def createcomputemanifest(config):
dirty = controller.CONF["CONFIG_NOVA_COMPUTE_HOSTS"].split(",")
hostlist = [i.strip() for i in dirty if i.strip()]
for host in hostlist:
controller.CONF["CONFIG_NOVA_COMPUTE_HOST"] = host
manifestdata = getManifestTemplate("nova_compute.pp")
if controller.CONF["CONFIG_CINDER_INSTALL"] == "y" and controller.CONF["CONFIG_CINDER_BACKEND"] == "gluster":
manifestdata += getManifestTemplate("nova_gluster.pp")
if controller.CONF["CONFIG_CINDER_INSTALL"] == "y" and controller.CONF["CONFIG_CINDER_BACKEND"] == "nfs":
manifestdata += getManifestTemplate("nova_nfs.pp")
manifestfile = "%s_nova.pp" % host
nova_config_options = NovaConfig()
if controller.CONF["CONFIG_NEUTRON_INSTALL"] != "y":
if host != controller.CONF["CONFIG_NOVA_NETWORK_HOST"]:
nova_config_options.addOption("DEFAULT/flat_interface", controller.CONF["CONFIG_NOVA_COMPUTE_PRIVIF"])
check_ifcfg(host, controller.CONF["CONFIG_NOVA_COMPUTE_PRIVIF"])
try:
bring_up_ifcfg(host, controller.CONF["CONFIG_NOVA_COMPUTE_PRIVIF"])
except ScriptRuntimeError as ex:
# just warn user to do it by himself
controller.MESSAGES.append(str(ex))
if controller.CONF["CONFIG_CEILOMETER_INSTALL"] == "y":
manifestdata += getManifestTemplate("nova_ceilometer.pp")
appendManifestFile(manifestfile, manifestdata + "\n" + nova_config_options.getManifestEntry())
def create_manifest(config, messages):
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata += getManifestTemplate("cinder.pp")
if config['CONFIG_CINDER_BACKEND'] == "lvm":
manifestdata += getManifestTemplate("cinder_lvm.pp")
elif config['CONFIG_CINDER_BACKEND'] == "gluster":
manifestdata += getManifestTemplate("cinder_gluster.pp")
elif config['CONFIG_CINDER_BACKEND'] == "nfs":
manifestdata += getManifestTemplate("cinder_nfs.pp")
elif config['CONFIG_CINDER_BACKEND'] == "vmdk":
manifestdata += getManifestTemplate("cinder_vmdk.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer.pp')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "['3260', '8776']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['CONFIG_VMWARE_BACKEND'] == 'n'):
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
else:
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone")
manifestdata += getManifestTemplate("apache_ports")
if config['CONFIG_IP_VERSION'] == 'ipv6':
host = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_KEYSTONE_HOST_URL'] = "[%s]" % host
else:
config['CONFIG_KEYSTONE_HOST_URL'] = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_KEYSTONE_PUBLIC_URL'] = "http://%s:5000/%s" % (
config['CONFIG_KEYSTONE_HOST_URL'],
config['CONFIG_KEYSTONE_API_VERSION']
)
config['CONFIG_KEYSTONE_ADMIN_URL'] = "http://%s:35357" % (
config['CONFIG_KEYSTONE_HOST_URL']
)
fw_details = dict()
key = "keystone"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "keystone"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5000', '35357']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_KEYSTONE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES')
appendManifestFile(manifestfile, manifestdata)
def createstoragemanifest(config):
# this need to happen once per storage host
for host in set([device["host"] for device in devices]):
controller.CONF["CONFIG_SWIFT_STORAGE_CURRENT"] = host
manifestfile = "%s_swift.pp" % host
manifestdata = getManifestTemplate("swift_storage.pp")
appendManifestFile(manifestfile, manifestdata)
# this need to happen once per storage device
for device in devices:
host = device["host"]
devicename = device["device_name"]
device = device["device"]
if device:
check_device(host, device)
manifestfile = "%s_swift.pp" % host
if device:
manifestdata = "\n" + 'swift::storage::%s{"%s":\n device => "/dev/%s",\n}' % (
controller.CONF["CONFIG_SWIFT_STORAGE_FSTYPE"],
devicename,
device,
)
else:
controller.CONF["SWIFT_STORAGE_DEVICES"] = "'%s'" % devicename
manifestdata = "\n" + getManifestTemplate("swift_loopback.pp")
appendManifestFile(manifestfile, manifestdata)
def create_api_manifest(config, messages):
# Since this step is running first, let's create necesary variables here
# and make them global
global compute_hosts, network_hosts
com_var = config.get("CONFIG_COMPUTE_HOSTS", "")
compute_hosts = set([i.strip() for i in com_var.split(",") if i.strip()])
net_var = config.get("CONFIG_NETWORK_HOSTS", "")
network_hosts = set([i.strip() for i in net_var.split(",") if i.strip()])
