def createcomputemanifest(config): dirty = controller.CONF["CONFIG_NOVA_COMPUTE_HOSTS"].split(",") hostlist = [i.strip() for i in dirty if i.strip()] for host in hostlist: controller.CONF["CONFIG_NOVA_COMPUTE_HOST"] = host manifestdata = getManifestTemplate("nova_compute.pp") if controller.CONF["CONFIG_CINDER_INSTALL"] == "y" and controller.CONF["CONFIG_CINDER_BACKEND"] == "gluster": manifestdata += getManifestTemplate("nova_gluster.pp") if controller.CONF["CONFIG_CINDER_INSTALL"] == "y" and controller.CONF["CONFIG_CINDER_BACKEND"] == "nfs": manifestdata += getManifestTemplate("nova_nfs.pp") manifestfile = "%s_nova.pp" % host nova_config_options = NovaConfig() if controller.CONF["CONFIG_NEUTRON_INSTALL"] != "y": if host != controller.CONF["CONFIG_NOVA_NETWORK_HOST"]: nova_config_options.addOption("DEFAULT/flat_interface", controller.CONF["CONFIG_NOVA_COMPUTE_PRIVIF"]) check_ifcfg(host, controller.CONF["CONFIG_NOVA_COMPUTE_PRIVIF"]) try: bring_up_ifcfg(host, controller.CONF["CONFIG_NOVA_COMPUTE_PRIVIF"]) except ScriptRuntimeError as ex: # just warn user to do it by himself controller.MESSAGES.append(str(ex)) if controller.CONF["CONFIG_CEILOMETER_INSTALL"] == "y": manifestdata += getManifestTemplate("nova_ceilometer.pp") appendManifestFile(manifestfile, manifestdata + "\n" + nova_config_options.getManifestEntry())
def create_manifest(config, messages): manifestdata = getManifestTemplate(get_mq(config, "cinder")) manifestfile = "%s_cinder.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata += getManifestTemplate("cinder.pp") if config['CONFIG_CINDER_BACKEND'] == "lvm": manifestdata += getManifestTemplate("cinder_lvm.pp") elif config['CONFIG_CINDER_BACKEND'] == "gluster": manifestdata += getManifestTemplate("cinder_gluster.pp") elif config['CONFIG_CINDER_BACKEND'] == "nfs": manifestdata += getManifestTemplate("cinder_nfs.pp") elif config['CONFIG_CINDER_BACKEND'] == "vmdk": manifestdata += getManifestTemplate("cinder_vmdk.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_ceilometer.pp') if config['CONFIG_SWIFT_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_backup.pp') config['FIREWALL_SERVICE_NAME'] = "cinder" config['FIREWALL_PORTS'] = "['3260', '8776']" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' if (config['CONFIG_NOVA_INSTALL'] == 'y' and config['CONFIG_VMWARE_BACKEND'] == 'n'): for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): config['FIREWALL_ALLOWED'] = "'%s'" % host config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host manifestdata += getManifestTemplate("firewall.pp") else: config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "cinder_ALL" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("keystone") manifestdata += getManifestTemplate("apache_ports") if config['CONFIG_IP_VERSION'] == 'ipv6': host = config['CONFIG_CONTROLLER_HOST'] config['CONFIG_KEYSTONE_HOST_URL'] = "[%s]" % host else: config['CONFIG_KEYSTONE_HOST_URL'] = config['CONFIG_CONTROLLER_HOST'] config['CONFIG_KEYSTONE_PUBLIC_URL'] = "http://%s:5000/%s" % ( config['CONFIG_KEYSTONE_HOST_URL'], config['CONFIG_KEYSTONE_API_VERSION'] ) config['CONFIG_KEYSTONE_ADMIN_URL'] = "http://%s:35357" % ( config['CONFIG_KEYSTONE_HOST_URL'] ) fw_details = dict() key = "keystone" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "keystone" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['5000', '35357'] fw_details[key]['proto'] = "tcp" config['FIREWALL_KEYSTONE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES') appendManifestFile(manifestfile, manifestdata)
def createstoragemanifest(config): # this need to happen once per storage host for host in set([device["host"] for device in devices]): controller.CONF["CONFIG_SWIFT_STORAGE_CURRENT"] = host manifestfile = "%s_swift.pp" % host manifestdata = getManifestTemplate("swift_storage.pp") appendManifestFile(manifestfile, manifestdata) # this need to happen once per storage device for device in devices: host = device["host"] devicename = device["device_name"] device = device["device"] if device: check_device(host, device) manifestfile = "%s_swift.pp" % host if device: manifestdata = "\n" + 'swift::storage::%s{"%s":\n device => "/dev/%s",\n}' % ( controller.CONF["CONFIG_SWIFT_STORAGE_FSTYPE"], devicename, device, ) else: controller.CONF["SWIFT_STORAGE_DEVICES"] = "'%s'" % devicename manifestdata = "\n" + getManifestTemplate("swift_loopback.pp") appendManifestFile(manifestfile, manifestdata)
