Merge pull request redhat-openstack#2 from gildub/multi-nodes

Multi nodes
dzungdo · Sep 9, 2013 · 830aed7 · 830aed7
2 parents 6c503e6 + c124f1c
commit 830aed7
Show file tree

Hide file tree

Showing 5 changed files with 296 additions and 79 deletions.
diff --git a/bin/bridge-create.sh b/bin/bridge-create.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+# Create resilient OVS bridge, move IP from physical interface to bridge, attach physical interface
+
+BRIDGE_NAME=$1
+PHYSICAL_INTERFACE=$2
+
+# create openvswitch bridge
+/usr/bin/ovs-vsctl --may-exist add-br ${BRIDGE_NAME}
+
+# mv physical interface config 
+/bin/mv /etc/sysconfig/network-scripts/ifcfg-${PHYSICAL_INTERFACE} /etc/sysconfig/network-scripts/ifcfg-${BRIDGE_NAME}
+
+# unset HWADDR key if exists
+/bin/sed -i s/HWADDR=.*// /etc/sysconfig/network-scripts/ifcfg-${BRIDGE_NAME} 
+
+# unset UUID key if exists
+/bin/sed -i s/UUID=.*// /etc/sysconfig/network-scripts/ifcfg-${BRIDGE_NAME}
+
+# set bridge name
+/bin/sed -i s/DEVICE=.*/DEVICE=${BRIDGE_NAME}/ /etc/sysconfig/network-scripts/ifcfg-${BRIDGE_NAME}
+
+# set bridge type
+/bin/sed -i s/TYPE=.*/TYPE=OVSBridge/ /etc/sysconfig/network-scripts/ifcfg-${BRIDGE_NAME}
+
+# set bridge device type
+/bin/echo -e "DEVICETYPE=ovs" >> /etc/sysconfig/network-scripts/ifcfg-${BRIDGE_NAME}
+
+# create new physical interface config 
+cat > /etc/sysconfig/network-scripts/ifcfg-${PHYSICAL_INTERFACE} <<EOF
+DEVICE=$PHYSICAL_INTERFACE
+DEVICETYPE=ovs
+TYPE=OVSPort
+BOOTPROTO=none
+OVS_BRIDGE=${BRIDGE_NAME}
+ONBOOT=yes
+EOF
+
+# switch on bridge and restart network - atomic operation
+/usr/bin/ovs-vsctl --may-exist add-port ${BRIDGE_NAME} $PHYSICAL_INTERFACE; service network restart 
+
diff --git a/puppet/modules/quickstack/manifests/compute.pp b/puppet/modules/quickstack/manifests/compute.pp
@@ -1,79 +1,128 @@
 # Common quickstack configurations
 class quickstack::compute (
- $fixed_network_range = $quickstack::params::fixed_network_range,
- $floating_network_range = $quickstack::params::floating_network_range,
- $nova_db_password = $quickstack::params::nova_db_password,
- $nova_user_password = $quickstack::params::nova_user_password,
- $pacemaker_priv_floating_ip = $quickstack::params::pacemaker_priv_floating_ip,
- $private_interface = $quickstack::params::private_interface,
- $public_interface = $quickstack::params::public_interface,
- $verbose = $quickstack::params::verbose,
+ $admin_password = $quickstack::params::admin_password,
+ $fixed_network_range = $quickstack::params::fixed_network_range,
+ $floating_network_range = $quickstack::params::floating_network_range,
+ $neutron_db_password = $quickstack::params::neutron_db_password,
+ $neutron_user_password = $quickstack::params::neutron_user_password,
+ $nova_db_password = $quickstack::params::nova_db_password,
+ $nova_user_password = $quickstack::params::nova_user_password,
+ $pacemaker_priv_floating_ip = $quickstack::params::pacemaker_priv_floating_ip,
+ $pacemaker_pub_floating_ip = $quickstack::params::pacemaker_pub_floating_ip,
+ $private_interface = $quickstack::params::private_interface,
+ $public_interface = $quickstack::params::public_interface,
+ $verbose = $quickstack::params::verbose,
 ) inherits quickstack::params {
 