# This is a hack around us needing to generate the neutron metadata
# password, but the nova puppet plugin uses the existence of that
# password to determine whether or not to configure neutron metadata
# proxy support. So the nova_api.pp template needs unquoted 'undef'
# to disable metadata support if neutron is not being installed.
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef'
else:
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = \
"'%s'" % config['CONFIG_NEUTRON_METADATA_PW']
manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_api.pp")
config['FIREWALL_SERVICE_NAME'] = "nova api"
config['FIREWALL_PORTS'] = "['8773', '8774', '8775']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "nova_api"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_dhcp_manifests(config, messages):
global network_hosts
plugin = config['CONFIG_NEUTRON_L2_PLUGIN']
for host in network_hosts:
config["CONFIG_NEUTRON_DHCP_HOST"] = host
config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config)
manifest_data = getManifestTemplate("neutron_dhcp.pp")
manifest_file = "%s_neutron.pp" % (host,)
# Firewall Rules for dhcp in
config['FIREWALL_PROTOCOL'] = 'udp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in: "
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_in_%s" % host
config['FIREWALL_PORTS'] = "'67'"
config['FIREWALL_CHAIN'] = "INPUT"
manifest_data += getManifestTemplate("firewall.pp")
# Firewall Rules for dhcp out
config['FIREWALL_PROTOCOL'] = 'udp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out: "
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_out_%s" % host
config['FIREWALL_PORTS'] = "'68'"
config['FIREWALL_CHAIN'] = "OUTPUT"
manifest_data += getManifestTemplate("firewall.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_TROVE_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_trove.crt'
)
ssl_key_file = config['CONFIG_TROVE_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_trove.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'trove'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
if (config['CONFIG_TROVE_NOVA_USER'] == 'trove' and
config['CONFIG_TROVE_NOVA_PW'] == ''):
config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_TROVE_KS_PW']
manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "trove"))
manifestdata += getManifestTemplate('trove.pp')
fw_details = dict()
key = "trove"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "trove api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8779']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_TROVE_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='trove')
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_SAHARA_HOST']
ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_sahara.crt'
)
ssl_key_file = config['CONFIG_SAHARA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_sahara.key'
)
service = 'sahara'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate(get_mq(config, "sahara"))
manifestdata += getManifestTemplate("sahara.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('sahara_ceilometer')
fw_details = dict()
key = "sahara-api"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "sahara api"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8386"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_SAHARA_CFN_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES")
appendManifestFile(manifestfile, manifestdata, marker='sahara')
def createstoragemanifest():
# this need to happen once per storage host
for host in set([device['host'] for device in devices]):
controller.CONF["CONFIG_SWIFT_STORAGE_CURRENT"] = host
manifestfile = "%s_swift.pp"%host
manifestdata = getManifestTemplate("swift_storage.pp")
appendManifestFile(manifestfile, manifestdata)
# this need to happen once per storage device
for device in devices:
host = device['host']
devicename = device['device_name']
device = device['device']
server = utils.ScriptRunner(host)
validate.r_validateDevice(server, device)
server.execute()
manifestfile = "%s_swift.pp"%host
if device:
manifestdata = "\n" + 'swift::storage::%s{"%s":\n device => "/dev/%s",\n}'% (controller.CONF["CONFIG_SWIFT_STORAGE_FSTYPE"], devicename, device)
else:
controller.CONF["SWIFT_STORAGE_DEVICES"] = "'%s'"%devicename
manifestdata = "\n" + getManifestTemplate("swift_loopback.pp")
appendManifestFile(manifestfile, manifestdata)
def createL2AgentManifests(config):
global compute_hosts, dhcp_host, l3_hosts
if controller.CONF["CONFIG_NEUTRON_L2_PLUGIN"] == "openvswitch":
host_var = 'CONFIG_NEUTRON_OVS_HOST'
template_name = 'neutron_ovs_agent.pp'
bm_arr = get_values(controller.CONF["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(controller.CONF["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be properly
# formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B, C' should formatted as '['A','B','C']'.
controller.CONF["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = str(bm_arr)
elif controller.CONF["CONFIG_NEUTRON_L2_PLUGIN"] == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent.pp'
else:
raise KeyError("Unknown layer2 agent")
# Install l2 agents on every compute host in addition to any hosts listed
# specifically for the l2 agent
for host in compute_hosts | dhcp_hosts | l3_hosts:
controller.CONF[host_var] = host
manifestfile = "%s_neutron.pp" % (host,)
manifestdata = getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
if controller.CONF["CONFIG_NEUTRON_L2_PLUGIN"] == "openvswitch":
for if_map in iface_arr:
controller.CONF['CONFIG_NEUTRON_OVS_BRIDGE'], controller.CONF['CONFIG_NEUTRON_OVS_IFACE'] = if_map.split(':')
manifestdata = getManifestTemplate("neutron_ovs_port.pp")
appendManifestFile(manifestfile, manifestdata + "\n")
def create_common_manifest(config, messages):
global compute_hosts, network_hosts
network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and
'neutron' or 'nova')
network_multi = len(network_hosts) > 1
dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
dbacces_hosts |= network_hosts
for manifestfile, marker in manifestfiles.getFiles():
if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1)
host = host.strip()
if host in compute_hosts and host not in dbacces_hosts:
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
else:
perms = "nova:%(CONFIG_NOVA_DB_PW)s"
sqlconn = "mysql://%s@%%(CONFIG_MYSQL_HOST)s/nova" % perms
config['CONFIG_NOVA_SQL_CONN'] = sqlconn % config
# for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host
if (network_type == 'nova' and network_multi and
host in compute_hosts):
metadata = host
else:
metadata = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_NOVA_METADATA_HOST'] = metadata
data = getManifestTemplate(get_mq(config, "nova_common"))
data += getManifestTemplate("nova_common.pp")
appendManifestFile(os.path.split(manifestfile)[1], data)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_glance.crt'
)
ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_glance.key'
)
service = 'glance'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
# Setting the default to 'swift' when Ironic is enabled
if config['CONFIG_IRONIC_INSTALL'] == 'y':
backend = 'swift'
config['CONFIG_GLANCE_BACKEND'] = backend
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_ntp_manifest(config, messages):
srvlist = [i.strip()
for i in config['CONFIG_NTP_SERVERS'].split(',')
if i.strip()]
config['CONFIG_NTP_SERVERS'] = ' '.join(srvlist)
definiton = '\n'.join(['server %s' % i for i in srvlist])
config['CONFIG_NTP_SERVER_DEF'] = '%s\n' % definiton
marker = uuid.uuid4().hex[:16]
for hostname in filtered_hosts(config):
releaseos = config['HOST_DETAILS'][hostname]['os']
releasever = config['HOST_DETAILS'][hostname]['release'].split('.')[0]
# Configure chrony for Fedora or RHEL/CentOS 7
if releaseos == 'Fedora' or releasever == '7':
manifestdata = getManifestTemplate('chrony.pp')
appendManifestFile('%s_chrony.pp' % hostname,
manifestdata,
marker=marker)
# For previous versions, configure ntpd
else:
manifestdata = getManifestTemplate('ntpd.pp')
appendManifestFile('%s_ntpd.pp' % hostname,
manifestdata,
marker=marker)
def create_manifest(config, messages):
if config["CONFIG_AMQP_ENABLE_SSL"] == "y":
ssl_host = config["CONFIG_CONTROLLER_HOST"]
ssl_cert_file = config["CONFIG_HEAT_SSL_CERT"] = "/etc/pki/tls/certs/ssl_amqp_heat.crt"
ssl_key_file = config["CONFIG_HEAT_SSL_KEY"] = "/etc/pki/tls/private/ssl_amqp_heat.key"
service = "heat"
generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file)
manifestfile = "%s_heat.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "heat"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8004"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_HEAT_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_HEAT_RULES")
appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_manifest(config, messages):
manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "aodh"))
manifestdata += getManifestTemplate("aodh")
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_aodh.crt'
)
ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_aodh.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'aodh'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "aodh_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "aodh-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8042']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AODH_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AODH_RULES')
appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_manifest(config, messages):
if config['CONFIG_MARIADB_INSTALL'] == 'y':
suffix = 'install'
host = config['CONFIG_MARIADB_HOST']
else:
suffix = 'noinstall'
host = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_mariadb.pp" % host
manifestdata = [getManifestTemplate('mariadb_%s.pp' % suffix)]
def append_for(module, suffix):
