<| tag == 'trove-service' |> 20 | } 21 | Service<| name == 'rabbitmq-server' |> -> Service<| tag == 'trove-service' |> 22 | 23 | class { 'trove::db': 24 | database_connection => os_database_connection({ 25 | 'dialect' => 'mysql+pymysql', 26 | 'host' => lookup('CONFIG_MARIADB_HOST_URL'), 27 | 'username' => 'trove', 28 | 'password' => lookup('CONFIG_TROVE_DB_PW'), 29 | 'database' => 'trove', 30 | }) 31 | } 32 | 33 | class { 'trove': 34 | rabbit_use_ssl => lookup('CONFIG_AMQP_SSL_ENABLED'), 35 | default_transport_url => "rabbit://${rabbit_userid}:${rabbit_password}@${rabbit_host}:${rabbit_port}/", 36 | kombu_ssl_ca_certs => $kombu_ssl_ca_certs, 37 | kombu_ssl_keyfile => $kombu_ssl_keyfile, 38 | kombu_ssl_certfile => $kombu_ssl_certfile, 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/module_spec_helper' 2 | 3 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 4 | 5 | RSpec.configure do |c| 6 | c.alias_it_should_behave_like_to :it_configures, 'configures' 7 | c.alias_it_should_behave_like_to :it_raises, 'raises' 8 | c.module_path = File.join(fixture_path, 'modules') 9 | c.manifest_dir = File.join(fixture_path, 'manifests') 10 | end 11 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/spec/unit/puppet/parser/functions/choose_my_ip_spec.rb: -------------------------------------------------------------------------------- 1 | 2 | require 'spec_helper' 3 | 4 | describe "choose_my_ip function" do 5 | 6 | let :scope do 7 | PuppetlabsSpec::PuppetInternals.scope 8 | end 9 | 10 | let :subject do 11 | function_name = Puppet::Parser::Functions.function(:choose_my_ip) 12 | scope.method(function_name) 13 | end 14 | 15 | context "basic unit tests" do 16 | before :each do 17 | scope.stubs(:lookupvar).with('interfaces').returns('eth0,eth1,lo') 18 | scope.stubs(:lookupvar).with('ipaddress_eth1').returns('1.2.3.4') 19 | scope.stubs(:lookupvar).with('ipaddress_eth0').returns('2.3.4.5') 20 | scope.stubs(:lookupvar).with('ipaddress_lo').returns('127.0.0.1') 21 | end 22 | 23 | it 'should select correct ip' do 24 | result = subject.call([['1.1.1.1', '2.3.4.5', '3.3.3.3']]) 25 | result.should(eq('2.3.4.5')) 26 | end 27 | 28 | it "should raise a ParseError if there is less than 1 arguments" do 29 | lambda { scope.function_choose_my_ip([]) }.should( 30 | raise_error(Puppet::ParseError) 31 | ) 32 | end 33 | 34 | end 35 | 36 | end 37 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/templates/openstack-neutron.modules.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | modprobe -b bridge >/dev/null 2>&1 3 | modprobe -b br_netfilter >/dev/null 2>&1 4 | exit 0 5 | -------------------------------------------------------------------------------- /packstack/puppet/modules/packstack/templates/ssl/generate_ssl_certs.sh.erb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | FQDN=`hostname` 4 | if [ "x${FQDN}" = "x" ]; then 5 | FQDN=localhost.localdomain 6 | fi 7 | 8 | SSLKEY=/etc/pki/tls/private/ssl_ps_server.key 9 | SSLCERT=/etc/pki/tls/certs/ssl_ps_server.crt 10 | SSLCHAIN=/etc/pki/tls/certs/ssl_ps_chain.crt 11 | 12 | # If packstack dropped a cert in the resources directory then we 13 | # use that instead of generating one 14 | if [ -f $PACKSTACK_VAR_DIR/resources/ssl_ps_server.crt ] ; then 15 | cp $PACKSTACK_VAR_DIR/resources/ssl_ps_server.crt $SSLCERT 16 | cp $PACKSTACK_VAR_DIR/resources/ssl_ps_server.key $SSLKEY 17 | cp $PACKSTACK_VAR_DIR/resources/ssl_ps_chain.crt $SSLCHAIN 18 | exit 0 19 | fi 20 | 21 | # If we already generated a cert then we 22 | # use that instead of generating one 23 | if [ -f $SSLCERT ] ; then 24 | exit 0 25 | fi 26 | 27 | umask 277 28 | 29 | answers() { 30 | echo -- 31 | echo State 32 | echo City 33 | echo openstack 34 | echo packstack 35 | echo $1 36 | echo admin@$1 37 | echo 38 | echo 39 | } 40 | 41 | echo 10 > /etc/pki/CA/serial 42 | touch /etc/pki/CA/index.txt 43 | 44 | # gen key and self signed host cert 45 | openssl genrsa 2048 > /etc/pki/CA/private/cakey.pem 2> /dev/null 46 | 47 | answers $FQDN | openssl req -new -x509 -days 3650 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem 48 | 49 | cp /etc/pki/CA/cacert.pem $SSLCHAIN 50 | 51 | openssl genrsa 2048 > $SSLKEY 2> /dev/null 52 | answers $FQDN | openssl req -new -nodes -key $SSLKEY -out ${SSLCERT}.req 53 | yes | openssl ca -in ${SSLCERT}.req -out ${SSLCERT} 54 | 55 | # gen key and self signed cert for novnc 56 | SSL_NOVA_NOVNC_CERT=/etc/nova/nova.crt 57 | SSL_NOVA_NOVNC_KEY=/etc/nova/nova.key 58 | answers $FQDN | openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout $SSL_NOVA_NOVNC_KEY -out $SSL_NOVA_NOVNC_CERT 59 | chown root.nova $SSL_NOVA_NOVNC_CERT $SSL_NOVA_NOVNC_KEY 60 | chmod 440 $SSL_NOVA_NOVNC_CERT $SSL_NOVA_NOVNC_KEY 61 | -------------------------------------------------------------------------------- /packstack/puppet/templates/compute.pp: -------------------------------------------------------------------------------- 1 | stage { "init": before => Stage["main"] } 2 | 3 | Exec { timeout => lookup('DEFAULT_EXEC_TIMEOUT') } 4 | Package { allow_virtual => true } 5 | 6 | class { 'packstack::prereqs': 7 | stage => init, 8 | } 9 | 10 | include firewall 11 | 12 | create_resources(sshkey, lookup('SSH_KEYS', undef, undef, {})) 13 | 14 | if lookup('CONFIG_NTP_SERVERS', undef, undef, '') != '' { 15 | include 'packstack::chrony' 16 | } 17 | 18 | if lookup('CONFIG_CEILOMETER_INSTALL') == 'y' { 19 | include 'packstack::nova::ceilometer::rabbitmq' 20 | include 'packstack::nova::ceilometer' 21 | } 22 | 23 | include 'packstack::nova' 24 | include 'packstack::nova::common' 25 | include 'packstack::nova::compute' 26 | 27 | if lookup('CONFIG_VMWARE_BACKEND') == 'y' { 28 | include 'packstack::nova::compute::vmware' 29 | } elsif lookup('CONFIG_IRONIC_INSTALL') == 'y' { 30 | include 'packstack::nova::compute::ironic' 31 | } else { 32 | include 'packstack::nova::compute::libvirt' 33 | } 34 | 35 | if lookup('CONFIG_CINDER_INSTALL') == 'y' { 36 | include 'openstacklib::iscsid' 37 | } 38 | 39 | if lookup('CONFIG_CINDER_INSTALL') == 'y' and 40 | lookup('CONFIG_VMWARE_BACKEND') != 'y' { 41 | if 'nfs' in lookup('CONFIG_CINDER_BACKEND', { merge => 'unique' }) { 42 | include 'packstack::nova::nfs' 43 | } 44 | } 45 | 46 | include 'packstack::nova::neutron' 47 | include 'packstack::neutron::rabbitmq' 48 | case lookup('CONFIG_NEUTRON_L2_AGENT') { 49 | 'openvswitch': { include 'packstack::neutron::ovs_agent' } 50 | 'ovn': { include 'packstack::neutron::ovn_agent' 51 | include 'packstack::neutron::ovn_metadata' 52 | } 53 | default: { include 'packstack::neutron::ovs_agent' } 54 | } 55 | include 'packstack::neutron::bridge' 56 | 57 | if 'sriovnicswitch' in lookup('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', { merge => 'unique' }) and 58 | lookup('CONFIG_NEUTRON_L2_AGENT') == 'openvswitch' { 59 | include 'packstack::neutron::sriov' 60 | } 61 | -------------------------------------------------------------------------------- /packstack/puppet/templates/controller_post.pp: -------------------------------------------------------------------------------- 1 | stage { "init": before => Stage["main"] } 2 | 3 | Exec { timeout => lookup('DEFAULT_EXEC_TIMEOUT') } 4 | Package { allow_virtual => true } 5 | 6 | class { 'packstack::prereqs': 7 | stage => init, 8 | } 9 | 10 | include nova::cell_v2::discover_hosts 11 | 12 | notify {'Discovering compute nodes': } ~> Class['nova::cell_v2::discover_hosts'] 13 | 14 | 15 | -------------------------------------------------------------------------------- /packstack/puppet/templates/network.pp: -------------------------------------------------------------------------------- 1 | stage { "init": before => Stage["main"] } 2 | 3 | Exec { timeout => lookup('DEFAULT_EXEC_TIMEOUT') } 4 | Package { allow_virtual => true } 5 | 6 | class { 'packstack::prereqs': 7 | stage => init, 8 | } 9 | 10 | include firewall 11 | 12 | if lookup('CONFIG_NTP_SERVERS', undef, undef, '') != '' { 