├── .gitignore ├── LICENSE.txt ├── README.md ├── Vagrantfile ├── ansible ├── ansible.cfg ├── group_vars │ └── all ├── hosts ├── roles │ ├── bootstrap │ │ ├── files │ │ │ ├── htoprc │ │ │ └── sources.list │ │ └── tasks │ │ │ └── main.yml │ ├── cinder │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── cinder.conf │ ├── glance │ │ ├── tasks │ │ │ ├── default-images.yml │ │ │ └── main.yml │ │ └── templates │ │ │ ├── glance-api.conf │ │ │ └── glance-registry.conf │ ├── heat │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── heat.conf │ ├── horizon │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── local_settings.py │ │ │ └── openstack-dashboard.conf │ ├── keystone │ │ ├── tasks │ │ │ ├── main.yml │ │ │ ├── openrc-files.yml │ │ │ ├── openstack-endpoints.yml │ │ │ ├── openstack-pur.yml │ │ │ └── openstack-services.yml │ │ └── templates │ │ │ ├── admin-openrc.sh │ │ │ ├── demo-openrc.sh │ │ │ └── keystone.conf │ ├── memcached │ │ ├── files │ │ │ └── memcached.conf │ │ └── tasks │ │ │ └── main.yml │ ├── mysql │ │ ├── files │ │ │ └── my.cnf │ │ └── tasks │ │ │ └── main.yml │ ├── neutron_aio │ │ ├── files │ │ │ ├── dnsmasq-neutron.conf │ │ │ └── sysctl.conf │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── dhcp_agent.ini │ │ │ ├── fwaas_driver.ini │ │ │ ├── l3_agent.ini │ │ │ ├── metadata_agent.ini │ │ │ ├── ml2_conf.ini_linuxbridge │ │ │ ├── ml2_conf.ini_ovs │ │ │ └── neutron.conf │ ├── nova_aio │ │ ├── files │ │ │ └── kernel-postinst-statoverride │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── main.yml │ │ │ └── nova-flavors-standards.yml │ │ └── templates │ │ │ ├── nova-compute.conf │ │ │ └── nova.conf │ └── rabbitmq │ │ └── tasks │ │ └── main.yml └── site.yml ├── misc ├── linux-bridge-setageing.sh ├── os-heat-templates │ ├── nfv-l2-bridge-basic-stack-ubuntu.yaml │ ├── nfv-l2-bridge-centos.yaml │ ├── nfv-l2-bridge-ubuntu.yaml │ ├── sandvine-stack-0.1-centos.yaml │ ├── sandvine-stack-0.1-cs-1.yaml │ └── subscribers-example-yaml-block.txt ├── os-install-lbr.sh └── os-install.sh ├── os-deploy-vagrant.sh └── os-deploy.sh /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Playbook for OpenStack 2 | 3 | # os-ansible-deployment-lite 4 | 5 | Ansible playbooks for deploying `OpenStack`. http://openstack.org 6 | 7 | # Overview 8 | 9 | You'll need an `Ubuntu Trusty` up and running, fully upgraded, before deploying `OpenStack` on top of it. 10 | 11 | Our `Ansible` playbooks provides two ways to deploy `OpenStack`, first and quick mode, is by running it on your local computer, the second mode is a bit more advanced, where you'll be deploying `OpenStack` on remote computers. 12 | 13 | This procedure will deploy `OpenStack` (bare metal highly recommended, server or laptop) in a fashion called `all-in-one`. It follows `OpenStack` official documentation `docs.openstack.org`. 14 | 15 | The `default` setup builds an `all-in-one` environment, it might be used mostly for demonstration purposes. Only a few environments can use this topology in production. 16 | 17 | To begin with, and to reduce the learning curve, we're using `Linux Bridges`, instead of `Open vSwitch`. Because it is very easy to fully understand `OpenStack Neutron` internals with `Linux Bridges`, it is easier to debug and simpler (`KISS Principle`). 18 | 19 | Nevertheless, for a future `multi-node` deployments, `Open vSwitch` will be preferred. Specially for higly performance networks, when we'll be using `Open vSwitch` with `DPDK`. 20 | 21 | In the next version of our `Ansible` playbooks, `Open vSwitch` will be supported for the `default` `all-in-one` deployments. 22 | 23 | ## Before start, keep in mind that: 24 | 25 | A- A fresh installation and fully upgraded `Ubuntu Trusty`, with Linux 3.19, is required. 26 | 27 | B- Make sure you can use `sudo` without password. 28 | 29 | C- Your `/etc/hostname` file must contains ONLY the hostname itself, not the FQDN. 30 | 31 | D- Your `IP + FQDN + hostname + aliases` should be configured in your `/etc/hosts` file. 32 | 33 | # Quick Procedure 34 | 35 | ## 1- Install Ubuntu 14.04.3 (Server or Desktop), details: 36 | 37 | * Hostname: "kilo-1" 38 | * User: "administrative" 39 | * Password: "whatever" 40 | 41 | ## 2- Upgrade Ubuntu to the latest version, by running: 42 | 43 | sudo apt-get update 44 | sudo apt-get dist-upgrade -y 45 | sudo apt-get install linux-generic-lts-vivid -y 46 | sudo reboot 47 | 48 | ## 3- Basic requirements: 49 | 50 | Install `curl` and `ssh`: 51 | 52 | sudo apt-get install ssh curl -y 53 | 54 | Allow members of `sudo` group to become `root` without requiring password promt: 55 | 56 | sudo visudo 57 | 58 | The line that starts with `%sudo` must contains: 59 | 60 | %sudo ALL=NOPASSWD:ALL 61 | 62 | ## 4- Configure /etc/hostname and /etc/hosts files, like this: 63 | 64 | One line in `/etc/hostname`: 65 | 66 | kilo-1 67 | 68 | First two lines of `/etc/hosts` (do not touch IPv6 lines): 69 | 70 | 127.0.0.1 localhost.localdomain localhost 71 | 127.0.1.1 kilo-1.yourdomain.com kilo-1 kilo 72 | 73 | *NOTE: If you have fixed IP (v4 or v6), you can use it here (recommended).* 74 | 75 | Make sure it is working: 76 | 77 | hostname # Must returns ONLY your Hostname, nothing more. 78 | hostname -d # Must returns ONLY your Domain. 79 | hostname -f # Must returns your FQDN. 80 | hostname -i # Must returns your IP (can be 127.0.1.1). 81 | hostname -a # Must returns your aliases. 82 | 83 | ## 5- Deploy OpenStack Kilo 84 | 85 | Then, you'll be able to deploy `OpenStack` by running: 86 | 87 | bash <(curl -s https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install.sh) 88 | 89 | Well done! 90 | 91 | # Advanced Procedure 92 | 93 | 1- Add the following entries to your `/etc/network/interfaces` file: 94 | 95 | # Fake External Interface 96 | allow-hotplug dummy0 97 | iface dummy0 inet static 98 | address 172.31.254.129 99 | netmask 25 100 | 101 | # VXLAN Data Path 102 | allow-hotplug dummy1 103 | iface dummy1 inet static 104 | mtu 1550 105 | address 10.0.0.1 106 | netmask 24 107 | 108 | ## For local deployments: 109 | 110 | 1- Install Ansible to deploy your `OpenStack`: 111 | 112 | sudo apt-get install git ansible=1.7.2+dfsg-1~ubuntu14.04.1 113 | 114 | git clone -b kilo https://github.com/sandvine/os-ansible-deployment-lite.git 115 | 116 | cd os-ansible-deployment-lite 117 | 118 | ./os-deploy.sh 119 | 120 | ## For remote deployments: 121 | 122 | 1- Make sure you can ssh to your servers using key authentication. 123 | 124 | 2- Install Ansible to deploy your `OpenStack`: 125 | 126 | sudo apt-get install git ansible=1.7.2+dfsg-1~ubuntu14.04.1 127 | 128 | git clone -b kilo https://github.com/sandvine/os-ansible-deployment-lite.git 129 | 130 | cd os-ansible-deployment-lite 131 | 132 | Configure the file `group_vars/all` according to your remote computer. 133 | 134 | Pay an extra attention to the templates: `nova.conf`, `cinder.conf` and `ml2_conf.ini`, reconfigure those if required. 135 | 136 | Add your remote computer `FQDN` or `IP Address` to the `hosts` file, within group `all-in-one`, for example. 137 | 138 | Then, run `Ansible`: 139 | 140 | ansible-playbook site.yml 141 | 142 | **NOTE:** You can take a look at the script `os-deploy.sh` to see what needs to be changed before running `Ansible`. 143 | 144 | # Extra info 145 | 146 | There is a few assumptions here, like for example: 147 | 148 | A- Your remote server have its *default / primary* interface named `eth0`, the **my_ip** config option at `nova.conf` and `cinder.conf`; 149 | 150 | B- The `br-ex` `Neutron` interface is bridged against the `dummy0` interface (`ml2_conf.ini`), it have the subnet `172.31.254.128/25`, so, it is the *default gateway* of ALL `Neutron Namespaces` of this deployment. Usually, we must use a real interface for `br-ex`, where the IP 172.31.254.129 should be configured in an `Upstream Router`, outside of `OpenStack`, and NOT here, at the `dummy0` interface. 151 | 152 | Details: 153 | 154 | http://docs.openstack.org/kilo/install-guide/install/apt/content/ch_basic_environment.html#basics-neutron-networking-network-node 155 | 156 | C- Because the `br-ex` is bridged against the `dummy0` interface, you'll need to create a `iptables masquerade` rule, so your `Instances` can reach the Internet through real `eth0`. 157 | 158 | Example: 159 | 160 | iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 161 | 162 | D- The `vxlan` `Neutron` data network, will be created on top of a `dummy1`, it is really fast but, only works for our `all-in-one` deplyments (`ml2_conf.ini`). 163 | 164 | TODO: 165 | 166 | - Automate the Network Interfaces management with Ansible. 167 | 168 | - Create a "setup / install" script, which will prompt some questions for the user, about local / remote setups, to simplify the instructions presented here. 169 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | VAGRANTFILE_API_VERSION = "2" 5 | 6 | # All Vagrant configuration is done below. The "2" in Vagrant.configure 7 | # configures the configuration version (we support older styles for 8 | # backwards compatibility). Please don't change it unless you know what 9 | # you're doing. 10 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| 11 | # The most common configuration options are documented and commented below. 12 | # For a complete reference, please see the online documentation at 13 | # https://docs.vagrantup.com. 14 | 15 | # Every Vagrant development environment requires a box. You can search for 16 | # boxes at https://atlas.hashicorp.com/search. 17 | config.vm.box = "ubuntu/trusty64" 18 | 19 | # config.ssh.insert_key = false 20 | 21 | # Disable automatic box update checking. If you disable this, then 22 | # boxes will only be checked for updates when the user runs 23 | # `vagrant box outdated`. This is not recommended. 24 | # config.vm.box_check_update = false 25 | 26 | # Create a forwarded port mapping which allows access to a specific port 27 | # within the machine from a port on the host machine. In the example below, 28 | # accessing "localhost:8080" will access port 80 on the guest machine. 29 | # config.vm.network "forwarded_port", guest: 80, host: 8080 30 | 31 | # Create a private network, which allows host-only access to the machine 32 | # using a specific IP. 33 | # config.vm.network "private_network", ip: "192.168.33.10" 34 | 35 | # Create a public network, which generally matched to bridged network. 36 | # Bridged networks make the machine appear as another physical device on 37 | # your network. 38 | # config.vm.network "public_network" 39 | 40 | # Share an additional folder to the guest VM. The first argument is 41 | # the path on the host to the actual folder. The second argument is 42 | # the path on the guest to mount the folder. And the optional third 43 | # argument is a set of non-required options. 44 | # config.vm.synced_folder "../data", "/vagrant_data" 45 | 46 | # Provider-specific configuration so you can fine-tune various 47 | # backing providers for Vagrant. These expose provider-specific options. 48 | # Example for VirtualBox: 49 | 50 | config.vm.provider :virtualbox do |v| 51 | v.name = "os" 52 | v.memory = 4096 53 | v.cpus = 4 54 | v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] 55 | v.customize ["modifyvm", :id, "--ioapic", "on"] 56 | end 57 | 58 | # config.vm.provider "virtualbox" do |vb| 59 | # # Display the VirtualBox GUI when booting the machine 60 | # vb.gui = true 61 | # 62 | # # Customize the amount of memory on the VM: 63 | # vb.memory = "1024" 64 | # end 65 | # 66 | # View the documentation for the provider you are using for more 67 | # information on available options. 68 | 69 | config.vm.hostname = "controller-1.yourdomain.com" 70 | # config.vm.network :private_network, ip: "192.168.33.55" 71 | 72 | # Set the name of the VM. See: http://stackoverflow.com/a/17864388/100134 73 | config.vm.define :os do |os| 74 | end 75 | 76 | # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies 77 | # such as FTP and Heroku are also available. See the documentation at 78 | # https://docs.vagrantup.com/v2/push/atlas.html for more information. 79 | # config.push.define "atlas" do |push| 80 | # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" 81 | # end 82 | 83 | # Enable provisioning with a shell script. Additional provisioners such as 84 | # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the 85 | # documentation for more information about their specific syntax and use. 86 | # config.vm.provision "shell", inline: <<-SHELL 87 | # sudo apt-get update 88 | # sudo apt-get install -y apache2 89 | # SHELL 90 | 91 | # Ansible provisioner. 92 | config.vm.provision "ansible" do |ansible| 93 | ansible.playbook = "ansible/site.yml" 94 | ansible.inventory_path = "ansible/hosts" 95 | ansible.sudo = true 96 | end 97 | 98 | end 99 | -------------------------------------------------------------------------------- /ansible/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | 3 | roles_path = roles 4 | hostfile = hosts 5 | 6 | host_key_checking = False 7 | -------------------------------------------------------------------------------- /ansible/group_vars/all: -------------------------------------------------------------------------------- 1 | # 2 | # OpenStack Definitions 3 | # 4 | # Automaically managed by os-deploy*.sh 5 | # 6 | 7 | br_mode: "LBR" 8 | 9 | linuxnet_interface_driver: "nova.network.linux_net.LinuxBridgeInterfaceDriver" 10 | neutron_interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver" 11 | mechanism_drivers: "linuxbridge" 12 | firewall_driver: "neutron.agent.linux.iptables_firewall.IptablesFirewallDriver" 13 | 14 | public_addr: "controller-1.yourdomain.com" 15 | controller_addr: "controller-1.yourdomain.com" 16 | 17 | your_domain: "yourdomain.com" 18 | 19 | region: "ca-east-1" 20 | 21 | admin_token: "ADMIN_TOKEN" 22 | 23 | admin_password: "admin_pass" 24 | service_password: "service_pass" 25 | demo_password: "demo_pass" 26 | 27 | rabbit_userid: "openstack" 28 | rabbit_password: "RABBIT_PASS" 29 | 30 | metadata_secret: "UltraMeta13" 31 | 32 | openstack_env: 33 | OS_TOKEN: "{{admin_token}}" 34 | OS_URL: "http://{{controller_addr}}:35357/v2.0" 35 | 36 | admin_openrc_env: 37 | OS_PROJECT_DOMAIN_ID: "default" 38 | OS_USER_DOMAIN_ID: "default" 39 | OS_PROJECT_NAME: "admin" 40 | OS_TENANT_NAME: "admin" 41 | OS_USERNAME: "admin" 42 | OS_PASSWORD: "admin_pass" 43 | OS_AUTH_URL: "http://controller-1.yourdomain.com:35357/v3" 44 | 45 | ext_net_subnet: "172.31.254.128/25" 46 | ext_net_gateway: "172.31.254.129" 47 | ext_net_start: "172.31.254.130" 48 | ext_net_end: "172.31.254.254" 49 | 50 | heat_domain_pass: "calor_do_heat" 51 | 52 | mysql_databases: 53 | - { os_project: "heat", db_name: "heat", db_host: "%", db_user: "heatUser", db_pass: "heatPass" } 54 | - { os_project: "keystone", db_name: "keystone", db_host: "%", db_user: "keystoneUser", db_pass: "keystonePass" } 55 | - { os_project: "glance", db_name: "glance", db_host: "%", db_user: "glanceUser", db_pass: "glancePass" } 56 | - { os_project: "nova", db_name: "nova", db_host: "%", db_user: "novaUser", db_pass: "novaPass" } 57 | - { os_project: "neutron", db_name: "neutron", db_host: "%", db_user: "neutronUser", db_pass: "neutronPass" } 58 | - { os_project: "cinder", db_name: "cinder", db_host: "%", db_user: "cinderUser", db_pass: "cinderPass" } 59 | - { os_project: "trove", db_name: "trove", db_host: "%", db_user: "troveUser", db_pass: "trovePass" } 60 | -------------------------------------------------------------------------------- /ansible/hosts: -------------------------------------------------------------------------------- 1 | # List of servers to deploy OpenStack 2 | 3 | [all-in-one] 4 | localhost ansible_connection=local 5 | 6 | [controller_nodes] 7 | #192.168.122.10 8 | 9 | [network_nodes] 10 | #jdoe+instance+cloud 11 | 12 | [compute_nodes] 13 | #192.168.122.40 14 | 15 | [vagrant-node] 16 | #os ansible_ssh_user=vagrant ansible_ssh_host=localhost ansible_ssh_port=2222 17 | -------------------------------------------------------------------------------- /ansible/roles/bootstrap/files/htoprc: -------------------------------------------------------------------------------- 1 | hide_kernel_threads=1 2 | hide_userland_threads=1 3 | tree_view=1 4 | -------------------------------------------------------------------------------- /ansible/roles/bootstrap/files/sources.list: -------------------------------------------------------------------------------- 1 | # 2 | 3 | # deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Alpha amd64 (20140307)]/ trusty main restricted 4 | 5 | # deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Alpha amd64 (20140307)]/ trusty main restricted 6 | 7 | # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to 8 | # newer versions of the distribution. 9 | deb http://us.archive.ubuntu.com/ubuntu/ trusty main restricted 10 | # deb-src http://us.archive.ubuntu.com/ubuntu/ trusty main restricted 11 | 12 | # Enabling Trusty Proposed Repository 13 | # deb http://us.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse 14 | # deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse 15 | 16 | ## Major bug fix updates produced after the final release of the 17 | ## distribution. 18 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted 19 | # deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted 20 | 21 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 22 | ## team. Also, please note that software in universe WILL NOT receive any 23 | ## review or updates from the Ubuntu security team. 24 | deb http://us.archive.ubuntu.com/ubuntu/ trusty universe 25 | # deb-src http://us.archive.ubuntu.com/ubuntu/ trusty universe 26 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates universe 27 | # deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates universe 28 | 29 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 30 | ## team, and may not be under a free licence. Please satisfy yourself as to 31 | ## your rights to use the software. Also, please note that software in 32 | ## multiverse WILL NOT receive any review or updates from the Ubuntu 33 | ## security team. 34 | deb http://us.archive.ubuntu.com/ubuntu/ trusty multiverse 35 | # deb-src http://us.archive.ubuntu.com/ubuntu/ trusty multiverse 36 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse 37 | # deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse 38 | 39 | ## N.B. software from this repository may not have been tested as 40 | ## extensively as that contained in the main release, although it includes 41 | ## newer versions of some applications which may provide useful features. 42 | ## Also, please note that software in backports WILL NOT receive any review 43 | ## or updates from the Ubuntu security team. 44 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse 45 | # deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse 46 | 47 | deb http://security.ubuntu.com/ubuntu trusty-security main restricted 48 | # deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted 49 | deb http://security.ubuntu.com/ubuntu trusty-security universe 50 | # deb-src http://security.ubuntu.com/ubuntu trusty-security universe 51 | deb http://security.ubuntu.com/ubuntu trusty-security multiverse 52 | # deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse 53 | 54 | ## Uncomment the following two lines to add software from Canonical's 55 | ## 'partner' repository. 56 | ## This software is not part of Ubuntu, but is offered by Canonical and the 57 | ## respective vendors as a service to Ubuntu users. 58 | # deb http://archive.canonical.com/ubuntu trusty partner 59 | # deb-src http://archive.canonical.com/ubuntu trusty partner 60 | 61 | ## Uncomment the following two lines to add software from Ubuntu's 62 | ## 'extras' repository. 63 | ## This software is not part of Ubuntu, but is offered by third-party 64 | ## developers who want to ship their latest software. 65 | # deb http://extras.ubuntu.com/ubuntu trusty main 66 | # deb-src http://extras.ubuntu.com/ubuntu trusty main 67 | -------------------------------------------------------------------------------- /ansible/roles/bootstrap/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Ubuntu Trusty default sources.list 16 | copy: src=sources.list 17 | dest=/etc/apt/sources.list 18 | owner=root 19 | group=root 20 | mode=0644 21 | 22 | - name: Ubuntu Cloud Archive for OpenStack Kilo 23 | apt_repository: repo='deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/kilo main' 24 | 25 | - name: Installing Cloud Archive Keyring before first update 26 | apt: name=ubuntu-cloud-keyring state=present 27 | 28 | - name: PPA Repositry of Ubuntu Cloud Archive for OpenStack Kilo with custom patches 29 | apt_repository: repo='ppa:sandvine/cloud-archive-kilo' 30 | 31 | - name: Running apt-get update 32 | apt: update_cache=yes 33 | 34 | #- name: Running apt-get dist-upgrade 35 | # apt: upgrade=dist 36 | 37 | 38 | - name: Installing base packages 39 | action: apt pkg={{item}} state=installed 40 | with_items: 41 | - curl 42 | - ntp 43 | - openssl 44 | - iptables 45 | - htop 46 | - iftop 47 | - iotop 48 | - iptraf-ng 49 | - iperf3 50 | - logtop 51 | - mtr-tiny 52 | - ngrep 53 | - sysstat 54 | - tcpdump 55 | - tcpick 56 | - psmisc 57 | - tmux 58 | - tzdata 59 | - vim-nox 60 | - patch 61 | - python-mysqldb 62 | 63 | 64 | - name: Installing Linux 4.2 for Ubuntu LTS 65 | action: apt pkg={{item}} state=installed 66 | with_items: 67 | - linux-generic-lts-wily 68 | 69 | 70 | #- name: Configure UTC timezone 71 | # copy: src=timezone 72 | # dest=/etc/timezone 73 | # owner=root 74 | # group=root 75 | # mode=0644 76 | # notify: 77 | # - update timezone 78 | 79 | #- name: Write custom sysctl.conf 80 | # copy: src=sysctl.conf 81 | # dest=/etc/sysctl.conf 82 | # owner=root 83 | # group=root 84 | # mode=0644 85 | # backup=yes 86 | # notify: 87 | # - reload sysctl 88 | 89 | #- name: Write custom sshd_config 90 | # copy: src=sshd_config 91 | # dest=/etc/ssh/sshd_config 92 | # owner=root 93 | # group=root 94 | # mode=0644 95 | # backup=yes 96 | # notify: 97 | # - restart sshd 98 | 99 | 100 | #- name: Blacklist nf_conntrack module 101 | # lineinfile: dest=/etc/modprobe.d/blacklist.conf line="blacklist nf_conntrack" 102 | 103 | 104 | - lineinfile: dest=/etc/modules line="dummy numdummies=3" 105 | 106 | - name: Loading dummy network module 107 | command: 'modprobe dummy numdummies=3' 108 | register: dummy_loaded 109 | 110 | # blockinfile not support by Ansible upstream, need a cool solution for this 111 | #- name: Configuring Dummy interfaces 112 | # blockinfile: 113 | # dest: /etc/network/interfaces 114 | # content: | 115 | # allow-hotplug dummy0 116 | # iface dummy0 inet manual 117 | # up ip link set dev $IFACE up 118 | # down ip link set dev $IFACE down 119 | # 120 | # allow-hotplug dummy1 121 | # iface dummy1 inet static 122 | # mtu 9000 123 | # address 10.0.0.1 124 | # netmask 24 125 | # when: dummy_loaded 126 | 127 | 128 | - name: Check root's htop config directory 129 | file: path=/root/.config/htop 130 | state=directory 131 | 132 | - name: Write root's htoprc 133 | copy: src=htoprc 134 | dest=/root/.config/htop/htoprc 135 | owner=root 136 | group=root 137 | mode=0644 138 | -------------------------------------------------------------------------------- /ansible/roles/cinder/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Installing Cinder Server 16 | action: apt pkg={{item}} state=installed 17 | with_items: 18 | - cinder-api 19 | - cinder-scheduler 20 | register: cinder_installed 21 | 22 | - name: Stopping Cinder API 23 | service: name=cinder-api state=stopped 24 | when: cinder_installed|changed 25 | register: api_stopped 26 | 27 | - name: Stopping Cinder Registry 28 | service: name=cinder-scheduler state=stopped 29 | when: cinder_installed|changed 30 | register: registry_stopped 31 | 32 | - name: Removing non-used sqlite database 33 | file: path=/var/lib/cinder/cinder.sqlite state=absent 34 | when: cinder_installed 35 | register: cinder_cleaned 36 | 37 | 38 | 39 | - name: Updating cinder.conf 40 | template: src=cinder.conf 41 | dest=/etc/cinder/cinder.conf 42 | owner=cinder 43 | group=cinder 44 | mode=0640 45 | backup=yes 46 | when: api_stopped|changed and registry_stopped|changed and item.os_project == "cinder" 47 | with_items: mysql_databases 48 | register: cinder_cfg_updated 49 | 50 | 51 | - name: Populating Cinder Database 52 | shell: su -s /bin/sh -c "cinder-manage db sync" cinder 53 | when: cinder_cfg_updated|changed 54 | register: cinder_populated 55 | 56 | - name: Starting Cinder API 57 | service: name=cinder-api state=restarted 58 | when: cinder_populated|changed 59 | register: apt_started 60 | 61 | - name: Starting Cinder Registry 62 | service: name=cinder-scheduler state=restarted 63 | when: cinder_populated|changed 64 | register: registry_started 65 | -------------------------------------------------------------------------------- /ansible/roles/cinder/templates/cinder.