- # Configure Nova
- nova_config{
- 'DEFAULT/auto_assign_floating_ip': value => 'True';
- #"DEFAULT/network_host": value => ${pacemaker_priv_floating_ip;
- "DEFAULT/network_host": value => "$::ipaddress";
- "DEFAULT/libvirt_inject_partition": value => "-1";
- #"DEFAULT/metadata_host": value => "$pacemaker_priv_floating_ip";
- "DEFAULT/metadata_host": value => "$::ipaddress";
- "DEFAULT/multi_host": value => "True";
- }
+ # Configure Nova
+ nova_config{
+ 'DEFAULT/libvirt_inject_partition': value => '-1';
 
- class { 'nova':
- sql_connection => "mysql:https://nova:${nova_db_password}@${pacemaker_priv_floating_ip}/nova",
- image_service => 'nova.image.glance.GlanceImageService',
- glance_api_servers => "http:https://$pacemaker_priv_floating_ip:9292/v1",
- rpc_backend => 'nova.openstack.common.rpc.impl_qpid',
- qpid_hostname => $pacemaker_priv_floating_ip,
- verbose => $verbose,
- }
+ ### Networking
+ #'DEFAULT/service_neutron_metadata_proxy': value => 'True';
+ #'DEFAULT/neutron_metadata_proxy_shared_secret': value => 'secret';
 
- # uncomment if on a vm
- # GSutclif: Maybe wrap this in a Facter['is-virtual'] test ?
- #file { "/usr/bin/qemu-system-x86_64":
- # ensure => link,
- # target => "/usr/libexec/qemu-kvm",
- # notify => Service["nova-compute"],
- #}
- #nova_config{
- # "libvirt_cpu_mode": value => "none";
- #}
-
- class { 'nova::compute::libvirt':
- #libvirt_type => "qemu", # uncomment if on a vm
- vncserver_listen => "$::ipaddress",
- }
+ # To review if obsolete (nova network)
+ # 'DEFAULT/auto_assign_floating_ip': value => 'True';
+ # 'DEFAULT/network_host': value => $pacemaker_priv_floating_ip;
+ # 'DEFAULT/metadata_host': value => $pacemaker_priv_floating_ip;
+ # 'DEFAULT/auto_assign_floating_ip': value => 'True';
+ # 'DEFAULT/multi_host': value => 'True';
+ # 'DEFAULT/force_dhcp_release': value => 'False';
 
- class {"nova::compute":
-  enabled => true,
-  vncproxy_host => "$pacemaker_priv_floating_ip",
-  vncserver_proxyclient_address => "$ipaddress",
+  'keystone_authtoken/admin_tenant_name': value => 'admin';
+ 'keystone_authtoken/admin_user': value => 'admin';
+ 'keystone_authtoken/admin_password': value => $admin_password;
+ 'keystone_authtoken/auth_host': value => $pacemaker_priv_floating_ip;
  }
 
- class { 'nova::api':
- enabled => true,
- admin_password => "$nova_user_password",
- auth_host => "$pacemaker_priv_floating_ip",
- }
+ class { 'nova':
+ sql_connection => "mysql:https://nova:${nova_db_password}@${pacemaker_priv_floating_ip}/nova",
+ image_service => 'nova.image.glance.GlanceImageService',
+ glance_api_servers => "http:https://${pacemaker_priv_floating_ip}:9292/v1",
+ rpc_backend => 'nova.openstack.common.rpc.impl_qpid',
+ qpid_hostname => $pacemaker_priv_floating_ip,
+ verbose => $verbose,
+ }
 
- class { 'nova::network':
- private_interface => "$private_interface",
- public_interface => "$public_interface",
- fixed_range => "$fixed_network_range",
- floating_range => "$floating_network_range",
- network_manager => "nova.network.manager.FlatDHCPManager",
- config_overrides => {"force_dhcp_release" => false},
- create_networks => true,
- enabled => true,
- install_service => true,
- }
+ # uncomment if on a vm
+ # GSutclif: Maybe wrap this in a Facter['is-virtual'] test ?
+ #file { "/usr/bin/qemu-system-x86_64":
+ # ensure => link,
+ # target => "/usr/libexec/qemu-kvm",
+ # notify => Service["nova-compute"],
+ #}
+ #nova_config{
+ # "libvirt_cpu_mode": value => "none";
+ #}
 
