def create_manifest(config):
# Using the server host will suffice for the all-in-one case.
manifest_file = '%s_provision.pp' % (
controller.CONF['CONFIG_QUANTUM_SERVER_HOST']
)
manifest_data = getManifestTemplate("provision.pp")
appendManifestFile(manifest_file, manifest_data)
def create_manifest(config):
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % controller.CONF['CONFIG_CINDER_HOST']
manifestdata += getManifestTemplate("cinder.pp")
if config['CONFIG_CINDER_BACKEND'] == "gluster":
manifestdata += getManifestTemplate("cinder_gluster.pp")
if config['CONFIG_CINDER_BACKEND'] == "nfs":
manifestdata += getManifestTemplate("cinder_nfs.pp")
if config['CONFIG_CINDER_BACKEND'] == "vmdk":
manifestdata += getManifestTemplate("cinder_vmdk.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer.pp')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
config['CONFIG_SWIFT_PROXY'] = config['CONFIG_SWIFT_PROXY_HOSTS'].split(',')[0].strip()
manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "'3260', '8776'"
config['FIREWALL_CHAIN'] = "INPUT"
if config['CONFIG_NOVA_INSTALL'] == 'y':
for host in split_hosts(config['CONFIG_NOVA_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
else:
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_MARIADB_INSTALL'] == 'y':
suffix = 'install'
host = config['CONFIG_MARIADB_HOST']
else:
suffix = 'noinstall'
host = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_mariadb.pp" % host
manifestdata = [getManifestTemplate('mariadb_%s.pp' % suffix)]
def append_for(module, suffix):
# Modules have to be appended to the existing mysql.pp
# otherwise pp will fail for some of them saying that
# Mysql::Config definition is missing.
template = "mariadb_%s_%s.pp" % (module, suffix)
manifestdata.append(getManifestTemplate(template))
append_for("keystone", suffix)
for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat']:
if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y':
append_for(mod, suffix)
hosts = filtered_hosts(config, exclude=False, dbhost=True)
config['FIREWALL_SERVICE_NAME'] = "mariadb"
config['FIREWALL_PORTS'] = "'3306'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "mariadb_%s" % host
manifestdata.append(getManifestTemplate("firewall.pp"))
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def create_keystone_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_cinder.pp")
appendManifestFile(manifestfile, manifestdata)
def createproxymanifest(config):
manifestfile = "%s_swift.pp"%controller.CONF['CONFIG_SWIFT_PROXY_HOSTS']
manifestdata = getManifestTemplate("swift_proxy.pp")
# If the proxy server is also a storage server then swift::ringsync will be included for the storage server
if controller.CONF['CONFIG_SWIFT_PROXY_HOSTS'] not in [h['host'] for h in devices]:
manifestdata += 'swift::ringsync{["account","container","object"]:\n ring_server => "%s"\n}'%controller.CONF['CONFIG_SWIFT_BUILDER_HOST']
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_MYSQL_INSTALL'] == 'y':
install = True
suffix = 'install'
else:
install = False
suffix = 'noinstall'
manifestfile = "%s_mysql.pp" % config['CONFIG_MYSQL_HOST']
manifestdata = [getManifestTemplate('mysql_%s.pp' % suffix)]
def append_for(module, suffix):
# Modules have to be appended to the existing mysql.pp
# otherwise pp will fail for some of them saying that
# Mysql::Config definition is missing.
template = "mysql_%s_%s.pp" % (module, suffix)
manifestdata.append(getManifestTemplate(template))
append_for("keystone", suffix)
for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat']:
if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y':
append_for(mod, suffix)
hosts = set([config['CONFIG_CONTROLLER_HOST']])
hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS'])
config['FIREWALL_SERVICE_NAME'] = "mysql"
config['FIREWALL_PORTS'] = "'3306'"
config['FIREWALL_CHAIN'] = "INPUT"
for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "mysql_%s" % host
manifestdata.append(getManifestTemplate("firewall.pp"))
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def create_common_manifest(config, messages):
global compute_hosts, network_hosts
network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and
'neutron' or 'nova')
network_multi = len(network_hosts) > 1
dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
dbacces_hosts |= network_hosts
for manifestfile, marker in manifestfiles.getFiles():
if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1)
host = host.strip()
if host in compute_hosts and host not in dbacces_hosts:
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
else:
perms = "nova:%(CONFIG_NOVA_DB_PW)s"
sqlconn = "mysql://%s@%%(CONFIG_MYSQL_HOST)s/nova" % perms
config['CONFIG_NOVA_SQL_CONN'] = sqlconn % config
# for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host
if (network_type == 'nova' and network_multi and
host in compute_hosts):
metadata = host
else:
metadata = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_NOVA_METADATA_HOST'] = metadata
data = getManifestTemplate(get_mq(config, "nova_common"))
data += getManifestTemplate("nova_common.pp")
appendManifestFile(os.path.split(manifestfile)[1], data)
def create_lbaas_manifests(config):
global lbaas_hosts
for host in lbaas_hosts:
controller.CONF['CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER'] = get_if_driver(config)
manifestdata = getManifestTemplate("neutron_lbaas.pp")
manifestfile = "%s_neutron.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + "\n")
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_CONTROLLER_HOST']
ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_heat.crt'
)
ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_heat.key'
)
service = 'heat'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8004']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def createL2AgentManifests(config):
global compute_hosts, dhcp_host, l3_hosts
if controller.CONF["CONFIG_QUANTUM_L2_PLUGIN"] == "openvswitch":
host_var = 'CONFIG_QUANTUM_OVS_HOST'
template_name = 'quantum_ovs_agent.pp'