13 | include 'packstack::chrony' 14 | } 15 | 16 | if lookup('CONFIG_NEUTRON_INSTALL') == 'y' { 17 | include 'packstack::neutron::rabbitmq' 18 | 19 | if lookup('CONFIG_NEUTRON_VPNAAS') == 'y' { 20 | include 'packstack::neutron::vpnaas' 21 | } 22 | if lookup('CONFIG_NEUTRON_L2_AGENT') != 'ovn' { 23 | include 'packstack::neutron::l3' 24 | } 25 | if lookup('CONFIG_NEUTRON_OVS_BRIDGE_CREATE') == 'y' { 26 | include 'packstack::neutron::ovs_bridge' 27 | } 28 | 29 | case lookup('CONFIG_NEUTRON_L2_AGENT') { 30 | 'openvswitch': { include 'packstack::neutron::ovs_agent' } 31 | 'ovn': { include 'packstack::neutron::ovn_agent' } 32 | default: { include 'packstack::neutron::ovs_agent' } 33 | } 34 | include 'packstack::neutron::bridge' 35 | if lookup('CONFIG_NEUTRON_L2_AGENT') != 'ovn' { 36 | include 'packstack::neutron::dhcp' 37 | include 'packstack::neutron::metadata' 38 | } 39 | if lookup('CONFIG_NEUTRON_METERING_AGENT_INSTALL') == 'y' { 40 | include 'packstack::neutron::metering' 41 | } 42 | if lookup('CONFIG_PROVISION_DEMO') == 'y' or lookup('CONFIG_PROVISION_TEMPEST') == 'y' { 43 | include 'packstack::provision::bridge' 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /packstack/version.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | import pbr.version 15 | 16 | version_info = pbr.version.VersionInfo('packstack') 17 | -------------------------------------------------------------------------------- /playbooks/packstack-centos9-pre.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | name: packstack-centos9-pre 3 | tasks: 4 | - name: Ensure legacy workspace directory 5 | file: 6 | path: '{{ ansible_user_dir }}/workspace' 7 | state: directory 8 | 9 | - shell: 10 | cmd: | 11 | cp -pr {{ ansible_user_dir }}/src/opendev.org/x/packstack {{ ansible_user_dir }}/workspace 12 | 13 | - shell: 14 | cmd: | 15 | set -e 16 | set -x 17 | rm -rf /etc/yum.repos.d/delorean* 18 | # Remove epel repos 19 | rm -rf /etc/yum.repos.d/epel* 20 | dnf clean all 21 | sudo sed -i '/^exclude.*/d' /etc/dnf/dnf.conf 22 | dnf -y install dnf-plugins-core 23 | dnf config-manager --set-enabled crb 24 | dnf -y install libxml2-devel libxslt-devel ruby-devel zlib-devel 25 | dnf -y install gcc gettext diffstat doxygen patch patchutils subversion systemtap git python3-setuptools wget python3-libselinux virt-what yum 26 | executable: /bin/bash 27 | chdir: '{{ ansible_user_dir }}/workspace' 28 | become: true 29 | environment: '{{ zuul }}' 30 | 31 | # mariadb-10.11 is broken https://issues.redhat.com/browse/RDO-241 32 | - name: Temporary disable mariadb module 33 | shell: "sudo dnf module disable -y mariadb" 34 | when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "9" 35 | become: true 36 | changed_when: False 37 | -------------------------------------------------------------------------------- /playbooks/packstack-integration-tempest.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | roles: 3 | - packstack-integration-tempest 4 | -------------------------------------------------------------------------------- /playbooks/packstack-multinode.yaml: -------------------------------------------------------------------------------- 1 | - hosts: compute 2 | name: setup RDO Trunk repositories 3 | vars: 4 | delorean_default: "https://trunk.rdoproject.org/centos7-master/current-passed-ci/delorean.repo" 5 | delorean_deps_default: "https://trunk.rdoproject.org/centos7-master/delorean-deps.repo" 6 | tasks: 7 | - name: Fetch DLRN repo 8 | get_url: 9 | url: "{{ delorean | default(delorean_default) }}" 10 | dest: /etc/yum.repos.d/delorean.repo 11 | mode: 0640 12 | become: true 13 | 14 | - name: Fetch DLRN dependency repo 15 | get_url: 16 | url: "{{ delorean_deps | default(delorean_deps_default) }}" 17 | dest: /etc/yum.repos.d/delorean-deps.repo 18 | mode: 0640 19 | become: true 20 | 21 | - name: Update installed packages from RDO repos 22 | package: 23 | name: '*' 24 | state: latest 25 | become: true 26 | 27 | - name: Disable selinux in Compute node 28 | shell: 29 | cmd: | 30 | setenforce 0 31 | become: true 32 | when: not selinux_enforcing|default("true")|bool 33 | 34 | - hosts: controller 35 | name: packstack-ssh-preparation-1 36 | tasks: 37 | - name: Generate SSH key on controller 38 | shell: ssh-keygen -t rsa -f /root/.ssh/id_rsa -P "" 39 | args: 40 | creates: /root/.ssh/id_rsa 41 | become: true 42 | 43 | - name: Fetch SSH key 44 | shell: cat /root/.ssh/id_rsa.pub 45 | become: true 46 | register: ssh_key 47 | 48 | - name: Deploy SSH key on controller 49 | authorized_key: 50 | user: root 51 | state: present 52 | key: "{{ ssh_key.stdout }}" 53 | become: true 54 | 55 | - name: Set SSH key fact to be used by the compute node 56 | set_fact: 57 | sshkey: "{{ ssh_key.stdout }}" 58 | 59 | - hosts: compute 60 | name: packstack-ssh-preparation-2 61 | tasks: 62 | - name: Deploy SSH key on compute node 63 | authorized_key: 64 | user: root 65 | state: present 66 | key: "{{ hostvars['controller'].sshkey }}" 67 | become: true 68 | 69 | - hosts: controller 70 | name: packstack-multinode 71 | tasks: 72 | - name: Run Packstack 73 | shell: 74 | cmd: | 75 | set -e 76 | set -x 77 | export SCENARIO='{{ scenario }}' 78 | export DELOREAN='{{ delorean | default('') }}' 79 | export DELOREAN_DEPS='{{ delorean_deps | default('') }}' 80 | export CONTROLLER_NODE="{{ hostvars['controller'].nodepool.public_ipv4 }}" 81 | export COMPUTE_NODE="{{ hostvars['compute'].nodepool.public_ipv4 }}" 82 | export SELINUX_ENFORCING='{{ selinux_enforcing | default('true') }}' 83 | ./run_tests.sh 84 | executable: /bin/bash 85 | chdir: '{{ ansible_user_dir }}/workspace/packstack' 86 | -------------------------------------------------------------------------------- /playbooks/packstack-post-compute.yaml: -------------------------------------------------------------------------------- 1 | - hosts: compute 2 | name: store compute node logs 3 | tasks: 4 | - file: 5 | path: /tmp/logs 6 | state: directory 7 | mode: 0755 8 | 9 | - file: 10 | path: /tmp/compute 11 | state: directory 12 | mode: 0755 13 | 14 | - shell: 15 | cmd: | 16 | source {{ ansible_user_dir }}/src/opendev.org/x/packstack/tools/copy-logs.sh 17 | recover_default_logs 18 | mv /tmp/logs/* /tmp/compute 19 | mv /tmp/compute /tmp/logs 20 | become: true 21 | -------------------------------------------------------------------------------- /playbooks/upload-logs.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | tasks: 3 | - name: Upload logs 4 | synchronize: 5 | src: '/tmp/logs' 6 | dest: '{{ zuul.executor.log_root }}' 7 | mode: pull 8 | copy_links: true 9 | verify_host: true 10 | rsync_opts: 11 | - --include=/logs/** 12 | - --include=*/ 13 | - --exclude=* 14 | - --prune-empty-dirs 15 | 16 | -------------------------------------------------------------------------------- /releasenotes/notes/Add-Panko-service-63a8a966013abeaa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Add panko service to packstack deployment. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/Panko-has-been-removed-fb234a047231d84f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | Service panko has been removed in OpenStack project 5 | in Xena. Packstack has removed support to deploying 6 | this service, what implies some changes: 7 | 8 | * CONFIG_PANKO_INSTALL option has been removed. 9 | * CONFIG_PANKO_DB_PW option has been removed. 10 | * CONFIG_PANKO_KS_PW option has been removed. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/Remove-CONFIG_NEUTRON_ML2_SUPPORTED_PCI_VENDOR_DEVS-param-926649e4eef08b44.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The CONFIG_NEUTRON_ML2_SUPPORTED_PCI_VENDOR_DEVS is no longer needed in 5 | the answers file. The upstream parameter was already removed, and all 6 | PCI device ids are supported by Nova and Neutron. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/Remove-FWaaS-deployment-41cfa0b709cd9a3f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | Neutron FWaaS has been removed in Victoria release. 