# Modules have to be appended to the existing mysql.pp
# otherwise pp will fail for some of them saying that
# Mysql::Config definition is missing.
template = "mariadb_%s_%s.pp" % (module, suffix)
manifestdata.append(getManifestTemplate(template))
append_for("keystone", suffix)
for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat']:
if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y':
append_for(mod, suffix)
hosts = filtered_hosts(config, exclude=False, dbhost=True)
config['FIREWALL_SERVICE_NAME'] = "mariadb"
config['FIREWALL_PORTS'] = "'3306'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "mariadb_%s" % host
manifestdata.append(getManifestTemplate("firewall.pp"))
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def createManifest(config):
global q_hosts
service_plugins = []
if config['CONFIG_NEUTRON_LBAAS_HOSTS']:
lbp = 'neutron.services.loadbalancer.plugin.LoadBalancerPlugin'
service_plugins.append(lbp)
config['SERVICE_PLUGINS'] = (str(service_plugins) if service_plugins
else 'undef')
for host in q_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron_api.pp")
# Firewall Rules
config['FIREWALL_ALLOWED'] = ",".join(["'%s'" % i for i in q_hosts])
config['FIREWALL_SERVICE_NAME'] = "neutron"
config['FIREWALL_PORTS'] = "'9696','67','68'"
manifest_data += getManifestTemplate("firewall.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron')
# Set up any l2 plugin configs we need anywhere we install neutron
# XXX I am not completely sure about this, but it seems necessary
if controller.CONF['CONFIG_NEUTRON_L2_PLUGIN'] == 'openvswitch':
nettype = config.get("CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE", "local")
manifest_data = getManifestTemplate("neutron_ovs_plugin_%s.pp" % (nettype,))
appendManifestFile(manifest_file, manifest_data, 'neutron')
elif controller.CONF['CONFIG_NEUTRON_L2_PLUGIN'] == 'linuxbridge':
manifest_data = getManifestTemplate("neutron_lb_plugin.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron')
def createmanifest(config):
manifestfile = "%s_qpid.pp"%config['CONFIG_QPID_HOST']
manifestdata = ""
ssl_manifestdata = ""
server = utils.ScriptRunner(config['CONFIG_QPID_HOST'])
ports = set(["'5672'"])
if config['CONFIG_QPID_ENABLE_SSL'] == 'y':
ports.add("'%s'" % (config['CONFIG_QPID_SSL_PORT']))
config['CONFIG_QPID_ENABLE_SSL'] = 'true'
if config['CONFIG_QPID_SSL_SELF_SIGNED'] == 'y':
server.append( "openssl req -batch -new -x509 -nodes -keyout %s -out %s -days 1095"
% (config['CONFIG_QPID_SSL_KEY_FILE'], config['CONFIG_QPID_SSL_CERT_FILE']) )
server.execute()
ssl_manifestdata = getManifestTemplate('qpid_ssl.pp')
else:
#Set default values
config['CONFIG_QPID_SSL_PORT'] = "5671"
config['CONFIG_QPID_SSL_CERT_FILE'] = ""
config['CONFIG_QPID_SSL_KEY_FILE'] = ""
config['CONFIG_QPID_NSS_CERTDB_PW'] = ""
config['CONFIG_QPID_ENABLE_SSL'] = 'false'
manifestdata = getManifestTemplate('qpid.pp')
manifestdata += ssl_manifestdata
#All hosts should be able to talk to qpid
hosts = ["'%s'" % i for i in filtered_hosts(config, exclude=False)]
config['FIREWALL_ALLOWED'] = ','.join(hosts)
config['FIREWALL_SERVICE_NAME'] = "qpid"
config['FIREWALL_PORTS'] = ','.join(ports)
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages):
if config['CONFIG_MYSQL_INSTALL'] == 'y':
install = True
suffix = 'install'
else:
install = False
suffix = 'noinstall'
manifestfile = "%s_mysql.pp" % config['CONFIG_MYSQL_HOST']
manifestdata = [getManifestTemplate('mysql_%s.pp' % suffix)]
def append_for(module, suffix):
# Modules have to be appended to the existing mysql.pp
# otherwise pp will fail for some of them saying that
# Mysql::Config definition is missing.
template = "mysql_%s_%s.pp" % (module, suffix)
manifestdata.append(getManifestTemplate(template))
append_for("keystone", suffix)
for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat']:
if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y':
append_for(mod, suffix)
hosts = set([config['CONFIG_CONTROLLER_HOST']])
hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS'])
config['FIREWALL_SERVICE_NAME'] = "mysql"
config['FIREWALL_PORTS'] = "'3306'"
config['FIREWALL_CHAIN'] = "INPUT"
for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "mysql_%s" % host
manifestdata.append(getManifestTemplate("firewall.pp"))
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_CONTROLLER_HOST']
ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_heat.crt'
)
ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_heat.key'
)
service = 'heat'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8004']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_dhcp_manifests(config):
global dhcp_hosts
plugin = config['CONFIG_NEUTRON_L2_PLUGIN']
for host in dhcp_hosts:
config["CONFIG_NEUTRON_DHCP_HOST"] = host
config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config)
manifest_data = getManifestTemplate("neutron_dhcp.pp")
manifest_file = "%s_neutron.pp" % (host,)
# Firewall Rules
for f_host in q_hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % f_host
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in"
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_in_%s_%s" % (host, f_host)
config['FIREWALL_PORTS'] = "'67'"
config['FIREWALL_CHAIN'] = "INPUT"
manifest_data += getManifestTemplate("firewall.pp")