# The CONFIG_QUANTUM_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be properly
# formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B, C' should formatted as '['A','B','C']'.
r = re.compile("[\s,]+")
controller.CONF["CONFIG_QUANTUM_OVS_BRIDGE_MAPPINGS"] = \
str(filter(None, r.split(controller.CONF["CONFIG_QUANTUM_OVS_BRIDGE_MAPPINGS"])))
elif controller.CONF["CONFIG_QUANTUM_L2_PLUGIN"] == "linuxbridge":
host_var = 'CONFIG_QUANTUM_LB_HOST'
template_name = 'quantum_lb_agent.pp'
else:
raise KeyError("Unknown layer2 agent")
# Install l2 agents on every compute host in addition to any hosts listed
# specifically for the l2 agent
for host in compute_hosts | dhcp_hosts | l3_hosts:
controller.CONF[host_var] = host
manifestdata = getManifestTemplate(template_name)
manifestfile = "%s_quantum.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + "\n")
def create_dhcp_manifests(config):
global dhcp_hosts
plugin = config['CONFIG_NEUTRON_L2_PLUGIN']
for host in dhcp_hosts:
config["CONFIG_NEUTRON_DHCP_HOST"] = host
config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config)
manifest_data = getManifestTemplate("neutron_dhcp.pp")
manifest_file = "%s_neutron.pp" % (host,)
# Firewall Rules
for f_host in q_hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % f_host
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in"
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_in_%s_%s" % (host, f_host)
config['FIREWALL_PORTS'] = "'67'"
config['FIREWALL_CHAIN'] = "INPUT"
manifest_data += getManifestTemplate("firewall.pp")
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out"
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_out_%s_%s" % (host, f_host)
config['FIREWALL_PORTS'] = "'68'"
config['FIREWALL_CHAIN'] = "OUTPUT"
manifest_data += getManifestTemplate("firewall.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_keystone_manifest(config, messages):
# parse devices in first step
global devices
devices = parse_devices(config)
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_swift.pp")
appendManifestFile(manifestfile, manifestdata)
def createmanifest(config):
if config['CONFIG_MYSQL_INSTALL'] == 'y':
install = True
suffix = 'install'
else:
install = False
suffix = 'noinstall'
# In case we are not installing MySQL server, mysql* manifests have
# to be run from Keystone host
host = install and config['CONFIG_MYSQL_HOST'] \
or config['CONFIG_KEYSTONE_HOST']
manifestfile = "%s_mysql.pp" % host
manifestdata = [getManifestTemplate('mysql_%s.pp' % suffix)]
def append_for(module, suffix):
# Modules have to be appended to the existing mysql.pp
# otherwise pp will fail for some of them saying that
# Mysql::Config definition is missing.
template = "mysql_%s_%s.pp" % (module, suffix)
manifestdata.append(getManifestTemplate(template))
append_for("keystone", suffix)
for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat']:
if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y':
append_for(mod, suffix)
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def create_manifest(config, messages):
manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "aodh"))
manifestdata += getManifestTemplate("aodh")
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_aodh.crt'
)
ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_aodh.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'aodh'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "aodh_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "aodh-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8042']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AODH_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AODH_RULES')
appendManifestFile(manifestfile, manifestdata, 'aodh')
def createmanifest(config):
manifestfile = "%s_qpid.pp"%config['CONFIG_QPID_HOST']
manifestdata = ""
ssl_manifestdata = ""
server = utils.ScriptRunner(config['CONFIG_QPID_HOST'])
ports = set(["'5672'"])
if config['CONFIG_QPID_ENABLE_SSL'] == 'y':
ports.add("'%s'" % (config['CONFIG_QPID_SSL_PORT']))
config['CONFIG_QPID_ENABLE_SSL'] = 'true'
if config['CONFIG_QPID_SSL_SELF_SIGNED'] == 'y':
server.append( "openssl req -batch -new -x509 -nodes -keyout %s -out %s -days 1095"
% (config['CONFIG_QPID_SSL_KEY_FILE'], config['CONFIG_QPID_SSL_CERT_FILE']) )
server.execute()
ssl_manifestdata = getManifestTemplate('qpid_ssl.pp')
else:
#Set default values
config['CONFIG_QPID_SSL_PORT'] = "5671"
config['CONFIG_QPID_SSL_CERT_FILE'] = ""
config['CONFIG_QPID_SSL_KEY_FILE'] = ""
config['CONFIG_QPID_NSS_CERTDB_PW'] = ""
config['CONFIG_QPID_ENABLE_SSL'] = 'false'
manifestdata = getManifestTemplate('qpid.pp')
manifestdata += ssl_manifestdata
#All hosts should be able to talk to qpid
hosts = ["'%s'" % i for i in filtered_hosts(config, exclude=False)]
config['FIREWALL_ALLOWED'] = ','.join(hosts)
config['FIREWALL_SERVICE_NAME'] = "qpid"
config['FIREWALL_PORTS'] = ','.join(ports)