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | 3 | my_ip = {{ansible_eth0.ipv4.address}} 4 | glance_host = {{controller_addr}} 5 | 6 | osapi_volume_listen = :: 7 | 8 | rootwrap_config = /etc/cinder/rootwrap.conf 9 | api_paste_confg = /etc/cinder/api-paste.ini 10 | iscsi_helper = tgtadm 11 | volume_name_template = volume-%s 12 | volume_group = cinder-volumes 13 | verbose = True 14 | auth_strategy = keystone 15 | state_path = /var/lib/cinder 16 | volumes_dir = /var/lib/cinder/volumes 17 | 18 | volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver 19 | 20 | rpc_backend = rabbit 21 | 22 | [oslo_messaging_rabbit] 23 | rabbit_host = {{controller_addr}} 24 | rabbit_userid = {{rabbit_userid}} 25 | rabbit_password = {{rabbit_password}} 26 | 27 | [oslo_concurrency] 28 | lock_path = /var/lock/cinder 29 | 30 | [database] 31 | connection = mysql://{{item.db_user}}:{{item.db_pass}}@{{controller_addr}}/{{item.db_name}} 32 | 33 | [keystone_authtoken] 34 | auth_uri = http://{{public_addr}}:5000 35 | auth_url = http://{{controller_addr}}:35357 36 | auth_plugin = password 37 | project_domain_id = default 38 | user_domain_id = default 39 | project_name = service 40 | username = cinder 41 | password = {{service_password}} 42 | -------------------------------------------------------------------------------- /ansible/roles/glance/tasks/default-images.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # TODO: 16 | # 1- Update Glance images with: shorter names plus description 17 | 18 | - name: Adding a few Operating System images into Glance 19 | environment: admin_openrc_env 20 | command: "{{item}}" 21 | with_items: 22 | - glance image-create --location http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1503.qcow2c --name "CentOS 7 - 64-bit - Cloud Based Image" --is-public true --container-format bare --disk-format qcow2 23 | - glance image-create --location http://cloud.centos.org/centos/6.6/images/CentOS-6-x86_64-GenericCloud-20141129_01.qcow2c --name "CentOS 6.6 - 64-bit - Cloud Based Image" --is-public true --container-format bare --disk-format qcow2 24 | - glance image-create --location http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-i386-disk.img --name "CirrOS 0.3.4 - Minimalist - 32-bit - Cloud Based Image" --is-public true --container-format bare --disk-format qcow2 25 | - glance image-create --location http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img --name "CirrOS 0.3.4 - Minimalist - 64-bit - Cloud Based Image" --is-public true --container-format bare --disk-format qcow2 26 | - glance image-create --location http://uec-images.ubuntu.com/releases/15.04/release/ubuntu-15.04-server-cloudimg-i386-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 15.04 - Vivid Vervet - 32-bit - Cloud Based Image" 27 | - glance image-create --location http://uec-images.ubuntu.com/releases/15.04/release/ubuntu-15.04-server-cloudimg-amd64-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 15.04 - Vivid Vervet - 64-bit - Cloud Based Image" 28 | - glance image-create --location http://uec-images.ubuntu.com/releases/12.04.4/12.04.5/ubuntu-12.04-server-cloudimg-i386-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 12.04.5 LTS - Precise Pangolin - 32-bit - Cloud Based Image" 29 | - glance image-create --location http://uec-images.ubuntu.com/releases/12.04.4/12.04.5/ubuntu-12.04-server-cloudimg-amd64-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 12.04.5 LTS - Precise Pangolin - 64-bit - Cloud Based Image" 30 | - glance image-create --location http://uec-images.ubuntu.com/releases/14.04.3/release/ubuntu-14.04-server-cloudimg-i386-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 14.04.3 LTS - Trusty Tahr - 32-bit - Cloud Based Image" 31 | - glance image-create --location http://uec-images.ubuntu.com/releases/14.04.3/release/ubuntu-14.04-server-cloudimg-amd64-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 14.04.3 LTS - Trusty Tahr - 64-bit - Cloud Based Image" 32 | - glance image-create --location http://cdimage.debian.org/cdimage/openstack/8.4.0/debian-8.4.0-openstack-amd64.qcow2 --is-public true --disk-format qcow2 --container-format bare --name "Debian 8.4.0 - Jessie - 64-bit - Cloud Based Image" 33 | - glance image-update --property hw_scsi_model=virtio-scsi --property hw_disk_bus=scsi "CentOS 7 - 64-bit - Cloud Based Image" 34 | - glance image-update --property hw_scsi_model=virtio-scsi --property hw_disk_bus=scsi "CentOS 6.6 - 64-bit - Cloud Based Image" 35 | - glance image-update --property hw_scsi_model=virtio-scsi --property hw_disk_bus=scsi "CirrOS 0.3.4 - Minimalist - 32-bit - Cloud Based Image" 36 | - glance image-update --property hw_scsi_model=virtio-scsi --property hw_disk_bus=scsi "CirrOS 0.3.4 - Minimalist - 64-bit - Cloud Based Image" 37 | - glance image-update --property hw_scsi_model=virtio-scsi --property hw_disk_bus=scsi "Ubuntu 15.04 - Vivid Vervet - 32-bit - Cloud Based Image" 38 | - glance image-update --property hw_scsi_model=virtio-scsi --property hw_disk_bus=scsi "Ubuntu 15.04 - Vivid Vervet - 64-bit - Cloud Based Image" 39 | - glance image-update --property hw_scsi_model=virtio-scsi --property hw_disk_bus=scsi "Ubuntu 12.04.5 LTS - Precise Pangolin - 32-bit - Cloud Based Image" 40 | - glance image-update --property hw_scsi_model=virtio-scsi --property hw_disk_bus=scsi "Ubuntu 12.04.5 LTS - Precise Pangolin - 64-bit - Cloud Based Image" 41 | - glance image-update --property hw_scsi_model=virtio-scsi --property hw_disk_bus=scsi "Ubuntu 14.04.3 LTS - Trusty Tahr - 32-bit - Cloud Based Image" 42 | - glance image-update --property hw_scsi_model=virtio-scsi --property hw_disk_bus=scsi "Ubuntu 14.04.3 LTS - Trusty Tahr - 64-bit - Cloud Based Image" 43 | when: api_started|changed and registry_started|changed 44 | register: glance_images_created 45 | -------------------------------------------------------------------------------- /ansible/roles/glance/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Installing Glance Server 16 | action: apt pkg={{item}} state=installed 17 | with_items: 18 | - glance 19 | register: glance_installed 20 | 21 | - name: Stopping Glance API 22 | service: name=glance-api state=stopped 23 | when: glance_installed|changed 24 | register: api_stopped 25 | 26 | - name: Stopping Glance Registry 27 | service: name=glance-registry state=stopped 28 | when: glance_installed|changed 29 | register: registry_stopped 30 | 31 | - name: Removing non-used sqlite database 32 | file: path=/var/lib/glance/glance.sqlite state=absent 33 | when: glance_installed|changed 34 | register: glance_cleaned 35 | 36 | 37 | - name: Updating glance-api.conf 38 | template: src=glance-api.conf 39 | dest=/etc/glance/glance-api.conf 40 | owner=glance 41 | group=glance 42 | mode=0644 43 | backup=yes 44 | when: api_stopped|changed and registry_stopped|changed and item.os_project == "glance" 45 | with_items: mysql_databases 46 | register: glancea_cfg_updated 47 | 48 | 49 | - name: Updating glance-registry.conf 50 | template: src=glance-registry.conf 51 | dest=/etc/glance/glance-registry.conf 52 | owner=glance 53 | group=glance 54 | mode=0644 55 | backup=yes 56 | when: api_stopped|changed and registry_stopped|changed and item.os_project == "glance" 57 | with_items: mysql_databases 58 | register: glancer_cfg_updated 59 | 60 | 61 | - name: Populating Glance Database 62 | shell: su -s /bin/sh -c "glance-manage db_sync" glance 63 | when: glancea_cfg_updated|changed and glancer_cfg_updated|changed 64 | register: glance_populated 65 | 66 | - name: Starting Glance API 67 | service: name=glance-api state=restarted 68 | when: glance_populated|changed 69 | register: api_started 70 | 71 | - name: Starting Glance Registry 72 | service: name=glance-registry state=restarted 73 | when: glance_populated|changed 74 | register: registry_started 75 | 76 | 77 | - name: Wait a bit until Glance starts up properly... 78 | pause: seconds=5 79 | when: api_started|changed and registry_started|changed 80 | register: glance_ready 81 | 82 | 83 | - include: default-images.yml 84 | -------------------------------------------------------------------------------- /ansible/roles/glance/templates/glance-registry.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | # Show more verbose log output (sets INFO log level output) 3 | #verbose = False 4 | 5 | # Show debugging output in logs (sets DEBUG log level output) 6 | #debug = False 7 | 8 | # Address to bind the registry server 9 | bind_host = :: 10 | 11 | # Port the bind the registry server to 12 | bind_port = 9191 13 | 14 | # Log to this file. Make sure you do not set the same log file for both the API 15 | # and registry servers! 16 | # 17 | # If `log_file` is omitted and `use_syslog` is false, then log messages are 18 | # sent to stdout as a fallback. 19 | log_file = /var/log/glance/registry.log 20 | 21 | # Backlog requests when creating socket 22 | backlog = 4096 23 | 24 | # TCP_KEEPIDLE value in seconds when creating socket. 25 | # Not supported on OS X. 26 | #tcp_keepidle = 600 27 | 28 | # API to use for accessing data. Default value points to sqlalchemy 29 | # package. 30 | #data_api = glance.db.sqlalchemy.api 31 | 32 | # The number of child process workers that will be 33 | # created to service Registry requests. The default will be 34 | # equal to the number of CPUs available. (integer value) 35 | #workers = None 36 | 37 | # Enable Registry API versions individually or simultaneously 38 | #enable_v1_registry = True 39 | #enable_v2_registry = True 40 | 41 | # Limit the api to return `param_limit_max` items in a call to a container. If 42 | # a larger `limit` query param is provided, it will be reduced to this value. 43 | api_limit_max = 1000 44 | 45 | # If a `limit` query param is not provided in an api request, it will 46 | # default to `limit_param_default` 47 | limit_param_default = 25 48 | 49 | # Role used to identify an authenticated user as administrator 50 | #admin_role = admin 51 | 52 | # Enable DEBUG log messages from sqlalchemy which prints every database 53 | # query and response. 54 | # Default: False 55 | #sqlalchemy_debug = True 56 | 57 | # http_keepalive option. If False, server will return the header 58 | # "Connection: close", If True, server will return "Connection: Keep-Alive" 59 | # in its responses. In order to close the client socket connection 60 | # explicitly after the response is sent and read successfully by the client, 61 | # you simply have to set this option to False when you create a wsgi server. 62 | #http_keepalive = True 63 | 64 | # ================= Syslog Options ============================ 65 | 66 | # Send logs to syslog (/dev/log) instead of to file specified 67 | # by `log_file` 68 | #use_syslog = False 69 | 70 | # Facility to use. If unset defaults to LOG_USER. 71 | #syslog_log_facility = LOG_LOCAL1 72 | 73 | # ================= SSL Options =============================== 74 | 75 | # Certificate file to use when starting registry server securely 76 | #cert_file = /path/to/certfile 77 | 78 | # Private key file to use when starting registry server securely 79 | #key_file = /path/to/keyfile 80 | 81 | # CA certificate file to use to verify connecting clients 82 | #ca_file = /path/to/cafile 83 | 84 | # ============ Notification System Options ===================== 85 | 86 | # Driver or drivers to handle sending notifications. Set to 87 | # 'messaging' to send notifications to a message queue. 88 | notification_driver = noop 89 | 90 | # Default publisher_id for outgoing notifications. 91 | # default_publisher_id = image.localhost 92 | 93 | # Messaging driver used for 'messaging' notifications driver 94 | # rpc_backend = 'rabbit' 95 | 96 | # Configuration options if sending notifications via rabbitmq (these are 97 | # the defaults) 98 | rabbit_host = {{controller_addr}} 99 | rabbit_port = 5672 100 | rabbit_use_ssl = false 101 | rabbit_userid = guest 102 | rabbit_password = guest 103 | rabbit_virtual_host = / 104 | rabbit_notification_exchange = glance 105 | rabbit_notification_topic = notifications 106 | rabbit_durable_queues = False 107 | 108 | # Configuration options if sending notifications via Qpid (these are 109 | # the defaults) 110 | qpid_notification_exchange = glance 111 | qpid_notification_topic = notifications 112 | qpid_hostname = localhost 113 | qpid_port = 5672 114 | qpid_username = 115 | qpid_password = 116 | qpid_sasl_mechanisms = 117 | qpid_reconnect_timeout = 0 118 | qpid_reconnect_limit = 0 119 | qpid_reconnect_interval_min = 0 120 | qpid_reconnect_interval_max = 0 121 | qpid_reconnect_interval = 0 122 | qpid_heartbeat = 5 123 | # Set to 'ssl' to enable SSL 124 | qpid_protocol = tcp 125 | qpid_tcp_nodelay = True 126 | 127 | 128 | # =============== Policy Options ============================== 129 | 130 | [oslo_policy] 131 | # The JSON file that defines policies. 132 | # Deprecated group/name - [DEFAULT]/policy_file 133 | #policy_file = policy.json 134 | 135 | # Default rule. Enforced when a requested rule is not found. 136 | # Deprecated group/name - [DEFAULT]/policy_default_rule 137 | #policy_default_rule = default 138 | 139 | # Directories where policy configuration files are stored. 140 | # They can be relative to any directory in the search path 141 | # defined by the config_dir option, or absolute paths. 142 | # The file defined by policy_file must exist for these 143 | # directories to be searched. 144 | # Deprecated group/name - [DEFAULT]/policy_dirs 145 | #policy_dirs = policy.d 146 | 147 | # ================= Database Options ========================== 148 | 149 | [database] 150 | # The file name to use with SQLite (string value) 151 | #sqlite_db = /var/lib/glance/glance.sqlite 152 | 153 | # If True, SQLite uses synchronous mode (boolean value) 154 | #sqlite_synchronous = True 155 | 156 | # The backend to use for db (string value) 157 | # Deprecated group/name - [DEFAULT]/db_backend 158 | backend = sqlalchemy 159 | 160 | # The SQLAlchemy connection string used to connect to the 161 | # database (string value) 162 | # Deprecated group/name - [DEFAULT]/sql_connection 163 | # Deprecated group/name - [DATABASE]/sql_connection 164 | # Deprecated group/name - [sql]/connection 165 | connection = mysql://{{item.db_user}}:{{item.db_pass}}@{{controller_addr}}/{{item.db_name}} 166 | 167 | # The SQL mode to be used for MySQL sessions. This option, 168 | # including the default, overrides any server-set SQL mode. To 169 | # use whatever SQL mode is set by the server configuration, 170 | # set this to no value. Example: mysql_sql_mode= (string 171 | # value) 172 | #mysql_sql_mode = TRADITIONAL 173 | 174 | # Timeout before idle sql connections are reaped (integer 175 | # value) 176 | # Deprecated group/name - [DEFAULT]/sql_idle_timeout 177 | # Deprecated group/name - [DATABASE]/sql_idle_timeout 178 | # Deprecated group/name - [sql]/idle_timeout 179 | #idle_timeout = 3600 180 | 181 | # Minimum number of SQL connections to keep open in a pool 182 | # (integer value) 183 | # Deprecated group/name - [DEFAULT]/sql_min_pool_size 184 | # Deprecated group/name - [DATABASE]/sql_min_pool_size 185 | #min_pool_size = 1 186 | 187 | # Maximum number of SQL connections to keep open in a pool 188 | # (integer value) 189 | # Deprecated group/name - [DEFAULT]/sql_max_pool_size 190 | # Deprecated group/name - [DATABASE]/sql_max_pool_size 191 | #max_pool_size = 192 | 193 | # Maximum db connection retries during startup. (setting -1 194 | # implies an infinite retry count) (integer value) 195 | # Deprecated group/name - [DEFAULT]/sql_max_retries 196 | # Deprecated group/name - [DATABASE]/sql_max_retries 197 | #max_retries = 10 198 | 199 | # Interval between retries of opening a sql connection 200 | # (integer value) 201 | # Deprecated group/name - [DEFAULT]/sql_retry_interval 202 | # Deprecated group/name - [DATABASE]/reconnect_interval 203 | #retry_interval = 10 204 | 205 | # If set, use this value for max_overflow with sqlalchemy 206 | # (integer value) 207 | # Deprecated group/name - [DEFAULT]/sql_max_overflow 208 | # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow 209 | #max_overflow = 210 | 211 | # Verbosity of SQL debugging information. 0=None, 212 | # 100=Everything (integer value) 213 | # Deprecated group/name - [DEFAULT]/sql_connection_debug 214 | #connection_debug = 0 215 | 216 | # Add python stack traces to SQL as comment strings (boolean 217 | # value) 218 | # Deprecated group/name - [DEFAULT]/sql_connection_trace 219 | #connection_trace = False 220 | 221 | # If set, use this value for pool_timeout with sqlalchemy 222 | # (integer value) 223 | # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout 224 | #pool_timeout = 225 | 226 | # Enable the experimental use of database reconnect on 227 | # connection lost (boolean value) 228 | #use_db_reconnect = False 229 | 230 | # seconds between db connection retries (integer value) 231 | #db_retry_interval = 1 232 | 233 | # Whether to increase interval between db connection retries, 234 | # up to db_max_retry_interval (boolean value) 235 | #db_inc_retry_interval = True 236 | 237 | # max seconds between db connection retries, if 238 | # db_inc_retry_interval is enabled (integer value) 239 | #db_max_retry_interval = 10 240 | 241 | # maximum db connection retries before error is raised. 242 | # (setting -1 implies an infinite retry count) (integer value) 243 | #db_max_retries = 20 244 | 245 | [keystone_authtoken] 246 | auth_uri = http://{{public_addr}}:5000 247 | auth_url = http://{{controller_addr}}:35357 248 | auth_plugin = password 249 | project_domain_id = default 250 | user_domain_id = default 251 | project_name = service 252 | username = glance 253 | password = {{service_password}} 254 | 255 | [paste_deploy] 256 | # Name of the paste configuration file that defines the available pipelines 257 | #config_file = glance-registry-paste.ini 258 | 259 | # Partial name of a pipeline in your paste configuration file with the 260 | # service name removed. For example, if your paste section name is 261 | # [pipeline:glance-registry-keystone], you would configure the flavor below 262 | # as 'keystone'. 263 | flavor = keystone 264 | 265 | [profiler] 266 | # If False fully disable profiling feature. 267 | #enabled = False 268 | 269 | # If False doesn't trace SQL requests. 270 | #trace_sqlalchemy = False 271 | -------------------------------------------------------------------------------- /ansible/roles/heat/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Installing Heat 16 | action: apt pkg={{item}} state=installed 17 | with_items: 18 | - heat-api 19 | - heat-api-cfn 20 | - heat-engine 21 | - python-heatclient 22 | register: heat_installed 23 | 24 | - name: Stopping Heat API 25 | service: name=heat-api state=stopped 26 | when: heat_installed|changed 27 | register: api_stopped 28 | 29 | - name: Stopping Heat API CFN 30 | service: name=heat-api-cfn state=stopped 31 | when: heat_installed|changed 32 | register: api_cfn_stopped 33 | 34 | - name: Stopping Heat Engine 35 | service: name=heat-engine state=stopped 36 | when: heat_installed|changed 37 | register: engine_stopped 38 | 39 | - name: Removing non-used sqlite database 40 | file: path=/var/lib/heat/heat.sqlite state=absent 41 | when: heat_installed|changed 42 | register: heat_cleaned 43 | 44 | 45 | - name: Updating heat.conf 46 | template: src=heat.conf 47 | dest=/etc/heat/heat.conf 48 | owner=heat 49 | group=heat 50 | mode=0640 51 | backup=yes 52 | when: heat_installed|changed and item.os_project == "heat" 53 | with_items: mysql_databases 54 | register: heat_cfg_updated 55 | 56 | 57 | - name: Setting up Heat Domain with heat-keystone-setup-domain 58 | environment: admin_openrc_env 59 | shell: domid=$(heat-keystone-setup-domain --stack-user-domain-name heat_user_domain --stack-domain-admin heat_domain_admin --stack-domain-admin-password calor_do_heat | grep stack_user_domain_id | cut -d = -f 2) ; sed -i -e 's/^#stack_user_domain_id=/stack_user_domain_id='$domid'/g' /etc/heat/heat.conf 60 | when: heat_cfg_updated|changed 61 | register: heat_ready 62 | 63 | 64 | - name: Populating Heat Database 65 | shell: su -s /bin/sh -c "heat-manage db_sync" heat 66 | register: heat_populated 67 | when: heat_ready|changed 68 | 69 | 70 | - name: Starting Heat API 71 | service: name=heat-api state=restarted 72 | when: heat_populated|changed 73 | register: api_started 74 | 75 | - name: Starting Heat API CFN 76 | service: name=heat-api-cfn state=restarted 77 | when: heat_populated|changed 78 | register: api_cfn_stopped 79 | 80 | - name: Starting Heat Engine 81 | service: name=heat-engine state=restarted 82 | when: heat_populated|changed 83 | register: engine_started 84 | -------------------------------------------------------------------------------- /ansible/roles/horizon/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Installing Horizon Dashboard 16 | action: apt pkg=openstack-dashboard state=installed 17 | register: horizon_installed 18 | 19 | - name: Removing Horizon Ubuntu theme 20 | action: apt pkg=openstack-dashboard-ubuntu-theme state=absent 21 | 22 | 23 | - name: Updating local_settings.py 24 | template: src=local_settings.py 25 | dest=/etc/openstack-dashboard/local_settings.py 26 | owner=root 27 | group=root 28 | mode=0644 29 | backup=yes 30 | when: horizon_installed|changed 31 | register: horizon_cnf_updated 32 | 33 | - name: Updating openstack-dashboard.conf 34 | template: src=openstack-dashboard.conf 35 | dest=/etc/apache2/conf-available/openstack-dashboard.conf 36 | owner=root 37 | group=root 38 | mode=0644 39 | backup=yes 40 | when: horizon_installed|changed 41 | register: apache2_cnf_updated 42 | 43 | 44 | - name: Restarting Apache 45 | service: name=apache2 state=restarted 46 | when: horizon_cnf_updated|changed or apache2_cnf_updated|changed 47 | -------------------------------------------------------------------------------- /ansible/roles/horizon/templates/openstack-dashboard.conf: -------------------------------------------------------------------------------- 1 | WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi 2 | WSGIDaemonProcess horizon user=horizon group=horizon processes=3 threads=10 3 | WSGIProcessGroup horizon 4 | Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ 5 | Alias /horizon/static /usr/share/openstack-dashboard/openstack_dashboard/static/ 6 | 7 | Order allow,deny 8 | Allow from all 9 | 10 | -------------------------------------------------------------------------------- /ansible/roles/keystone/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Installing Keystone Server 16 | action: apt pkg={{item}} state=installed 17 | with_items: 18 | - keystone 19 | - python-openstackclient 20 | register: keystone_installed 21 | 22 | - name: Stopping Keystone 23 | service: name=keystone state=stopped 24 | when: keystone_installed|changed 25 | register: keystone_stopped 26 | 27 | - name: Removing non-used sqlite database 28 | file: path=/var/lib/keystone/keystone.db state=absent 29 | when: keystone_installed|changed 30 | register: keystone_cleaned 31 | 32 | 33 | - name: Updating keystone.conf 34 | template: src=keystone.conf 35 | dest=/etc/keystone/keystone.conf 36 | owner=root 37 | group=root 38 | mode=0644 39 | backup=yes 40 | when: keystone_stopped|changed 41 | register: keystone_cfg_updated 42 | 43 | 44 | - name: Populating Keystone Database 45 | shell: su -s /bin/sh -c "keystone-manage db_sync" keystone 46 | when: keystone_cfg_updated|changed 47 | register: keystone_populated 48 | 49 | 50 | - name: Starting Keystone 51 | service: name=keystone state=restarted 52 | when: keystone_populated|changed and keystone_cleaned|changed 53 | register: keystone_started 54 | 55 | - name: Wait a bit until Kestone starts up properly... 