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out"
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_out_%s_%s" % (host, f_host)
config['FIREWALL_PORTS'] = "'68'"
config['FIREWALL_CHAIN'] = "OUTPUT"
manifest_data += getManifestTemplate("firewall.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_l3_manifests(config, messages):
global network_hosts
plugin = config['CONFIG_NEUTRON_L2_PLUGIN']
if config['CONFIG_NEUTRON_L3_EXT_BRIDGE'] == 'provider':
config['CONFIG_NEUTRON_L3_EXT_BRIDGE'] = ''
for host in network_hosts:
config['CONFIG_NEUTRON_L3_HOST'] = host
config['CONFIG_NEUTRON_L3_INTERFACE_DRIVER'] = get_if_driver(config)
manifestdata = getManifestTemplate("neutron_l3.pp")
manifestfile = "%s_neutron.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + '\n')
ext_bridge = config['CONFIG_NEUTRON_L3_EXT_BRIDGE']
mapping = find_mapping(config['CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'],
ext_bridge) if ext_bridge else None
if (config['CONFIG_NEUTRON_L2_AGENT'] == 'openvswitch' and ext_bridge
and not mapping):
config['CONFIG_NEUTRON_OVS_BRIDGE'] = ext_bridge
manifestdata = getManifestTemplate('neutron_ovs_bridge.pp')
appendManifestFile(manifestfile, manifestdata + '\n')
if config['CONFIG_NEUTRON_FWAAS']:
manifestfile = "%s_neutron_fwaas.pp" % (host,)
manifestdata = getManifestTemplate("neutron_fwaas.pp")
appendManifestFile(manifestfile, manifestdata + '\n')
def create_l2_agent_manifests(config, messages):
global network_hosts, compute_hosts
agent = config["CONFIG_NEUTRON_L2_AGENT"]
# CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2
# plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also
# for other plugin template generation
if ('l2population' in
config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', [])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent == "openvswitch":
ovs_type = 'CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'
ovs_type = config.get(ovs_type, 'local')
tunnel = use_openvswitch_vxlan(config) or use_openvswitch_gre(config)
config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel
tunnel_types = set(ovs_type) & set(['gre', 'vxlan'])
config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types)
template_name = "neutron_ovs_agent"
bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent'
else:
raise KeyError("Unknown layer2 agent")
for host in network_hosts | compute_hosts:
manifestfile = "%s_neutron.pp" % (host,)
manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host
manifestdata += getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
# neutron ovs port only on network hosts
if (
agent == "openvswitch" and (
(host in network_hosts and tunnel_types)
or 'vlan' in ovs_type)
):
bridge_key = 'CONFIG_NEUTRON_OVS_BRIDGE'
iface_key = 'CONFIG_NEUTRON_OVS_IFACE'
for if_map in iface_arr:
config[bridge_key], config[iface_key] = if_map.split(':')
manifestdata = getManifestTemplate("neutron_ovs_port")
appendManifestFile(manifestfile, manifestdata + "\n")
# Additional configurations required for compute hosts and
# network hosts.
manifestdata = getManifestTemplate('neutron_bridge_module')
appendManifestFile(manifestfile, manifestdata + '\n')
def create_manifests(config):
global q_hosts
service_plugins = []
if config['CONFIG_NEUTRON_LBAAS_HOSTS']:
service_plugins.append(
'neutron.services.loadbalancer.plugin.LoadBalancerPlugin'
)
if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'ml2':
# ML2 uses the L3 Router service plugin to implement l3 agent
service_plugins.append(
'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'
)
config['SERVICE_PLUGINS'] = (str(service_plugins) if service_plugins
else 'undef')
if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'openvswitch':
nettype = config.get("CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE", "local")
plugin_manifest = 'neutron_ovs_plugin_%s.pp' % nettype
elif config['CONFIG_NEUTRON_L2_PLUGIN'] == 'linuxbridge':
plugin_manifest = 'neutron_lb_plugin.pp'
elif config['CONFIG_NEUTRON_L2_PLUGIN'] == 'ml2':
plugin_manifest = 'neutron_ml2_plugin.pp'
# host to which allow neutron server
allowed_hosts = set(q_hosts)
if config['CONFIG_CLIENT_INSTALL'] == 'y':
allowed_hosts.add(config['CONFIG_OSCLIENT_HOST'])
if config['CONFIG_HORIZON_INSTALL'] == 'y':
allowed_hosts.add(config['CONFIG_HORIZON_HOST'])
if config['CONFIG_NOVA_INSTALL'] == 'y':
allowed_hosts.add(config['CONFIG_NOVA_API_HOST'])
config['FIREWALL_SERVICE_NAME'] = "neutron server"
config['FIREWALL_PORTS'] = "'9696'"
config['FIREWALL_CHAIN'] = "INPUT"
for host in q_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron.pp")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron_api.pp")
# Firewall Rules
for f_host in allowed_hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % f_host
config['FIREWALL_SERVICE_ID'] = "neutron_server_%s_%s" % (host, f_host)
manifest_data += getManifestTemplate("firewall.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron')
# Set up any l2 plugin configs we need anywhere we install neutron
# XXX I am not completely sure about this, but it seems necessary:
manifest_data = getManifestTemplate(plugin_manifest)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_manifest(config, messages):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer")