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_builder_manifest(config, messages):
global devices
# The ring file should be built and distributed before the storage services
# come up. Specifically the replicator crashes if the ring isn't present
def device_def(dev_type, host, dev_port, devicename, zone):
fmt = ('\n@@%s { "%s:%s/%s":\n'
' zone => %s,\n'
' weight => 10, }\n')
return fmt % (dev_type, host, dev_port, devicename, zone)
manifestfile = "%s_ring_swift.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("swift_builder.pp")
# Add each device to the ring
devicename = 0
for device in devices:
host = config['CONFIG_CONTROLLER_HOST']
devicename = device['device_name']
zone = device['zone']
for dev_type, dev_port in [('ring_object_device', 6000),
('ring_container_device', 6001),
('ring_account_device', 6002)]:
manifestdata += device_def(dev_type, host, dev_port, devicename,
zone)
appendManifestFile(manifestfile, manifestdata, 'swiftbuilder')
def create_vncproxy_manifest(config, messages):
if config["CONFIG_HORIZON_SSL"] == 'y':
if config["CONFIG_VNC_SSL_CERT"]:
ssl_cert_file = config["CONFIG_VNC_SSL_CERT"]
ssl_key_file = config["CONFIG_VNC_SSL_KEY"]
if not os.path.exists(ssl_cert_file):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_cert_file)
if not os.path.exists(ssl_key_file):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_key_file)
final_cert = open(ssl_cert_file, 'rt').read()
final_key = open(ssl_key_file, 'rt').read()
deliver_ssl_file(final_cert, ssl_cert_file, config['CONFIG_CONTROLLER_HOST'])
deliver_ssl_file(final_key, ssl_key_file, config['CONFIG_CONTROLLER_HOST'])
else:
config["CONFIG_VNC_SSL_CERT"] = '/etc/pki/tls/certs/ssl_vnc.crt'
config["CONFIG_VNC_SSL_KEY"] = '/etc/pki/tls/private/ssl_vnc.key'
ssl_key_file = config["CONFIG_VNC_SSL_KEY"]
ssl_cert_file = config["CONFIG_VNC_SSL_CERT"]
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'vnc'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_vncproxy")
appendManifestFile(manifestfile, manifestdata)
def createcommonmanifest(config):
dbhost = config['CONFIG_MYSQL_HOST']
dirty = controller.CONF["CONFIG_NOVA_COMPUTE_HOSTS"].split(",")
nopass_nodes = [i.strip() for i in dirty if i.strip()]
dirty = [config.get('CONFIG_NOVA_CONDUCTOR_HOST'),
config.get('CONFIG_NOVA_API_HOST'),
config.get('CONFIG_NOVA_CERT_HOST'),
config.get('CONFIG_NOVA_VNCPROXY_HOST'),
config.get('CONFIG_NOVA_SCHED_HOST'),
config.get('CONFIG_NOVA_NETWORK_HOST')]
dbpass_nodes = [i.strip() for i in dirty if i and i.strip()]
for manifestfile, marker in manifestfiles.getFiles():
if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1)
host = host.strip()
if host in nopass_nodes and host not in dbpass_nodes:
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
else:
perms = "nova:%(CONFIG_NOVA_DB_PW)s" % config
config['CONFIG_NOVA_SQL_CONN'] = ("mysql://%s@%s/nova"
% (perms, dbhost))
data = getManifestTemplate("nova_common.pp")
appendManifestFile(os.path.split(manifestfile)[1], data)
def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone")
if config['CONFIG_IP_VERSION'] == 'ipv6':
host = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_KEYSTONE_HOST_URL'] = "[%s]" % host
else:
config['CONFIG_KEYSTONE_HOST_URL'] = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_KEYSTONE_PUBLIC_URL'] = "http://%s:5000/%s" % (
config['CONFIG_KEYSTONE_HOST_URL'],
config['CONFIG_KEYSTONE_API_VERSION']
)
config['CONFIG_KEYSTONE_ADMIN_URL'] = "http://%s:35357" % (
config['CONFIG_KEYSTONE_HOST_URL']
)
fw_details = dict()
key = "keystone"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "keystone"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5000', '35357']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_KEYSTONE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate("keystone")
if config["CONFIG_IP_VERSION"] == "ipv6":
host = config["CONFIG_CONTROLLER_HOST"]
config["CONFIG_KEYSTONE_HOST_URL"] = "[%s]" % host
else:
config["CONFIG_KEYSTONE_HOST_URL"] = config["CONFIG_CONTROLLER_HOST"]
config["CONFIG_KEYSTONE_PUBLIC_URL"] = "http://%s:5000/%s" % (
config["CONFIG_KEYSTONE_HOST_URL"],
config["CONFIG_KEYSTONE_API_VERSION"],
)
config["CONFIG_KEYSTONE_ADMIN_URL"] = "http://%s:35357" % (config["CONFIG_KEYSTONE_HOST_URL"])
fw_details = dict()
key = "keystone"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "keystone"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["5000", "35357"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_KEYSTONE_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_KEYSTONE_RULES")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config):
manifestfile = "%s_cinder.pp" % controller.CONF['CONFIG_CINDER_HOST']
manifestdata = getManifestTemplate("cinder.pp")
if config['CONFIG_CINDER_BACKEND'] == "gluster":
manifestdata += getManifestTemplate("cinder_gluster.pp")
if config['CONFIG_CINDER_BACKEND'] == "nfs":