4 | other: 5 | - | 6 | Packstack does not longer support deployment of Neutron FWaaS extension as it 7 | has been removed upstream. Option CONFIG_NEUTRON_FWAAS has been removed. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/Remove-Heat-Cloudwatch-07e55f1c35a16ee4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The Heat CloudWatch API was removed from the project in 5 | https://review.openstack.org/534660. Packstack has also removed all 6 | references to the API. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/Remove-PKI-and-UUID-Keystone-token-formats-618f4b0dc4cf782f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Keystone has removed support for token formats other than Fernet in 5 | https://review.openstack.org/543060. Thus, support for those token 6 | formats has been removed from Packstack. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/Remove-deprecated-keystone-ldap-params-848d0eaf7a24273e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The CONFIG_KEYSTONE_LDAP_USER_ALLOW_* and 5 | CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_* parameters have been removed from the 6 | answer file. Their corresponding options were removed from Keystone long 7 | ago, and they are no longer valid in puppet-keystone since the Rocky 8 | release. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/Replace-keystone-token-flush-cron-job-with-fernet-rotation-5b1fccf2bc6add91.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | A new CONFIG_KEYSTONE_FERNET_TOKEN_ROTATE_ENABLE option has been added to 5 | the answer file. When enabled (default), it will create a cron job to 6 | rotate Fernet keys. 7 | deprecations: 8 | - | 9 | Since Keystone has deprecated token formats requiring storage in the DB, 10 | the CONFIG_KEYSTONE_DB_PURGE_ENABLE option has been removed. Instead, we 11 | are implementing a cron job to rotate Fernet keys. 12 | 13 | -------------------------------------------------------------------------------- /releasenotes/notes/Support-for-extracted-placement-service-8ae75efbb1ad25b5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Packstack has added support for the extracted Placement service in the 5 | Train cycle, following its upstream support and deprecation in Nova. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/add-parameter-messages-47d9cf6996f58230.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Packstack can display parameter specific messages when a MESSAGE option 5 | is added to the parameter. If MESSAGE_VALUES exist for the parameter, the 6 | message will only be shown if the value provided by the user is included 7 | in MESSAGE_VALUES. Example: 8 | 9 | {"CMD_OPTION": "example-service-install", 10 | "OPTION_LIST": ["y", "n"], 11 | "VALIDATORS": [validators.validate_options], 12 | "DEFAULT_VALUE": 'n', 13 | "MASK_INPUT": False, 14 | "LOOSE_VALIDATION": False, 15 | "CONF_NAME": "CONFIG_EXAMPLE_SERVICE_INSTALL", 16 | "USE_DEFAULT": False, 17 | "NEED_CONFIRM": False, 18 | "CONDITION": False, 19 | "MESSAGE_VALUES": ["y"], 20 | "MESSAGE": "Example service installation will be removed from packstack in Pike"} 21 | 22 | In this case, if the user enable installation of example service, a message 23 | will be displayed at the end of packstack execution with content "Example 24 | service installation will be removed from packstack in Pike" 25 | -------------------------------------------------------------------------------- /releasenotes/notes/add-skip-tempest-tests-option-86cf59ec5a61d349.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Add new config option "CONFIG_SKIP_TEMPEST_TESTS" to allow 5 | skipping of some of tempest tests which are running as part 6 | of "CONFIG_RUN_TEMPEST_TESTS". 7 | -------------------------------------------------------------------------------- /releasenotes/notes/add-support-to-ovn-networking-ae6e0176270265c6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Now packstack support using Open Virtual Network (ovn) as neutron 5 | plugin. To enable it you need to set CONFIG_NEUTRON_L2_AGENT to ovn. 6 | Additionally some options have been added to configure different options 7 | and topologies: 8 | 9 | * CONFIG_NEUTRON_OVN_BRIDGE_MAPPINGS 10 | * CONFIG_NEUTRON_OVN_BRIDGE_IFACES 11 | * CONFIG_NEUTRON_OVN_BRIDGES_COMPUTE 12 | * CONFIG_NEUTRON_OVN_EXTERNAL_PHYSNET 13 | * CONFIG_NEUTRON_OVN_TUNNEL_IF 14 | * CONFIG_NEUTRON_OVN_TUNNEL_SUBNETS 15 | 16 | Additionally, geneve has been included as an option to existing parameters 17 | CONFIG_NEUTRON_ML2_TYPE_DRIVERS and CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES. 18 | Note that OVN networking has still some limitations, as lack of support of 19 | for LBaaS, FWaaS and VPNaaS. Consult networking-ovn documentation for 20 | further details. 21 | -------------------------------------------------------------------------------- /releasenotes/notes/add_cinder_solidfire-9b62f78b86a52a09.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added basic support for SolidFire storage as a backend to Cinder. 5 | The following 3 config options have been added: 6 | 7 | * CONFIG_CINDER_SOLIDFIRE_LOGIN - SolidFire cluster admin name. 8 | * CONFIG_CINDER_SOLIDFIRE_PASSWORD - SolidFire cluster admin password. 9 | * CONFIG_CINDER_SOLIDFIRE_HOSTNAME - SolidFire MVIP hostname or IP. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/admin-token-removed-64ae39c4ecd28f15.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The config option CONFIG_KEYSTONE_ADMIN_TOKEN to configure the admin token 5 | is removed. You must specify a admin password with CONFIG_KEYSTONE_ADMIN_PW. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/aodh-move-to-mariadb-9e36b7cfdbbd2aa5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Aodh project has removed support for non-SQL drivers 4 | in https://review.openstack.org/#/c/373043/. 5 | Packstack has switched aodh storage backend from 6 | MongoDB to mysqld. A new parameter CONFIG_AODH_DB_PW 7 | has been added to configure the password of the 8 | aodh user in the database. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/bp-add-magnum-support-74d88638fe4b2c6c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Packstack supports the deployment of magnum, the 5 | container Infrastructure Management Service 6 | for OpenStack. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/ceilometer-with-wsgi-a46d2ff0ceabaaf8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Add support for deploying Ceilometer behind Apache with WSGI. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/change-default-nagios-b190de0737165bf9.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Default value for configuration option CONFIG_NAGIOS_INSTALL has been 5 | changed to 'n' in Ocata. Users that require nagios installation in their 6 | packstack deployent will need to explicitely modify it to 'y' using 7 | answers file or command line option '--nagios-install'. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/check-unexpected-options-2f2d26ebe54da6c9.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added new --validate-answer-file switch to check if answerfile contains 5 | any unexpected options. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/create-uec-image-70073744430d1538.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | When tempest provisioning is enabled, three glance images 5 | following uec schema (AKI,ARI,AMI) are created. These 6 | images are used for tempest tests. This is done for issue 7 | in https://bugs.launchpad.net/cirros/+bug/1312199 8 | Image name and URLs to download images can be modified 9 | with parameters: 10 | * CONFIG_PROVISION_UEC_IMAGE_NAME 11 | * CONFIG_PROVISION_UEC_IMAGE_KERNEL_URL 12 | * CONFIG_PROVISION_UEC_IMAGE_RAMDISK_URL 13 | * CONFIG_PROVISION_UEC_IMAGE_DISK_URL 14 | -------------------------------------------------------------------------------- /releasenotes/notes/custom-tempest-flavors-baa5cf02235f78dd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added new set of variables CONFIG_PROVISION_TEMPEST_FLAVOR_*, 5 | enabling the customization of created flavors. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/demo-allocation-pools-c535e4235c7edcb2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Introduced CONFIG_PROVISION_DEMO_ALLOCATION_POOLS 4 | to restrict public subnet IP address allocations. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/demo-image-properties-9994f2981a8c00a1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - New config parameter CONFIG_PROVISION_IMAGE_PROPERTIES 4 | introduced, useful when provided image needs custom parameters 5 | -------------------------------------------------------------------------------- /releasenotes/notes/disable-rabbitmq-repositories-d5cb9dc8f1246a39.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Do not enable RabbitMQ repo during installation, Packstack does not retrieve 5 | it from there in any case. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-mongodb-a9771fb4f0430a4c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Drop mongodb support from packstack. Telemetry does not support this 5 | anymore and there is no reason to keep deploying and maintaining this 6 | going forward. We will use gnocchi for metrics, panko for events instead. 7 | Also dropping command options CONFIG_CEILOMETER_METERING_BACKEND and 8 | CONFIG_CEILOMETER_EVENTS_BACKEND as we directly set the publishers 9 | in the pipeline. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/gnocchi-and-aodh-00da52a4c45588fd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | Packstack now provides support for installing and configuring both the 4 | Gnocchi and the Aodh telemetry projects. 5 | features: 6 | - | 7 | Add support for installing and configuring the Telemetry Alarming Service 8 | (Aodh) 9 | - | 10 | Add support for installing and configuring the Telemetry Time Series 11 | Database as a Service (Gnocchi) 12 | -------------------------------------------------------------------------------- /releasenotes/notes/install-tempest-from-rpm-fd59c072011f372b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Install tempest from rpm. 4 | deprecations: 5 | - CONFIG_PROVISION_TEMPEST_REPO_URI and CONFIG_PROVISION_TEMPEST_REPO_REVISION options are removed. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/integration-tests-d5f86a29cc037329.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | The Tempest implementation in Packstack has been refactored and improved in 4 | order to be able to install, configure and run Tempest against itself. 5 | We have leveraged these new features to have Packstack gate patch reviews 6 | against integration jobs where the patch is tested automatically against a 7 | wide range of configuration scenarios. 8 | features: 9 | - | 10 | Implemented test scenarios and tools to troubleshoot failed installations 11 | 12 | - | 13 | Implemented gate jobs which install Packstack and run tempest against itself 14 | 15 | - | 16 | Tempest installation and configuration has been vastly improved 17 | -------------------------------------------------------------------------------- /releasenotes/notes/keystone-evenlet-dropped-6f85670db62f7b91.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Keystone eventlet support has been removed as of 5 | https://review.openstack.org/249486. Packstack support has also been 6 | removed, so parameter CONFIG_KEYSTONE_SERVICE_NAME in the config file 7 | will be ignored. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/keystone-v3-note-065b6302b49285f3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | issues: 3 | - Keystone v3 API is not fully functional in Packstack. Cinder does not 4 | work properly if CONFIG_KEYSTONE_API_VERSION is set to v3. 5 | 6 | -------------------------------------------------------------------------------- /releasenotes/notes/l3-agent-multiple-networks-9d1837c4187055be.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - In previous releases neutron L3 agent was configured 4 | statically to manage only br-ex as provider network. 5 | This way of configuring neutron is being deprecated in neutron 6 | and it's recomended to move to a new mode where a 7 | single L3 agent is able to manage multiple provider 8 | networks. To implement it, a new parameter 9 | CONFIG_NEUTRON_OVS_EXTERNAL_PHYSNET has been introduced. 10 | Default configuration has been modified to preserve the 11 | same behavior, creating a public network attached to 12 | br-ex bridge. 13 | -------------------------------------------------------------------------------- /releasenotes/notes/manifest-execution-refactor-418c27bbc03df064.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Previously, Packstack created many individual manifest files from 4 | smaller snippets (templates), and executed them following a certain 5 | order. This is sub-optimal, since it forces code duplication and goes 6 | against the Puppet design of running a single manifest. 7 | 8 | This patch refactors the manifest execution, with the following changes 9 | 10 | - Only 4 templates used, so max 4 Puppet executions on a host. Controller 11 | manifest, network node manifest, compute node manifest, and a firewall 12 | manifest, which is still generated on the fly for simplicity. 13 | 14 | - The previous snippets are now part of the Packstack Puppet module, and 15 | included as needed by the controller/network/compute manifests. This 16 | concept is similar to the one used by the puppet-openstack-integration 17 | project. 18 | 19 | - The remaining Python code is left untouched, so we can keep complete 20 | compatibility with previous answer files. 21 | 22 | deprecations: 23 | - | 24 | Redis HA support has been removed from Packstack. 25 | 26 | -------------------------------------------------------------------------------- /releasenotes/notes/move-to-pymysql-b5f1a40ededa8fb2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Transition to the new PyMySQL driver for database access. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/neutron-ovs-bridges-compute-0aec0e39c1b1b84b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | New parameter ``--os-neutron-ovs-bridges-compute`` has been introduced to 5 | set the OVS bridges created and configured in compute nodes when vlan or 6 | flat type drivers are enabled. 7 | 8 | fixes: 9 | - | 10 | Before this patch, all defined OVS bridges were created in both network 11 | and compute hosts. However, in certain topologies some bridges are only 12 | required in network hosts. 13 | -------------------------------------------------------------------------------- /releasenotes/notes/nova-cert-86fb2f0ddc53b032.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - Removing Nova cert service, which has been removed in Nova 4 | during Pike cycle. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/nova-cpu-manager-8440f026c4a0165e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - Remove nova compute manager option, removed in Nova 4 | and puppet-nova. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/nova-migration-improvements-85b208c2b45a3fbe.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | security: 3 | - Improving security of the Nova migration configuration. 4 | Now, ssh is the default option for Nova migration, and 5 | a specific migration user is used. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/nova-placement-api-acf32977978da6fb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Packstack now installs and configures the Nova Placement API which is 4 | required from Ocata onwards. -------------------------------------------------------------------------------- /releasenotes/notes/ovs-bridges-on-network-nodes-890c51cbbddf8f1c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | OVS bridges are no longer created on compute nodes, they should only be 5 | created on network nodes. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/ovs-tunnel-subnets-8955593d3004852e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Add neutron plugin option ``CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS`` to configure 5 | IP filtering to accept tunneling packets from these subnets instead of 6 | specific IP addresses of peer nodes. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/packstack-moved-from-stackforge-766c35141b5480c3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | The Packstack project repository was moved from https://github.com/stackforge/packstack to 5 | https://github.com/openstack/packstack 6 | -------------------------------------------------------------------------------- /releasenotes/notes/qpid-removal-f754f589e335ae0c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | qpid support has been dropped from oslo.messaging and as such, support for 5 | it has been removed from Packstack. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/register-satellite6-server-796a5f89b39386a4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Allow registering to a Satellite 6 server 5 | -------------------------------------------------------------------------------- /releasenotes/notes/releasenotes/notes/add-custom-lvm-name-090af5002950706d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Users would like the ability to use custom lvm 4 | names during deployment. This is now possible using 5 | the cinder-volume-name parameter. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-cinder-gluster-6c54d9f440424259.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The GlusterFS volume driver was removed from Cinder in Ocata release. The options to 5 | enable it in Packstack have been removed: 6 | - `gluster` is not longer accepted in CONFIG_CINDER_BACKEND parameter. 7 | - Parameter `CONFIG_CINDER_GLUSTER_MOUNTS` has been removed. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-collector-api-5b494f09593197f0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Remove confguring ceilometer collector and api in packstack. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-config-gnocchi-install-ecfe10ce59f1d0da.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Remove CONFIG_GNOCCHI_INSTALL command line option and make gnocchi install 5 | part of ceilometer install. We will always need gnocchi for ceilometer, so 6 | this makes sense and one less option for user to worry about. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-epel-support-3732f53a2e45d64c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - Support to enable the EPEL repository has been removed. 4 | It is known to cause conflicts with packages provided 5 | with RDO, and it is no longer needed. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-glance-registry-6076539ab6ce1a8b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | Glance Registry service was deprecated in the Queens release and has been removed in Victoria. 5 | Accordingly, packstack is not longer deploying glance-registry. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-keystone-v2-f257cdb7e7e3a4df.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The ``CONFIG_KEYSTONE_API_VERSION`` parameter no longer accepts ``v2.0``. 5 | Identity v2 API was alreday removed from Keystone. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-lbaas-0054d83972c5afcf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Neutron LBaaS has been removed from upstream and is now removed from Packstack. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-legacy-nova-filters-d6e21a5e8f5c31a7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Ram/Disk/Core Filter Scheduler were deprecated since 5 | stein and are recently removed in nova, hence removing 6 | it from Packstack. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-nagios-deployment-21362a84a3ac446f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The option to deploy nagios from packstack was 5 | deprecated in Ocata release and it has been removed 6 | in Pike. Following options have been retired: 7 | 8 | * CONFIG_NAGIOS_INSTALL 9 | * CONFIG_NAGIOS_PW 10 | 11 | Note that CentOS OpsTools Special Interest Group provides 12 | packages and automation tooling to deploy monitoring tools 13 | and integrate them with RDO. 14 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-nova-network-8fe352ac6eb22ecb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Service nova-network has been removed in nova project 5 | in Ocata. Packstack has removed support to deploying 6 | this service, what implies some changes: 7 | 8 | * CONFIG_NEUTRON_INSTALL must allways be set to y 9 | * CONFIG_NOVA_COMPUTE_PRIVIF option has been removed. 10 | * CONFIG_NOVA_NETWORK_MANAGER option has been removed. 11 | * CONFIG_NOVA_NETWORK_PUBIF option has been removed. 12 | * CONFIG_NOVA_NETWORK_PRIVIF option has been removed. 13 | * CONFIG_NOVA_NETWORK_FIXEDRANGE option has been removed. 14 | * CONFIG_NOVA_NETWORK_FLOATRANGE option has been removed. 15 | * CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP option has been removed. 16 | * CONFIG_NOVA_NETWORK_VLAN_START option has been removed. 17 | * CONFIG_NOVA_NETWORK_NUMBER option has been removed. 18 | * CONFIG_NOVA_NETWORK_SIZE option has been removed. 19 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-retry-filter-nova-05e84f3fd020d8ed.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Retry Filter Scheduler was deprecated since Train 5 | and is recently removed in nova, hence removing 6 | it from Packstack. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-sahara-79e02a209c7128e9.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Sahara support has been removed because the sahara project is no longer 5 | maintained. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-uec-images-d876bd8c805d9633.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Default cirros image for demo project has been updated to 0.5.1. With this change 5 | using UEC image is not longer needed so following options have been removed from 6 | packstack parameters: 7 | * CONFIG_PROVISION_UEC_IMAGE_NAME 8 | * CONFIG_PROVISION_UEC_IMAGE_KERNEL_URL 9 | * CONFIG_PROVISION_UEC_IMAGE_RAMDISK_URL 10 | * CONFIG_PROVISION_UEC_IMAGE_DISK_URL 11 | -------------------------------------------------------------------------------- /releasenotes/notes/renamed-ssl-subject-parameters-c2a52d17c349a59f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Parameters names for SSL certificates subjects have 5 | been changed. While old parameters names still works 6 | when using answers files, they will not work when 7 | passed with packstack cli. For users using them, they 8 | are required to move to new CLI parameters, see ``packstack -h`` 9 | for details of new names. 10 | 11 | deprecations: 12 | - | 13 | SSL certificates subject parameters can be used now 14 | both to create a new selfsigned CA certificate or 15 | to generate new server certificates using an existing 16 | CA certificate. In order to provide a more accurate 17 | usage description for SSL certificates subject parameters, 18 | they have been renamed as follows: 19 | 20 | * CONFIG_SELFSIGN_CACERT_SUBJECT_C is renamed to 21 | CONFIG_SSL_CERT_SUBJECT_C 22 | * CONFIG_SELFSIGN_CACERT_SUBJECT_ST is renamed to 23 | CONFIG_SSL_CERT_SUBJECT_ST 24 | * CONFIG_SELFSIGN_CACERT_SUBJECT_L is renamed to 25 | CONFIG_SSL_CERT_SUBJECT_L 26 | * CONFIG_SELFSIGN_CACERT_SUBJECT_O is renamed to 27 | CONFIG_SSL_CERT_SUBJECT_O 28 | * CONFIG_SELFSIGN_CACERT_SUBJECT_OU is renamed to 29 | CONFIG_SSL_CERT_SUBJECT_OU 30 | * CONFIG_SELFSIGN_CACERT_SUBJECT_CN is renamed to 31 | CONFIG_SSL_CERT_SUBJECT_CN 32 | * CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL is renamed to 33 | CONFIG_SSL_CERT_SUBJECT_MAIL 34 | 35 | Old parameters names in answer files will still work 36 | but it's recomended to move to new ones. 37 | -------------------------------------------------------------------------------- /releasenotes/notes/reno-for-release-notes-66c17b84c946591f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Release notes are no longer maintained by hand, we now use the Reno tool to 5 | manage them. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/service-workers-and-mariadb-c2a6ba903f36b57e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Add ``--service-workers`` parameter to configure the amount of 5 | workers/threads per process to scale up or down as necessary. Defaults to 6 | the amount of cores on the system. 7 | 8 | fixes: 9 | - | 10 | MariaDB max_connections is no longer hardcoded to 1024 and now scales 11 | automatically according to the --service-workers parameter. 12 | ( Service Workers * 128 ). 13 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-s3-removal-ee3ddc2ee21a56cf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Removed the configuration of the Swift S3 endpoint. Swift S3 is not yet 5 | supported in Packstack. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/switch-default-neutron-driver-to-ovn-0eb7053b81c7794d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | The default ML2 driver is replaced from ``openvswitch``to ``ovn``. This 4 | means that, when deploying packstack with the default settings, OVN will 5 | be used as the networking backend for Neutron. 6 | features: 7 | - | 8 | OVN is now used as the default networking backend for Neutron when 9 | deploying packstack. Neutron agents such as L2, L3 or DHCP agents are no 10 | longer used and get replaced by OVN services. 11 | The encapsulation used will be ``geneve`` instead of ``vxlan``. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/update-puppet-module-usage-4ed869e87e67caaf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Several updates to Packstack to keep up with supported upstream projects 5 | new features, deprecations or removals throughout the cycle. 6 | -------------------------------------------------------------------------------- /releasenotes/source/_static/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-openstack/packstack/d1dedfcf3daaf98d2cb3da3830778d0dc4d0fcbb/releasenotes/source/_static/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/_templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-openstack/packstack/d1dedfcf3daaf98d2cb3da3830778d0dc4d0fcbb/releasenotes/source/_templates/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/index.rst: -------------------------------------------------------------------------------- 1 | Welcome to Packstack Release Notes! 2 | =================================== 3 | 4 | Contents 5 | ======== 6 | 7 | .. toctree:: 8 | :maxdepth: 2 9 | 10 | unreleased 11 | 12 | Indices and tables 13 | ================== 14 | 15 | * :ref:`genindex` 16 | * :ref:`search` -------------------------------------------------------------------------------- /releasenotes/source/unreleased.rst: -------------------------------------------------------------------------------- 1 | Current Series Release Notes 2 | ============================ 3 | 4 | .. release-notes:: -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | pbr>=1.6 # Apache-2.0 2 | netaddr>=0.7.6 3 | PyYAML>=3.10 4 | docutils>=0.11 5 | netifaces 6 | distro 7 | cryptography>=2.1 # BSD/Apache-2.0 8 | -------------------------------------------------------------------------------- /roles/packstack-integration-tempest/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: packstack-integration-tempest 2 | shell: 3 | cmd: | 4 | set -e 5 | set -x 6 | export SCENARIO='{{ scenario }}' 7 | export DELOREAN='{{ delorean | default('') }}' 8 | export DELOREAN_DEPS='{{ delorean_deps | default('') }}' 9 | export SELINUX_ENFORCING='{{ selinux_enforcing | default('true') }}' 10 | ./run_tests.sh 11 | executable: /bin/bash 12 | chdir: '{{ ansible_user_dir }}/workspace/packstack' 13 | environment: '{{ zuul }}' 14 | -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- 1 | [metadata] 2 | name = packstack 3 | summary = A utility to install OpenStack 4 | description_file = README.rst 5 | long_description_content_type = text/x-rst 6 | author = RDO 7 | author_email = rdo-list@redhat.com 8 | home_page = http://www.rdoproject.org/ 9 | python_requires = >=3.6 10 | classifier = 11 | Environment :: OpenStack 12 | Intended Audience :: Developers 13 | Intended Audience :: Information Technology 14 | Intended Audience :: System Administrators 15 | License :: OSI Approved :: Apache Software License 16 | Operating System :: POSIX :: Linux 17 | Programming Language :: Python 18 | Programming Language :: Python :: 3.6 19 | Programming Language :: Python :: 3.9 20 | 21 | [files] 22 | packages = 23 | packstack 24 | 25 | data_files = 26 | share/packstack = docs/source/packstack.rst 27 | 28 | [global] 29 | setup-hooks = 30 | pbr.hooks.setup_hook 31 | 32 | [egg_info] 33 | tag_build = 34 | tag_date = 0 35 | tag_svn_revision = 0 36 | 37 | [pbr] 38 | warnerrors = True 39 | autodoc_tree_index_modules = True 40 | 41 | [entry_points] 42 | console_scripts = 43 | packstack = packstack.installer.run_setup:main 44 | 45 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | import setuptools 2 | 3 | setuptools.setup( 4 | setup_requires=['pbr>=1.8'], 5 | pbr=True) 6 | -------------------------------------------------------------------------------- /test-requirements.txt: -------------------------------------------------------------------------------- 1 | sphinx>=1.6.2 # BSD 2 | openstackdocstheme>=1.17.0 # Apache-2.0 3 | reno>=0.1.1 # Apache2 4 | stestr>=1.0.0 # Apache-2.0 5 | coverage 6 | hacking>=7.0.0,<7.1.0 # Apache-2.0 7 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-openstack/packstack/d1dedfcf3daaf98d2cb3da3830778d0dc4d0fcbb/tests/__init__.py -------------------------------------------------------------------------------- /tests/installer/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-openstack/packstack/d1dedfcf3daaf98d2cb3da3830778d0dc4d0fcbb/tests/installer/__init__.py -------------------------------------------------------------------------------- /tests/installer/test_arch.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 3 | 4 | # Copyright 2017, Red Hat, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 7 | # not use this file except in compliance with the License. You may obtain 8 | # a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 14 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 15 | # License for the specific language governing permissions and limitations 16 | # under the License. 17 | 18 | """ 19 | Test cases for packstack.installer.core.arch module. 20 | """ 21 | 22 | from unittest import mock 23 | from unittest import TestCase 24 | 25 | from packstack.installer.core import arch 26 | 27 | 28 | class ArchTestCase(TestCase): 29 | def test_kernel_arch(self): 30 | for (expected, _arch) in [('x86_64', 'x86_64'), 31 | ('ppc64le', 'ppc64le')]: 32 | with mock.patch('os.uname', return_value=('', '', '', '', _arch)): 33 | self.assertEqual(expected, arch.kernel_arch()) 34 | 35 | def test_dib_arch(self): 36 | for (expected, _arch) in [('amd64', 'x86_64'), 37 | ('ppc64le', 'ppc64le')]: 38 | with mock.patch('os.uname', return_value=('', '', '', '', _arch)): 39 | self.assertEqual(expected, arch.dib_arch()) 40 | 41 | def test_cirros_arch(self): 42 | for (expected, _arch) in [('x86_64', 'x86_64'), 43 | ('powerpc', 'ppc64le')]: 44 | with mock.patch('os.uname', return_value=('', '', '', '', _arch)): 45 | self.assertEqual(expected, arch.cirros_arch()) 46 | -------------------------------------------------------------------------------- /tests/installer/test_processors.