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
# Determine if we need to configure multiple sentinel hosts as
# fallbacks for use in coordination url.
sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])
sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT']
sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % (
sentinel_host)
else:
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host
sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if len(sentinel_hosts) > 1:
sentinel_format = 'sentinel_fallback=%s:%s'
if config['CONFIG_IP_VERSION'] == 'ipv6':
sentinel_format = 'sentinel_fallback=[%s]:%s'
sentinel_fallbacks = '&'.join([sentinel_format %
(host, sentinel_port)
for host in sentinel_hosts
if host != sentinel_contact])
else:
sentinel_fallbacks = ''
config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
)
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "ceilometer_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ceilometer-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled")
appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_common_manifest(config, messages):
global compute_hosts, network_hosts
network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and
'neutron' or 'nova')
network_multi = len(network_hosts) > 1
dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
dbacces_hosts |= network_hosts
for manifestfile, marker in manifestfiles.getFiles():
pw_in_sqlconn = False
if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1)
host = host.strip()
if host in compute_hosts and host not in dbacces_hosts:
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
pw_in_sqlconn = False
else:
perms = "nova:%s" % config['CONFIG_NOVA_DB_PW']
pw_in_sqlconn = True
mariadb_host_url = config['CONFIG_MARIADB_HOST_URL']
sqlconn = "mysql://%s@%s/nova" % (perms, mariadb_host_url)
if pw_in_sqlconn:
config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn
else:
config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn
# for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host
if (network_type == 'nova' and network_multi and
host in compute_hosts):
metadata = host
else:
metadata = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_NOVA_METADATA_HOST'] = metadata
data = getManifestTemplate(get_mq(config, "nova_common"))
if pw_in_sqlconn:
data += getManifestTemplate("nova_common_pw")
else:
data += getManifestTemplate("nova_common_nopw")
appendManifestFile(os.path.split(manifestfile)[1], data)
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
nova_hosts = compute_hosts
nova_hosts |= set([config.get('CONFIG_CONTROLLER_HOST')])
ssl_cert_file = config['CONFIG_NOVA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_nova.crt'
)
ssl_key_file = config['CONFIG_NOVA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_nova.key'
)
service = 'nova'
for host in nova_hosts:
generate_ssl_cert(config, host, service,
ssl_key_file, ssl_cert_file)
def create_keystone_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_heat.pp")
if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
manifestdata += getManifestTemplate("keystone_heat_trusts.pp")
appendManifestFile(manifestfile, manifestdata)
def create_mongodb_manifest(config):
manifestfile = "%s_mongodb.pp" % config["CONFIG_MONGODB_HOST"]
manifestdata = getManifestTemplate("mongodb.pp")
config["FIREWALL_ALLOWED"] = "'%s'" % config["CONFIG_CEILOMETER_HOST"]
config["FIREWALL_SERVICE_NAME"] = "mongodb-server"
config["FIREWALL_PORTS"] = "'27017'"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata, "pre")
def create_manifest(config):
manifestfile = "%s_keystone.pp" % config['CONFIG_KEYSTONE_HOST']
manifestdata = getManifestTemplate("keystone.pp")
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "keystone"
config['FIREWALL_PORTS'] = "'5000', '35357'"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def createmanifest():
manifest_entries = ''
# I should be adding service entries with nagios_service but it appears to be broken
# http://projects.puppetlabs.com/issues/3420
service_entries = ''
for hostname in gethostlist(controller.CONF):
manifest_entries += "nagios_host{'%s': address => '%s', use => 'linux-server', }\n" % (
hostname, hostname)
service_entries += _serviceentry(
name='load5-%s' % hostname,
service_description='5 minute load average',
host_name=hostname,
check_command="check_nrpe!load5",
use="generic-service",
normal_check_interval='5')
service_entries += _serviceentry(
name='df_var-%s' % hostname,
service_description='Percent disk space used on /var',
host_name=hostname,
check_command="check_nrpe!df_var",
use="generic-service")
manifest_entries += _copy_script(name="keystone-user-list")
service_entries += _serviceentry(
name='keystone-user-list',
service_description='number of keystone users',
host_name=controller.CONF['CONFIG_NAGIOS_HOST'],
check_command="keystone-user-list",
use="generic-service",
normal_check_interval='5')
if controller.CONF['CONFIG_GLANCE_INSTALL'] == 'y':
manifest_entries += _copy_script(name="glance-index")
service_entries += _serviceentry(
name='glance-index',
service_description='number of glance images',
host_name=controller.CONF['CONFIG_NAGIOS_HOST'],
check_command="glance-index",
use="generic-service",
normal_check_interval='5')
if controller.CONF['CONFIG_NOVA_INSTALL'] == 'y':
manifest_entries += _copy_script(name="nova-list")
service_entries += _serviceentry(
name='nova-list',
service_description='number of nova vm instances',
host_name=controller.CONF['CONFIG_NAGIOS_HOST'],
check_command="nova-list",
use="generic-service",
normal_check_interval='5')
if controller.CONF['CONFIG_CINDER_INSTALL'] == 'y':
manifest_entries += _copy_script(name="cinder-list")
service_entries += _serviceentry(
name='cinder-list',
service_description='number of cinder volumes',
host_name=controller.CONF['CONFIG_NAGIOS_HOST'],
check_command="cinder-list",
use="generic-service",
normal_check_interval='5')
if controller.CONF['CONFIG_SWIFT_INSTALL'] == 'y':
manifest_entries += _copy_script(name="swift-list")
service_entries += _serviceentry(
name='swift-list',
service_description='number of swift containers',
host_name=controller.CONF['CONFIG_NAGIOS_HOST'],
check_command="swift-list",
use="generic-service",
normal_check_interval='5')
manifest_entries+="file{'/etc/nagios/resource.d/nagios_service.cfg': \n" \
"ensure => present, mode => 644,\n" \
"content => '%s'}" % service_entries
controller.CONF['CONFIG_NAGIOS_MANIFEST_CONFIG'] = manifest_entries
manifestfile = "%s_nagios.pp" % controller.CONF['CONFIG_NAGIOS_HOST']
manifestdata = getManifestTemplate("nagios_server.pp")
appendManifestFile(manifestfile, manifestdata)
def create_keystone_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_cinder")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
config["CONFIG_HORIZON_SECRET_KEY"] = uuid.uuid4().hex
horizon_host = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_horizon.pp" % horizon_host
proto = "http"
config["CONFIG_HORIZON_PORT"] = "'80'"
sslmanifestdata = ''
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_HORIZON_SSL"] = 'true'
config["CONFIG_HORIZON_PORT"] = "'443'"
proto = "https"
# Are we using the users cert/key files
if config["CONFIG_SSL_CERT"]:
ssl_cert = config["CONFIG_SSL_CERT"]
ssl_key = config["CONFIG_SSL_KEY"]
ssl_chain = config["CONFIG_SSL_CACHAIN"]
if not os.path.exists(ssl_cert):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_cert)
if not os.path.exists(ssl_key):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_key)
if not os.path.exists(ssl_chain):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_chain)
resources = config.setdefault('RESOURCES', {})
host_resources = resources.setdefault(horizon_host, [])
host_resources.append((ssl_cert, 'ssl_ps_server.crt'))
host_resources.append(ssl_key, 'ssl_ps_server.key')
host_resources.append((ssl_chain, 'ssl_ps_chain.crt'))
else:
messages.append(
"%sNOTE%s : A certificate was generated to be used for ssl, "
"You should change the ssl certificate configured in "
"/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert."
% (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host))
else:
config["CONFIG_HORIZON_SSL"] = 'false'
config["CONFIG_HORIZON_NEUTRON_LB"] = 'false'
config["CONFIG_HORIZON_NEUTRON_FW"] = 'false'
if config['CONFIG_NEUTRON_INSTALL'] == 'y':
if config["CONFIG_LBAAS_INSTALL"] == 'y':
config["CONFIG_HORIZON_NEUTRON_LB"] = 'true'
if config["CONFIG_NEUTRON_FWAAS"] == 'y':
config["CONFIG_HORIZON_NEUTRON_FW"] = 'true'
manifestdata = getManifestTemplate("horizon.pp")
appendManifestFile(manifestfile, manifestdata)
msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n"
"Please, find your login credentials stored in the keystonerc_admin"
" in your home directory."