manifestdata += getManifestTemplate("cinder_nfs.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer.pp')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
config['CONFIG_SWIFT_PROXY'] = config['CONFIG_SWIFT_PROXY_HOSTS'].split(',')[0].strip()
manifestdata += getManifestTemplate('cinder_backup.pp')
hosts = set()
if config['CONFIG_NOVA_INSTALL'] == 'y':
hosts = split_hosts(config['CONFIG_NOVA_COMPUTE_HOSTS'])
else:
hosts.add('ALL',)
config['FIREWALL_ALLOWED'] = ",".join(["'%s'" % i.strip() for i in hosts if i.strip()])
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "'3260', '8776'"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_glance.crt'
)
ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_glance.key'
)
service = 'glance'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config["CONFIG_AMQP_ENABLE_SSL"] == "y":
ssl_host = config["CONFIG_CONTROLLER_HOST"]
ssl_cert_file = config["CONFIG_HEAT_SSL_CERT"] = "/etc/pki/tls/certs/ssl_amqp_heat.crt"
ssl_key_file = config["CONFIG_HEAT_SSL_KEY"] = "/etc/pki/tls/private/ssl_amqp_heat.key"
service = "heat"
generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file)
manifestfile = "%s_heat.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "heat"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8004"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_HEAT_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_HEAT_RULES")
appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_api_manifest(config, messages):
# Since this step is running first, let's create necesary variables here
# and make them global
global compute_hosts, network_hosts
com_var = config.get("CONFIG_COMPUTE_HOSTS", "")
compute_hosts = set([i.strip() for i in com_var.split(",") if i.strip()])
net_var = config.get("CONFIG_NETWORK_HOSTS", "")
network_hosts = set([i.strip() for i in net_var.split(",") if i.strip()])
# This is a hack around us needing to generate the neutron metadata
# password, but the nova puppet plugin uses the existence of that
# password to determine whether or not to configure neutron metadata
# proxy support. So the nova_api.pp template needs unquoted 'undef'
# to disable metadata support if neutron is not being installed.
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef'
else:
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = "%s" % config['CONFIG_NEUTRON_METADATA_PW']
manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_api")
fw_details = dict()
key = "nova_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "nova api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8773', '8774', '8775']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_NOVA_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_SAHARA_HOST']
ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_sahara.crt'
)
ssl_key_file = config['CONFIG_SAHARA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_sahara.key'
)
service = 'sahara'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate(get_mq(config, "sahara"))
manifestdata += getManifestTemplate("sahara.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('sahara_ceilometer')
fw_details = dict()
key = "sahara-api"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "sahara api"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8386"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_SAHARA_CFN_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES")
appendManifestFile(manifestfile, manifestdata, marker='sahara')
def create_manifest(config, messages):
client_host = config['CONFIG_CONTROLLER_HOST'].strip()
manifestfile = "%s_osclient.pp" % client_host
server = utils.ScriptRunner(client_host)
server.append('echo $HOME')
rc, root_home = server.execute()
root_home = root_home.strip()
homedir = os.path.expanduser('~')
config['HOME_DIR'] = homedir
uname, gname = utils.get_current_username()
config['NO_ROOT_USER'], config['NO_ROOT_GROUP'] = uname, gname
no_root_allinone = (client_host == utils.get_localhost_ip() and
root_home != homedir)
config['NO_ROOT_USER_ALLINONE'] = no_root_allinone and True or False
manifestdata = getManifestTemplate("openstack_client.pp")
appendManifestFile(manifestfile, manifestdata)
msg = ("File %s/keystonerc_admin has been created on OpenStack client host"
" %s. To use the command line tools you need to source the file.")
messages.append(msg % (root_home, client_host))
if no_root_allinone:
msg = ("Copy of keystonerc_admin file has been created for non-root "
"user in %s.")
messages.append(msg % homedir)
def createL2AgentManifests(config):
global compute_hosts, dhcp_host, l3_hosts
if controller.CONF["CONFIG_NEUTRON_L2_PLUGIN"] == "openvswitch":
host_var = 'CONFIG_NEUTRON_OVS_HOST'
template_name = 'neutron_ovs_agent.pp'
bm_arr = get_values(controller.CONF["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(controller.CONF["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be properly
# formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B, C' should formatted as '['A','B','C']'.
controller.CONF["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = str(bm_arr)
elif controller.CONF["CONFIG_NEUTRON_L2_PLUGIN"] == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent.pp'
else:
raise KeyError("Unknown layer2 agent")
# Install l2 agents on every compute host in addition to any hosts listed
# specifically for the l2 agent
for host in compute_hosts | dhcp_hosts | l3_hosts:
controller.CONF[host_var] = host
manifestfile = "%s_neutron.pp" % (host,)
manifestdata = getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
if controller.CONF["CONFIG_NEUTRON_L2_PLUGIN"] == "openvswitch":
for if_map in iface_arr:
controller.CONF['CONFIG_NEUTRON_OVS_BRIDGE'], controller.CONF['CONFIG_NEUTRON_OVS_IFACE'] = if_map.split(':')
manifestdata = getManifestTemplate("neutron_ovs_port.pp")
appendManifestFile(manifestfile, manifestdata + "\n")
def createstoragemanifest():
# this need to happen once per storage host
for host in set([device['host'] for device in devices]):
controller.CONF["CONFIG_SWIFT_STORAGE_CURRENT"] = host
manifestfile = "%s_swift.pp"%host
manifestdata = getManifestTemplate("swift_storage.pp")
appendManifestFile(manifestfile, manifestdata)
# this need to happen once per storage device
for device in devices:
host = device['host']
devicename = device['device_name']
device = device['device']
server = utils.ScriptRunner(host)
validate.r_validateDevice(server, device)
server.execute()
manifestfile = "%s_swift.pp"%host
if device:
manifestdata = "\n" + 'swift::storage::%s{"%s":\n device => "/dev/%s",\n}'% (controller.CONF["CONFIG_SWIFT_STORAGE_FSTYPE"], devicename, device)
else:
controller.CONF["SWIFT_STORAGE_DEVICES"] = "'%s'"%devicename
manifestdata = "\n" + getManifestTemplate("swift_loopback.pp")
appendManifestFile(manifestfile, manifestdata)
def create_dhcp_manifests(config, messages):
global network_hosts
plugin = config['CONFIG_NEUTRON_L2_PLUGIN']
for host in network_hosts:
config["CONFIG_NEUTRON_DHCP_HOST"] = host
config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config)
manifest_data = getManifestTemplate("neutron_dhcp.pp")
manifest_file = "%s_neutron.pp" % (host,)
# Firewall Rules for dhcp in
config['FIREWALL_PROTOCOL'] = 'udp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in: "
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_in_%s" % host
config['FIREWALL_PORTS'] = "'67'"
config['FIREWALL_CHAIN'] = "INPUT"
manifest_data += getManifestTemplate("firewall.pp")
# Firewall Rules for dhcp out
config['FIREWALL_PROTOCOL'] = 'udp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out: "
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_out_%s" % host
config['FIREWALL_PORTS'] = "'68'"
config['FIREWALL_CHAIN'] = "OUTPUT"
manifest_data += getManifestTemplate("firewall.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_ntp_manifest(config, messages):
srvlist = [i.strip()
for i in config['CONFIG_NTP_SERVERS'].split(',')
if i.strip()]
config['CONFIG_NTP_SERVERS'] = ' '.join(srvlist)
definiton = '\n'.join(['server %s' % i for i in srvlist])
config['CONFIG_NTP_SERVER_DEF'] = '%s\n' % definiton
marker = uuid.uuid4().hex[:16]
for hostname in filtered_hosts(config):
releaseos = config['HOST_DETAILS'][hostname]['os']
releasever = config['HOST_DETAILS'][hostname]['release'].split('.')[0]
# Configure chrony for Fedora or RHEL/CentOS 7
if releaseos == 'Fedora' or releasever == '7':
manifestdata = getManifestTemplate('chrony.pp')
appendManifestFile('%s_chrony.pp' % hostname,
manifestdata,
marker=marker)
# For previous versions, configure ntpd
else:
manifestdata = getManifestTemplate('ntpd.pp')
appendManifestFile('%s_ntpd.pp' % hostname,
manifestdata,
marker=marker)
def create_mongodb_manifest(config, messages):
manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST']
manifestdata = getManifestTemplate("mongodb.pp")
config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST']
config['FIREWALL_SERVICE_NAME'] = 'mongodb-server'
config['FIREWALL_PORTS'] = "'27017'"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_metadata_manifests(config, messages):
global network_hosts
if config.get('CONFIG_NOVA_INSTALL') == 'n':
return
for host in network_hosts:
config['CONFIG_NEUTRON_METADATA_HOST'] = host
manifestdata = getManifestTemplate('neutron_metadata')
manifestfile = "%s_neutron.pp" % (host, )
appendManifestFile(manifestfile, manifestdata + "\n")
def createproxymanifest():
manifestfile = "%s_swift.pp" % controller.CONF['CONFIG_SWIFT_PROXY_HOSTS']
manifestdata = getManifestTemplate("swift_proxy.pp")
# If the proxy server is also a storage server then swift::ringsync will be included for the storage server
if controller.CONF['CONFIG_SWIFT_PROXY_HOSTS'] not in controller.CONF[
"CONFIG_SWIFT_STORAGE_HOSTS"].split(","):
manifestdata += 'swift::ringsync{["account","container","object"]:\n ring_server => "%s"\n}' % controller.CONF[
'CONFIG_SWIFT_BUILDER_HOST']
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_CINDER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_cinder.crt')
ssl_key_file = config['CONFIG_CINDER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_cinder.key')
service = 'cinder'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("cinder")
for backend in config['CONFIG_CINDER_BACKEND']:
manifestdata += getManifestTemplate('cinder_%s' % backend)
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup')
fw_details = dict()
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
if (config['CONFIG_NOVA_INSTALL'] == 'y'
and config['CONFIG_VMWARE_BACKEND'] == 'n'):
key = "cinder_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
else:
key = "cinder_all"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3260']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_RULES')
# cinder API should be open for everyone
fw_details = dict()
key = "cinder_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8776']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_l2_agent_manifests(config, messages):
global network_hosts, compute_hosts
agent = config["CONFIG_NEUTRON_L2_AGENT"]
# CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2
# plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also
# for other plugin template generation
if ('l2population' in config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS',
[])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent == "openvswitch":
ovs_type = 'CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'
ovs_type = config.get(ovs_type, 'local')
tunnel = use_openvswitch_vxlan(config) or use_openvswitch_gre(config)
config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel
tunnel_types = set(ovs_type) & set(['gre', 'vxlan'])
config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types)
template_name = "neutron_ovs_agent"
bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = []
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent'
else:
raise KeyError("Unknown layer2 agent")
for host in network_hosts | compute_hosts:
manifestfile = "%s_neutron.pp" % (host, )
manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host
# neutron ovs port only on network hosts
if (agent == "openvswitch" and
((host in network_hosts and tunnel_types) or 'vlan' in ovs_type)):
if config['CONFIG_USE_SUBNETS'] == 'y':
iface_arr = [
common.cidr_to_ifname(i, host, config) for i in iface_arr
]