- firewall { '001 nove compute incoming':
- proto => 'tcp',
- dport => '5900-5999',
- action => 'accept',
- }
+ class { 'nova::compute::libvirt':
+ #libvirt_type => "qemu", # uncomment if on a vm
+ vncserver_listen => $::ipaddress,
+ }
+
+ class { 'nova::compute':
+ enabled => true,
+ vncproxy_host => $pacemaker_pub_floating_ip,
+ vncserver_proxyclient_address => $::ipaddress,
+ }
+
+ class { 'nova::api':
+ enabled => true,
+ admin_password => $nova_user_password,
+ auth_host => $pacemaker_priv_floating_ip,
+ }
+
+ #class { 'nova::network':
+ # private_interface => "$private_interface",
+ # public_interface => "$public_interface",
+ # fixed_range => "$fixed_network_range",
+ # floating_range => "$floating_network_range",
+ # network_manager => "nova.network.manager.FlatDHCPManager",
+ # config_overrides => {"force_dhcp_release" => false},
+ # create_networks => true,
+ # enabled => true,
+ # install_service => true,
+ #}
+
+ ### Neutron
+ class { '::neutron':
+ allow_overlapping_ips => true,
+ rpc_backend => 'neutron.openstack.common.rpc.impl_qpid',
+ qpid_hostname => $pacemaker_priv_floating_ip,
+ }
+
+ # Neutron config
+ neutron_config {
+ 'database/connection': value => "mysql:https://neutron:${neutron_db_password}@${pacemaker_priv_floating_ip}/neutron";
+
+ 'keystone_authtoken/auth_host': value => $pacemaker_priv_floating_ip;
+ 'keystone_authtoken/admin_tenant_name': value => 'admin';
+ 'keystone_authtoken/admin_user': value => 'admin';
+ 'keystone_authtoken/admin_password': value => $admin_password;
+ }
+
+ # Plugin
+ class { '::neutron::plugins::ovs':
+ sql_connection => "mysql:https://neutron:${neutron_db_password}@${pacemaker_priv_floating_ip}/neutron",
+ tenant_network_type => 'gre',
+ }
+
+ # Agent
+ class { '::neutron::agents::ovs':
+ local_ip => $::ipaddress,
+ enable_tunneling => true,
+ } 
+
+ class { '::nova::network::neutron':
+ neutron_admin_password => $neutron_user_password,
+ neutron_url => "http:https://${pacemaker_priv_floating_ip}:9696",
+ neutron_admin_auth_url => "http:https://${pacemaker_priv_floating_ip}:35357/v2.0",
+ }
 
+ firewall { '001 nova compute incoming':
+ proto => 'tcp',
+ dport => '5900-5999',
+ action => 'accept',
+ }
 }
diff --git a/puppet/modules/quickstack/manifests/controller.pp b/puppet/modules/quickstack/manifests/controller.pp
@@ -13,6 +13,8 @@
  $keystone_admin_token = $quickstack::params::keystone_admin_token,
  $keystone_db_password = $quickstack::params::keystone_db_password,
  $mysql_root_password = $quickstack::params::mysql_root_password,
+ $neutron_db_password = $quickstack::params::neutron_db_password,
+ $neutron_user_password = $quickstack::params::neutron_user_password,
  $nova_db_password = $quickstack::params::nova_db_password,
  $nova_user_password = $quickstack::params::nova_user_password,
  $pacemaker_priv_floating_ip = $quickstack::params::pacemaker_priv_floating_ip,
@@ -47,7 +49,7 @@
  glance_db_password => $glance_db_password,
  nova_db_password => $nova_db_password,
  cinder_db_password => $cinder_db_password,
- neutron_db_password => '',
+ neutron_db_password => $neutron_db_password,
 
  # MySQL
  mysql_bind_address => '0.0.0.0',
@@ -57,9 +59,9 @@
  cinder => false,
 
  # neutron
- neutron => false,
+ neutron => true,
 
- allowed_hosts => '%',
+ allowed_hosts => ['%','host11.internal.oslab.priv'],
  enabled => true,
  }
 