% (proto, config['CONFIG_CONTROLLER_HOST']))
messages.append(msg)
def createapimanifest():
manifestfile = "%s_api_nova.pp" % controller.CONF['CONFIG_NOVA_API_HOST']
manifestdata = getManifestTemplate("nova_api.pp")
appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_tempest_manifest(config, messages):
manifest_file = ('%s_provision_tempest.pp' % config['CONFIG_TEMPEST_HOST'])
manifest_data = getManifestTemplate("provision_tempest")
appendManifestFile(manifest_file, manifest_data, 'tempest')
def create_manifest(config, messages):
manifestfile = "%s_apache.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("apache")
appendManifestFile(manifestfile, manifestdata, 'apache')
def createmanifest():
manifestfile = "%s_qpid.pp" % controller.CONF['CONFIG_QPID_HOST']
manifestdata = getManifestTemplate("qpid.pp")
appendManifestFile(manifestfile, manifestdata, 'pre')
def createkeystonemanifest(config):
manifestfile = "%s_keystone.pp"%controller.CONF['CONFIG_KEYSTONE_HOST']
controller.CONF['CONFIG_SWIFT_PROXY'] = controller.CONF['CONFIG_SWIFT_PROXY_HOSTS'].split(',')[0]
manifestdata = getManifestTemplate("keystone_swift.pp")
appendManifestFile(manifestfile, manifestdata)
def createcommonmanifest(config):
for manifestfile, marker in manifestfiles.getFiles():
if manifestfile.endswith("_swift.pp"):
data = getManifestTemplate("swift_common.pp")
appendManifestFile(os.path.split(manifestfile)[1], data)
def create_manifest(config, messages):
horizon_host = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_horizon.pp" % horizon_host
proto = "http"
config["CONFIG_HORIZON_PORT"] = 80
sslmanifestdata = ''
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_HORIZON_PORT"] = 443
proto = "https"
# Are we using the users cert/key files
if config["CONFIG_HORIZON_SSL_CERT"]:
ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"]
ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"]
ssl_chain_file = config["CONFIG_HORIZON_SSL_CACERT"]
if not os.path.exists(ssl_cert_file):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_cert_file)
if not os.path.exists(ssl_key_file):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_key_file)
if not os.path.exists(ssl_chain_file):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_chain_file)
final_cert = open(ssl_cert_file, 'rt').read()
final_key = open(ssl_key_file, 'rt').read()
final_cacert = open(ssl_chain_file, 'rt').read()
host = config['CONFIG_CONTROLLER_HOST']
deliver_ssl_file(final_cacert, ssl_chain_file, host)
deliver_ssl_file(final_cert, ssl_cert_file, host)
deliver_ssl_file(final_key, ssl_key_file, host)
else:
ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"] = (
'/etc/pki/tls/certs/ssl_dashboard.crt'
)
ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] = (
'/etc/pki/tls/private/ssl_dashboard.key'
)
cacert = config['CONFIG_SSL_CACERT']
config["CONFIG_HORIZON_SSL_CACERT"] = cacert
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'dashboard'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
messages.append(
"%sNOTE%s : A certificate was generated to be used for ssl, "
"You should change the ssl certificate configured in "
"/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert."
% (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host))
config["CONFIG_HORIZON_NEUTRON_LB"] = False
config["CONFIG_HORIZON_NEUTRON_FW"] = False
config["CONFIG_HORIZON_NEUTRON_VPN"] = False
if config['CONFIG_NEUTRON_INSTALL'] == 'y':
if config["CONFIG_LBAAS_INSTALL"] == 'y':
config["CONFIG_HORIZON_NEUTRON_LB"] = True
if config["CONFIG_NEUTRON_FWAAS"] == 'y':
config["CONFIG_HORIZON_NEUTRON_FW"] = True
if config["CONFIG_NEUTRON_VPNAAS"] == 'y':
config["CONFIG_HORIZON_NEUTRON_VPN"] = True
manifestdata = getManifestTemplate("horizon")
manifestdata += getManifestTemplate("apache_ports")
appendManifestFile(manifestfile, manifestdata)
msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n"
"Please, find your login credentials stored in the keystonerc_admin"
" in your home directory."
% (proto, config['CONFIG_CONTROLLER_HOST']))
messages.append(msg)
def create_keystone_manifest(config):
manifestfile = "%s_keystone.pp" % config['CONFIG_KEYSTONE_HOST']
manifestdata = getManifestTemplate("keystone_ceilometer.pp")
appendManifestFile(manifestfile, manifestdata)
def createKeystoneManifest(config):
manifestfile = "%s_keystone.pp"%controller.CONF['CONFIG_KEYSTONE_HOST']
manifestdata = getManifestTemplate("keystone_neutron.pp")
appendManifestFile(manifestfile, manifestdata)
def create_conductor_manifest(config, messages):
manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_conductor")
appendManifestFile(manifestfile, manifestdata)
def create_manifests(config, messages):
global q_hosts
service_plugins = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
service_plugins.append(
'neutron.services.loadbalancer.plugin.LoadBalancerPlugin')
# ML2 uses the L3 Router service plugin to implement l3 agent
service_plugins.append(
'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append(
'neutron.services.metering.metering_plugin.MeteringPlugin')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append(
'neutron.services.firewall.fwaas_plugin.FirewallPlugin')
config['SERVICE_PLUGINS'] = (service_plugins
if service_plugins else 'undef')
plugin_manifest = 'neutron_ml2_plugin'
for host in q_hosts:
manifest_file = "%s_neutron.pp" % (host, )
manifest_data = getManifestTemplate("neutron")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host, )
manifest_data = getManifestTemplate("neutron_api")
if config['CONFIG_NOVA_INSTALL'] == 'y':
template_name = "neutron_notifications"
manifest_data += getManifestTemplate(template_name)
# Set up any l2 plugin configs we need only on neutron api nodes
# XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest)
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES')
appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent
manifest_data = ""
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
for n_host in network_hosts:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" %
(host, n_host))
fw_details = dict()
key = "neutron_tunnel_%s_%s" % (host, n_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % n_host
fw_details[key]['service_name'] = "neutron tunnel port"
fw_details[key]['chain'] = "INPUT"
if use_openvswitch_vxlan(config):
fw_details[key]['proto'] = 'udp'
tun_port = ("%s" %
config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'])
else:
fw_details[key]['proto'] = 'gre'
tun_port = None
fw_details[key]['ports'] = tun_port
config[cf_fw_nt_key] = fw_details
manifest_data += createFirewallResources(cf_fw_nt_key)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def createmanifest():
manifestfile = "%s_osclient.pp" % controller.CONF['CONFIG_OSCLIENT_HOST']
manifestdata = getManifestTemplate("openstack_client.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifests(config, messages):
global q_hosts
service_plugins = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
service_plugins.append('lbaas')
# ML2 uses the L3 Router service plugin to implement l3 agent
service_plugins.append('router')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append('metering')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append('firewall')
if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
service_plugins.append('vpnaas')
config['SERVICE_PLUGINS'] = (service_plugins
if service_plugins else 'undef')
config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall."