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr
manifestdata += getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
# Additional configurations required for compute hosts and
# network hosts.
manifestdata = getManifestTemplate('neutron_bridge_module')
appendManifestFile(manifestfile, manifestdata + '\n')
def createDHCPManifests(config):
global dhcp_hosts
for host in dhcp_hosts:
controller.CONF["CONFIG_NEUTRON_DHCP_HOST"] = host
controller.CONF[
'CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = getInterfaceDriver()
manifestdata = getManifestTemplate("neutron_dhcp.pp")
manifestfile = "%s_neutron.pp" % (host, )
appendManifestFile(manifestfile, manifestdata + "\n")
def createneutronmanifest(config):
if controller.CONF['CONFIG_NEUTRON_INSTALL'] != "y":
return
controller.CONF['CONFIG_NOVA_LIBVIRT_VIF_DRIVER'] = 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver'
for manifestfile, marker in manifestfiles.getFiles():
if manifestfile.endswith("_nova.pp"):
data = getManifestTemplate("nova_neutron.pp")
appendManifestFile(os.path.split(manifestfile)[1], data)
def create_manifest(config, messages):
for hostname in filtered_hosts(config):
manifestfile = "%s_postscript.pp" % hostname
manifestdata = getManifestTemplate("postscript.pp")
appendManifestFile(manifestfile, manifestdata, 'postscript')
if config.get("CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE") != 'n':
fmted = config['CONFIG_NEUTRON_L3_EXT_BRIDGE'].replace('-', '_')
config['EXT_BRIDGE_VAR'] = fmted
manifestdata = getManifestTemplate("persist_ovs_bridge.pp")
appendManifestFile(manifestfile, manifestdata, 'postscript')
def create_manifest(config):
manifestfile = "%s_cinder.pp" % controller.CONF['CONFIG_CINDER_HOST']
manifestdata = getManifestTemplate("cinder.pp")
if controller.CONF['CONFIG_CINDER_BACKEND'] == "gluster":
manifestdata += getManifestTemplate("cinder_gluster.pp")
if controller.CONF['CONFIG_CINDER_BACKEND'] == "nfs":
manifestdata += getManifestTemplate("cinder_nfs.pp")
appendManifestFile(manifestfile, manifestdata)
def create_vpnaas_manifests(config, messages):
global network_hosts
if config['CONFIG_NEUTRON_VPNAAS'] != 'y':
return
for host in network_hosts:
manifestdata = getManifestTemplate("neutron_vpnaas")
manifestfile = "%s_neutron.pp" % (host, )
appendManifestFile(manifestfile, manifestdata + "\n")
def create_sriovnicswitch_manifests(config, messages):
global compute_hosts
if not use_ml2_with_sriovnicswitch(config):
return
for host in compute_hosts:
manifestdata = getManifestTemplate("neutron_sriov")
manifestfile = "%s_neutron.pp" % (host, )
appendManifestFile(manifestfile, manifestdata + "\n")
def create_sched_manifest(config, messages):
manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST']
if config['CONFIG_IRONIC_INSTALL'] == 'y':
manifestdata = getManifestTemplate("nova_sched_ironic.pp")
ram_alloc = '1.0'
config['CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO'] = ram_alloc
manifestdata += getManifestTemplate("nova_sched.pp")
else:
manifestdata = getManifestTemplate("nova_sched.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config):
manifestfile = "%s_keystone.pp" % config['CONFIG_KEYSTONE_HOST']
manifestdata = getManifestTemplate("keystone.pp")
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "keystone"
config['FIREWALL_SERVICE_ID'] = "keystone"
config['FIREWALL_PORTS'] = "'5000', '35357'"
config['FIREWALL_CHAIN'] = "INPUT"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def createmanifest(config):
if config['CONFIG_MYSQL_INSTALL'] == 'y':
install = True
suffix = 'install'
else:
install = False
suffix = 'noinstall'
# In case we are not installing MySQL server, mysql* manifests have
# to be run from Keystone host
host = install and config['CONFIG_MYSQL_HOST'] \
or config['CONFIG_KEYSTONE_HOST']
manifestfile = "%s_mysql.pp" % host
manifestdata = [getManifestTemplate('mysql_%s.pp' % suffix)]
def append_for(module, suffix):