56 | pause: seconds=5 57 | when: keystone_started|changed 58 | register: keystone_ready 59 | 60 | 61 | - include: openstack-pur.yml 62 | 63 | - include: openstack-services.yml 64 | 65 | - include: openstack-endpoints.yml 66 | 67 | - include: openrc-files.yml 68 | -------------------------------------------------------------------------------- /ansible/roles/keystone/tasks/openrc-files.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Creating admin-openrc.sh file 16 | template: src=admin-openrc.sh 17 | dest=/home/administrative/admin-openrc.sh 18 | owner=administrative 19 | group=administrative 20 | mode=0640 21 | 22 | - name: Creating demo-openrc.sh file 23 | template: src=demo-openrc.sh 24 | dest=/home/administrative/demo-openrc.sh 25 | owner=administrative 26 | group=administrative 27 | mode=0640 28 | -------------------------------------------------------------------------------- /ansible/roles/keystone/tasks/openstack-endpoints.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Creating OpenStack Endpoint 16 | environment: openstack_env 17 | command: "{{item}}" 18 | with_items: 19 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:5000/v2.0 --internalurl http://{{controller_addr}}:5000/v2.0 --adminurl http://{{controller_addr}}:35357/v2.0 identity 20 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:5000/v3 --internalurl http://{{controller_addr}}:5000/v3 --adminurl http://{{controller_addr}}:35357/v3 identity 21 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:9292 --internalurl http://{{controller_addr}}:9292 --adminurl http://{{controller_addr}}:9292 image 22 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:8774/v2/%\(tenant_id\)s --internalurl http://{{controller_addr}}:8774/v2/%\(tenant_id\)s --adminurl http://{{controller_addr}}:8774/v2/%\(tenant_id\)s compute 23 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:8774/v3 --internalurl http://{{controller_addr}}:8774/v3 --adminurl http://{{controller_addr}}:8774/v3 computev3 24 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:9696 --internalurl http://{{controller_addr}}:9696 --adminurl http://{{controller_addr}}:9696 network 25 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:8776/v2/%\(tenant_id\)s --internalurl http://{{controller_addr}}:8776/v2/%\(tenant_id\)s --adminurl http://{{controller_addr}}:8776/v2/%\(tenant_id\)s volume 26 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:8776/v2/%\(tenant_id\)s --internalurl http://{{controller_addr}}:8776/v2/%\(tenant_id\)s --adminurl http://{{controller_addr}}:8776/v2/%\(tenant_id\)s volumev2 27 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:8004/v1/%\(tenant_id\)s --internalurl http://{{controller_addr}}:8004/v1/%\(tenant_id\)s --adminurl http://{{controller_addr}}:8004/v1/%\(tenant_id\)s orchestration 28 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:8000/v1 --internalurl http://{{controller_addr}}:8000/v1 --adminurl http://{{controller_addr}}:8000/v1 cloudformation 29 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:8773/services/Cloud --internalurl http://{{controller_addr}}:8773/services/Cloud --adminurl http://{{controller_addr}}:8773/services/Admin ec2 30 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:8080/v1/AUTH_%\(tenant_id\)s --internalurl http://{{controller_addr}}:8080/v1/AUTH_%\(tenant_id\)s --adminurl http://{{controller_addr}}:8080/v1 swift 31 | - openstack endpoint create --region "{{region}}" --publicurl http://{{public_addr}}:8777 --internalurl http://{{controller_addr}}:8777 --adminurl http://{{controller_addr}}:8777 metering 32 | when: keystone_started|changed 33 | register: openstack_endpoint_ready 34 | -------------------------------------------------------------------------------- /ansible/roles/keystone/tasks/openstack-pur.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Creating OpenStack Projects, Users and Roles 16 | environment: openstack_env 17 | command: "{{item}}" 18 | with_items: 19 | - openstack project create --description "Admin Project" admin 20 | - openstack user create --password "{{admin_password}}" --email admin@{{your_domain}} admin 21 | - openstack role create admin 22 | - openstack role add --project admin --user admin admin 23 | - openstack project create --description "Service Project" service 24 | - openstack project create --description "Demo Project" demo 25 | - openstack user create --password "{{demo_password}}" --email demo@{{your_domain}} demo 26 | - openstack role create _member_ 27 | - openstack role add --project demo --user demo _member_ 28 | - openstack role create user 29 | - openstack role add --project demo --user demo user 30 | - openstack user create --password "{{service_password}}" --email glance@{{your_domain}} glance 31 | - openstack role add --project service --user glance admin 32 | - openstack user create --password "{{service_password}}" --email nova@{{your_domain}} nova 33 | - openstack role add --project service --user nova admin 34 | - openstack user create --password "{{service_password}}" --email neutron@{{your_domain}} neutron 35 | - openstack role add --project service --user neutron admin 36 | - openstack user create --password "{{service_password}}" --email cinder@{{your_domain}} cinder 37 | - openstack role add --project service --user cinder admin 38 | - openstack user create --password "{{service_password}}" --email swift@{{your_domain}} swift 39 | - openstack role add --project service --user swift admin 40 | - openstack user create --password "{{service_password}}" --email heat@{{your_domain}} heat 41 | - openstack role add --project service --user heat admin 42 | - openstack role create heat_stack_owner 43 | - openstack role add --project demo --user demo heat_stack_owner 44 | - openstack role create heat_stack_user 45 | - openstack user create --password "{{service_password}}" --email ceilometer@{{your_domain}} ceilometer 46 | - openstack role add --project service --user ceilometer admin 47 | - openstack user create --password "{{service_password}}" --email trove@{{your_domain}} trove 48 | - openstack role add --project service --user trove admin 49 | when: keystone_started|changed 50 | register: openstack_pur_ready 51 | -------------------------------------------------------------------------------- /ansible/roles/keystone/tasks/openstack-services.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Creating OpenStack Services 16 | environment: openstack_env 17 | command: "{{item}}" 18 | with_items: 19 | - openstack service create --name keystone --description "OpenStack Identity" identity 20 | - openstack service create --name glance --description "OpenStack Image service" image 21 | - openstack service create --name nova --description "OpenStack Compute" compute 22 | - openstack service create --name novav3 --description "OpenStack Compute V3" computev3 23 | - openstack service create --name neutron --description "OpenStack Networking" network 24 | - openstack service create --name cinder --description "OpenStack Block Storage" volume 25 | - openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 26 | - openstack service create --name heat --description "Orchestration" orchestration 27 | - openstack service create --name heat-cfn --description "Orchestration" cloudformation 28 | - openstack service create --name ec2 --description "EC2 Compatibility Layer" ec2 29 | - openstack service create --name swift --description "Swift Service" object-store 30 | - openstack service create --name ceilometer --description "OpenStack Metering Service" metering 31 | when: keystone_started|changed 32 | register: openstack_srvc_ready 33 | -------------------------------------------------------------------------------- /ansible/roles/keystone/templates/admin-openrc.sh: -------------------------------------------------------------------------------- 1 | export OS_PROJECT_DOMAIN_ID=default 2 | export OS_USER_DOMAIN_ID=default 3 | export OS_PROJECT_NAME=admin 4 | export OS_TENANT_NAME=admin 5 | export OS_USERNAME=admin 6 | export OS_PASSWORD={{admin_password}} 7 | export OS_AUTH_URL=http://{{controller_addr}}:35357/v3 8 | -------------------------------------------------------------------------------- /ansible/roles/keystone/templates/demo-openrc.sh: -------------------------------------------------------------------------------- 1 | export OS_PROJECT_DOMAIN_ID=default 2 | export OS_USER_DOMAIN_ID=default 3 | export OS_PROJECT_NAME=demo 4 | export OS_TENANT_NAME=demo 5 | export OS_USERNAME=demo 6 | export OS_PASSWORD={{demo_password}} 7 | export OS_AUTH_URL=http://{{public_addr}}:5000/v3 8 | -------------------------------------------------------------------------------- /ansible/roles/memcached/files/memcached.conf: -------------------------------------------------------------------------------- 1 | # memcached default config file 2 | # 2003 - Jay Bonci 3 | # This configuration file is read by the start-memcached script provided as 4 | # part of the Debian GNU/Linux distribution. 5 | 6 | # Run memcached as a daemon. This command is implied, and is not needed for the 7 | # daemon to run. See the README.Debian that comes with this package for more 8 | # information. 9 | -d 10 | 11 | # Log memcached's output to /var/log/memcached 12 | logfile /var/log/memcached.log 13 | 14 | # Be verbose 15 | # -v 16 | 17 | # Be even more verbose (print client commands as well) 18 | # -vv 19 | 20 | # Start with a cap of 64 megs of memory. It's reasonable, and the daemon default 21 | # Note that the daemon will grow to this size, but does not start out holding this much 22 | # memory 23 | -m 64 24 | 25 | # Default connection port is 11211 26 | -p 11211 27 | 28 | # Run the daemon as root. The start-memcached will default to running as root if no 29 | # -u command is present in this config file 30 | -u memcache 31 | 32 | # Specify which IP address to listen on. The default is to listen on all IP addresses 33 | # This parameter is one of the only security measures that memcached has, so make sure 34 | # it's listening on a firewalled interface. 35 | -l 0.0.0.0 36 | 37 | # Limit the number of simultaneous incoming connections. The daemon default is 1024 38 | # -c 1024 39 | 40 | # Lock down all paged memory. Consult with the README and homepage before you do this 41 | # -k 42 | 43 | # Return error when memory is exhausted (rather than removing items) 44 | # -M 45 | 46 | # Maximize core file limit 47 | # -r 48 | -------------------------------------------------------------------------------- /ansible/roles/memcached/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Installing Memcached Server 16 | action: apt pkg={{item}} state=installed 17 | with_items: 18 | - memcached 19 | register: memcached_installed 20 | 21 | - name: Updating memcached.conf 22 | copy: src=memcached.conf 23 | dest=/etc/memcached.conf 24 | owner=root 25 | group=root 26 | mode=0644 27 | backup=yes 28 | when: memcached_installed|changed 29 | register: memcached_conf_updated 30 | 31 | - name: Restarting Memcached 32 | service: name=memcached state=restarted 33 | when: memcached_conf_updated|changed 34 | register: memcached_restarted 35 | -------------------------------------------------------------------------------- /ansible/roles/mysql/files/my.cnf: -------------------------------------------------------------------------------- 1 | # 2 | # The MySQL database server configuration file. 3 | # 4 | # You can copy this to one of: 5 | # - "/etc/mysql/my.cnf" to set global options, 6 | # - "~/.my.cnf" to set user-specific options. 7 | # 8 | # One can use all long options that the program supports. 9 | # Run program with --help to get a list of available options and with 10 | # --print-defaults to see which it would actually understand and use. 11 | # 12 | # For explanations see 13 | # http://dev.mysql.com/doc/mysql/en/server-system-variables.html 14 | 15 | # This will be passed to all mysql clients 16 | # It has been reported that passwords should be enclosed with ticks/quotes 17 | # escpecially if they contain "#" chars... 18 | # Remember to edit /etc/mysql/debian.cnf when changing the socket location. 19 | [client] 20 | port = 3306 21 | socket = /var/run/mysqld/mysqld.sock 22 | 23 | # Here is entries for some specific programs 24 | # The following values assume you have at least 32M ram 25 | 26 | # This was formally known as [safe_mysqld]. Both versions are currently parsed. 27 | [mysqld_safe] 28 | socket = /var/run/mysqld/mysqld.sock 29 | nice = 0 30 | 31 | [mysqld] 32 | # 33 | # * Basic Settings 34 | # 35 | user = mysql 36 | pid-file = /var/run/mysqld/mysqld.pid 37 | socket = /var/run/mysqld/mysqld.sock 38 | port = 3306 39 | basedir = /usr 40 | datadir = /var/lib/mysql 41 | tmpdir = /tmp 42 | lc-messages-dir = /usr/share/mysql 43 | skip-external-locking 44 | # 45 | # * For OpenStack 46 | # 47 | default-storage-engine = innodb 48 | collation-server = utf8_general_ci 49 | init-connect='SET NAMES utf8' 50 | character-set-server = utf8 51 | innodb_file_per_table 52 | # 53 | # Instead of skip-networking the default is now to listen only on 54 | # localhost which is more compatible and is not less secure. 55 | bind-address = :: 56 | # 57 | # * Fine Tuning 58 | # 59 | key_buffer = 16M 60 | max_allowed_packet = 16M 61 | thread_stack = 192K 62 | thread_cache_size = 8 63 | # This replaces the startup script and checks MyISAM tables if needed 64 | # the first time they are touched 65 | myisam-recover = BACKUP 66 | max_connections = 10000 67 | #table_cache = 64 68 | #thread_concurrency = 10 69 | # 70 | # * Query Cache Configuration 71 | # 72 | query_cache_limit = 1M 73 | query_cache_size = 16M 74 | # 75 | # * Logging and Replication 76 | # 77 | # Both location gets rotated by the cronjob. 78 | # Be aware that this log type is a performance killer. 79 | # As of 5.1 you can enable the log at runtime! 80 | #general_log_file = /var/log/mysql/mysql.log 81 | #general_log = 1 82 | # 83 | # Error log - should be very few entries. 84 | # 85 | log_error = /var/log/mysql/error.log 86 | # 87 | # Here you can see queries with especially long duration 88 | #log_slow_queries = /var/log/mysql/mysql-slow.log 89 | #long_query_time = 2 90 | #log-queries-not-using-indexes 91 | # 92 | # The following can be used as easy to replay backup logs or for replication. 93 | # note: if you are setting up a replication slave, see README.Debian about 94 | # other settings you may need to change. 95 | #server-id = 1 96 | #log_bin = /var/log/mysql/mysql-bin.log 97 | expire_logs_days = 10 98 | max_binlog_size = 100M 99 | #binlog_do_db = include_database_name 100 | #binlog_ignore_db = include_database_name 101 | # 102 | # * InnoDB 103 | # 104 | # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. 105 | # Read the manual for more InnoDB related options. There are many! 106 | # 107 | # * Security Features 108 | # 109 | # Read the manual, too, if you want chroot! 110 | # chroot = /var/lib/mysql/ 111 | # 112 | # For generating SSL certificates I recommend the OpenSSL GUI "tinyca". 113 | # 114 | # ssl-ca=/etc/mysql/cacert.pem 115 | # ssl-cert=/etc/mysql/server-cert.pem 116 | # ssl-key=/etc/mysql/server-key.pem 117 | 118 | 119 | 120 | [mysqldump] 121 | quick 122 | quote-names 123 | max_allowed_packet = 16M 124 | 125 | [mysql] 126 | #no-auto-rehash # faster start of mysql but no tab completition 127 | 128 | [isamchk] 129 | key_buffer = 16M 130 | 131 | # 132 | # * IMPORTANT: Additional settings that can override those from this file! 133 | # The files must end with '.cnf', otherwise they'll be ignored. 134 | # 135 | !includedir /etc/mysql/conf.d/ 136 | -------------------------------------------------------------------------------- /ansible/roles/mysql/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Installing MySQL Server 16 | action: apt pkg={{item}} state=installed 17 | with_items: 18 | - mysql-server 19 | register: mysql_installed 20 | 21 | - name: Updating my.cnf 22 | copy: src=my.cnf 23 | dest=/etc/mysql/my.cnf 24 | owner=root 25 | group=root 26 | mode=0644 27 | backup=yes 28 | when: mysql_installed|changed 29 | register: my_cnf_updated 30 | 31 | - name: Restarting MySQL 32 | service: name=mysql state=restarted 33 | when: my_cnf_updated|changed 34 | register: mysql_ready 35 | 36 | - name: Creating OpenStack MySQL databases 37 | mysql_db: name={{item.db_name}} state=present 38 | when: mysql_ready|changed 39 | with_items: mysql_databases 40 | 41 | - name: Creating OpenStack MySQL users 42 | mysql_user: 43 | host="{{item.db_host}}" 44 | name="{{item.db_user}}" 45 | password="{{item.db_pass}}" 46 | priv="{{item.db_name}}.*:ALL,GRANT" 47 | state=present 48 | when: mysql_ready|changed 49 | with_items: mysql_databases 50 | -------------------------------------------------------------------------------- /ansible/roles/neutron_aio/files/dnsmasq-neutron.conf: -------------------------------------------------------------------------------- 1 | dhcp-option-force=26,1450 2 | -------------------------------------------------------------------------------- /ansible/roles/neutron_aio/files/sysctl.conf: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/sysctl.conf - Configuration file for setting system variables 3 | # See /etc/sysctl.d/ for additional system variables. 4 | # See sysctl.conf (5) for information. 5 | # 6 | 7 | #kernel.domainname = example.com 8 | 9 | # Uncomment the following to stop low-level messages on console 10 | #kernel.printk = 3 4 1 3 11 | 12 | ##############################################################3 13 | # Functions previously found in netbase 14 | # 15 | 16 | # Uncomment the next two lines to enable Spoof protection (reverse-path filter) 17 | # Turn on Source Address Verification in all interfaces to 18 | # prevent some spoofing attacks 19 | #net.ipv4.conf.default.rp_filter=1 20 | #net.ipv4.conf.all.rp_filter=1 21 | 22 | # Uncomment the next line to enable TCP/IP SYN cookies 23 | # See http://lwn.net/Articles/277146/ 24 | # Note: This may impact IPv6 TCP sessions too 25 | #net.ipv4.tcp_syncookies=1 26 | 27 | # Uncomment the next line to enable packet forwarding for IPv4 28 | net.ipv4.ip_forward=1 29 | 30 | # Uncomment the next line to enable packet forwarding for IPv6 31 | # Enabling this option disables Stateless Address Autoconfiguration 32 | # based on Router Advertisements for this host 33 | #net.ipv6.conf.all.forwarding=1 34 | 35 | 36 | ################################################################### 37 | # Additional settings - these settings can improve the network 38 | # security of the host and prevent against some network attacks 39 | # including spoofing attacks and man in the middle attacks through 40 | # redirection. Some network environments, however, require that these 41 | # settings are disabled so review and enable them as needed. 