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 3 | 4 | # Copyright 2013, Red Hat, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 7 | # not use this file except in compliance with the License. You may obtain 8 | # a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 14 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 15 | # License for the specific language governing permissions and limitations 16 | # under the License. 17 | 18 | import os 19 | from unittest import TestCase 20 | 21 | from packstack.installer import processors 22 | 23 | from ..test_base import PackstackTestCaseMixin 24 | 25 | 26 | class ProcessorsTestCase(PackstackTestCaseMixin, TestCase): 27 | def test_process_host(self): 28 | """Test packstack.installer.processors.process_host.""" 29 | proc_local = processors.process_host('localhost', 'HOSTNAME') 30 | self.assertIn(proc_local, ['127.0.0.1', '::1']) 31 | 32 | def test_process_ssh_key(self): 33 | """Test packstack.installer.processors.process_ssh_key.""" 34 | path = processors.process_ssh_key( 35 | os.path.join(self.tempdir, 'id_rsa'), 'SSH_KEY') 36 | # test if key was created 37 | self.assertTrue(bool(path)) 38 | # test if key exists 39 | # XXX: process_ssh_key does not create ssh key during test run 40 | # ... not sure why, nevertheless it works in normal run 41 | # self.assertEquals(True, os.path.isfile(path)) 42 | -------------------------------------------------------------------------------- /tests/installer/test_sequences.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 3 | 4 | # Copyright 2013, Red Hat, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 7 | # not use this file except in compliance with the License. You may obtain 8 | # a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 14 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 15 | # License for the specific language governing permissions and limitations 16 | # under the License. 17 | 18 | import io 19 | import sys 20 | from unittest import TestCase 21 | 22 | from packstack.installer import utils 23 | from packstack.installer.core import sequences 24 | 25 | from ..test_base import PackstackTestCaseMixin 26 | 27 | 28 | class StepTestCase(PackstackTestCaseMixin, TestCase): 29 | def setUp(self): 30 | super(StepTestCase, self).setUp() 31 | self._stdout = sys.stdout 32 | sys.stdout = io.StringIO() 33 | 34 | def tearDown(self): 35 | super(StepTestCase, self).tearDown() 36 | sys.stdout = self._stdout 37 | 38 | def test_run(self): 39 | """ 40 | Test packstack.instaler.core.sequences.Step run. 41 | """ 42 | def func(config, messages): 43 | if 'test' not in config: 44 | raise AssertionError('Missing config value.') 45 | 46 | step = sequences.Step('test', func, title='Running test') 47 | step.run(config={'test': 'test'}) 48 | contents = sys.stdout.getvalue() 49 | 50 | state = '[ %s ]\n' % utils.color_text('DONE', 'green') 51 | if (not contents.startswith('Running test') or 52 | not contents.endswith(state)): 53 | raise AssertionError('Step run test failed: %s' % contents) 54 | 55 | 56 | class SequenceTestCase(PackstackTestCaseMixin, TestCase): 57 | def setUp(self): 58 | super(SequenceTestCase, self).setUp() 59 | self._stdout = sys.stdout 60 | sys.stdout = io.StringIO() 61 | 62 | self.steps = [{'name': '1', 'function': lambda x, y: True, 63 | 'title': 'Step 1'}, 64 | {'name': '2', 'function': lambda x, y: True, 65 | 'title': 'Step 2'}, 66 | {'name': '3', 'function': lambda x, y: True, 67 | 'title': 'Step 3'}] 68 | 69 | self.seq = sequences.Sequence('test', self.steps, condition='test', 70 | cond_match='test') 71 | 72 | def tearDown(self): 73 | super(SequenceTestCase, self).tearDown() 74 | sys.stdout = self._stdout 75 | 76 | def test_run(self): 77 | """ 78 | Test packstack.instaler.core.sequences.Sequence run. 79 | """ 80 | self.seq.run() 81 | contents = sys.stdout.getvalue() 82 | self.assertEqual(contents, '') 83 | 84 | self.seq.run(config={'test': 'test'}, step='2') 85 | contents = sys.stdout.getvalue() 86 | assert contents.startswith('Step 2') 87 | 88 | output = [] 89 | self.steps.insert(0, {'title': 'Step 2'}) 90 | for i in self.steps: 91 | output.append('%s\n' % utils.state_message(i['title'], 92 | 'DONE', 'green')) 93 | 94 | self.seq.run(config={'test': 'test'}) 95 | contents = sys.stdout.getvalue() 96 | self.assertEqual(contents, ''.join(output)) 97 | -------------------------------------------------------------------------------- /tests/modules/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-openstack/packstack/d1dedfcf3daaf98d2cb3da3830778d0dc4d0fcbb/tests/modules/__init__.py -------------------------------------------------------------------------------- /tests/modules/test_ospluginutils.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 3 | 4 | # Copyright 2013, Red Hat, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 7 | # not use this file except in compliance with the License. You may obtain 8 | # a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 14 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 15 | # License for the specific language governing permissions and limitations 16 | # under the License. 17 | 18 | from unittest import TestCase 19 | 20 | from ..test_base import PackstackTestCaseMixin 21 | from packstack.modules.ospluginutils import gethostlist 22 | 23 | 24 | class OSPluginUtilsTestCase(PackstackTestCaseMixin, TestCase): 25 | def test_gethostlist(self): 26 | conf = {"A_HOST": "1.1.1.1", "B_HOSTS": "2.2.2.2,1.1.1.1", 27 | "C_HOSTS": "3.3.3.3/vdc"} 28 | hosts = gethostlist(conf) 29 | hosts.sort() 30 | self.assertEqual(['1.1.1.1', '2.2.2.2', '3.3.3.3'], hosts) 31 | -------------------------------------------------------------------------------- /tests/modules/test_puppet.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 3 | 4 | # Copyright 2013, Red Hat, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 7 | # not use this file except in compliance with the License. You may obtain 8 | # a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 14 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 15 | # License for the specific language governing permissions and limitations 16 | # under the License. 17 | 18 | import os 19 | 20 | from unittest import TestCase 21 | from ..test_base import PackstackTestCaseMixin 22 | 23 | from packstack.installer.exceptions import PuppetError 24 | from packstack.modules.puppet import validate_logfile 25 | 26 | 27 | class PuppetTestCase(PackstackTestCaseMixin, TestCase): 28 | 29 | def test_validate_logfile(self): 30 | """Test packstack.modules.validate_logfile.""" 31 | filename = os.path.join(self.tempdir, "puppet.log") 32 | # test valid run 33 | with open(filename, "w") as fp: 34 | fp.write("Everything went ok") 35 | validate_logfile(filename) 36 | # test invalid run 37 | with open(filename, "w") as fp: 38 | fp.write("No matching value for selector param 'Fedora' ...") 39 | self.assertRaises(PuppetError, validate_logfile, filename) 40 | # test run with error exception 41 | with open(filename, "w") as fp: 42 | err = ("err: Could not prefetch database_grant provider 'mysql': " 43 | "Execution of '/usr/bin/mysql --defaults-file=/root/.my.cnf" 44 | " mysql -Be describe user' returned 1: Could not open " 45 | "required defaults file: /root/.my.cnf") 46 | fp.write(err) 47 | validate_logfile(filename) 48 | # test surrogate 49 | with open(filename, "w") as fp: 50 | err = ("err: /Stage[main]/Vswitch::Ovs/Package[openvswitch]/ensure" 51 | ": change from absent to present failed: Execution of " 52 | "'/usr/bin/yum -d 0 -e 0 -y install openvswitch' returned " 53 | "1: Error: Nothing to do") 54 | fp.write(err) 55 | self.assertRaises(PuppetError, validate_logfile, filename) 56 | try: 57 | validate_logfile(filename) 58 | except PuppetError as ex: 59 | ex_msg = str(ex) 60 | sr_msg = ("Package openvswitch has not been found in enabled Yum " 61 | "repos") 62 | assert sr_msg in ex_msg 63 | -------------------------------------------------------------------------------- /tests/scenario-py3.