# Modules have to be appended to the existing mysql.pp
# otherwise pp will fail for some of them saying that
# Mysql::Config definition is missing.
template = "mysql_%s_%s.pp" % (module, suffix)
manifestdata.append(getManifestTemplate(template))
append_for("keystone", suffix)
hosts = set()
for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat']:
if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y':
append_for(mod, suffix)
# Check wich modules are enabled so we can allow their
# hosts on the firewall
if mod != 'nova' and mod != 'neutron':
hosts.add(config.get('CONFIG_%s_HOST' % mod.upper()).strip())
elif mod == 'neutron':
hosts.add(config.get('CONFIG_NEUTRON_SERVER_HOST').strip())
elif config['CONFIG_NOVA_INSTALL'] != 'n':
#In that remote case that we have lot's of nova hosts
hosts.add(config.get('CONFIG_NOVA_API_HOST').strip())
hosts.add(config.get('CONFIG_NOVA_CERT_HOST').strip())
hosts.add(config.get('CONFIG_NOVA_VNCPROXY_HOST').strip())
hosts.add(config.get('CONFIG_NOVA_CONDUCTOR_HOST').strip())
hosts.add(config.get('CONFIG_NOVA_SCHED_HOST').strip())
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
dbhosts = split_hosts(config['CONFIG_NOVA_NETWORK_HOSTS'])
hosts |= dbhosts
for host in config.get('CONFIG_NOVA_COMPUTE_HOSTS').split(','):
hosts.add(host.strip())
config['FIREWALL_SERVICE_NAME'] = "mysql"
config['FIREWALL_PORTS'] = "'3306'"
config['FIREWALL_CHAIN'] = "INPUT"
for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "mysql_%s" % host
manifestdata.append(getManifestTemplate("firewall.pp"))
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def create_lbaas_manifests(config, messages):
global network_hosts
if not config['CONFIG_LBAAS_INSTALL'] == 'y':
return
for host in network_hosts:
config['CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER'] = get_if_driver(config)
manifestdata = getManifestTemplate("neutron_lbaas")
manifestfile = "%s_neutron.pp" % (host, )
appendManifestFile(manifestfile, manifestdata + "\n")
def createnrpemanifests():
for hostname in gethostlist(controller.CONF):
controller.CONF['CONFIG_NRPE_HOST'] = hostname
manifestfile = "%s_nagios_nrpe.pp" % hostname
manifestdata = getManifestTemplate("nagios_nrpe.pp")
appendManifestFile(manifestfile, manifestdata)
controller.MESSAGES.append("To use Nagios, browse to http://%s/nagios "
"username : nagiosadmin, password : %s" %
(controller.CONF['CONFIG_NAGIOS_HOST'],
controller.CONF['CONFIG_NAGIOS_PW']))
def create_proxy_manifest(config, messages):
manifestfile = "%s_swift.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("swift_proxy.pp")
config['FIREWALL_SERVICE_NAME'] = "swift proxy"
config['FIREWALL_PORTS'] = "'8080'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "swift_proxy"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
for hostname in filtered_hosts(config):
manifestfile = "%s_postscript.pp" % hostname
manifestdata = getManifestTemplate("postscript")
appendManifestFile(manifestfile, manifestdata, 'postscript')
# TO-DO: remove this temporary fix for nova-network/neutron
# nondeterministic behavior
provision = (
config.get("CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE") not in
set(['false', 'n', None])
)
def create_metering_agent_manifests(config, messages):
global network_hosts
if not config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
return
for host in network_hosts:
config['CONFIG_NEUTRON_METERING_IFCE_DRIVER'] = get_if_driver(config)
manifestdata = getManifestTemplate("neutron_metering_agent")
manifestfile = "%s_neutron.pp" % (host, )
appendManifestFile(manifestfile, manifestdata + "\n")
def create_storage_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
if config['CONFIG_PROVISION_TEMPEST']:
template = "provision_tempest_glance"
else:
template = "provision_demo_glance"
manifest_file = '%s_provision_glance' % config['CONFIG_STORAGE_HOST']
manifest_data = getManifestTemplate(template)
appendManifestFile(manifest_file, manifest_data)
def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn.pp")
config['FIREWALL_SERVICE_NAME'] = "heat_cfn"
config['FIREWALL_PORTS'] = "'8000'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "heat_cfn"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata, marker='heat')
def createL3Manifests(config):
global l3_hosts
for host in l3_hosts:
controller.CONF['CONFIG_QUANTUM_L3_HOST'] = host
controller.CONF['CONFIG_QUANTUM_L3_INTERFACE_DRIVER'] = getInterfaceDriver()
manifestdata = getManifestTemplate("quantum_l3.pp")
manifestfile = "%s_quantum.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + '\n')