42 | # 43 | # Do not accept ICMP redirects (prevent MITM attacks) 44 | #net.ipv4.conf.all.accept_redirects = 0 45 | #net.ipv6.conf.all.accept_redirects = 0 46 | # _or_ 47 | # Accept ICMP redirects only for gateways listed in our default 48 | # gateway list (enabled by default) 49 | # net.ipv4.conf.all.secure_redirects = 1 50 | # 51 | # Do not send ICMP redirects (we are not a router) 52 | #net.ipv4.conf.all.send_redirects = 0 53 | # 54 | # Do not accept IP source route packets (we are not a router) 55 | #net.ipv4.conf.all.accept_source_route = 0 56 | #net.ipv6.conf.all.accept_source_route = 0 57 | # 58 | # Log Martian Packets 59 | #net.ipv4.conf.all.log_martians = 1 60 | # 61 | -------------------------------------------------------------------------------- /ansible/roles/neutron_aio/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Reload sysctl 16 | command: sysctl -p 17 | -------------------------------------------------------------------------------- /ansible/roles/neutron_aio/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Installing Neutron Server and Agents 16 | action: apt pkg={{item}} state=installed 17 | with_items: 18 | - neutron-server 19 | - neutron-plugin-ml2 20 | - python-neutronclient 21 | - neutron-l3-agent 22 | - neutron-dhcp-agent 23 | - neutron-metadata-agent 24 | register: neutron_installed 25 | 26 | - name: Installing Neutron Linux Bridge Agent 27 | action: apt pkg=neutron-plugin-linuxbridge-agent state=installed 28 | when: br_mode == 'LBR' and neutron_installed|changed 29 | register: lbr_agent_installed 30 | 31 | - name: Installing Neutron Open vSwitch Agent 32 | action: apt pkg={{item}} state=installed 33 | with_items: 34 | - openvswitch-switch 35 | - neutron-plugin-openvswitch-agent 36 | when: br_mode == 'OVS' and neutron_installed|changed 37 | register: ovs_agent_installed 38 | 39 | 40 | - name: Stopping Neutron Server and Agents 41 | command: "{{item}}" 42 | with_items: 43 | - service neutron-dhcp-agent stop 44 | - service neutron-l3-agent stop 45 | - service neutron-metadata-agent stop 46 | - service neutron-server stop 47 | ignore_errors: yes 48 | when: neutron_installed|changed 49 | register: neutron_stopped 50 | 51 | - name: Stopping Neutron Linux Bridge Agent 52 | command: service neutron-plugin-linuxbridge-agent stop 53 | ignore_errors: yes 54 | when: br_mode == 'LBR' and neutron_installed|changed 55 | 56 | - name: Stopping Neutron Open vSwitch Agent 57 | command: service neutron-plugin-openvswitch-agent stop 58 | ignore_errors: yes 59 | when: br_mode == 'OVS' and neutron_installed|changed 60 | 61 | 62 | - name: Removing non-used sqlite database 63 | file: path=/var/lib/neutron/neutron.sqlite state=absent 64 | when: neutron_installed|changed 65 | register: neutron_cleaned 66 | 67 | 68 | - name: Updating neutron.conf 69 | template: src=neutron.conf 70 | dest=/etc/neutron/neutron.conf 71 | owner=root 72 | group=neutron 73 | mode=0640 74 | backup=yes 75 | when: neutron_stopped|changed and item.os_project == "neutron" 76 | with_items: mysql_databases 77 | register: neutron_cfg_updated 78 | 79 | 80 | - name: Updating ml2_conf.ini for Linux Bridges 81 | template: src=ml2_conf.ini_linuxbridge 82 | dest=/etc/neutron/plugins/ml2/ml2_conf.ini 83 | owner=root 84 | group=neutron 85 | mode=0640 86 | backup=yes 87 | when: br_mode == 'LBR' and neutron_stopped|changed 88 | register: ml2_cfg_lbr_updated 89 | 90 | - name: Updating ml2_conf.ini for Open vSwitch 91 | template: src=ml2_conf.ini_ovs 92 | dest=/etc/neutron/plugins/ml2/ml2_conf.ini 93 | owner=root 94 | group=neutron 95 | mode=0640 96 | backup=yes 97 | when: br_mode == 'OVS' and neutron_stopped|changed 98 | register: ml2_cfg_ovs_updated 99 | 100 | 101 | - name: Updating dhcp_agent.ini 102 | template: src=dhcp_agent.ini 103 | dest=/etc/neutron/dhcp_agent.ini 104 | owner=root 105 | group=neutron 106 | mode=0644 107 | backup=yes 108 | when: neutron_stopped|changed 109 | register: dhcpa_cfg_updated 110 | 111 | - name: Updating dnsmasq-neutron.conf 112 | copy: src=dnsmasq-neutron.conf 113 | dest=/etc/neutron/dnsmasq-neutron.conf 114 | owner=root 115 | group=neutron 116 | mode=0644 117 | backup=yes 118 | when: neutron_stopped|changed 119 | register: dnsmasqn_cfg_updated 120 | 121 | - name: Updating l3_agent.ini 122 | template: src=l3_agent.ini 123 | dest=/etc/neutron/l3_agent.ini 124 | owner=root 125 | group=neutron 126 | mode=0644 127 | backup=yes 128 | when: neutron_stopped|changed 129 | register: l3a_cfg_updated 130 | 131 | - name: Updating metadata_agent.ini 132 | template: src=metadata_agent.ini 133 | dest=/etc/neutron/metadata_agent.ini 134 | owner=root 135 | group=neutron 136 | mode=0644 137 | backup=yes 138 | when: neutron_stopped|changed 139 | register: metadata_cfg_updated 140 | 141 | - name: Updating fwaas_driver.ini 142 | template: src=fwaas_driver.ini 143 | dest=/etc/neutron/fwaas_driver.ini 144 | owner=root 145 | group=neutron 146 | mode=0644 147 | backup=yes 148 | when: neutron_stopped|changed 149 | register: fwaasd_cfg_updated 150 | 151 | 152 | - name: Populating Neutron Database 153 | shell: su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron 154 | when: neutron_cfg_updated|changed and ml2_cfg_lbr_updated|changed or ml2_cfg_ovs_updated|changed 155 | register: neutron_populated 156 | 157 | 158 | - name: Creating Open vSwitch Bridge 159 | openvswitch_bridge: bridge=br-ex state=present 160 | when: br_mode == 'OVS' and ovs_agent_installed|changed 161 | 162 | - name: Configuring Open vSwitch Bridge Port 163 | openvswitch_port: bridge=br-ex port=dummy0 state=present 164 | when: br_mode == 'OVS' and ovs_agent_installed|changed 165 | 166 | 167 | - name: Starting Neutron Server and Agents 168 | command: "{{item}}" 169 | with_items: 170 | - service neutron-server restart 171 | - service neutron-dhcp-agent restart 172 | - service neutron-l3-agent restart 173 | - service neutron-metadata-agent restart 174 | when: neutron_populated|changed and neutron_cleaned|changed 175 | register: neutron_started 176 | 177 | - name: Starting Neutron Linux Bridge Agent 178 | command: service neutron-plugin-linuxbridge-agent start 179 | when: br_mode == 'LBR' and neutron_cleaned|changed 180 | 181 | - name: Starting Neutron Open vSwitch Agent 182 | command: service neutron-plugin-openvswitch-agent start 183 | when: br_mode == 'OVS' and neutron_cleaned|changed 184 | 185 | 186 | - name: Wait a bit until Neutron starts up properly... 187 | pause: seconds=5 188 | when: neutron_started|changed 189 | register: neutron_ready 190 | 191 | 192 | - name: Creating Neutron External Network and its subnet 193 | environment: admin_openrc_env 194 | shell: neutron net-create ext-net --router:external --provider:physical_network external --provider:network_type flat ; neutron subnet-create ext-net --name ext-subnet --allocation-pool start={{ext_net_start}},end={{ext_net_end}} --disable-dhcp --gateway {{ext_net_gateway}} {{ext_net_subnet}} 195 | when: neutron_started|changed 196 | register: neutron_net_created 197 | 198 | 199 | - name: Write custom sysctl.conf 200 | copy: src=sysctl.conf 201 | dest=/etc/sysctl.conf 202 | owner=root 203 | group=root 204 | mode=0644 205 | backup=yes 206 | notify: 207 | - Reload sysctl 208 | -------------------------------------------------------------------------------- /ansible/roles/neutron_aio/templates/dhcp_agent.ini: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | # Show debugging output in log (sets DEBUG log level output) 3 | # debug = False 4 | 5 | # The DHCP agent will resync its state with Neutron to recover from any 6 | # transient notification or rpc errors. The interval is number of 7 | # seconds between attempts. 8 | # resync_interval = 5 9 | 10 | # The DHCP agent requires an interface driver be set. Choose the one that best 11 | # matches your plugin. 12 | interface_driver = {{neutron_interface_driver}} 13 | 14 | # Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, 15 | # BigSwitch/Floodlight) 16 | # interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver 17 | 18 | # Name of Open vSwitch bridge to use 19 | # ovs_integration_bridge = br-int 20 | 21 | # Use veth for an OVS interface or not. 22 | # Support kernels with limited namespace support 23 | # (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. 24 | # ovs_use_veth = False 25 | 26 | # Example of interface_driver option for LinuxBridge 27 | # interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver 28 | 29 | # The agent can use other DHCP drivers. Dnsmasq is the simplest and requires 30 | # no additional setup of the DHCP server. 31 | dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq 32 | 33 | # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and 34 | # iproute2 package that supports namespaces). This option is deprecated and 35 | # will be removed in a future release, at which point the old behavior of 36 | # use_namespaces = True will be enforced. 37 | # use_namespaces = True 38 | 39 | # The DHCP server can assist with providing metadata support on isolated 40 | # networks. Setting this value to True will cause the DHCP server to append 41 | # specific host routes to the DHCP request. The metadata service will only 42 | # be activated when the subnet does not contain any router port. The guest 43 | # instance must be configured to request host routes via DHCP (Option 121). 44 | # enable_isolated_metadata = False 45 | 46 | # Allows for serving metadata requests coming from a dedicated metadata 47 | # access network whose cidr is 169.254.169.254/16 (or larger prefix), and 48 | # is connected to a Neutron router from which the VMs send metadata 49 | # request. In this case DHCP Option 121 will not be injected in VMs, as 50 | # they will be able to reach 169.254.169.254 through a router. 51 | # This option requires enable_isolated_metadata = True 52 | # enable_metadata_network = False 53 | 54 | # Number of threads to use during sync process. Should not exceed connection 55 | # pool size configured on server. 56 | # num_sync_threads = 4 57 | 58 | # Location to store DHCP server config files 59 | # dhcp_confs = $state_path/dhcp 60 | 61 | # Domain to use for building the hostnames 62 | dhcp_domain = {{public_addr}} 63 | 64 | # Override the default dnsmasq settings with this file 65 | dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf 66 | 67 | # Comma-separated list of DNS servers which will be used by dnsmasq 68 | # as forwarders. 69 | # dnsmasq_dns_servers = 70 | 71 | # Limit number of leases to prevent a denial-of-service. 72 | # dnsmasq_lease_max = 16777216 73 | 74 | # Location to DHCP lease relay UNIX domain socket 75 | # dhcp_lease_relay_socket = $state_path/dhcp/lease_relay 76 | 77 | # Use broadcast in DHCP replies 78 | # dhcp_broadcast_reply = False 79 | 80 | # dhcp_delete_namespaces, which is false by default, can be set to True if 81 | # namespaces can be deleted cleanly on the host running the dhcp agent. 82 | # Do not enable this until you understand the problem with the Linux iproute 83 | # utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and 84 | # you are sure that your version of iproute does not suffer from the problem. 85 | # If True, namespaces will be deleted when a dhcp server is disabled. 86 | dhcp_delete_namespaces = True 87 | 88 | # Timeout for ovs-vsctl commands. 89 | # If the timeout expires, ovs commands will fail with ALARMCLOCK error. 90 | # ovs_vsctl_timeout = 10 91 | -------------------------------------------------------------------------------- /ansible/roles/neutron_aio/templates/fwaas_driver.ini: -------------------------------------------------------------------------------- 1 | [fwaas] 2 | driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver 3 | enabled = True 4 | -------------------------------------------------------------------------------- /ansible/roles/neutron_aio/templates/l3_agent.ini: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | # Show debugging output in log (sets DEBUG log level output) 3 | # debug = False 4 | 5 | # L3 requires that an interface driver be set. Choose the one that best 6 | # matches your plugin. 7 | interface_driver = {{neutron_interface_driver}} 8 | 9 | # Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) 10 | # that supports L3 agent 11 | # interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver 12 | 13 | # Use veth for an OVS interface or not. 14 | # Support kernels with limited namespace support 15 | # (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. 16 | # ovs_use_veth = False 17 | 18 | # Example of interface_driver option for LinuxBridge 19 | # interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver 20 | 21 | # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and 22 | # iproute2 package that supports namespaces). This option is deprecated and 23 | # will be removed in a future release, at which point the old behavior of 24 | # use_namespaces = True will be enforced. 25 | # use_namespaces = True 26 | 27 | # If use_namespaces is set as False then the agent can only configure one router. 28 | 29 | # This is done by setting the specific router_id. 30 | # router_id = 31 | 32 | # When external_network_bridge is set, each L3 agent can be associated 33 | # with no more than one external network. This value should be set to the UUID 34 | # of that external network. To allow L3 agent support multiple external 35 | # networks, both the external_network_bridge and gateway_external_network_id 36 | # must be left empty. 37 | gateway_external_network_id = 38 | 39 | # With IPv6, the network used for the external gateway does not need 40 | # to have an associated subnet, since the automatically assigned 41 | # link-local address (LLA) can be used. However, an IPv6 gateway address 42 | # is needed for use as the next-hop for the default route. If no IPv6 43 | # gateway address is configured here, (and only then) the neutron router 44 | # will be configured to get its default route from router advertisements (RAs) 45 | # from the upstream router; in which case the upstream router must also be 46 | # configured to send these RAs. 47 | # The ipv6_gateway, when configured, should be the LLA of the interface 48 | # on the upstream router. If a next-hop using a global unique address (GUA) 49 | # is desired, it needs to be done via a subnet allocated to the network 50 | # and not through this parameter. 51 | # ipv6_gateway = 52 | 53 | # Indicates that this L3 agent should also handle routers that do not have 54 | # an external network gateway configured. This option should be True only 55 | # for a single agent in a Neutron deployment, and may be False for all agents 56 | # if all routers must have an external network gateway 57 | # handle_internal_only_routers = True 58 | 59 | # Name of bridge used for external network traffic. This should be set to 60 | # empty value for the linux bridge. when this parameter is set, each L3 agent 61 | # can be associated with no more than one external network. 62 | external_network_bridge = 63 | 64 | # TCP Port used by Neutron metadata server 65 | # metadata_port = 9697 66 | 67 | # Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 68 | # to disable this feature. 69 | # send_arp_for_ha = 3 70 | 71 | # seconds between re-sync routers' data if needed 72 | # periodic_interval = 40 73 | 74 | # seconds to start to sync routers' data after 75 | # starting agent 76 | # periodic_fuzzy_delay = 5 77 | 78 | # enable_metadata_proxy, which is true by default, can be set to False 79 | # if the Nova metadata server is not available 80 | # enable_metadata_proxy = True 81 | 82 | # Iptables mangle mark used to mark metadata valid requests 83 | # metadata_access_mark = 0x1 84 | 85 | # Iptables mangle mark used to mark ingress from external network 86 | # external_ingress_mark = 0x2 87 | 88 | # router_delete_namespaces, which is false by default, can be set to True if 89 | # namespaces can be deleted cleanly on the host running the L3 agent. 90 | # Do not enable this until you understand the problem with the Linux iproute 91 | # utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and 92 | # you are sure that your version of iproute does not suffer from the problem. 93 | # If True, namespaces will be deleted when a router is destroyed. 94 | router_delete_namespaces = True 95 | 96 | # Timeout for ovs-vsctl commands. 97 | # If the timeout expires, ovs commands will fail with ALARMCLOCK error. 98 | # ovs_vsctl_timeout = 10 99 | 100 | # The working mode for the agent. Allowed values are: 101 | # - legacy: this preserves the existing behavior where the L3 agent is 102 | # deployed on a centralized networking node to provide L3 services 103 | # like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. 104 | # - dvr: this mode enables DVR functionality, and must be used for an L3 105 | # agent that runs on a compute host. 106 | # - dvr_snat: this enables centralized SNAT support in conjunction with 107 | # DVR. This mode must be used for an L3 agent running on a centralized 108 | # node (or in single-host deployments, e.g. devstack). 109 | # agent_mode = legacy 110 | 111 | # Location to store keepalived and all HA configurations 112 | # ha_confs_path = $state_path/ha_confs 113 | 114 | # VRRP authentication type AH/PASS 115 | # ha_vrrp_auth_type = PASS 116 | 117 | # VRRP authentication password 118 | # ha_vrrp_auth_password = 119 | 120 | # The advertisement interval in seconds 121 | # ha_vrrp_advert_int = 2 122 | -------------------------------------------------------------------------------- /ansible/roles/neutron_aio/templates/metadata_agent.ini: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | # Show debugging output in log (sets DEBUG log level output) 3 | # debug = True 4 | 5 | # The Neutron user information for accessing the Neutron API. 6 | auth_uri = http://{{public_addr}}:5000 7 | auth_url = http://{{controller_addr}}:35357 8 | auth_region = {{region}} 9 | # Turn off verification of the certificate for ssl 10 | # auth_insecure = False 11 | # Certificate Authority public key (CA cert) file for ssl 12 | # auth_ca_cert = 13 | auth_plugin = password 14 | project_domain_id = default 15 | user_domain_id = default 16 | project_name = service 17 | username = neutron 18 | password = {{service_password}} 19 | 20 | # Network service endpoint type to pull from the keystone catalog 21 | endpoint_type = publicURL 22 | 23 | # IP address used by Nova metadata server 24 | nova_metadata_ip = {{controller_addr}} 25 | 26 | # TCP Port used by Nova metadata server 27 | # nova_metadata_port = 8775 28 | 29 | # Which protocol to use for requests to Nova metadata server, http or https 30 | # nova_metadata_protocol = http 31 | 32 | # Whether insecure SSL connection should be accepted for Nova metadata server 33 | # requests 34 | # nova_metadata_insecure = False 35 | 36 | # Client certificate for nova api, needed when nova api requires client 37 | # certificates 38 | # nova_client_cert = 39 | 40 | # Private key for nova client certificate 41 | # nova_client_priv_key = 42 | 43 | # When proxying metadata requests, Neutron signs the Instance-ID header with a 44 | # shared secret to prevent spoofing. You may select any string for a secret, 45 | # but it must match here and in the configuration used by the Nova Metadata 46 | # Server. NOTE: Nova uses the same config key, but in [neutron] section. 47 | metadata_proxy_shared_secret = {{metadata_secret}} 48 | 49 | # Location of Metadata Proxy UNIX domain socket 50 | # metadata_proxy_socket = $state_path/metadata_proxy 51 | 52 | # Metadata Proxy UNIX domain socket mode, 3 values allowed: 53 | # 'deduce': deduce mode from metadata_proxy_user/group values, 54 | # 'user': set metadata proxy socket mode to 0o644, to use when 55 | # metadata_proxy_user is agent effective user or root, 56 | # 'group': set metadata proxy socket mode to 0o664, to use when 57 | # metadata_proxy_group is agent effective group, 58 | # 'all': set metadata proxy socket mode to 0o666, to use otherwise. 59 | # metadata_proxy_socket_mode = deduce 60 | 61 | # Number of separate worker processes for metadata server. Defaults to 62 | # half the number of CPU cores 63 | # metadata_workers = 64 | 65 | # Number of backlog requests to configure the metadata server socket with 66 | # metadata_backlog = 4096 67 | 68 | # URL to connect to the cache backend. 69 | # default_ttl=0 parameter will cause cache entries to never expire. 70 | # Otherwise default_ttl specifies time in seconds a cache entry is valid for. 71 | # No cache is used in case no value is passed. 72 | # cache_url = memory://?default_ttl=5 73 | -------------------------------------------------------------------------------- /ansible/roles/neutron_aio/templates/ml2_conf.ini_linuxbridge: -------------------------------------------------------------------------------- 1 | [ml2] 2 | # (ListOpt) List of network type driver entrypoints to be loaded from 3 | # the neutron.ml2.type_drivers namespace. 4 | # 5 | type_drivers = local,flat,vlan,gre,vxlan 6 | # Example: type_drivers = flat,vlan,gre,vxlan 7 | 8 | # (ListOpt) Ordered list of network_types to allocate as tenant 9 | # networks. The default value 'local' is useful for single-box testing 10 | # but provides no connectivity between hosts. 11 | # 12 | tenant_network_types = flat,vlan,vxlan 13 | # Example: tenant_network_types = vlan,gre,vxlan 14 | 15 | # (ListOpt) Ordered list of networking mechanism driver entrypoints 16 | # to be loaded from the neutron.ml2.mechanism_drivers namespace. 17 | mechanism_drivers = {{mechanism_drivers}},l2population 18 | # Example: mechanism_drivers = openvswitch,mlnx 19 | # Example: mechanism_drivers = arista 20 | # Example: mechanism_drivers = cisco,logger 21 | # Example: mechanism_drivers = openvswitch,brocade 22 | # Example: mechanism_drivers = linuxbridge,brocade 23 | 24 | # (ListOpt) Ordered list of extension driver entrypoints 25 | # to be loaded from the neutron.ml2.extension_drivers namespace. 26 | extension_drivers = port_security 27 | # Example: extension_drivers = anewextensiondriver 28 | 29 | # =========== items for MTU selection and advertisement ============= 30 | # (IntOpt) Path MTU. The maximum permissible size of an unfragmented 31 | # packet travelling from and to addresses where encapsulated Neutron 32 | # traffic is sent. Drivers calculate maximum viable MTU for 33 | # validating tenant requests based on this value (typically, 34 | # path_mtu - max encap header size). If <=0, the path MTU is 35 | # indeterminate and no calculation takes place. 36 | # path_mtu = 0 37 | 38 | # (IntOpt) Segment MTU. The maximum permissible size of an 39 | # unfragmented packet travelling a L2 network segment. If <=0, 40 | # the segment MTU is indeterminate and no calculation takes place. 41 | # segment_mtu = 0 42 | 43 | # (ListOpt) Physical network MTUs. List of mappings of physical 44 | # network to MTU value. The format of the mapping is 45 | # :. This mapping allows specifying a 46 | # physical network MTU value that differs from the default 47 | # segment_mtu value. 48 | # physical_network_mtus = 49 | # Example: physical_network_mtus = physnet1:1550, physnet2:1500 50 | # ======== end of items for MTU selection and advertisement ========= 51 | 52 | [ml2_type_flat] 53 | # (ListOpt) List of physical_network names with which flat networks 54 | # can be created. Use * to allow flat networks with arbitrary 55 | # physical_network names. 56 | # 57 | flat_networks = external 58 | # Example:flat_networks = physnet1,physnet2 59 | # Example:flat_networks = * 60 | 61 | [ml2_type_vlan] 62 | # (ListOpt) List of [::] tuples 63 | # specifying physical_network names usable for VLAN provider and 64 | # tenant networks, as well as ranges of VLAN tags on each 65 | # physical_network available for allocation as tenant networks. 66 | # 67 | # network_vlan_ranges = 68 | # Example: network_vlan_ranges = physnet1:1000:2999,physnet2 69 | 70 | [ml2_type_gre] 71 | # (ListOpt) Comma-separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation 72 | # tunnel_id_ranges = 73 | 74 | [ml2_type_vxlan] 75 | # (ListOpt) Comma-separated list of : tuples enumerating 76 | # ranges of VXLAN VNI IDs that are available for tenant network allocation. 77 | # 78 | vni_ranges = 1:1000 79 | 80 | # (StrOpt) Multicast group for the VXLAN interface. When configured, will 81 | # enable sending all broadcast traffic to this multicast group. When left 82 | # unconfigured, will disable multicast VXLAN mode. 83 | # 84 | # vxlan_group = 85 | # Example: vxlan_group = 239.1.1.1 86 | 87 | [securitygroup] 88 | # Controls if neutron security group is enabled or not. 89 | # It should be false when you use nova security group. 