@@ -76,7 +78,7 @@
  glance_user_password => $glance_user_password,
  nova_user_password => $nova_user_password,
  cinder_user_password => $cinder_user_password,
- neutron_user_password => "",
+ neutron_user_password => $neutron_user_password,
  public_address => $pacemaker_pub_floating_ip,
  admin_address => $pacemaker_priv_floating_ip,
  internal_address => $pacemaker_priv_floating_ip,
@@ -92,10 +94,10 @@
  }
 
  class {'openstack::glance':
- db_host  => $pacemaker_priv_floating_ip,
+ db_host => $pacemaker_priv_floating_ip,
  user_password => $glance_user_password,
  db_password => $glance_db_password,
- require  => Class['openstack::db::mysql'],
+ require => Class['openstack::db::mysql'],
  }
 
  # Configure Nova
@@ -112,12 +114,18 @@
  enabled => true,
  admin_password => $nova_user_password,
  auth_host => $pacemaker_priv_floating_ip,
+ neutron_metadata_proxy_shared_secret => 'shared_secret',
  }
 
  nova_config {
  'DEFAULT/auto_assign_floating_ip': value => 'True';
  'DEFAULT/multi_host': value => 'True';
  'DEFAULT/force_dhcp_release': value => 'False';
+
+ 'keystone_authtoken/admin_tenant_name': value => 'admin';
+ 'keystone_authtoken/admin_user': value => 'admin';
+ 'keystone_authtoken/admin_password': value => $admin_password;
+ 'keystone_authtoken/auth_host': value => '127.0.0.1'; 
  }
 
  class { [ 'nova::scheduler', 'nova::cert', 'nova::consoleauth', 'nova::conductor' ]:
@@ -147,20 +155,60 @@
 
  class {'memcached':}
 
-# Double definition - This seems to have appeared with Puppet 3.x
-# class {'apache':}
-# class {'apache::mod::wsgi':}
-# file { '/etc/httpd/conf.d/openstack-dashboard.conf':}
+ ### Neutron
+ # Configures everything in neutron.conf
+ class { '::neutron': 
+ enabled => true,
+ verbose => true,
+ allow_overlapping_ips => true,
+ rpc_backend => 'neutron.openstack.common.rpc.impl_qpid',
+ qpid_hostname => $pacemaker_priv_floating_ip,
+ }
+
+ # To be done by neutron module
+ neutron_config {
+ 'database/connection': value => "mysql:https://neutron:${neutron_db_password}@${pacemaker_priv_floating_ip}/neutron";
+ }
+
+ class { '::neutron::keystone::auth': 
+ password => $admin_password,
+ public_address => $pacemaker_pub_floating_ip,
+ admin_address => $pacemaker_priv_floating_ip,
+ internal_address => $pacemaker_priv_floating_ip,
+ }
+
+ # The API server talks to keystone for authorisation
+ class { '::neutron::server':
+ auth_host => $::ipaddress,
+ auth_password => $admin_password,
+ } 
+
+ neutron_plugin_ovs {
+ 'OVS/enable_tunneling': value => 'True';
+
+ 'SECURITYGROUP/firewall_driver': 
+ value => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver';
+ } 
+
+ # Plugin
+ class { '::neutron::plugins::ovs':
+ sql_connection => "mysql:https://neutron:${neutron_db_password}@${pacemaker_priv_floating_ip}/neutron",
+ tenant_network_type => 'gre',
+ } 
+
+ class { '::nova::network::neutron':
+ neutron_admin_password => $neutron_user_password,
+ }
 
  firewall { '001 controller incoming':
  proto => 'tcp',
  # need to refine this list
- dport => ['80', '3306', '5000', '35357', '5672', '8773', '8774', '8775', '8776', '9292', '6080'],
+ dport => ['80', '3306', '5000', '35357', '5672', '8773', '8774', '8775', '8776', '9292', '6080', '9696'],
  action => 'accept',
  }
-
+ 
  if ($::selinux != "false"){
- selboolean{'httpd_can_network_connect':
+ selboolean { 'httpd_can_network_connect':
  value => on,
  persistent => true,
  }