if controller.CONF['CONFIG_QUANTUM_L2_PLUGIN'] == 'openvswitch' and controller.CONF['CONFIG_QUANTUM_L3_EXT_BRIDGE']:
controller.CONF['CONFIG_QUANTUM_OVS_BRIDGE'] = controller.CONF['CONFIG_QUANTUM_L3_EXT_BRIDGE']
manifestdata = getManifestTemplate('quantum_ovs_bridge.pp')
appendManifestFile(manifestfile, manifestdata + '\n')
def create_manifest(config):
manifestfile = "%s_cinder.pp" % controller.CONF['CONFIG_CINDER_HOST']
manifestdata = getManifestTemplate("cinder.pp")
if config['CONFIG_CINDER_BACKEND'] == "gluster":
manifestdata += getManifestTemplate("cinder_gluster.pp")
if config['CONFIG_CINDER_BACKEND'] == "nfs":
manifestdata += getManifestTemplate("cinder_nfs.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer.pp')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config):
if config['CONFIG_HEAT_CLOUDWATCH_INSTALL'] == 'y':
config['CONFIG_HEAT_WATCH_HOST'] = config['CONFIG_HEAT_CLOUDWATCH_HOST']
else:
config['CONFIG_HEAT_WATCH_HOST'] = config['CONFIG_HEAT_HOST']
if config['CONFIG_HEAT_CFN_INSTALL'] == 'y':
config['CONFIG_HEAT_METADATA_HOST'] = config['CONFIG_HEAT_CFN_HOST']
else:
config['CONFIG_HEAT_METADATA_HOST'] = config['CONFIG_HEAT_HOST']
manifestfile = "%s_heat.pp" % controller.CONF['CONFIG_HEAT_HOST']
manifestdata = getManifestTemplate("heat.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config):
manifestfile = "%s_keystone.pp" % config['CONFIG_KEYSTONE_HOST']
manifestdata = getManifestTemplate("keystone.pp")
hosts = set()
for key, value in host_iter(config):
if (key.find("MYSQL") != -1) or (key.find("QPID") != -1):
continue
hosts.add(value.strip())
config['FIREWALL_ALLOWED'] = ",".join(["'%s'" % i for i in hosts])
config['FIREWALL_SERVICE_NAME'] = "keystone"
config['FIREWALL_PORTS'] = "'5000', '35357'"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def createmanifest(config):
manifestfile = "%s_glance.pp" % controller.CONF['CONFIG_GLANCE_HOST']
manifestdata = getManifestTemplate("glance.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('glance_ceilometer.pp')
hosts = set()
for host in config['CONFIG_NOVA_COMPUTE_HOSTS'].split(','):
hosts.add(host.strip())
config['FIREWALL_ALLOWED'] = ",".join(["'%s'" % i for i in hosts])
config['FIREWALL_SERVICE_NAME'] = "glance"
config['FIREWALL_PORTS'] = "'9292'"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone.pp")
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "keystone"
config['FIREWALL_SERVICE_ID'] = "keystone"
config['FIREWALL_PORTS'] = "['5000', '35357']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def createmanifest():
client_host = controller.CONF['CONFIG_OSCLIENT_HOST'].strip()
manifestfile = "%s_osclient.pp" % client_host
manifestdata = getManifestTemplate("openstack_client.pp")
appendManifestFile(manifestfile, manifestdata)
server = utils.ScriptRunner(client_host)
server.append('echo $HOME')
rc, root_home = server.execute()
msg = ("To use the command line tools you need to source the file "
"%s/keystonerc_admin created on %s")
controller.MESSAGES.append(msg % (root_home.strip(), client_host))
def createapimanifest(config):
# This is a hack around us needing to generate the neutron metadata
# password, but the nova puppet plugin uses the existence of that
# password to determine whether or not to configure neutron metadata
# proxy support. So the nova_api.pp template needs unquoted 'undef'
# to disable metadata support if neutron is not being installed.
if controller.CONF['CONFIG_NEUTRON_INSTALL'] != 'y':
controller.CONF['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef'
else:
controller.CONF['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = \
"'%s'" % controller.CONF['CONFIG_NEUTRON_METADATA_PW']
manifestfile = "%s_api_nova.pp" % controller.CONF['CONFIG_NOVA_API_HOST']
manifestdata = getManifestTemplate("nova_api.pp")
appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_manifest(config, messages):
for hostname in filtered_hosts(config):
manifestfile = "%s_postscript.pp" % hostname
manifestdata = getManifestTemplate("postscript")
appendManifestFile(manifestfile, manifestdata, 'postscript')
# TO-DO: remove this temporary fix for nova-network/neutron
# undeterministic behavior
provision = (config.get("CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE")
not in set(['false', 'n', None]))
if config.get('CONFIG_NEUTRON_INSTALL', 'n') == 'y' and provision:
fmted = config['CONFIG_NEUTRON_L3_EXT_BRIDGE'].replace('-', '_')
config['EXT_BRIDGE_VAR'] = fmted
manifestdata = getManifestTemplate("persist_ovs_bridge")
appendManifestFile(manifestfile, manifestdata, 'postscript')