90 | enable_security_group = True 91 | 92 | # Use ipset to speed-up the iptables security groups. Enabling ipset support 93 | # requires that ipset is installed on L2 agent node. 94 | enable_ipset = True 95 | 96 | firewall_driver = {{firewall_driver}} 97 | 98 | [agent] 99 | tunnel_types = vxlan 100 | 101 | [vxlan] 102 | enable_vxlan = True 103 | local_ip = {{ansible_dummy1.ipv4.address}} 104 | l2_population = True 105 | 106 | [l2pop] 107 | agent_boot_time = 180 108 | 109 | [linux_bridge] 110 | physical_interface_mappings = external:dummy0,vxlan:dummy1 111 | -------------------------------------------------------------------------------- /ansible/roles/neutron_aio/templates/ml2_conf.ini_ovs: -------------------------------------------------------------------------------- 1 | [ml2] 2 | # (ListOpt) List of network type driver entrypoints to be loaded from 3 | # the neutron.ml2.type_drivers namespace. 4 | # 5 | type_drivers = local,flat,vlan,gre,vxlan 6 | # Example: type_drivers = flat,vlan,gre,vxlan 7 | 8 | # (ListOpt) Ordered list of network_types to allocate as tenant 9 | # networks. The default value 'local' is useful for single-box testing 10 | # but provides no connectivity between hosts. 11 | # 12 | tenant_network_types = flat,vlan,vxlan 13 | # Example: tenant_network_types = vlan,gre,vxlan 14 | 15 | # (ListOpt) Ordered list of networking mechanism driver entrypoints 16 | # to be loaded from the neutron.ml2.mechanism_drivers namespace. 17 | mechanism_drivers = {{mechanism_drivers}},l2population 18 | # Example: mechanism_drivers = openvswitch,mlnx 19 | # Example: mechanism_drivers = arista 20 | # Example: mechanism_drivers = cisco,logger 21 | # Example: mechanism_drivers = openvswitch,brocade 22 | # Example: mechanism_drivers = linuxbridge,brocade 23 | 24 | # (ListOpt) Ordered list of extension driver entrypoints 25 | # to be loaded from the neutron.ml2.extension_drivers namespace. 26 | extension_drivers = port_security 27 | # Example: extension_drivers = anewextensiondriver 28 | 29 | # =========== items for MTU selection and advertisement ============= 30 | # (IntOpt) Path MTU. The maximum permissible size of an unfragmented 31 | # packet travelling from and to addresses where encapsulated Neutron 32 | # traffic is sent. Drivers calculate maximum viable MTU for 33 | # validating tenant requests based on this value (typically, 34 | # path_mtu - max encap header size). If <=0, the path MTU is 35 | # indeterminate and no calculation takes place. 36 | # path_mtu = 0 37 | 38 | # (IntOpt) Segment MTU. The maximum permissible size of an 39 | # unfragmented packet travelling a L2 network segment. If <=0, 40 | # the segment MTU is indeterminate and no calculation takes place. 41 | # segment_mtu = 0 42 | 43 | # (ListOpt) Physical network MTUs. List of mappings of physical 44 | # network to MTU value. The format of the mapping is 45 | # :. This mapping allows specifying a 46 | # physical network MTU value that differs from the default 47 | # segment_mtu value. 48 | # physical_network_mtus = 49 | # Example: physical_network_mtus = physnet1:1550, physnet2:1500 50 | # ======== end of items for MTU selection and advertisement ========= 51 | 52 | [ml2_type_flat] 53 | # (ListOpt) List of physical_network names with which flat networks 54 | # can be created. Use * to allow flat networks with arbitrary 55 | # physical_network names. 56 | # 57 | flat_networks = external 58 | # Example:flat_networks = physnet1,physnet2 59 | # Example:flat_networks = * 60 | 61 | [ml2_type_vlan] 62 | # (ListOpt) List of [::] tuples 63 | # specifying physical_network names usable for VLAN provider and 64 | # tenant networks, as well as ranges of VLAN tags on each 65 | # physical_network available for allocation as tenant networks. 66 | # 67 | # network_vlan_ranges = 68 | # Example: network_vlan_ranges = physnet1:1000:2999,physnet2 69 | 70 | [ml2_type_gre] 71 | # (ListOpt) Comma-separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation 72 | # tunnel_id_ranges = 73 | 74 | [ml2_type_vxlan] 75 | # (ListOpt) Comma-separated list of : tuples enumerating 76 | # ranges of VXLAN VNI IDs that are available for tenant network allocation. 77 | # 78 | vni_ranges = 1:1000 79 | 80 | # (StrOpt) Multicast group for the VXLAN interface. When configured, will 81 | # enable sending all broadcast traffic to this multicast group. When left 82 | # unconfigured, will disable multicast VXLAN mode. 83 | # 84 | # vxlan_group = 85 | # Example: vxlan_group = 239.1.1.1 86 | 87 | [securitygroup] 88 | # Controls if neutron security group is enabled or not. 89 | # It should be false when you use nova security group. 90 | enable_security_group = True 91 | 92 | # Use ipset to speed-up the iptables security groups. Enabling ipset support 93 | # requires that ipset is installed on L2 agent node. 94 | enable_ipset = True 95 | 96 | firewall_driver = {{firewall_driver}} 97 | 98 | [ovs] 99 | local_ip = {{ansible_dummy1.ipv4.address}} 100 | enable_tunneling = True 101 | bridge_mappings = external:br-ex 102 | 103 | [agent] 104 | tunnel_types = vxlan 105 | 106 | [l2pop] 107 | agent_boot_time = 180 108 | -------------------------------------------------------------------------------- /ansible/roles/nova_aio/files/kernel-postinst-statoverride: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | version="$1" 4 | 5 | # passing the kernel version is required 6 | [ -z "${version}" ] && exit 0 7 | 8 | dpkg-statoverride --remove /boot/vmlinuz-${version} 9 | 10 | dpkg-statoverride --update --add root root 0644 /boot/vmlinuz-${version} 11 | -------------------------------------------------------------------------------- /ansible/roles/nova_aio/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Restart libvirt-bin 16 | service: name=libvirt-bin state=restarted 17 | -------------------------------------------------------------------------------- /ansible/roles/nova_aio/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Installing Nova packages 16 | action: apt pkg={{item}} state=installed 17 | with_items: 18 | - nova-api 19 | - nova-cert 20 | - nova-conductor 21 | - nova-consoleauth 22 | - nova-novncproxy 23 | - nova-scheduler 24 | - python-novaclient 25 | - nova-compute 26 | - sysfsutils 27 | - iptables 28 | - ipset 29 | - ubuntu-virt-server 30 | - pm-utils 31 | register: nova_installed 32 | 33 | 34 | - name: Stopping all Nova services 35 | command: "{{item}}" 36 | with_items: 37 | - service nova-api stop 38 | - service nova-cert stop 39 | - service nova-compute stop 40 | - service nova-conductor stop 41 | - service nova-consoleauth stop 42 | - service nova-scheduler stop 43 | - service nova-novncproxy stop 44 | ignore_errors: yes 45 | when: nova_installed|changed 46 | register: nova_stopped 47 | 48 | 49 | - name: Removing non-used sqlite database 50 | file: path=/var/lib/nova/nova.sqlite state=absent 51 | when: nova_stopped|changed 52 | register: nova_cleaned 53 | 54 | 55 | - name: "Workarounding BUG LP #759725" 56 | copy: src=kernel-postinst-statoverride 57 | dest=/etc/kernel/postinst.d/statoverride 58 | owner=root 59 | group=root 60 | mode=0755 61 | 62 | 63 | - name: Updating nova.conf 64 | template: src=nova.conf 65 | dest=/etc/nova/nova.conf 66 | owner=nova 67 | group=nova 68 | mode=0640 69 | backup=yes 70 | when: nova_stopped|changed and item.os_project == "nova" 71 | with_items: mysql_databases 72 | register: nova_cfg_updated 73 | 74 | 75 | - name: Updating nova-compute.conf 76 | template: src=nova-compute.conf 77 | dest=/etc/nova/nova-compute.conf 78 | owner=nova 79 | group=nova 80 | mode=0640 81 | backup=yes 82 | when: nova_stopped|changed 83 | register: novac_cfg_updated 84 | 85 | 86 | - name: Populating Nova Database 87 | shell: su -s /bin/sh -c "nova-manage db sync" nova 88 | when: nova_stopped|changed and novac_cfg_updated|changed 89 | register: nova_populated 90 | 91 | 92 | - name: Starting all Nova services 93 | command: "{{item}}" 94 | with_items: 95 | - service nova-api start 96 | - service nova-cert start 97 | - service nova-compute start 98 | - service nova-conductor start 99 | - service nova-consoleauth start 100 | - service nova-scheduler start 101 | - service nova-novncproxy start 102 | when: nova_populated|changed and nova_stopped|changed 103 | register: nova_started 104 | 105 | 106 | - name: Wait a bit until Nova starts up properly... 107 | pause: seconds=5 108 | when: nova_started|changed 109 | register: nova_ready 110 | 111 | 112 | - include: nova-flavors-standards.yml 113 | 114 | 115 | - name: "Reconfiguring Libvirt and enabling VHOST_NET + KSM at the Compute Node (QEmu-KVM)" 116 | command: "{{item}}" 117 | with_items: 118 | - sed -i 's/^VHOST_NET_ENABLED=0/VHOST_NET_ENABLED=1/' /etc/default/qemu-kvm 119 | - sed -i 's/^KSM_ENABLED=AUTO/KSM_ENABLED=1/' /etc/default/qemu-kvm 120 | - sed -i 's/^#listen_tls = 0/listen_tls = 0/' /etc/libvirt/libvirtd.conf 121 | - sed -i 's/^#listen_tcp = 1/listen_tcp = 1/' /etc/libvirt/libvirtd.conf 122 | - sed -i 's/^#auth_tcp = "sasl"/auth_tcp = "none"/' /etc/libvirt/libvirtd.conf 123 | - sed -i 's/^env libvirtd_opts="-d"/env libvirtd_opts="-d -l"/' /etc/init/libvirt-bin.conf 124 | - sed -i 's/^libvirtd_opts="-d"/libvirtd_opts="-d -l"/' /etc/default/libvirt-bin 125 | notify: Restart libvirt-bin 126 | when: nova_installed|changed 127 | -------------------------------------------------------------------------------- /ansible/roles/nova_aio/tasks/nova-flavors-standards.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # OpenStack Instance Types 16 | 17 | - name: Creating new Nova Flavors 18 | environment: admin_openrc_env 19 | command: "{{item}}" 20 | with_items: 21 | # Delete default OpenStack favors 22 | - nova flavor-delete 1 23 | - nova flavor-delete 2 24 | - nova flavor-delete 3 25 | - nova flavor-delete 4 26 | - nova flavor-delete 5 27 | # SAS - Standard Flavor 28 | - nova flavor-create --ephemeral 0 --swap 128 --rxtx-factor 1.0 --is-public yes m1.micro auto 256 2 1 29 | # - nova flavor-key m1.micro set sas=true 30 | - nova flavor-create --ephemeral 2 --swap 256 --rxtx-factor 1.0 --is-public yes m1.tiny auto 512 4 1 31 | # - nova flavor-key m1.tiny set sas=true 32 | - nova flavor-create --ephemeral 8 --swap 512 --rxtx-factor 1.0 --is-public yes m1.little auto 1024 8 1 33 | # - nova flavor-key m1.little set sas=true 34 | - nova flavor-create --ephemeral 24 --swap 1024 --rxtx-factor 1.0 --is-public yes m1.small auto 2048 20 1 35 | # - nova flavor-key m1.small set sas=true 36 | - nova flavor-create --ephemeral 48 --swap 2048 --rxtx-factor 1.0 --is-public yes m1.medium auto 4096 40 2 37 | # - nova flavor-key m1.medium set sas=true 38 | - nova flavor-create --ephemeral 96 --swap 4096 --rxtx-factor 1.0 --is-public yes m1.large auto 8192 80 4 39 | # - nova flavor-key m1.large set sas=true 40 | - nova flavor-create --ephemeral 192 --swap 8192 --rxtx-factor 1.0 --is-public yes m1.xlarge auto 16384 160 8 41 | # - nova flavor-key m1.xlarge set sas=true 42 | when: nova_started|changed 43 | register: nova_flavors_created 44 | -------------------------------------------------------------------------------- /ansible/roles/nova_aio/templates/nova-compute.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | compute_driver = libvirt.LibvirtDriver 3 | 4 | [libvirt] 5 | virt_type = kvm 6 | use_virtio_for_bridges = True 7 | use_usb_tablet = True 8 | -------------------------------------------------------------------------------- /ansible/roles/nova_aio/templates/nova.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | 3 | use_ipv6 = True 4 | my_ip = {{ansible_eth0.ipv4.address}} 5 | 6 | verbose = True 7 | # debug = True 8 | 9 | log_dir = /var/log/nova 10 | state_path = /var/lib/nova 11 | 12 | s3_host = {{public_addr}} 13 | ec2_host = {{public_addr}} 14 | ec2_dmz_host = {{public_addr}} 15 | 16 | api_paste_config = /etc/nova/api-paste.ini 17 | 18 | resume_guests_state_on_host_boot = True 19 | 20 | default_ephemeral_format = ext4 21 | 22 | force_config_drive = True 23 | 24 | force_dhcp_release = True 25 | 26 | osapi_compute_listen = :: 27 | osapi_compute_listen_port = 8774 28 | 29 | # Scheduler 30 | scheduler_driver = nova.scheduler.filter_scheduler.FilterScheduler 31 | 32 | # Auth 33 | auth_strategy = keystone 34 | keystone_ec2_url = http://{{public_addr}}:5000/v2.0/ec2tokens 35 | 36 | # VNC configuration - Dual-Stacked 37 | vnc_enabled = True 38 | vncserver_listen = :: 39 | vncserver_proxyclient_address = {{controller_addr}} 40 | novnc_enabled = True 41 | novncproxy_base_url = http://{{public_addr}}:6080/vnc_auto.html 42 | novncproxy_host = :: 43 | novncproxy_port = 6080 44 | 45 | # Cinder 46 | volume_api_class = nova.volume.cinder.API 47 | 48 | # NETWORK - NEUTRON 49 | network_api_class = nova.network.neutronv2.api.API 50 | security_group_api = neutron 51 | linuxnet_interface_driver = {{linuxnet_interface_driver}} 52 | firewall_driver = nova.virt.firewall.NoopFirewallDriver 53 | 54 | [neutron] 55 | url = http://{{public_addr}}:9696/ 56 | auth_strategy = keystone 57 | admin_auth_url = http://{{controller_addr}}:35357/v2.0 58 | admin_tenant_name = service 59 | admin_username = neutron 60 | admin_password = {{service_password}} 61 | service_metadata_proxy = True 62 | metadata_proxy_shared_secret = {{metadata_secret}} 63 | 64 | # SPICE configuration - Dual-Stacked 65 | # [spice] 66 | # enabled = True 67 | # html5proxy_host = :: 68 | # html5proxy_base_url = http://{{public_addr}}:6082/spice_auto.html 69 | # keymap = en-us 70 | 71 | [database] 72 | connection = mysql://{{item.db_user}}:{{item.db_pass}}@{{controller_addr}}/{{item.db_name}} 73 | 74 | [oslo_messaging_rabbit] 75 | rabbit_host = {{controller_addr}} 76 | rabbit_userid = {{rabbit_userid}} 77 | rabbit_password = {{rabbit_password}} 78 | 79 | [oslo_concurrency] 80 | lock_path = /var/lock/nova 81 | 82 | [keystone_authtoken] 83 | auth_uri = http://{{public_addr}}:5000 84 | auth_url = http://{{controller_addr}}:35357 85 | auth_plugin = password 86 | project_domain_id = default 87 | user_domain_id = default 88 | project_name = service 89 | username = nova 90 | password = {{service_password}} 91 | 92 | # Imaging service 93 | [glance] 94 | host = {{public_addr}} 95 | -------------------------------------------------------------------------------- /ansible/roles/rabbitmq/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2016, Sandvine Incorporated 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | - name: Installing RabbitMQ Server 16 | action: apt pkg={{item}} state=installed 17 | with_items: 18 | - rabbitmq-server 19 | register: rabbitmq_installed 20 | 21 | - rabbitmq_user: user=openstack 22 | password=RABBIT_PASS 23 | vhost=/ 24 | configure_priv=.* 25 | read_priv=.* 26 | write_priv=.* 27 | state=present 28 | when: rabbitmq_installed|changed 29 | -------------------------------------------------------------------------------- /ansible/site.yml: -------------------------------------------------------------------------------- 1 | # This Playbook deploys OpenStack 2 | 3 | - hosts: all-in-one 4 | user: administrative 5 | sudo: yes 6 | roles: 7 | - role: bootstrap 8 | - role: mysql 9 | - role: rabbitmq 10 | - role: memcached 11 | - role: keystone 12 | - role: glance 13 | - role: nova_aio 14 | - role: neutron_aio 15 | - role: horizon 16 | - role: cinder 17 | - role: heat 18 | 19 | - hosts: controller_nodes 20 | user: administrative 21 | sudo: yes 22 | roles: 23 | - role: bootstrap 24 | - role: mysql 25 | - role: rabbitmq 26 | - role: memcached 27 | - role: keystone 28 | # - role: openstack_data 29 | # - role: keystone_web 30 | - role: glance 31 | # - role: glance_images 32 | # - role: nova_lbr_ctrl 33 | # - role: nova_flavors 34 | # - role: neutron_lbr_ctrl 35 | - role: horizon 36 | - role: cinder 37 | - role: heat 38 | # - role: ceilometer 39 | 40 | - hosts: network_nodes 41 | user: administrative 42 | sudo: yes 43 | roles: 44 | - role: bootstrap 45 | # - role: neutron_lbr_net_agents 46 | 47 | - hosts: compute_nodes 48 | user: administrative 49 | sudo: yes 50 | roles: 51 | - role: bootstrap 52 | # - role: nova_compute 53 | # - role: neutron_lbr_cmpt_agent 54 | 55 | - hosts: vagrant-node 56 | user: administrative 57 | sudo: yes 58 | roles: 59 | - role: bootstrap 60 | - role: mysql 61 | - role: rabbitmq 62 | - role: memcached 63 | - role: keystone 64 | - role: glance 65 | - role: nova_aio 66 | - role: neutron_aio 67 | - role: horizon 68 | - role: cinder 69 | - role: heat 70 | -------------------------------------------------------------------------------- /misc/linux-bridge-setageing.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | export LC_ALL=C 4 | 5 | for i in "$@" 6 | do 7 | case $i in 8 | 9 | --project=*) 10 | 11 | PROJECT="${i#*=}" 12 | shift 13 | ;; 14 | 15 | --stack=*) 16 | 17 | STACK="${i#*=}" 18 | shift 19 | ;; 20 | 21 | esac 22 | done 23 | 24 | 25 | if [ ! -f /usr/local/etc/$PROJECT-openrc.sh ] 26 | then 27 | echo 28 | echo "OpenStack Credentials for "$PROJECT" account not found, aborting!" 29 | exit 1 30 | else 31 | echo 32 | echo "Loading OpenStack credentials for "$PROJECT" account..." 33 | source /usr/local/etc/$PROJECT-openrc.sh 34 | fi 35 | 36 | 37 | if heat stack-show $STACK 2>&1 > /dev/null 38 | then 39 | echo 40 | echo "Stack found, proceeding..." 41 | else 42 | echo 43 | echo "Stack not found! Aborting..." 44 | exit 1 45 | fi 46 | 47 | 48 | INSTANCE_ID=$(nova list | grep $STACK-pts | awk $'{print $2}') 49 | 50 | 51 | if [ -z $INSTANCE_ID ] 52 | then 53 | echo 54 | echo "Warning! No compatible Instances was detected on your \"$STACK\" Stack!" 55 | echo "Possible causes are:" 56 | echo 57 | echo " * Missing Instance ID for one or more Sandvine's Instances." 58 | echo " * You're running a Stack that is not compatbile with Sandvine's rquirements." 59 | echo 60 | exit 1 61 | fi 62 | 63 | 64 | BRIDGES=$(virsh dumpxml $INSTANCE_ID | grep source\ bridge | tail -n 2 | awk -F\' '{print $2}' | xargs) 65 | 66 | 67 | for X in $BRIDGES; do 68 | 69 | sudo brctl setageing $X 0 70 | 71 | echo 72 | echo "Linux Bridge $X of L2 NFV Instance is now a dumb hub." 73 | 74 | done 75 | -------------------------------------------------------------------------------- /misc/os-heat-templates/nfv-l2-bridge-basic-stack-ubuntu.yaml: -------------------------------------------------------------------------------- 1 | heat_template_version: 2013-05-23 2 | 3 | description: > 4 | 5 | 6 | HOT template to create standard NFV setup, acting as a L2 Bridge between two VXLAN networks. 7 | 8 | NOTE: The "NFV Image" is just a plain Ubuntu Trusty without any kind of NFV configured. To make it work, you'll need to create a Linux L2 Bridge (or a DPDK App), using the Virtual NICs "eth1 + eth2". You can use the /etc/network/interfaces file to create the L2 Network Bridge between eth2 and eth3 (i.e., the "NFV Magic"). 9 | 10 | We have 2 Instances: 11 | 12 | * Ubuntu acting as a L2 Bridge and Policy Control 13 | 14 | Within subscriber / corporate / mobile network: 15 | 16 | * Ubuntu as a server 17 | 18 | 19 | We want to wire them as: 20 | 21 | -------|ctrl_subnet|------------- Control Network (with Internet access via router_i0) 22 | | 23 | --- 24 | | | --|Android| --|Windows| 25 | |B| | | 26 | |R| -------------------------- 27 | |I|----|data_real_subnet1 + dhcp|---|CentOS| 28 | |D| -------------------------- 29 | |G| | | | 30 | |E| | | --|Mac| 31 | | | --|Ubuntu| | 32 | |L| --|Debian| 33 | |2| 34 | | | 35 | |N| 36 | |F|------------|data_int_subnet1|----|Internet via router_i1| 37 | |V| 38 | | | 39 | --- 40 | 41 | parameters: 42 | ssh_key: 43 | type: string 44 | label: "Your SSH keypair name (pre-create please!)" 45 | description: | 46 | If you have not created your key, please go to 47 | Project/Compute/Access & Security, and either import 48 | one or create one. If you create it, make sure you keep 49 | the downloaded file (as you don't get a second chance) 50 | default: default 51 | 52 | public_network: 53 | type: string 54 | label: Public External Network 55 | description: Public Network with Floating IP addresses 56 | default: "ext-net" 57 | 58 | nfv_image: 59 | type: string 60 | label: "NFV L2 Bridge Image (default 'nfv')" 61 | description: "NFV Image" 62 | default: "Ubuntu 14.04.3 LTS - Trusty Tahr - 64-bit - Cloud Based Image" 63 | 64 | ubuntusrv1_image: 65 | type: string 66 | label: "Ubuntu Server - 64-bit" 67 | description: "Ubuntu - Trusty Thar - LTS" 68 | default: "Ubuntu 14.04.3 LTS - Trusty Tahr - 64-bit - Cloud Based Image" 69 | 70 | resources: 71 | rtr: 72 | type: OS::Neutron::Router 73 | properties: 74 | admin_state_up: True 75 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-rtr' } } 76 | external_gateway_info: 77 | network: { get_param: public_network } 78 | 79 | router_i0: 80 | type: OS::Neutron::RouterInterface 81 | properties: 82 | router: { get_resource: rtr } 83 | subnet: { get_resource: ctrl_subnet } 84 | 85 | router_i1: 86 | type: OS::Neutron::RouterInterface 87 | properties: 88 | router: { get_resource: rtr } 89 | subnet: { get_resource: data_int_subnet1 } 90 | 91 | floating_ip_1: 92 | type: OS::Neutron::FloatingIP 93 | depends_on: router_i0 94 | properties: 95 | floating_network: { get_param: public_network } 96 | 97 | basic_security_group: 98 | type: OS::Neutron::SecurityGroup 99 | properties: 100 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-basic-rules' } } 101 | rules: 102 | - protocol: icmp 103 | - protocol: tcp 104 | port_range_min: 22 105 | port_range_max: 22 106 | 107 | ctrl_net: 108 | type: OS::Neutron::Net 109 | properties: 110 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-control' } } 111 | 112 | ctrl_subnet: 113 | type: OS::Neutron::Subnet 114 | properties: 115 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-control' } } 116 | dns_nameservers: [8.8.8.8, 8.8.4.4] 117 | network: { get_resource: ctrl_net } 118 | enable_dhcp: True 119 | cidr: 192.168.192/25 120 | allocation_pools: 121 | - start: 192.168.192.50 122 | end: 192.168.192.126 123 | 124 | data_sub_net1: 125 | type: OS::Neutron::Net 126 | properties: 127 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ns1' } } 128 | 129 | data_real_subnet1: 130 | type: OS::Neutron::Subnet 131 | properties: 132 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ss1' } } 133 | dns_nameservers: [8.8.8.8, 8.8.4.4] 134 | network: { get_resource: data_sub_net1 } 135 | enable_dhcp: True 136 | cidr: 10.192/16 137 | gateway_ip: 10.192.0.1 138 | allocation_pools: 139 | - start: 10.192.0.50 140 | end: 10.192.255.254 141 | 142 | data_int_net1: 143 | type: OS::Neutron::Net 144 | properties: 145 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ni1' } } 146 | 147 | data_int_subnet1: 148 | type: OS::Neutron::Subnet 149 | properties: 150 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-si1' } } 151 | network: { get_resource: data_int_net1 } 152 | enable_dhcp: False 153 | cidr: 10.192/16 154 | allocation_pools: 155 | - start: 10.192.0.2 156 | end: 10.192.0.49 157 | 158 | nfv_ctrl_port: 159 | type: OS::Neutron::Port 160 | properties: 161 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-port"]]} 162 | network: { get_resource: ctrl_net } 163 | fixed_ips: 164 | - ip_address: 192.168.192.30 165 | security_groups: 166 | - { get_resource: basic_security_group } 167 | 168 | nfv_floating_ip_assoc: 169 | type: OS::Neutron::FloatingIPAssociation 170 | properties: 171 | floatingip_id: { get_resource: floating_ip_1 } 172 | port_id: { get_resource: nfv_ctrl_port } 173 | 174 | nfv_port_int_net1: 175 | type: OS::Neutron::Port 176 | properties: 177 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-i1-port"]]} 178 | network: { get_resource: data_int_net1 } 179 | port_security_enabled: False 180 | 181 | nfv_port_sub_net1: 182 | type: OS::Neutron::Port 183 | properties: 184 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-s1-port"]]} 185 | network: { get_resource: data_sub_net1 } 186 | port_security_enabled: False 187 | 188 | nfv: 189 | type: OS::Nova::Server 190 | properties: 191 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-nfv' } } 192 | key_name: { get_param: 'ssh_key' } 193 | image: { get_param: 'nfv_image' } 194 | flavor: "m1.small" 195 | networks: 196 | - port: { get_resource: nfv_ctrl_port } 197 | - port: { get_resource: nfv_port_sub_net1 } 198 | - port: { get_resource: nfv_port_int_net1 } 199 | user_data_format: RAW 200 | user_data: | 201 | #cloud-config 202 | system_info: 203 | default_user: 204 | name: "cloud" 205 | 206 | ubuntusrv1: 207 | type: OS::Nova::Server 208 | properties: 209 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-ubuntu-server' } } 210 | key_name: { get_param: 'ssh_key' } 211 | image: { get_param: 'ubuntusrv1_image' } 212 | flavor: "m1.small" 213 | networks: 214 | - network: { get_resource: data_sub_net1 } 215 | user_data_format: RAW 216 | user_data: | 217 | #cloud-config 218 | system_info: 219 | default_user: 220 | name: "cloud" 221 | 222 | outputs: 223 | nfv_floating_ip: 224 | description: The IP address of the deployed NFV instance 225 | value: { get_attr: [floating_ip_1, floating_ip_address] } 226 | -------------------------------------------------------------------------------- /misc/os-heat-templates/nfv-l2-bridge-centos.yaml: -------------------------------------------------------------------------------- 1 | heat_template_version: 2013-05-23 2 | 3 | description: > 4 | 5 | 6 | HOT template to create standard NFV setup, acting as a L2 Bridge between two VXLAN (or VLAN) networks. 