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONTROLLER_NODE=${CONTROLLER_NODE:-} 3 | COMPUTE_NODE=${COMPUTE_NODE:-} 4 | 5 | if [ $(id -u) != 0 ]; then 6 | SUDO='sudo' 7 | fi 8 | 9 | echo -e "Generating packstack config for: 10 | - keystone 11 | - glance (file backend) 12 | - nova 13 | - neutron (ovs+vxlan) 14 | - cinder (lvm+iscsi) 15 | - tempest (regex: 'smoke')" 16 | echo "tempest will run if packstack's installation completes successfully." 17 | echo 18 | 19 | if [ -z $COMPUTE_NODE ]; then 20 | NODE_FLAGS="--allinone" 21 | else 22 | NODE_FLAGS="--allinone --os-controller-host=$CONTROLLER_NODE --os-network-hosts=$CONTROLLER_NODE --os-compute-hosts=$COMPUTE_NODE" 23 | fi 24 | 25 | $SUDO packstack ${ADDITIONAL_ARGS} \ 26 | ${NODE_FLAGS} \ 27 | --cinder-volume-name="aVolume" \ 28 | --debug \ 29 | --service-workers=2 \ 30 | --default-password="packstack" \ 31 | --os-aodh-install=n \ 32 | --os-ceilometer-install=n \ 33 | --os-swift-install=n \ 34 | --os-manila-install=n \ 35 | --os-horizon-ssl=n \ 36 | --amqp-enable-ssl=n \ 37 | --glance-backend=file \ 38 | --nova-libvirt-virt-type=qemu \ 39 | --provision-image-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-disk.img" \ 40 | --provision-demo=y \ 41 | --provision-tempest=y \ 42 | --run-tempest=y \ 43 | --run-tempest-tests="smoke dashboard" || export FAILURE=true 44 | -------------------------------------------------------------------------------- /tests/scenario000.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ $(id -u) != 0 ]; then 3 | SUDO='sudo' 4 | fi 5 | 6 | $SUDO packstack ${ADDITIONAL_ARGS} \ 7 | --allinone \ 8 | --debug \ 9 | --os-debug-mode=y \ 10 | --service-workers=2 \ 11 | --default-password="packstack" || export FAILURE=true 12 | -------------------------------------------------------------------------------- /tests/scenario001.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONTROLLER_NODE=${CONTROLLER_NODE:-} 3 | COMPUTE_NODE=${COMPUTE_NODE:-} 4 | 5 | if [ $(id -u) != 0 ]; then 6 | SUDO='sudo' 7 | fi 8 | 9 | echo -e "Generating packstack config for: 10 | - keystone 11 | - glance (file backend) 12 | - nova 13 | - neutron (ovs+vxlan) 14 | - cinder (lvm+iscsi) 15 | - manila 16 | - tempest (regex: 'smoke')" 17 | echo "tempest will run if packstack's installation completes successfully." 18 | echo 19 | 20 | if [ -z $COMPUTE_NODE ]; then 21 | NODE_FLAGS="--allinone" 22 | else 23 | NODE_FLAGS="--allinone --os-controller-host=$CONTROLLER_NODE --os-network-hosts=$CONTROLLER_NODE --os-compute-hosts=$COMPUTE_NODE" 24 | fi 25 | 26 | $SUDO packstack ${ADDITIONAL_ARGS} \ 27 | ${NODE_FLAGS} \ 28 | --cinder-volume-name="aVolume" \ 29 | --debug \ 30 | --os-debug-mode=y \ 31 | --service-workers=2 \ 32 | --default-password="packstack" \ 33 | --os-aodh-install=n \ 34 | --os-ceilometer-install=n \ 35 | --os-swift-install=n \ 36 | --os-manila-install=y \ 37 | --os-horizon-ssl=y \ 38 | --amqp-enable-ssl=y \ 39 | --glance-backend=file \ 40 | --nova-libvirt-virt-type=qemu \ 41 | --provision-image-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-disk.img" \ 42 | --provision-demo=y \ 43 | --provision-tempest=y \ 44 | --run-tempest=y \ 45 | --run-tempest-tests="smoke dashboard" \ 46 | --skip-tempest-tests="test_dashboard_basic_ops" || export FAILURE=true 47 | -------------------------------------------------------------------------------- /tests/scenario002.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONTROLLER_NODE=${CONTROLLER_NODE:-} 3 | COMPUTE_NODE=${COMPUTE_NODE:-} 4 | 5 | if [ $(id -u) != 0 ]; then 6 | SUDO='sudo' 7 | fi 8 | 9 | echo -e "Generating packstack config for: 10 | - keystone 11 | - glance (swift backend) 12 | - nova 13 | - neutron (ovs+vxlan) 14 | - swift 15 | - trove 16 | - tempest (regex: 'smoke dashboard')" 17 | echo "tempest will run if packstack's installation completes successfully." 18 | echo 19 | 20 | if [ -z $COMPUTE_NODE ]; then 21 | NODE_FLAGS="--allinone" 22 | else 23 | NODE_FLAGS="--allinone --os-controller-host=$CONTROLLER_NODE --os-network-hosts=$CONTROLLER_NODE --os-compute-hosts=$COMPUTE_NODE" 24 | fi 25 | 26 | $SUDO packstack ${ADDITIONAL_ARGS} \ 27 | ${NODE_FLAGS} \ 28 | --debug \ 29 | --os-debug-mode=y \ 30 | --service-workers=2 \ 31 | --default-password="packstack" \ 32 | --os-aodh-install=n \ 33 | --os-ceilometer-install=n \ 34 | --os-cinder-install=n \ 35 | --os-horizon-install=n \ 36 | --glance-backend=swift \ 37 | --os-neutron-l2-agent=openvswitch \ 38 | --os-neutron-ml2-type-drivers="vxlan,flat" \ 39 | --os-neutron-ml2-tenant-network-types="vxlan" \ 40 | --os-neutron-vpnaas-install=n \ 41 | --os-trove-install=y \ 42 | --nova-libvirt-virt-type=qemu \ 43 | --provision-image-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-disk.img" \ 44 | --provision-demo=y \ 45 | --provision-tempest=y \ 46 | --run-tempest=y \ 47 | --run-tempest-tests="smoke" || export FAILURE=true 48 | -------------------------------------------------------------------------------- /tests/scenario003.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONTROLLER_NODE=${CONTROLLER_NODE:-} 3 | COMPUTE_NODE=${COMPUTE_NODE:-} 4 | 5 | if [ $(id -u) != 0 ]; then 6 | SUDO='sudo' 7 | fi 8 | 9 | echo -e "Generating packstack config for: 10 | - keystone 11 | - glance (file backend) 12 | - nova 13 | - neutron (ovs+vxlan) 14 | - ceilometer 15 | - aodh 16 | - gnocchi 17 | - heat 18 | - magnum 19 | - tempest (regex: 'smoke TelemetryAlarming')" 20 | echo "tempest will run if packstack's installation completes successfully." 21 | echo 22 | 23 | if [ -z $COMPUTE_NODE ]; then 24 | NODE_FLAGS="--allinone" 25 | else 26 | NODE_FLAGS="--allinone --os-controller-host=$CONTROLLER_NODE --os-network-hosts=$CONTROLLER_NODE --os-compute-hosts=$COMPUTE_NODE" 27 | fi 28 | 29 | $SUDO packstack ${ADDITIONAL_ARGS} \ 30 | ${NODE_FLAGS} \ 31 | --debug \ 32 | --os-debug-mode=y \ 33 | --service-workers=2 \ 34 | --default-password="packstack" \ 35 | --os-swift-install=n \ 36 | --os-horizon-install=n \ 37 | --glance-backend=file \ 38 | --os-heat-install=y \ 39 | --os-magnum-install=y \ 40 | --nova-libvirt-virt-type=qemu \ 41 | --provision-image-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-disk.img" \ 42 | --provision-demo=y \ 43 | --provision-tempest=y \ 44 | --run-tempest=y \ 45 | --run-tempest-tests="smoke TelemetryAlarming" || export FAILURE=true 46 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | minversion = 3.18.0 3 | envlist = py39,py312,pep8,releasenotes,docs 4 | skipsdist = False 5 | 6 | [testenv] 7 | usedevelop = True 8 | setenv = VIRTUAL_ENV={envdir} 9 | LANG=en_US.UTF-8 10 | LANGUAGE=en_US:en 11 | LC_ALL=C 12 | deps = 13 | -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} 14 | -r{toxinidir}/test-requirements.txt 15 | -r{toxinidir}/requirements.txt 16 | 17 | allowlist_externals = /usr/bin/find 18 | commands = /usr/bin/find . -type f -name "*.pyc" -delete 19 | stestr run {posargs} 20 | 21 | [tox:jenkins] 22 | sitepackages = True 23 | 24 | [testenv:pep8] 25 | commands = flake8 26 | 27 | [testenv:cover] 28 | setenv = NOSE_WITH_COVERAGE=1 29 | 30 | [testenv:venv] 31 | commands = {posargs} 32 | 33 | [testenv:docs] 34 | commands = sphinx-build -a -E -W -d docs/build/doctrees -b html docs/source docs/build/html 35 | 36 | [testenv:releasenotes] 37 | deps = -r{toxinidir}/test-requirements.txt 38 | commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html 39 | 40 | [flake8] 41 | # H803 skipped on purpose per list discussion. 42 | # E123, E125 skipped as they are invalid PEP-8. 43 | # 44 | # All other checks should be enabled in the future. 45 | ignore = E123,E125,E501,H404,H405,H305,H306,H307,W504 46 | show-source = True 47 | exclude=.venv,.git,.tox,.eggs 48 | --------------------------------------------------------------------------------