"OVSHybridIptablesFirewallDriver")
plugin_manifest = 'neutron_ml2_plugin'
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_neutron.crt')
ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_neutron.key')
service = 'neutron'
for host in q_hosts:
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
manifest_file = "%s_neutron.pp" % (host, )
manifest_data = getManifestTemplate("neutron")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host, )
manifest_data = getManifestTemplate("neutron_api")
if config['CONFIG_NOVA_INSTALL'] == 'y':
template_name = "neutron_notifications"
manifest_data += getManifestTemplate(template_name)
# Set up any l2 plugin configs we need only on neutron api nodes
# XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest)
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES')
appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent
manifest_data = ""
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
tunnel_subnets = map(
str.strip,
config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(','))
for subnet in tunnel_subnets:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" %
(host, subnet))
config[cf_fw_nt_key] = tunnel_fw_details(
config, host, subnet)
manifest_data += createFirewallResources(cf_fw_nt_key)
else:
for n_host in network_hosts | compute_hosts:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" %
(host, n_host))
if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
if config['CONFIG_USE_SUBNETS'] == 'y':
iface = common.cidr_to_ifname(
config['CONFIG_NEUTRON_OVS_TUNNEL_IF'], n_host,
config)
else:
iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
ifip = ("ipaddress_%s" % iface)
try:
src_host = config['HOST_DETAILS'][n_host][ifip]
except KeyError:
raise KeyError('Couldn\'t detect ipaddress of '
'interface %s on node %s' %
(iface, n_host))
else:
src_host = n_host
config[cf_fw_nt_key] = tunnel_fw_details(
config, host, src_host)
manifest_data += createFirewallResources(cf_fw_nt_key)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def createmanifest(config):
for hostname in gethostlist(controller.CONF):
manifestfile = "%s_postscript.pp" % hostname
manifestdata = getManifestTemplate("postscript.pp")
appendManifestFile(manifestfile, manifestdata, 'postscript')
def append_for(module, suffix):
# Modules have to be appended to the existing mysql.pp
# otherwise pp will fail for some of them saying that
# Mysql::Config definition is missing.
template = "mysql_%s_%s.pp" % (module, suffix)
manifestdata.append(getManifestTemplate(template))
def create_provision_manifest(config, messages):
manifest_file = '%s_provision.pp' % config['CONFIG_CONTROLLER_HOST']
manifest_data = getManifestTemplate("provision")
appendManifestFile(manifest_file, manifest_data, 'provision')
def create_tempest_manifest(config, messages):
using_neutron(config)
manifest_file = '%s_provision_tempest.pp' % \
config['CONFIG_CONTROLLER_HOST']
manifest_data = getManifestTemplate("provision_tempest")
appendManifestFile(manifest_file, manifest_data)
def create_l2_agent_manifests(config, messages):
global network_hosts, compute_hosts
agent = config["CONFIG_NEUTRON_L2_AGENT"]
# CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2
# plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also
# for other plugin template generation
if ('l2population' in config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS',
[])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent == "openvswitch":
ovs_type = 'CONFIG_NEUTRON_ML2_TYPE_DRIVERS'
ovs_type = config.get(ovs_type, 'local')
tunnel = use_openvswitch_vxlan(config) or use_openvswitch_gre(config)
config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel
tunnel_types = set(ovs_type) & set(['gre', 'vxlan'])
config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types)
template_name = "neutron_ovs_agent"
bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = []
# Bridge configuration and mappings for compute nodes can be different.
# Parameter CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE contains the list of
# bridge names, included in bridge mappings and bridge interfaces, that
# must be created in compute nodes.
brd_arr_cmp = get_values(config["CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE"])
if_arr_cmp = []
mapp_arr_cmp = []
for brd in brd_arr_cmp:
if_arr_cmp.append(common.find_pair_with(iface_arr, brd, 0))
mapp_arr_cmp.append(common.find_pair_with(bm_arr, brd, 1))
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE"] = mapp_arr_cmp
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = []
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent'
else:
raise KeyError("Unknown layer2 agent")
no_local_types = set(ovs_type) & set(['gre', 'vxlan', 'vlan', 'flat'])
no_tunnel_types = set(ovs_type) & set(['vlan', 'flat'])
for host in network_hosts | compute_hosts:
manifestfile = "%s_neutron.pp" % (host, )
manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host
# NICs connected to OVS bridges can be required in network nodes if
# vlan, flat, vxlan or gre are enabled. For compute nodes, they are
# only required if vlan or flat are enabled.
if (agent == "openvswitch" and
((host in network_hosts and no_local_types) or no_tunnel_types)):
if config['CONFIG_USE_SUBNETS'] == 'y':
iface_arr = [
common.cidr_to_ifname(i, host, config) for i in iface_arr
]
if_arr_cmp = [
common.cidr_to_ifname(i, host, config) for i in if_arr_cmp
]
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = if_arr_cmp
manifestdata += "$create_bridges = true\n"
else:
manifestdata += "$create_bridges = false\n"
is_network_host = str(host in network_hosts).lower()