7 | 8 | NOTE: The "NFV Image" is just a plain Linux (or FreeBSD) distribution without any kind of NFV configured. To make it work, you'll need to create a Linux L2 Bridge (or a DPDK App), using the Virtual NICs "eth2 + eth3". 9 | 10 | We have 3 Instances: 11 | 12 | * Linux acting as a L2 Bridge and Policy Control 13 | * Linux as Engine 14 | * Linux Database 15 | 16 | 17 | We want to wire them as: 18 | 19 | ----------|ctrl_subnet|------------- Control Network (with Internet access via router_i0) 20 | | | | 21 | --- --- --- 22 | | | | | | | --|Android| --|Windows| 23 | | | | | | | | | 24 | |D| |E| |B| -------------------------- 25 | |B| |N| |R|----|data_real_subnet1 + dhcp|---|CentOS| 26 | | | |G| |I| -------------------------- 27 | | | |I| |D| | | | 28 | | | |N| |G| | | --|Mac| 29 | | | |E| |E| --|Ubuntu| | 30 | | | | | | | --|Debian| 31 | | | | | |L| 32 | | | | | |2| 33 | | | | | | |------------|data_int_subnet1|----|Internet via router_i1| 34 | | | | | | | 35 | --- --- --- 36 | | | | 37 | --|service_subnet|- <-- Service Network (not routed - no gateway) 38 | 39 | parameters: 40 | ssh_key: 41 | type: string 42 | label: "Your SSH keypair name (pre-create please!)" 43 | description: | 44 | If you have not created your key, please go to 45 | Project/Compute/Access & Security, and either import 46 | one or create one. If you create it, make sure you keep 47 | the downloaded file (as you don't get a second chance) 48 | default: default 49 | 50 | public_network: 51 | type: string 52 | label: Public External Network 53 | description: Public Network with Floating IP addresses 54 | default: "ext-net" 55 | 56 | nfv_image: 57 | type: string 58 | label: "NFV L2 Bridge Image (default 'nfv')" 59 | description: "NFV Image" 60 | default: "CentOS 7 - 64-bit - Cloud Based Image" 61 | 62 | engine_image: 63 | type: string 64 | label: "Engine Image (default 'engine')" 65 | description: "Engine Image" 66 | default: "CentOS 6.6 - 64-bit - Cloud Based Image" 67 | 68 | database_image: 69 | type: string 70 | label: "Database Image (default 'database')" 71 | description: "Database Image" 72 | default: "CentOS 6.6 - 64-bit - Cloud Based Image" 73 | 74 | resources: 75 | rtr: 76 | type: OS::Neutron::Router 77 | properties: 78 | admin_state_up: True 79 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-rtr' } } 80 | external_gateway_info: 81 | network: { get_param: public_network } 82 | 83 | router_i0: 84 | type: OS::Neutron::RouterInterface 85 | properties: 86 | router: { get_resource: rtr } 87 | subnet: { get_resource: ctrl_subnet } 88 | 89 | router_i1: 90 | type: OS::Neutron::RouterInterface 91 | properties: 92 | router: { get_resource: rtr } 93 | subnet: { get_resource: data_int_subnet1 } 94 | 95 | floating_ip_1: 96 | type: OS::Neutron::FloatingIP 97 | depends_on: router_i0 98 | properties: 99 | floating_network: { get_param: public_network } 100 | 101 | floating_ip_2: 102 | type: OS::Neutron::FloatingIP 103 | depends_on: router_i0 104 | properties: 105 | floating_network: { get_param: public_network } 106 | 107 | floating_ip_3: 108 | type: OS::Neutron::FloatingIP 109 | depends_on: router_i0 110 | properties: 111 | floating_network: { get_param: public_network } 112 | 113 | engine_ctrl_sec: 114 | type: OS::Neutron::SecurityGroup 115 | properties: 116 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-engine-ctrl-rules' } } 117 | rules: 118 | - protocol: icmp 119 | - protocol: tcp 120 | port_range_min: 22 121 | port_range_max: 22 122 | - protocol: tcp 123 | port_range_min: 80 124 | port_range_max: 80 125 | - protocol: tcp 126 | port_range_min: 443 127 | port_range_max: 443 128 | 129 | engine_srvc_sec: 130 | type: OS::Neutron::SecurityGroup 131 | properties: 132 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-engine-srvc-rules' } } 133 | rules: 134 | - protocol: icmp 135 | - protocol: tcp 136 | port_range_min: 22 137 | port_range_max: 22 138 | 139 | database_ctrl_sec: 140 | type: OS::Neutron::SecurityGroup 141 | properties: 142 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-database-ctrl-rules' } } 143 | rules: 144 | - protocol: icmp 145 | - protocol: tcp 146 | port_range_min: 22 147 | port_range_max: 22 148 | 149 | database_srvc_sec: 150 | type: OS::Neutron::SecurityGroup 151 | properties: 152 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-database-srvc-rules' } } 153 | rules: 154 | - protocol: icmp 155 | - protocol: tcp 156 | port_range_min: 22 157 | port_range_max: 22 158 | - protocol: tcp 159 | port_range_min: 5432 160 | port_range_max: 5432 161 | 162 | nfv_ctrl_sec: 163 | type: OS::Neutron::SecurityGroup 164 | properties: 165 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-nfv-ctrl-rules' } } 166 | rules: 167 | - protocol: icmp 168 | - protocol: tcp 169 | port_range_min: 22 170 | port_range_max: 22 171 | 172 | nfv_srvc_sec: 173 | type: OS::Neutron::SecurityGroup 174 | properties: 175 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-nfv-srvc-rules' } } 176 | rules: 177 | - protocol: icmp 178 | - protocol: tcp 179 | port_range_min: 22 180 | port_range_max: 22 181 | 182 | ctrl_net: 183 | type: OS::Neutron::Net 184 | properties: 185 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-control' } } 186 | 187 | ctrl_subnet: 188 | type: OS::Neutron::Subnet 189 | properties: 190 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-control' } } 191 | dns_nameservers: [8.8.8.8, 8.8.4.4] 192 | network: { get_resource: ctrl_net } 193 | enable_dhcp: True 194 | cidr: 192.168.192/25 195 | allocation_pools: 196 | - start: 192.168.192.50 197 | end: 192.168.192.126 198 | 199 | service_net: 200 | type: OS::Neutron::Net 201 | properties: 202 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-service' } } 203 | 204 | service_subnet: 205 | type: OS::Neutron::Subnet 206 | properties: 207 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-service' } } 208 | dns_nameservers: [8.8.8.8, 8.8.4.4] 209 | network: { get_resource: service_net } 210 | enable_dhcp: True 211 | cidr: 192.168.192.128/25 212 | gateway_ip: "" 213 | 214 | data_sub_net1: 215 | type: OS::Neutron::Net 216 | properties: 217 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ns1' } } 218 | 219 | data_real_subnet1: 220 | type: OS::Neutron::Subnet 221 | properties: 222 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ss1' } } 223 | dns_nameservers: [8.8.8.8, 8.8.4.4] 224 | network: { get_resource: data_sub_net1 } 225 | enable_dhcp: True 226 | cidr: 10.192/16 227 | gateway_ip: 10.192.0.1 228 | allocation_pools: 229 | - start: 10.192.0.50 230 | end: 10.192.255.254 231 | 232 | data_int_net1: 233 | type: OS::Neutron::Net 234 | properties: 235 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ni1' } } 236 | 237 | data_int_subnet1: 238 | type: OS::Neutron::Subnet 239 | properties: 240 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-si1' } } 241 | network: { get_resource: data_int_net1 } 242 | enable_dhcp: False 243 | cidr: 10.192/16 244 | allocation_pools: 245 | - start: 10.192.0.2 246 | end: 10.192.0.49 247 | 248 | database_ctrl_port: 249 | type: OS::Neutron::Port 250 | properties: 251 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "database-port"]]} 252 | network: { get_resource: ctrl_net } 253 | fixed_ips: 254 | - ip_address: 192.168.192.10 255 | security_groups: 256 | - { get_resource: database_ctrl_sec } 257 | 258 | database_floating_ip_assoc: 259 | type: OS::Neutron::FloatingIPAssociation 260 | properties: 261 | floatingip_id: { get_resource: floating_ip_3 } 262 | port_id: { get_resource: database_ctrl_port } 263 | 264 | engine_ctrl_port: 265 | type: OS::Neutron::Port 266 | properties: 267 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "engine-port"]]} 268 | network: { get_resource: ctrl_net } 269 | fixed_ips: 270 | - ip_address: 192.168.192.20 271 | security_groups: 272 | - { get_resource: engine_ctrl_sec } 273 | 274 | engine_floating_ip_assoc: 275 | type: OS::Neutron::FloatingIPAssociation 276 | properties: 277 | floatingip_id: { get_resource: floating_ip_2 } 278 | port_id: { get_resource: engine_ctrl_port } 279 | 280 | nfv_ctrl_port: 281 | type: OS::Neutron::Port 282 | properties: 283 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-port"]]} 284 | network: { get_resource: ctrl_net } 285 | fixed_ips: 286 | - ip_address: 192.168.192.30 287 | security_groups: 288 | - { get_resource: nfv_ctrl_sec } 289 | 290 | nfv_floating_ip_assoc: 291 | type: OS::Neutron::FloatingIPAssociation 292 | properties: 293 | floatingip_id: { get_resource: floating_ip_1 } 294 | port_id: { get_resource: nfv_ctrl_port } 295 | 296 | database_srvc_port: 297 | type: OS::Neutron::Port 298 | properties: 299 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "database-port"]]} 300 | network: { get_resource: service_net } 301 | fixed_ips: 302 | - ip_address: 192.168.192.130 303 | 304 | engine_srvc_port: 305 | type: OS::Neutron::Port 306 | properties: 307 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "engine-port"]]} 308 | network: { get_resource: service_net } 309 | fixed_ips: 310 | - ip_address: 192.168.192.140 311 | 312 | nfv_srvc_port: 313 | type: OS::Neutron::Port 314 | properties: 315 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-port"]]} 316 | network: { get_resource: service_net } 317 | fixed_ips: 318 | - ip_address: 192.168.192.150 319 | 320 | nfv_port_int_net1: 321 | type: OS::Neutron::Port 322 | properties: 323 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-i1-port"]]} 324 | network: { get_resource: data_int_net1 } 325 | port_security_enabled: False 326 | 327 | nfv_port_sub_net1: 328 | type: OS::Neutron::Port 329 | properties: 330 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-s1-port"]]} 331 | network: { get_resource: data_sub_net1 } 332 | port_security_enabled: False 333 | 334 | nfv: 335 | type: OS::Nova::Server 336 | properties: 337 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-nfv' } } 338 | key_name: { get_param: 'ssh_key' } 339 | image: { get_param: 'nfv_image' } 340 | flavor: "m1.medium" 341 | networks: 342 | - port: { get_resource: nfv_ctrl_port } 343 | - port: { get_resource: nfv_srvc_port } 344 | - port: { get_resource: nfv_port_sub_net1 } 345 | - port: { get_resource: nfv_port_int_net1 } 346 | user_data_format: RAW 347 | user_data: | 348 | #cloud-config 349 | system_info: 350 | default_user: 351 | name: "cloud" 352 | 353 | database: 354 | type: OS::Nova::Server 355 | properties: 356 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-database' } } 357 | key_name: { get_param: 'ssh_key' } 358 | image: { get_param: 'database_image' } 359 | flavor: "m1.small" 360 | networks: 361 | - port: { get_resource: database_ctrl_port } 362 | - port: { get_resource: database_srvc_port } 363 | user_data_format: RAW 364 | user_data: | 365 | #cloud-config 366 | system_info: 367 | default_user: 368 | name: "cloud" 369 | 370 | engine: 371 | type: OS::Nova::Server 372 | properties: 373 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-engine' } } 374 | key_name: { get_param: 'ssh_key' } 375 | image: { get_param: 'engine_image' } 376 | flavor: "m1.small" 377 | networks: 378 | - port: { get_resource: engine_ctrl_port } 379 | - port: { get_resource: engine_srvc_port } 380 | user_data_format: RAW 381 | user_data: | 382 | #cloud-config 383 | system_info: 384 | default_user: 385 | name: "cloud" 386 | 387 | outputs: 388 | nfv_floating_ip: 389 | description: The IP address of the deployed NFV instance 390 | value: { get_attr: [floating_ip_1, floating_ip_address] } 391 | 392 | engine_floating_ip: 393 | description: The IP address of the deployed Engine instance 394 | value: { get_attr: [floating_ip_2, floating_ip_address] } 395 | 396 | database_floating_ip: 397 | description: The IP address of the deployed Database instance 398 | value: { get_attr: [floating_ip_3, floating_ip_address] } 399 | -------------------------------------------------------------------------------- /misc/os-heat-templates/nfv-l2-bridge-ubuntu.yaml: -------------------------------------------------------------------------------- 1 | heat_template_version: 2013-05-23 2 | 3 | description: > 4 | 5 | 6 | HOT template to create standard NFV setup, acting as a L2 Bridge between two VXLAN (or VLAN) networks. 7 | 8 | NOTE: The "NFV Image" is just a plain Ubuntu Trusty without any kind of NFV configured. To make it work, you'll need to create a Linux L2 Bridge (or a DPDK App), using the Virtual NICs "eth2 + eth3". You can use the /etc/network/interfaces file to create the L2 Network Bridge between eth2 and eth3 (i.e., the "NFV Magic"). 9 | 10 | We have 3 Instances: 11 | 12 | * Linux acting as a L2 Bridge and Policy Control 13 | * Linux as Engine 14 | * Linux Database 15 | 16 | 17 | We want to wire them as: 18 | 19 | ----------|ctrl_subnet|------------- Control Network (with Internet access via router_i0) 20 | | | | 21 | --- --- --- 22 | | | | | | | --|Android| --|Windows| 23 | | | | | | | | | 24 | |D| |E| |B| -------------------------- 25 | |B| |N| |R|----|data_real_subnet1 + dhcp|---|CentOS| 26 | | | |G| |I| -------------------------- 27 | | | |I| |D| | | | 28 | | | |N| |G| | | --|Mac| 29 | | | |E| |E| --|Ubuntu| | 30 | | | | | | | --|Debian| 31 | | | | | |L| 32 | | | | | |2| 33 | | | | | | |------------|data_int_subnet1|----|Internet via router_i1| 34 | | | | | | | 35 | --- --- --- 36 | | | | 37 | --|service_subnet|- <-- Service Network (not routed - no gateway) 38 | 39 | parameters: 40 | ssh_key: 41 | type: string 42 | label: "Your SSH keypair name (pre-create please!)" 43 | description: | 44 | If you have not created your key, please go to 45 | Project/Compute/Access & Security, and either import 46 | one or create one. If you create it, make sure you keep 47 | the downloaded file (as you don't get a second chance) 48 | default: default 49 | 50 | public_network: 51 | type: string 52 | label: Public External Network 53 | description: Public Network with Floating IP addresses 54 | default: "ext-net" 55 | 56 | nfv_image: 57 | type: string 58 | label: "NFV L2 Bridge Image (default 'nfv')" 59 | description: "NFV Image" 60 | default: "Ubuntu 14.04.3 LTS - Trusty Tahr - 64-bit - Cloud Based Image" 61 | 62 | engine_image: 63 | type: string 64 | label: "Engine Image (default 'engine')" 65 | description: "Engine Image" 66 | default: "Ubuntu 14.04.3 LTS - Trusty Tahr - 64-bit - Cloud Based Image" 67 | 68 | database_image: 69 | type: string 70 | label: "Database Image (default 'database')" 71 | description: "Database Image" 72 | default: "Ubuntu 14.04.3 LTS - Trusty Tahr - 64-bit - Cloud Based Image" 73 | 74 | resources: 75 | rtr: 76 | type: OS::Neutron::Router 77 | properties: 78 | admin_state_up: True 79 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-rtr' } } 80 | external_gateway_info: 81 | network: { get_param: public_network } 82 | 83 | router_i0: 84 | type: OS::Neutron::RouterInterface 85 | properties: 86 | router: { get_resource: rtr } 87 | subnet: { get_resource: ctrl_subnet } 88 | 89 | router_i1: 90 | type: OS::Neutron::RouterInterface 91 | properties: 92 | router: { get_resource: rtr } 93 | subnet: { get_resource: data_int_subnet1 } 94 | 95 | floating_ip_1: 96 | type: OS::Neutron::FloatingIP 97 | depends_on: router_i0 98 | properties: 99 | floating_network: { get_param: public_network } 100 | 101 | floating_ip_2: 102 | type: OS::Neutron::FloatingIP 103 | depends_on: router_i0 104 | properties: 105 | floating_network: { get_param: public_network } 106 | 107 | floating_ip_3: 108 | type: OS::Neutron::FloatingIP 109 | depends_on: router_i0 110 | properties: 111 | floating_network: { get_param: public_network } 112 | 113 | engine_ctrl_sec: 114 | type: OS::Neutron::SecurityGroup 115 | properties: 116 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-engine-ctrl-rules' } } 117 | rules: 118 | - protocol: icmp 119 | - protocol: tcp 120 | port_range_min: 22 121 | port_range_max: 22 122 | - protocol: tcp 123 | port_range_min: 80 124 | port_range_max: 80 125 | - protocol: tcp 126 | port_range_min: 443 127 | port_range_max: 443 128 | 129 | engine_srvc_sec: 130 | type: OS::Neutron::SecurityGroup 131 | properties: 132 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-engine-srvc-rules' } } 133 | rules: 134 | - protocol: icmp 135 | - protocol: tcp 136 | port_range_min: 22 137 | port_range_max: 22 138 | 139 | database_ctrl_sec: 140 | type: OS::Neutron::SecurityGroup 141 | properties: 142 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-database-ctrl-rules' } } 143 | rules: 144 | - protocol: icmp 145 | - protocol: tcp 146 | port_range_min: 22 147 | port_range_max: 22 148 | 149 | database_srvc_sec: 150 | type: OS::Neutron::SecurityGroup 151 | properties: 152 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-database-srvc-rules' } } 153 | rules: 154 | - protocol: icmp 155 | - protocol: tcp 156 | port_range_min: 22 157 | port_range_max: 22 158 | - protocol: tcp 159 | port_range_min: 5432 160 | port_range_max: 5432 161 | 162 | nfv_ctrl_sec: 163 | type: OS::Neutron::SecurityGroup 164 | properties: 165 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-nfv-ctrl-rules' } } 166 | rules: 167 | - protocol: icmp 168 | - protocol: tcp 169 | port_range_min: 22 170 | port_range_max: 22 171 | 172 | nfv_srvc_sec: 173 | type: OS::Neutron::SecurityGroup 174 | properties: 175 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-nfv-srvc-rules' } } 176 | rules: 177 | - protocol: icmp 178 | - protocol: tcp 179 | port_range_min: 22 180 | port_range_max: 22 181 | 182 | ctrl_net: 183 | type: OS::Neutron::Net 184 | properties: 185 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-control' } } 186 | 187 | ctrl_subnet: 188 | type: OS::Neutron::Subnet 189 | properties: 190 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-control' } } 191 | dns_nameservers: [8.8.8.8, 8.8.4.4] 192 | network: { get_resource: ctrl_net } 193 | enable_dhcp: True 194 | cidr: 192.168.192/25 195 | allocation_pools: 196 | - start: 192.168.192.50 197 | end: 192.168.192.126 198 | 199 | service_net: 200 | type: OS::Neutron::Net 201 | properties: 202 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-service' } } 203 | 204 | service_subnet: 205 | type: OS::Neutron::Subnet 206 | properties: 207 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-service' } } 208 | dns_nameservers: [8.8.8.8, 8.8.4.4] 209 | network: { get_resource: service_net } 210 | enable_dhcp: True 211 | cidr: 192.168.192.128/25 212 | gateway_ip: "" 213 | 214 | data_sub_net1: 215 | type: OS::Neutron::Net 216 | properties: 217 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ns1' } } 218 | 219 | data_real_subnet1: 220 | type: OS::Neutron::Subnet 221 | properties: 222 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ss1' } } 223 | dns_nameservers: [8.8.8.8, 8.8.4.4] 224 | network: { get_resource: data_sub_net1 } 225 | enable_dhcp: True 226 | cidr: 10.192/16 227 | gateway_ip: 10.192.0.1 228 | allocation_pools: 229 | - start: 10.192.0.50 230 | end: 10.192.255.254 231 | 232 | data_int_net1: 233 | type: OS::Neutron::Net 234 | properties: 235 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ni1' } } 236 | 237 | data_int_subnet1: 238 | type: OS::Neutron::Subnet 239 | properties: 240 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-si1' } } 241 | network: { get_resource: data_int_net1 } 242 | enable_dhcp: False 243 | cidr: 10.192/16 244 | allocation_pools: 245 | - start: 10.192.0.2 246 | end: 10.192.0.49 247 | 248 | database_ctrl_port: 249 | type: OS::Neutron::Port 250 | properties: 251 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "database-port"]]} 252 | network: { get_resource: ctrl_net } 253 | fixed_ips: 254 | - ip_address: 192.168.192.10 255 | security_groups: 256 | - { get_resource: database_ctrl_sec } 257 | 258 | database_floating_ip_assoc: 259 | type: OS::Neutron::FloatingIPAssociation 260 | properties: 261 | floatingip_id: { get_resource: floating_ip_3 } 262 | port_id: { get_resource: database_ctrl_port } 263 | 264 | engine_ctrl_port: 265 | type: OS::Neutron::Port 266 | properties: 267 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "engine-port"]]} 268 | network: { get_resource: ctrl_net } 269 | fixed_ips: 270 | - ip_address: 192.168.192.20 271 | security_groups: 272 | - { get_resource: engine_ctrl_sec } 273 | 274 | engine_floating_ip_assoc: 275 | type: OS::Neutron::FloatingIPAssociation 276 | properties: 277 | floatingip_id: { get_resource: floating_ip_2 } 278 | port_id: { get_resource: engine_ctrl_port } 279 | 280 | nfv_ctrl_port: 281 | type: OS::Neutron::Port 282 | properties: 283 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-port"]]} 284 | network: { get_resource: ctrl_net } 285 | fixed_ips: 286 | - ip_address: 192.168.192.30 287 | security_groups: 288 | - { get_resource: nfv_ctrl_sec } 289 | 290 | nfv_floating_ip_assoc: 291 | type: OS::Neutron::FloatingIPAssociation 292 | properties: 293 | floatingip_id: { get_resource: floating_ip_1 } 294 | port_id: { get_resource: nfv_ctrl_port } 295 | 296 | database_srvc_port: 297 | type: OS::Neutron::Port 298 | properties: 299 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "database-port"]]} 300 | network: { get_resource: service_net } 301 | fixed_ips: 302 | - ip_address: 192.168.192.130 303 | 304 | engine_srvc_port: 305 | type: OS::Neutron::Port 306 | properties: 307 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "engine-port"]]} 308 | network: { get_resource: service_net } 309 | fixed_ips: 310 | - ip_address: 192.168.192.140 311 | 312 | nfv_srvc_port: 313 | type: OS::Neutron::Port 314 | properties: 315 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-port"]]} 316 | network: { get_resource: service_net } 317 | fixed_ips: 318 | - ip_address: 192.168.192.150 319 | 320 | nfv_port_int_net1: 321 | type: OS::Neutron::Port 322 | properties: 323 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-i1-port"]]} 324 | network: { get_resource: data_int_net1 } 325 | port_security_enabled: False 326 | 327 | nfv_port_sub_net1: 328 | type: OS::Neutron::Port 329 | properties: 330 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "nfv-s1-port"]]} 331 | network: { get_resource: data_sub_net1 } 332 | port_security_enabled: False 333 | 334 | nfv: 335 | type: OS::Nova::Server 336 | properties: 337 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-nfv' } } 338 | key_name: { get_param: 'ssh_key' } 339 | image: { get_param: 'nfv_image' } 340 | flavor: "m1.small" 341 | networks: 342 | - port: { get_resource: nfv_ctrl_port } 343 | - port: { get_resource: nfv_srvc_port } 344 | - port: { get_resource: nfv_port_sub_net1 } 345 | - port: { get_resource: nfv_port_int_net1 } 346 | user_data_format: RAW 347 | user_data: | 348 | #cloud-config 349 | system_info: 350 | default_user: 351 | name: "cloud" 352 | 353 | database: 354 | type: OS::Nova::Server 355 | properties: 356 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-database' } } 357 | key_name: { get_param: 'ssh_key' } 358 | image: { get_param: 'database_image' } 359 | flavor: "m1.small" 360 | networks: 361 | - port: { get_resource: database_ctrl_port } 362 | - port: { get_resource: database_srvc_port } 363 | user_data_format: RAW 364 | user_data: | 365 | #cloud-config 366 | system_info: 367 | default_user: 368 | name: "cloud" 369 | 370 | engine: 371 | type: OS::Nova::Server 372 | properties: 373 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-engine' } } 374 | key_name: { get_param: 'ssh_key' } 375 | image: { get_param: 'engine_image' } 376 | flavor: "m1.small" 377 | networks: 378 | - port: { get_resource: engine_ctrl_port } 379 | - port: { get_resource: engine_srvc_port } 380 | user_data_format: RAW 381 | user_data: | 382 | #cloud-config 383 | system_info: 384 | default_user: 385 | name: "cloud" 386 | 387 | outputs: 388 | nfv_floating_ip: 389 | description: The IP address of the deployed NFV instance 390 | value: { get_attr: [floating_ip_1, floating_ip_address] } 391 | 392 | engine_floating_ip: 393 | description: The IP address of the deployed Engine instance 394 | value: { get_attr: [floating_ip_2, floating_ip_address] } 395 | 396 | database_floating_ip: 397 | description: The IP address of the deployed Database instance 398 | value: { get_attr: [floating_ip_3, floating_ip_address] } 399 | -------------------------------------------------------------------------------- /misc/os-heat-templates/sandvine-stack-0.1-centos.yaml: -------------------------------------------------------------------------------- 1 | heat_template_version: 2013-05-23 2 | 3 | description: > 4 | 5 | 6 | HOT template to create standard PTS setup, acting as a L2 Bridge between two VXLAN (or VLAN) networks. 7 | 8 | NOTE: The "PTS Image" is just a plain Linux (or FreeBSD) distribution without any kind of PTS configured. To make it work, you'll need to create a Linux L2 Bridge (or a DPDK App), using the Virtual NICs "eth2 + eth3". 9 | 10 | We have 4 Instances: 11 | 12 | * PTS - Linux CentOS 7 13 | * SDE - Linux CentOS 6.7 14 | * SPB - Linux CentOS 6.6 15 | * CSD - Linux CentOS 6.7 16 | 17 | 18 | We want to wire them as: 19 | 20 | ----------|ctrl_subnet|------------- Control Network (with Internet access via router_i0) 21 | | | | | 22 | --- --- --- --- 23 | | | | | | | | | --|Android| --|Windows| 24 | | | | | | | | | | | 25 | | | | | | | | | -------------------------- 26 | | | | | | | | |----|data_real_subnet1 + dhcp|---|CentOS| 27 | |C| |S| |S| |P| -------------------------- 28 | |S| |B| |D| |T| | | | 29 | |D| |P| |E| |S| | | --|Mac| 30 | | | | | | | | | --|Ubuntu| | 31 | | | | | | | | | --|Debian| 32 | | | | | | | | | 33 | | | | | | | | | 34 | | | | | | | | |------------|data_int_subnet1|----|Internet via router_i1| 35 | | | | | | | | | 36 | --- --- --- - - 37 | | | | | 38 | -----|service_subnet|------ <-- Service Network (not routed - no gateway) 39 | 40 | parameters: 41 | ssh_key: 42 | type: string 43 | label: "Your SSH keypair name (pre-create please!)" 44 | description: | 45 | If you have not created your key, please go to 46 | Project/Compute/Access & Security, and either import 47 | one or create one. If you create it, make sure you keep 48 | the downloaded file (as you don't get a second chance) 49 | default: default 50 | 51 | public_network: 52 | type: string 53 | label: Public External Network 54 | description: Public Network with Floating IP addresses 55 | default: "ext-net" 56 | 57 | pts_image: 58 | type: string 59 | label: "PTS L2 Bridge Image (default 'pts')" 60 | description: "PTS Image" 61 | default: "CentOS 6.6 - 64-bit - Cloud Based Image" 62 | 63 | sde_image: 64 | type: string 65 | label: "SDE Image (default 'sde')" 66 | description: "SDE Image" 67 | default: "CentOS 6.6 - 64-bit - Cloud Based Image" 68 | 69 | spb_image: 70 | type: string 71 | label: "SPB Image (default 'spb')" 72 | description: "SPB Image" 73 | default: "CentOS 6.6 - 64-bit - Cloud Based Image" 74 | 75 | csd_image: 76 | type: string 77 | label: "CSD Image (default 'csd')" 78 | description: "CSD Image" 79 | default: "CentOS 6.6 - 64-bit - Cloud Based Image" 80 | 81 | resources: 82 | rtr: 83 | type: OS::Neutron::Router 84 | properties: 85 | admin_state_up: True 86 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-rtr' } } 87 | external_gateway_info: 88 | network: { get_param: public_network } 89 | 90 | router_i0: 91 | type: OS::Neutron::RouterInterface 92 | properties: 93 | router: { get_resource: rtr } 94 | subnet: { get_resource: ctrl_subnet } 95 | 96 | router_i1: 97 | type: OS::Neutron::RouterInterface 98 | properties: 99 | router: { get_resource: rtr } 100 | subnet: { get_resource: data_int_subnet1 } 101 | 102 | floating_ip_1: 103 | type: OS::Neutron::FloatingIP 104 | depends_on: router_i0 105 | properties: 106 | floating_network: { get_param: public_network } 107 | 108 | floating_ip_2: 109 | type: OS::Neutron::FloatingIP 110 | depends_on: router_i0 111 | properties: 112 | floating_network: { get_param: public_network } 113 | 114 | floating_ip_3: 115 | type: OS::Neutron::FloatingIP 116 | depends_on: router_i0 117 | properties: 118 | floating_network: { get_param: public_network } 119 | 120 | floating_ip_4: 121 | type: OS::Neutron::FloatingIP 122 | depends_on: router_i0 123 | properties: 124 | floating_network: { get_param: public_network } 125 | 126 | sde_ctrl_sec: 127 | type: OS::Neutron::SecurityGroup 128 | properties: 129 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-sde-ctrl-rules' } } 130 | rules: 131 | - protocol: icmp 132 | - protocol: tcp 133 | port_range_min: 22 134 | port_range_max: 22 135 | 136 | sde_srvc_sec: 137 | type: OS::Neutron::SecurityGroup 138 | properties: 139 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-sde-srvc-rules' } } 140 | rules: 141 | - protocol: icmp 142 | - protocol: tcp 143 | port_range_min: 1 144 | port_range_max: 65535 145 | - protocol: udp 146 | port_range_min: 1 147 | port_range_max: 65535 148 | 149 | spb_ctrl_sec: 150 | type: OS::Neutron::SecurityGroup 151 | properties: 152 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-spb-ctrl-rules' } } 153 | rules: 154 | - protocol: icmp 155 | - protocol: tcp 156 | port_range_min: 22 157 | port_range_max: 22 158 | 159 | spb_srvc_sec: 160 | type: OS::Neutron::SecurityGroup 161 | properties: 162 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-spb-srvc-rules' } } 163 | rules: 164 | - protocol: icmp 165 | - protocol: tcp 166 | port_range_min: 1 167 | port_range_max: 65535 168 | - protocol: udp 169 | port_range_min: 1 170 | port_range_max: 65535 171 | 172 | pts_ctrl_sec: 173 | type: OS::Neutron::SecurityGroup 174 | properties: 175 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-pts-ctrl-rules' } } 176 | rules: 177 | - protocol: icmp 178 | - protocol: tcp 179 | port_range_min: 22 180 | port_range_max: 22 181 | 182 | pts_srvc_sec: 183 | type: OS::Neutron::SecurityGroup 184 | properties: 185 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-pts-srvc-rules' } } 186 | rules: 187 | - protocol: icmp 188 | - protocol: tcp 189 | port_range_min: 1 190 | port_range_max: 65535 191 | - protocol: udp 192 | port_range_min: 1 193 | port_range_max: 65535 194 | 195 | csd_ctrl_sec: 196 | type: OS::Neutron::SecurityGroup 197 | properties: 198 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-csd-ctrl-rules' } } 199 | rules: 200 | - protocol: icmp 201 | - protocol: tcp 202 | port_range_min: 22 203 | port_range_max: 22 204 | - protocol: tcp 205 | port_range_min: 80 206 | port_range_max: 80 207 | - protocol: tcp 208 | port_range_min: 443 209 | port_range_max: 443 210 | 211 | csd_srvc_sec: 212 | type: OS::Neutron::SecurityGroup 213 | properties: 214 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-csd-srvc-rules' } } 215 | rules: 216 | - protocol: icmp 217 | - protocol: tcp 218 | port_range_min: 1 219 | port_range_max: 65535 220 | - protocol: udp 221 | port_range_min: 1 222 | port_range_max: 65535 223 | 224 | ctrl_net: 225 | type: OS::Neutron::Net 226 | properties: 227 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-control' } } 228 | 229 | ctrl_subnet: 230 | type: OS::Neutron::Subnet 231 | properties: 232 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-control' } } 233 | dns_nameservers: [8.8.8.8, 8.8.4.4] 234 | network: { get_resource: ctrl_net } 235 | enable_dhcp: True 236 | cidr: 192.168.192/25 237 | allocation_pools: 238 | - start: 192.168.192.50 239 | end: 192.168.192.126 240 | 241 | service_net: 242 | type: OS::Neutron::Net 243 | properties: 244 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-service' } } 245 | 246 | service_subnet: 247 | type: OS::Neutron::Subnet 248 | properties: 249 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-service' } } 250 | dns_nameservers: [8.8.8.8, 8.8.4.4] 251 | network: { get_resource: service_net } 252 | enable_dhcp: True 253 | cidr: 192.168.192.128/25 254 | gateway_ip: "" 255 | 256 | data_sub_net1: 257 | type: OS::Neutron::Net 258 | properties: 259 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ns1' } } 260 | 261 | data_real_subnet1: 262 | type: OS::Neutron::Subnet 263 | properties: 264 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ss1' } } 265 | dns_nameservers: [8.8.8.8, 8.8.4.4] 266 | network: { get_resource: data_sub_net1 } 267 | enable_dhcp: True 268 | cidr: 10.192/16 269 | gateway_ip: 10.192.0.1 270 | allocation_pools: 271 | - start: 10.192.0.50 272 | end: 10.192.255.254 273 | 274 | data_int_net1: 275 | type: OS::Neutron::Net 276 | properties: 277 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ni1' } } 278 | 279 | data_int_subnet1: 280 | type: OS::Neutron::Subnet 281 | properties: 282 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-si1' } } 283 | network: { get_resource: data_int_net1 } 284 | enable_dhcp: False 285 | cidr: 10.192/16 286 | allocation_pools: 287 | - start: 10.192.0.2 288 | end: 10.192.0.49 289 | 290 | spb_ctrl_port: 291 | type: OS::Neutron::Port 292 | properties: 293 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "spb-port"]]} 294 | network: { get_resource: ctrl_net } 295 | fixed_ips: 296 | - ip_address: 192.168.192.10 297 | security_groups: 298 | - { get_resource: spb_ctrl_sec } 299 | 300 | spb_floating_ip_assoc: 301 | type: OS::Neutron::FloatingIPAssociation 302 | properties: 303 | floatingip_id: { get_resource: floating_ip_3 } 304 | port_id: { get_resource: spb_ctrl_port } 305 | 306 | sde_ctrl_port: 307 | type: OS::Neutron::Port 308 | properties: 309 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "sde-port"]]} 310 | network: { get_resource: ctrl_net } 311 | fixed_ips: 312 | - ip_address: 192.168.192.20 313 | security_groups: 314 | - { get_resource: sde_ctrl_sec } 315 | 316 | sde_floating_ip_assoc: 317 | type: OS::Neutron::FloatingIPAssociation 318 | properties: 319 | floatingip_id: { get_resource: floating_ip_2 } 320 | port_id: { get_resource: sde_ctrl_port } 321 | 322 | pts_ctrl_port: 323 | type: OS::Neutron::Port 324 | properties: 325 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "pts-port"]]} 326 | network: { get_resource: ctrl_net } 327 | fixed_ips: 328 | - ip_address: 192.168.192.30 329 | security_groups: 330 | - { get_resource: pts_ctrl_sec } 331 | 332 | pts_floating_ip_assoc: 333 | type: OS::Neutron::FloatingIPAssociation 334 | properties: 335 | floatingip_id: { get_resource: floating_ip_1 } 336 | port_id: { get_resource: pts_ctrl_port } 337 | 338 | csd_ctrl_port: 339 | type: OS::Neutron::Port 340 | properties: 341 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "csd-port"]]} 342 | network: { get_resource: ctrl_net } 343 | fixed_ips: 344 | - ip_address: 192.168.192.40 345 | security_groups: 346 | - { get_resource: csd_ctrl_sec } 347 | 348 | csd_floating_ip_assoc: 349 | type: OS::Neutron::FloatingIPAssociation 350 | properties: 351 | floatingip_id: { get_resource: floating_ip_4 } 352 | port_id: { get_resource: csd_ctrl_port } 353 | 354 | spb_srvc_port: 355 | type: OS::Neutron::Port 356 | properties: 357 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "spb-port"]]} 358 | network: { get_resource: service_net } 359 | fixed_ips: 360 | - ip_address: 192.168.192.130 361 | 362 | sde_srvc_port: 363 | type: OS::Neutron::Port 364 | properties: 365 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "sde-port"]]} 366 | network: { get_resource: service_net } 367 | fixed_ips: 368 | - ip_address: 192.168.192.140 369 | 370 | pts_srvc_port: 371 | type: OS::Neutron::Port 372 | properties: 373 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "pts-port"]]} 374 | network: { get_resource: service_net } 375 | fixed_ips: 376 | - ip_address: 192.168.192.150 377 | 378 | pts_port_int_net1: 379 | type: OS::Neutron::Port 380 | properties: 381 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "pts-i1-port"]]} 382 | network: { get_resource: data_int_net1 } 383 | port_security_enabled: False 384 | 385 | pts_port_sub_net1: 386 | type: OS::Neutron::Port 387 | properties: 388 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "pts-s1-port"]]} 389 | network: { get_resource: data_sub_net1 } 390 | port_security_enabled: False 391 | 392 | csd_srvc_port: 393 | type: OS::Neutron::Port 394 | properties: 395 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "csd-port"]]} 396 | network: { get_resource: service_net } 397 | fixed_ips: 398 | - ip_address: 192.168.192.160 399 | 400 | pts: 401 | type: OS::Nova::Server 402 | properties: 403 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-pts' } } 404 | key_name: { get_param: 'ssh_key' } 405 | image: { get_param: 'pts_image' } 406 | flavor: "m1.medium" 407 | metadata: 408 | { 409 | common: 410 | { 411 | int_subnet: { get_attr: [data_real_subnet1, cidr] } 412 | }, 413 | sde: 414 | { 415 | 1: 416 | { 417 | ip_c: { get_attr: [ sde_ctrl_port, fixed_ips, 0, ip_address ] }, 418 | ip_s: { get_attr: [ sde_srvc_port, fixed_ips, 0, ip_address ] } 419 | } 420 | }, 421 | pts: 422 | { 423 | 1: 424 | { 425 | ip_c: { get_attr: [ pts_ctrl_port, fixed_ips, 0, ip_address ] }, 426 | ip_s: { get_attr: [ pts_srvc_port, fixed_ips, 0, ip_address ] } 427 | } 428 | }, 429 | spb: 430 | { 431 | 1: 432 | { 433 | ip_c: { get_attr: [ spb_ctrl_port, fixed_ips, 0, ip_address ] }, 434 | ip_s: { get_attr: [ spb_srvc_port, fixed_ips, 0, ip_address ] } 435 | } 436 | }, 437 | csd: 438 | { 439 | 1: 440 | { 441 | ip_c: { get_attr: [ csd_ctrl_port, fixed_ips, 0, ip_address ] }, 442 | ip_s: { get_attr: [ csd_srvc_port, fixed_ips, 0, ip_address ] } 443 | } 444 | } 445 | } 446 | networks: 447 | - port: { get_resource: pts_ctrl_port } 448 | - port: { get_resource: pts_srvc_port } 449 | - port: { get_resource: pts_port_sub_net1 } 450 | - port: { get_resource: pts_port_int_net1 } 451 | user_data_format: RAW 452 | user_data: | 453 | #cloud-config 454 | system_info: 455 | default_user: 456 | name: "sandvine" 457 | 458 | spb: 459 | type: OS::Nova::Server 460 | properties: 461 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-spb' } } 462 | key_name: { get_param: 'ssh_key' } 463 | image: { get_param: 'spb_image' } 464 | flavor: "m1.medium" 465 | metadata: 466 | { 467 | common: 468 | { 469 | int_subnet: { get_attr: [data_real_subnet1, cidr] } 470 | }, 471 | sde: 472 | { 473 | 1: 474 | { 475 | ip_c: { get_attr: [ sde_ctrl_port, fixed_ips, 0, ip_address ] }, 476 | ip_s: { get_attr: [ sde_srvc_port, fixed_ips, 0, ip_address ] } 477 | } 478 | }, 479 | pts: 480 | { 481 | 1: 482 | { 483 | ip_c: { get_attr: [ pts_ctrl_port, fixed_ips, 0, ip_address ] }, 484 | ip_s: { get_attr: [ pts_srvc_port, fixed_ips, 0, ip_address ] } 485 | } 486 | }, 487 | spb: 488 | { 489 | 1: 490 | { 491 | ip_c: { get_attr: [ spb_ctrl_port, fixed_ips, 0, ip_address ] }, 492 | ip_s: { get_attr: [ spb_srvc_port, fixed_ips, 0, ip_address ] } 493 | } 494 | }, 495 | csd: 496 | { 497 | 1: 498 | { 499 | ip_c: { get_attr: [ csd_ctrl_port, fixed_ips, 0, ip_address ] }, 500 | ip_s: { get_attr: [ csd_srvc_port, fixed_ips, 0, ip_address ] } 501 | } 502 | } 503 | } 504 | networks: 505 | - port: { get_resource: spb_ctrl_port } 506 | - port: { get_resource: spb_srvc_port } 507 | user_data_format: RAW 508 | user_data: | 509 | #cloud-config 510 | system_info: 511 | default_user: 512 | name: "sandvine" 513 | 514 | sde: 515 | type: OS::Nova::Server 516 | properties: 517 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-sde' } } 518 | key_name: { get_param: 'ssh_key' } 519 | image: { get_param: 'sde_image' } 520 | flavor: "m1.medium" 521 | metadata: 522 | { 523 | common: 524 | { 525 | int_subnet: { get_attr: [data_real_subnet1, cidr] } 526 | }, 527 | sde: 528 | { 529 | 1: 530 | { 531 | ip_c: { get_attr: [ sde_ctrl_port, fixed_ips, 0, ip_address ] }, 532 | ip_s: { get_attr: [ sde_srvc_port, fixed_ips, 0, ip_address ] } 533 | } 534 | }, 535 | pts: 536 | { 537 | 1: 538 | { 539 | ip_c: { get_attr: [ pts_ctrl_port, fixed_ips, 0, ip_address ] }, 540 | ip_s: { get_attr: [ pts_srvc_port, fixed_ips, 0, ip_address ] } 541 | } 542 | }, 543 | spb: 544 | { 545 | 1: 546 | { 547 | ip_c: { get_attr: [ spb_ctrl_port, fixed_ips, 0, ip_address ] }, 548 | ip_s: { get_attr: [ spb_srvc_port, fixed_ips, 0, ip_address ] } 549 | } 550 | }, 551 | csd: 552 | { 553 | 1: 554 | { 555 | ip_c: { get_attr: [ csd_ctrl_port, fixed_ips, 0, ip_address ] }, 556 | ip_s: { get_attr: [ csd_srvc_port, fixed_ips, 0, ip_address ] } 557 | } 558 | } 559 | } 560 | networks: 561 | - port: { get_resource: sde_ctrl_port } 562 | - port: { get_resource: sde_srvc_port } 563 | user_data_format: RAW 564 | user_data: | 565 | #cloud-config 566 | system_info: 567 | default_user: 568 | name: "sandvine" 569 | 570 | csd: 571 | type: OS::Nova::Server 572 | properties: 573 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-csd' } } 574 | key_name: { get_param: 'ssh_key' } 575 | image: { get_param: 'csd_image' } 576 | flavor: "m1.little" 577 | metadata: 578 | { 579 | common: 580 | { 581 | int_subnet: { get_attr: [data_real_subnet1, cidr] } 582 | }, 583 | sde: 584 | { 585 | 1: 586 | { 587 | ip_c: { get_attr: [ sde_ctrl_port, fixed_ips, 0, ip_address ] }, 588 | ip_s: { get_attr: [ sde_srvc_port, fixed_ips, 0, ip_address ] } 589 | } 590 | }, 591 | pts: 592 | { 593 | 1: 594 | { 595 | ip_c: { get_attr: [ pts_ctrl_port, fixed_ips, 0, ip_address ] }, 596 | ip_s: { get_attr: [ pts_srvc_port, fixed_ips, 0, ip_address ] } 597 | } 598 | }, 599 | spb: 600 | { 601 | 1: 602 | { 603 | ip_c: { get_attr: [ spb_ctrl_port, fixed_ips, 0, ip_address ] }, 604 | ip_s: { get_attr: [ spb_srvc_port, fixed_ips, 0, ip_address ] } 605 | } 606 | }, 607 | csd: 608 | { 609 | 1: 610 | { 611 | ip_c: { get_attr: [ csd_ctrl_port, fixed_ips, 0, ip_address ] }, 612 | ip_s: { get_attr: [ csd_srvc_port, fixed_ips, 0, ip_address ] } 613 | } 614 | } 615 | } 616 | networks: 617 | - port: { get_resource: csd_ctrl_port } 618 | - port: { get_resource: csd_srvc_port } 619 | user_data_format: RAW 620 | user_data: | 621 | #cloud-config 622 | system_info: 623 | default_user: 624 | name: "sandvine" 625 | 626 | outputs: 627 | pts_floating_ip: 628 | description: The IP address of the deployed PTS instance 629 | value: { get_attr: [floating_ip_1, floating_ip_address] } 630 | 631 | sde_floating_ip: 632 | description: The IP address of the deployed SDE instance 633 | value: { get_attr: [floating_ip_2, floating_ip_address] } 634 | 635 | spb_floating_ip: 636 | description: The IP address of the deployed SPB instance 637 | value: { get_attr: [floating_ip_3, floating_ip_address] } 638 | 639 | csd_floating_ip: 640 | description: The IP address of the deployed CSD instance 641 | value: { get_attr: [floating_ip_4, floating_ip_address] } 642 | -------------------------------------------------------------------------------- /misc/os-heat-templates/sandvine-stack-0.1-cs-1.yaml: -------------------------------------------------------------------------------- 1 | heat_template_version: 2013-05-23 2 | 3 | description: > 4 | 5 | 6 | HOT template to create standard PTS setup, acting as a L2 Bridge between two VXLAN (or VLAN) networks. 7 | 8 | NOTE: The "PTS Image" is just a plain Linux (or FreeBSD) distribution without any kind of PTS configured. To make it work, you'll need to create a Linux L2 Bridge (or a DPDK App), using the Virtual NICs "eth2 + eth3". 9 | 10 | We have 3 Instances: 11 | 12 | * PTS - Linux CentOS 7 13 | * SDE - Linux CentOS 6.7 14 | * SPB - Linux CentOS 6.6 15 | 16 | 17 | We want to wire them as: 18 | 19 | -------|ctrl_subnet|------------- Control Network (with Internet access via router_i0) 20 | | | | 21 | --- --- --- 22 | | | | | | | --|Android| --|Windows| 23 | | | | | | | | | 24 | | | | | | | -------------------------- 25 | | | | | | |----|data_real_subnet1 + dhcp|---|CentOS| 26 | |S| |S| |P| -------------------------- 27 | |B| |D| |T| | | | 28 | |P| |E| |S| | | --|Mac| 29 | | | | | | | --|Ubuntu| | 30 | | | | | | | --|Debian| 31 | | | | | | | 32 | | | | | | | 33 | | | | | | |------------|data_int_subnet1|----|Internet via router_i1| 34 | | | | | | | 35 | --- --- - - 36 | | | | 37 | --|service_subnet|------ <-- Service Network (not routed - no gateway) 38 | 39 | parameters: 40 | ssh_key: 41 | type: string 42 | label: "Your SSH keypair name (pre-create please!)" 43 | description: | 44 | If you have not created your key, please go to 45 | Project/Compute/Access & Security, and either import 46 | one or create one. If you create it, make sure you keep 47 | the downloaded file (as you don't get a second chance) 48 | default: default 49 | 50 | public_network: 51 | type: string 52 | label: Public External Network 53 | description: Public Network with Floating IP addresses 54 | default: "ext-net" 55 | 56 | pts_image: 57 | type: string 58 | label: "PTS L2 Bridge Image (default 'pts')" 59 | description: "PTS Image" 60 | default: "CentOS 6.6 - 64-bit - Cloud Based Image" 61 | 62 | sde_image: 63 | type: string 64 | label: "SDE Image (default 'sde')" 65 | description: "SDE Image" 66 | default: "CentOS 6.6 - 64-bit - Cloud Based Image" 67 | 68 | spb_image: 69 | type: string 70 | label: "SPB Image (default 'spb')" 71 | description: "SPB Image" 72 | default: "CentOS 6.6 - 64-bit - Cloud Based Image" 73 | 74 | resources: 75 | rtr: 76 | type: OS::Neutron::Router 77 | properties: 78 | admin_state_up: True 79 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-rtr' } } 80 | external_gateway_info: 81 | network: { get_param: public_network } 82 | 83 | router_i0: 84 | type: OS::Neutron::RouterInterface 85 | properties: 86 | router: { get_resource: rtr } 87 | subnet: { get_resource: ctrl_subnet } 88 | 89 | router_i1: 90 | type: OS::Neutron::RouterInterface 91 | properties: 92 | router: { get_resource: rtr } 93 | subnet: { get_resource: data_int_subnet1 } 94 | 95 | floating_ip_1: 96 | type: OS::Neutron::FloatingIP 97 | depends_on: router_i0 98 | properties: 99 | floating_network: { get_param: public_network } 100 | 101 | floating_ip_2: 102 | type: OS::Neutron::FloatingIP 103 | depends_on: router_i0 104 | properties: 105 | floating_network: { get_param: public_network } 106 | 107 | floating_ip_3: 108 | type: OS::Neutron::FloatingIP 109 | depends_on: router_i0 110 | properties: 111 | floating_network: { get_param: public_network } 112 | 113 | sde_ctrl_sec: 114 | type: OS::Neutron::SecurityGroup 115 | properties: 116 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-sde-ctrl-rules' } } 117 | rules: 118 | - protocol: icmp 119 | - protocol: tcp 120 | port_range_min: 22 121 | port_range_max: 22 122 | - protocol: tcp 123 | port_range_min: 80 124 | port_range_max: 80 125 | - protocol: tcp 126 | port_range_min: 443 127 | port_range_max: 443 128 | 129 | sde_srvc_sec: 130 | type: OS::Neutron::SecurityGroup 131 | properties: 132 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-sde-srvc-rules' } } 133 | rules: 134 | - protocol: icmp 135 | - protocol: tcp 136 | port_range_min: 1 137 | port_range_max: 65535 138 | - protocol: udp 139 | port_range_min: 1 140 | port_range_max: 65535 141 | 142 | spb_ctrl_sec: 143 | type: OS::Neutron::SecurityGroup 144 | properties: 145 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-spb-ctrl-rules' } } 146 | rules: 147 | - protocol: icmp 148 | - protocol: tcp 149 | port_range_min: 22 150 | port_range_max: 22 151 | 152 | spb_srvc_sec: 153 | type: OS::Neutron::SecurityGroup 154 | properties: 155 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-spb-srvc-rules' } } 156 | rules: 157 | - protocol: icmp 158 | - protocol: tcp 159 | port_range_min: 1 160 | port_range_max: 65535 161 | - protocol: udp 162 | port_range_min: 1 163 | port_range_max: 65535 164 | 165 | pts_ctrl_sec: 166 | type: OS::Neutron::SecurityGroup 167 | properties: 168 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-pts-ctrl-rules' } } 169 | rules: 170 | - protocol: icmp 171 | - protocol: tcp 172 | port_range_min: 22 173 | port_range_max: 22 174 | 175 | pts_srvc_sec: 176 | type: OS::Neutron::SecurityGroup 177 | properties: 178 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-pts-srvc-rules' } } 179 | rules: 180 | - protocol: icmp 181 | - protocol: tcp 182 | port_range_min: 1 183 | port_range_max: 65535 184 | - protocol: udp 185 | port_range_min: 1 186 | port_range_max: 65535 187 | 188 | ctrl_net: 189 | type: OS::Neutron::Net 190 | properties: 191 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-control' } } 192 | 193 | ctrl_subnet: 194 | type: OS::Neutron::Subnet 195 | properties: 196 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-control' } } 197 | dns_nameservers: [8.8.8.8, 8.8.4.4] 198 | network: { get_resource: ctrl_net } 199 | enable_dhcp: True 200 | cidr: 192.168.192/25 201 | allocation_pools: 202 | - start: 192.168.192.50 203 | end: 192.168.192.126 204 | 205 | service_net: 206 | type: OS::Neutron::Net 207 | properties: 208 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-service' } } 209 | 210 | service_subnet: 211 | type: OS::Neutron::Subnet 212 | properties: 213 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-service' } } 214 | dns_nameservers: [8.8.8.8, 8.8.4.4] 215 | network: { get_resource: service_net } 216 | enable_dhcp: True 217 | cidr: 192.168.192.128/25 218 | gateway_ip: "" 219 | 220 | data_sub_net1: 221 | type: OS::Neutron::Net 222 | properties: 223 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ns1' } } 224 | 225 | data_real_subnet1: 226 | type: OS::Neutron::Subnet 227 | properties: 228 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ss1' } } 229 | dns_nameservers: [192.168.196.20, 192.168.194.20] 230 | network: { get_resource: data_sub_net1 } 231 | enable_dhcp: True 232 | cidr: 10.192/16 233 | gateway_ip: 10.192.0.1 234 | allocation_pools: 235 | - start: 10.192.0.50 236 | end: 10.192.255.254 237 | 238 | data_int_net1: 239 | type: OS::Neutron::Net 240 | properties: 241 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-ni1' } } 242 | 243 | data_int_subnet1: 244 | type: OS::Neutron::Subnet 245 | properties: 246 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-subscribers-si1' } } 247 | network: { get_resource: data_int_net1 } 248 | enable_dhcp: False 249 | cidr: 10.192/16 250 | allocation_pools: 251 | - start: 10.192.0.2 252 | end: 10.192.0.49 253 | 254 | spb_ctrl_port: 255 | type: OS::Neutron::Port 256 | properties: 257 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "spb-port"]]} 258 | network: { get_resource: ctrl_net } 259 | fixed_ips: 260 | - ip_address: 192.168.192.10 261 | security_groups: 262 | - { get_resource: spb_ctrl_sec } 263 | 264 | spb_floating_ip_assoc: 265 | type: OS::Neutron::FloatingIPAssociation 266 | properties: 267 | floatingip_id: { get_resource: floating_ip_3 } 268 | port_id: { get_resource: spb_ctrl_port } 269 | 270 | sde_ctrl_port: 271 | type: OS::Neutron::Port 272 | properties: 273 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "sde-port"]]} 274 | network: { get_resource: ctrl_net } 275 | fixed_ips: 276 | - ip_address: 192.168.192.20 277 | security_groups: 278 | - { get_resource: sde_ctrl_sec } 279 | 280 | sde_floating_ip_assoc: 281 | type: OS::Neutron::FloatingIPAssociation 282 | properties: 283 | floatingip_id: { get_resource: floating_ip_2 } 284 | port_id: { get_resource: sde_ctrl_port } 285 | 286 | pts_ctrl_port: 287 | type: OS::Neutron::Port 288 | properties: 289 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "pts-port"]]} 290 | network: { get_resource: ctrl_net } 291 | fixed_ips: 292 | - ip_address: 192.168.192.30 293 | security_groups: 294 | - { get_resource: pts_ctrl_sec } 295 | 296 | pts_floating_ip_assoc: 297 | type: OS::Neutron::FloatingIPAssociation 298 | properties: 299 | floatingip_id: { get_resource: floating_ip_1 } 300 | port_id: { get_resource: pts_ctrl_port } 301 | 302 | spb_srvc_port: 303 | type: OS::Neutron::Port 304 | properties: 305 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "spb-port"]]} 306 | network: { get_resource: service_net } 307 | fixed_ips: 308 | - ip_address: 192.168.192.130 309 | 310 | sde_srvc_port: 311 | type: OS::Neutron::Port 312 | properties: 313 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "sde-port"]]} 314 | network: { get_resource: service_net } 315 | fixed_ips: 316 | - ip_address: 192.168.192.140 317 | 318 | pts_srvc_port: 319 | type: OS::Neutron::Port 320 | properties: 321 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "pts-port"]]} 322 | network: { get_resource: service_net } 323 | fixed_ips: 324 | - ip_address: 192.168.192.150 325 | 326 | pts_port_int_net1: 327 | type: OS::Neutron::Port 328 | properties: 329 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "pts-i1-port"]]} 330 | network: { get_resource: data_int_net1 } 331 | port_security_enabled: False 332 | 333 | pts_port_sub_net1: 334 | type: OS::Neutron::Port 335 | properties: 336 | name: {"Fn::Join": ["-", [{ get_param: "OS::stack_name" } , "pts-s1-port"]]} 337 | network: { get_resource: data_sub_net1 } 338 | port_security_enabled: False 339 | 340 | pts: 341 | type: OS::Nova::Server 342 | properties: 343 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-pts' } } 344 | key_name: { get_param: 'ssh_key' } 345 | image: { get_param: 'pts_image' } 346 | flavor: "m1.medium" 347 | metadata: 348 | { 349 | common: 350 | { 351 | int_subnet: { get_attr: [data_real_subnet1, cidr] } 352 | }, 353 | sde: 354 | { 355 | 1: 356 | { 357 | ip_c: { get_attr: [ sde_ctrl_port, fixed_ips, 0, ip_address ] }, 358 | ip_s: { get_attr: [ sde_srvc_port, fixed_ips, 0, ip_address ] } 359 | } 360 | }, 361 | pts: 362 | { 363 | 1: 364 | { 365 | ip_c: { get_attr: [ pts_ctrl_port, fixed_ips, 0, ip_address ] }, 366 | ip_s: { get_attr: [ pts_srvc_port, fixed_ips, 0, ip_address ] } 367 | } 368 | }, 369 | spb: 370 | { 371 | 1: 372 | { 373 | ip_c: { get_attr: [ spb_ctrl_port, fixed_ips, 0, ip_address ] }, 374 | ip_s: { get_attr: [ spb_srvc_port, fixed_ips, 0, ip_address ] } 375 | } 376 | }, 377 | } 378 | networks: 379 | - port: { get_resource: pts_ctrl_port } 380 | - port: { get_resource: pts_srvc_port } 381 | - port: { get_resource: pts_port_sub_net1 } 382 | - port: { get_resource: pts_port_int_net1 } 383 | user_data_format: RAW 384 | user_data: | 385 | #cloud-config 386 | system_info: 387 | default_user: 388 | name: "sandvine" 389 | 390 | spb: 391 | type: OS::Nova::Server 392 | properties: 393 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-spb' } } 394 | key_name: { get_param: 'ssh_key' } 395 | image: { get_param: 'spb_image' } 396 | flavor: "m1.medium" 397 | metadata: 398 | { 399 | common: 400 | { 401 | int_subnet: { get_attr: [data_real_subnet1, cidr] } 402 | }, 403 | sde: 404 | { 405 | 1: 406 | { 407 | ip_c: { get_attr: [ sde_ctrl_port, fixed_ips, 0, ip_address ] }, 408 | ip_s: { get_attr: [ sde_srvc_port, fixed_ips, 0, ip_address ] } 409 | } 410 | }, 411 | pts: 412 | { 413 | 1: 414 | { 415 | ip_c: { get_attr: [ pts_ctrl_port, fixed_ips, 0, ip_address ] }, 416 | ip_s: { get_attr: [ pts_srvc_port, fixed_ips, 0, ip_address ] } 417 | } 418 | }, 419 | spb: 420 | { 421 | 1: 422 | { 423 | ip_c: { get_attr: [ spb_ctrl_port, fixed_ips, 0, ip_address ] }, 424 | ip_s: { get_attr: [ spb_srvc_port, fixed_ips, 0, ip_address ] } 425 | } 426 | }, 427 | } 428 | networks: 429 | - port: { get_resource: spb_ctrl_port } 430 | - port: { get_resource: spb_srvc_port } 431 | user_data_format: RAW 432 | user_data: | 433 | #cloud-config 434 | system_info: 435 | default_user: 436 | name: "sandvine" 437 | 438 | sde: 439 | type: OS::Nova::Server 440 | properties: 441 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-sde' } } 442 | key_name: { get_param: 'ssh_key' } 443 | image: { get_param: 'sde_image' } 444 | flavor: "m1.medium" 445 | metadata: 446 | { 447 | common: 448 | { 449 | int_subnet: { get_attr: [data_real_subnet1, cidr] } 450 | }, 451 | sde: 452 | { 453 | 1: 454 | { 455 | ip_c: { get_attr: [ sde_ctrl_port, fixed_ips, 0, ip_address ] }, 456 | ip_s: { get_attr: [ sde_srvc_port, fixed_ips, 0, ip_address ] } 457 | } 458 | }, 459 | pts: 460 | { 461 | 1: 462 | { 463 | ip_c: { get_attr: [ pts_ctrl_port, fixed_ips, 0, ip_address ] }, 464 | ip_s: { get_attr: [ pts_srvc_port, fixed_ips, 0, ip_address ] } 465 | } 466 | }, 467 | spb: 468 | { 469 | 1: 470 | { 471 | ip_c: { get_attr: [ spb_ctrl_port, fixed_ips, 0, ip_address ] }, 472 | ip_s: { get_attr: [ spb_srvc_port, fixed_ips, 0, ip_address ] } 473 | } 474 | }, 475 | } 476 | networks: 477 | - port: { get_resource: sde_ctrl_port } 478 | - port: { get_resource: sde_srvc_port } 479 | user_data_format: RAW 480 | user_data: | 481 | #cloud-config 482 | system_info: 483 | default_user: 484 | name: "sandvine" 485 | 486 | outputs: 487 | pts_floating_ip: 488 | description: The IP address of the deployed PTS instance 489 | value: { get_attr: [floating_ip_1, floating_ip_address] } 490 | 491 | sde_floating_ip: 492 | description: The IP address of the deployed SDE instance 493 | value: { get_attr: [floating_ip_2, floating_ip_address] } 494 | 495 | spb_floating_ip: 496 | description: The IP address of the deployed SPB instance 497 | value: { get_attr: [floating_ip_3, floating_ip_address] } 498 | -------------------------------------------------------------------------------- /misc/os-heat-templates/subscribers-example-yaml-block.txt: -------------------------------------------------------------------------------- 1 | parameters: 2 | 3 | ubuntusrv1_image: 4 | type: string 5 | label: "Ubuntu Server - 64-bit" 6 | description: "Ubuntu - Trusty Thar - LTS" 7 | default: "Ubuntu 14.04.3 LTS - Trusty Tahr - 64-bit - Cloud Based Image" 8 | 9 | debiansrv1_image: 10 | type: string 11 | label: "Debian - 64-bit" 12 | description: "Debian - Jessie" 13 | default: "Debian 8.1.0 - Jessie - 64-bit - Cloud Based Image" 14 | 15 | resources: 16 | 17 | ubuntusrv1: 18 | type: OS::Nova::Server 19 | properties: 20 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-ubuntu-server' } } 21 | key_name: { get_param: 'ssh_key' } 22 | image: { get_param: 'ubuntusrv1_image' } 23 | admin_user: "cloud" 24 | flavor: "m1.little" 25 | networks: 26 | - network: { get_resource: data_real_subnet1 } 27 | 28 | debiansrv1: 29 | type: OS::Nova::Server 30 | properties: 31 | name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } }, template: '$stack_name-debian-server' } } 32 | key_name: { get_param: 'ssh_key' } 33 | image: { get_param: 'debiansrv1_image' } 34 | admin_user: "cloud" 35 | flavor: "m1.little" 36 | networks: 37 | - network: { get_resource: data_real_subnet1 } 38 | -------------------------------------------------------------------------------- /misc/os-install-lbr.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Copyright 2016, Sandvine Incorporated. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | 18 | FQDN=$(hostname -f) 19 | 20 | 21 | clear 22 | 23 | 24 | echo 25 | echo "Welcome to OpenStack Kilo Deployment!" 26 | echo 27 | 28 | 29 | echo 30 | echo "Installing Git and Ansible..." 31 | echo 32 | sudo apt-get install -y git ansible=1.7.2+dfsg-1~ubuntu14.04.1 33 | 34 | 35 | echo 36 | echo "Cloning OpenStack Ansible Deployment Lite into your home directory..." 37 | echo 38 | cd ~ 39 | git clone -b kilo https://github.com/sandvine/os-ansible-deployment-lite.git 40 | 41 | 42 | echo 43 | echo "Deploying OpenStack..." 44 | echo 45 | echo "Bridge Mode: Linux Bridges" 46 | echo 47 | cd ~/os-ansible-deployment-lite 48 | ./os-deploy.sh --br-mode=LBR 49 | 50 | 51 | echo 52 | echo "Well done!" 53 | echo 54 | echo "Point your browser to http://$FQDN/horizon" 55 | echo 56 | echo "The credentials for both admin and demo users are stored at the" 57 | echo "admin-openrc.sh and demo-openrc.sh files located inside your home." 58 | echo 59 | echo "You can now launch your Stacks! Be it a NFV L2 Bridge or just a Wordpress." 60 | echo "There are a few examples here at your home, for example, you can try:" 61 | echo 62 | echo "source ~/demo-openrc.sh" 63 | echo 64 | echo "If you have 8~16G of RAM:" 65 | echo "heat stack-create demo -f ~/os-ansible-deployment-lite/misc/os-heat-templates/sandvine-stack-0.1-centos.yaml" 66 | echo 67 | echo "If you have 2~4G of RAM:" 68 | echo "heat stack-create demo -f ~/os-ansible-deployment-lite/misc/os-heat-templates/nfv-l2-bridge-basic-stack-ubuntu.yaml" 69 | echo 70 | echo "Enjoy it!" 71 | echo 72 | -------------------------------------------------------------------------------- /misc/os-install.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Copyright 2016, Sandvine Incorporated. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | 18 | FQDN=$(hostname -f) 19 | 20 | 21 | clear 22 | 23 | 24 | echo 25 | echo "Welcome to OpenStack Kilo Deployment!" 26 | echo 27 | 28 | 29 | echo 30 | echo "Installing Git and Ansible..." 31 | echo 32 | sudo apt-get install -y git ansible=1.7.2+dfsg-1~ubuntu14.04.1 33 | 34 | 35 | echo 36 | echo "Cloning OpenStack Ansible Deployment Lite into your home directory..." 37 | echo 38 | cd ~ 39 | git clone -b kilo https://github.com/sandvine/os-ansible-deployment-lite.git 40 | 41 | 42 | echo 43 | echo "Deploying OpenStack..." 44 | echo 45 | echo "Bridge Mode: Open vSwitch" 46 | echo 47 | cd ~/os-ansible-deployment-lite 48 | ./os-deploy.sh --br-mode=OVS 49 | 50 | 51 | echo 52 | echo "Well done!" 53 | echo 54 | echo "Point your browser to http://$FQDN/horizon" 55 | echo 56 | echo "The credentials for both admin and demo users are stored at the" 57 | echo "admin-openrc.sh and demo-openrc.sh files located inside your home." 58 | echo 59 | echo "You can now launch your Stacks! Be it a NFV L2 Bridge or just a Wordpress." 60 | echo "There are a few examples here at your home, for example, you can try:" 61 | echo 62 | echo "source ~/demo-openrc.sh" 63 | echo 64 | echo "If you have 8~16G of RAM:" 65 | echo "heat stack-create demo -f ~/os-ansible-deployment-lite/misc/os-heat-templates/sandvine-stack-0.1-centos.yaml" 66 | echo 67 | echo "If you have 2~4G of RAM:" 68 | echo "heat stack-create demo -f ~/os-ansible-deployment-lite/misc/os-heat-templates/nfv-l2-bridge-basic-stack-ubuntu.yaml" 69 | echo 70 | echo "Enjoy it!" 71 | echo 72 | -------------------------------------------------------------------------------- /os-deploy-vagrant.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Copyright 2016, Sandvine Incorporated. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | WHOAMI=vagrant 18 | 19 | HOSTNAME=controller-1 20 | FQDN=controller-1.yourdomain.com 21 | DOMAIN=yourdomain.com 22 | 23 | 24 | echo 25 | echo "The local configuration:" 26 | echo "You are:" $WHOAMI 27 | echo Hostname: $HOSTNAME 28 | echo FQDN: $FQDN 29 | echo Domain: $DOMAIN 30 | 31 | 32 | if [ -z $HOSTNAME ]; then 33 | echo "Hostname not found... Configure the file /etc/hostname with your hostname. ABORTING!" 34 | exit 1 35 | fi 36 | 37 | if [ -z $DOMAIN ]; then 38 | echo "Domain not found... Configure the file /etc/hosts with your \"IP + FQDN + HOSTNAME\". ABORTING!" 39 | exit 2 40 | fi 41 | 42 | if [ -z $FQDN ]; then 43 | echo "FQDN not found... Configure your /etc/hosts according. ABORTING!" 44 | exit 3 45 | fi 46 | 47 | 48 | echo 49 | echo "Configuring ansible/group_vars/all file based on current environment..." 50 | sed -i -e 's/controller-1.yourdomain.com/'$FQDN'/g' ansible/group_vars/all 51 | sed -i -e 's/yourdomain.com/'$DOMAIN'/g' ansible/group_vars/all 52 | 53 | 54 | echo 55 | echo "Configuring ansible/site.yml and OpenStack OpenRC files with your current $WHOAMI user..." 56 | sed -i -e 's/administrative/'$WHOAMI'/g' ansible/site.yml 57 | sed -i -e 's/administrative/'$WHOAMI'/g' ansible/roles/keystone/tasks/main.yml 58 | sed -i -e 's/administrative/'$WHOAMI'/g' ansible/roles/heat/tasks/main.yml 59 | 60 | 61 | DEFAULT_GW_INT=eth0 62 | 63 | echo 64 | echo "Your primary network interface is:" 65 | echo "dafault route via:" $DEFAULT_GW_INT 66 | 67 | echo 68 | echo "Preparing Ansible templates based on current default gateway interface..." 69 | sed -i -e 's/eth0/'$DEFAULT_GW_INT'/g' ansible/roles/nova_aio/templates/nova.conf 70 | sed -i -e 's/eth0/'$DEFAULT_GW_INT'/g' ansible/roles/cinder/templates/cinder.conf 71 | 72 | 73 | echo 74 | echo "After the deployment, you'll need a iptables MASQUERADE rule to allow your" 75 | echo "Instances to reach the Internet, add the following to your /etc/rc.local:" 76 | echo 77 | echo "iptables -t nat -I POSTROUTING 1 -o $DEFAULT_GW_INT -j MASQUERADE" 78 | 79 | 80 | echo 81 | echo "Running Ansible through Vagrant, deploying OpenStack:" 82 | echo 83 | 84 | vagrant up 85 | -------------------------------------------------------------------------------- /os-deploy.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Copyright 2016, Sandvine Incorporated. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | 18 | # Get options, both Linux Bridges and Open vSwitch (default) are supported. 19 | # You can also use --dry-run to NOT run Ansible in the end, just prepare the 20 | # configuration files. 21 | for i in "$@" 22 | do 23 | case $i in 24 | --br-mode=*) 25 | BR_MODE="${i#*=}" 26 | shift 27 | ;; 28 | --dry-run) 29 | DRYRUN="yes" 30 | shift 31 | ;; 32 | esac 33 | done 34 | 35 | # Open vSwitch is the default. 36 | if [ -z $BR_MODE ] 37 | then 38 | BR_MODE=OVS 39 | fi 40 | 41 | # Validade the BR_MODE variable. 42 | if ! [[ "$BR_MODE" = "OVS" || "$BR_MODE" = "LBR" ]] 43 | then 44 | echo 45 | echo "Aborting!!!" 46 | echo "You need to correctly specify the Bridge Mode for your OpenStack." 47 | echo 48 | echo "Try:" 49 | echo "./os-deploy.sh --br-mode=OVS # For Open vSwitch." 50 | echo "./os-deploy.sh --br-mode=LBR # For Linux Bridges." 51 | exit 1 52 | fi 53 | 54 | 55 | # Detect some of the local settings: 56 | WHOAMI=$(whoami) 57 | HOSTNAME=$(hostname) 58 | FQDN=$(hostname -f) 59 | DOMAIN=$(hostname -d) 60 | 61 | 62 | # If the hostname and hosts file aren't configured according, abort. 63 | if [ -z $HOSTNAME ]; then 64 | echo "Hostname not found... Configure the file /etc/hostname with your hostname. ABORTING!" 65 | exit 1 66 | fi 67 | 68 | if [ -z $DOMAIN ]; then 69 | echo "Domain not found... Configure the file /etc/hosts with your \"IP + FQDN + HOSTNAME\". ABORTING!" 70 | exit 1 71 | fi 72 | 73 | if [ -z $FQDN ]; then 74 | echo "FQDN not found... Configure your /etc/hosts according. ABORTING!" 75 | exit 1 76 | fi 77 | 78 | 79 | # Display local configuration 80 | echo 81 | echo "The detected local configuration are:" 82 | echo 83 | echo "You are:" $WHOAMI 84 | echo "Hostname:" $HOSTNAME 85 | echo "FQDN:" $FQDN 86 | echo "Domain:" $DOMAIN 87 | 88 | 89 | # Configuring dummy interfaces now and on boot 90 | DUMMY="dummy" 91 | 92 | if grep -q "$DUMMY" /etc/modules 93 | then 94 | 95 | echo 96 | echo "Dummy module already configured..." 97 | 98 | else 99 | 100 | echo 101 | echo "Configuring dummy module at /etc/modules..." 102 | sudo tee --append /etc/modules > /dev/null < /dev/null < /dev/null < /dev/null <