manifestdata += "$network_host = %s\n" % is_network_host
manifestdata += getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
# Additional configurations required for compute hosts and
# network hosts.
manifestdata = getManifestTemplate('neutron_bridge_module')
appendManifestFile(manifestfile, manifestdata + '\n')
def create_bridge_manifest(config, messages):
for host in utils.split_hosts(config['CONFIG_NETWORK_HOSTS']):
manifest_file = '{}_provision_bridge.pp'.format(host)
manifest_data = getManifestTemplate("provision_bridge")
appendManifestFile(manifest_file, manifest_data, 'bridge')
def create_storage_manifest(config, messages):
if config['CONFIG_GLANCE_INSTALL'] == 'y':
template = "provision_glance"
manifest_file = '%s_provision_glance' % config['CONFIG_STORAGE_HOST']
manifest_data = getManifestTemplate(template)
appendManifestFile(manifest_file, manifest_data, 'provision')
# just warn user to do it by himself
controller.MESSAGES.append(str(ScriptRuntimeError))
if controller.CONF['CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'] == "y":
controller.CONF['CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'] = True
else:
controller.CONF['CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'] = False
# We need to explicitly set the network size
routing_prefix = controller.CONF['CONFIG_NOVA_NETWORK_FIXEDRANGE'].split(
'/')[1]
net_size = 2**(32 - int(routing_prefix))
controller.CONF['CONFIG_NOVA_NETWORK_FIXEDSIZE'] = str(net_size)
manifestfile = "%s_nova.pp" % host
manifestdata = getManifestTemplate("nova_network.pp")
appendManifestFile(manifestfile, manifestdata)
def createschedmanifest():
manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_SCHED_HOST']
manifestdata = getManifestTemplate("nova_sched.pp")
appendManifestFile(manifestfile, manifestdata)
def createvncproxymanifest():
manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_VNCPROXY_HOST']
manifestdata = getManifestTemplate("nova_vncproxy.pp")
appendManifestFile(manifestfile, manifestdata)
def createconductormanifest():
manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_CONDUCTOR_HOST']
manifestdata = getManifestTemplate("nova_conductor.pp")
appendManifestFile(manifestfile, manifestdata)
def create_compute_manifest(config, messages):
global compute_hosts, network_hosts
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
else:
config["CONFIG_VNCPROXY_PROTOCOL"] = "http"
migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL']
if migrate_protocol == 'ssh':
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+ssh://nova@%s/system?no_verify=1&'
'keyfile=/etc/nova/ssh/nova_migration_key')
else:
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+tcp://nova@%s/system')
ssh_hostkeys = ''
ssh_keys_details = {}
for host in compute_hosts:
try:
hostname, aliases, addrs = socket.gethostbyaddr(host)
except socket.herror:
hostname, aliases, addrs = (host, [], [])
for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
hostkey = hostkey.strip()
if not hostkey:
continue
_, host_key_type, host_key_data = hostkey.split()
key = "%s.%s" % (host_key_type, hostname)
ssh_keys_details.setdefault(key, {})
ssh_keys_details[key]['ensure'] = 'present'
ssh_keys_details[key]['host_aliases'] = aliases + addrs
ssh_keys_details[key]['key'] = host_key_data
ssh_keys_details[key]['type'] = host_key_type
config['SSH_KEYS'] = ssh_keys_details
ssh_hostkeys += getManifestTemplate("sshkey")
if config['CONFIG_VMWARE_BACKEND'] == 'y':
vcenters = [
i.strip()
for i in config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',')
if i.strip()
]
if not vcenters:
raise exceptions.ParamValidationError(
"Please specify at least one VMware vCenter cluster in"
" CONFIG_VCENTER_CLUSTER_NAMES")
if len(vcenters) != len(compute_hosts):
if len(vcenters) > 1:
raise exceptions.ParamValidationError(
"Number of vmware clusters %s is not same"
" as number of nova computes %s",
(vcenters, compute_hosts))
else:
vcenters = len(compute_hosts) * [vcenters[0]]
vmware_clusters = dict(zip(compute_hosts, vcenters))
for host in compute_hosts:
if config['CONFIG_IRONIC_INSTALL'] == 'y':
cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm
manifestdata = getManifestTemplate("nova_compute")
fw_details = dict()
cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
for c_host in compute_hosts:
key = "nova_qemu_migration_%s_%s" % (host, c_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % c_host
fw_details[key]['service_name'] = "nova qemu migration"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['16509', '49152-49215']
fw_details[key]['proto'] = "tcp"
config[cf_fw_qemu_mig_key] = fw_details
manifestdata += createFirewallResources(cf_fw_qemu_mig_key)
if config['CONFIG_VMWARE_BACKEND'] == 'y':
manifestdata += ("\n$nova_vcenter_cluster_name = '%s'\n" %
vmware_clusters[host])
manifestdata += getManifestTemplate("nova_compute_vmware.pp")
elif config['CONFIG_IRONIC_INSTALL'] == 'y':
manifestdata += getManifestTemplate("nova_compute_ironic.pp")
else:
manifestdata += getManifestTemplate("nova_compute_libvirt.pp")
if (config['CONFIG_VMWARE_BACKEND'] != 'y'
and config['CONFIG_CINDER_INSTALL'] == 'y'
and 'gluster' in config['CONFIG_CINDER_BACKEND']):
manifestdata += getManifestTemplate("nova_gluster")
if (config['CONFIG_VMWARE_BACKEND'] != 'y'
and config['CONFIG_CINDER_INSTALL'] == 'y'
and 'nfs' in config['CONFIG_CINDER_BACKEND']):
manifestdata += getManifestTemplate("nova_nfs")
manifestfile = "%s_nova.pp" % host
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
if host not in network_hosts:
manifestdata += getManifestTemplate('nova_compute_flat')
key = 'CONFIG_NOVA_COMPUTE_PRIVIF'
if not config[key].strip():
config[key] = dummy_interface(host)
if config['CONFIG_USE_SUBNETS'] == 'y':
netface = common.cidr_to_ifname(config[key], host, config)
else:
netface = config[key]
check_ifcfg(host, netface)
try:
bring_up_ifcfg(host, netface)
except exceptions.ScriptRuntimeError as ex:
# just warn user to do it by himself
messages.append(str(ex))
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt')
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key')
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
mq_template = get_mq(config, "nova_ceilometer")
manifestdata += getManifestTemplate(mq_template)
manifestdata += getManifestTemplate("nova_ceilometer")
fw_details = dict()
key = "nova_compute"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "nova compute"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5900-5999']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
manifestdata += "\n" + createFirewallResources(
'FIREWALL_NOVA_COMPUTE_RULES')
manifestdata += "\n" + ssh_hostkeys
appendManifestFile(manifestfile, manifestdata)
def createschedmanifest():
manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_SCHED_HOST']
manifestdata = getManifestTemplate("nova_sched.pp")
appendManifestFile(manifestfile, manifestdata)
def createvncproxymanifest():
manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_VNCPROXY_HOST']
manifestdata = getManifestTemplate("nova_vncproxy.pp")
appendManifestFile(manifestfile, manifestdata)
def createcertmanifest():
manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_CERT_HOST']
manifestdata = getManifestTemplate("nova_cert.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest():
manifestfile = "%s_cinder.pp" % controller.CONF['CONFIG_CINDER_HOST']
manifestdata = getManifestTemplate("cinder.pp")
appendManifestFile(manifestfile, manifestdata)