def create_api_manifest(config, messages): # Since this step is running first, let's create necesary variables here # and make them global global compute_hosts, network_hosts com_var = config.get("CONFIG_COMPUTE_HOSTS", "") compute_hosts = set([i.strip() for i in com_var.split(",") if i.strip()]) net_var = config.get("CONFIG_NETWORK_HOSTS", "") network_hosts = set([i.strip() for i in net_var.split(",") if i.strip()]) # This is a hack around us needing to generate the neutron metadata # password, but the nova puppet plugin uses the existence of that # password to determine whether or not to configure neutron metadata # proxy support. So the nova_api.pp template needs unquoted 'undef' # to disable metadata support if neutron is not being installed. if config['CONFIG_NEUTRON_INSTALL'] != 'y': config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef' else: config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = \ "'%s'" % config['CONFIG_NEUTRON_METADATA_PW'] manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("nova_api.pp") config['FIREWALL_SERVICE_NAME'] = "nova api" config['FIREWALL_PORTS'] = "['8773', '8774', '8775']" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "nova_api" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_dhcp_manifests(config, messages): global network_hosts plugin = config['CONFIG_NEUTRON_L2_PLUGIN'] for host in network_hosts: config["CONFIG_NEUTRON_DHCP_HOST"] = host config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config) manifest_data = getManifestTemplate("neutron_dhcp.pp") manifest_file = "%s_neutron.pp" % (host,) # Firewall Rules for dhcp in config['FIREWALL_PROTOCOL'] = 'udp' config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in: " config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_in_%s" % host config['FIREWALL_PORTS'] = "'67'" config['FIREWALL_CHAIN'] = "INPUT" manifest_data += getManifestTemplate("firewall.pp") # Firewall Rules for dhcp out config['FIREWALL_PROTOCOL'] = 'udp' config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out: " config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_out_%s" % host config['FIREWALL_PORTS'] = "'68'" config['FIREWALL_CHAIN'] = "OUTPUT" manifest_data += getManifestTemplate("firewall.pp") appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_TROVE_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_trove.crt' ) ssl_key_file = config['CONFIG_TROVE_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_trove.key' ) ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'trove' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) if (config['CONFIG_TROVE_NOVA_USER'] == 'trove' and config['CONFIG_TROVE_NOVA_PW'] == ''): config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_TROVE_KS_PW'] manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "trove")) manifestdata += getManifestTemplate('trove.pp') fw_details = dict() key = "trove" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "trove api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8779'] fw_details[key]['proto'] = "tcp" config['FIREWALL_TROVE_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES') appendManifestFile(manifestfile, manifestdata, marker='trove')
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_SAHARA_HOST'] ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_sahara.crt' ) ssl_key_file = config['CONFIG_SAHARA_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_sahara.key' ) service = 'sahara' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate(get_mq(config, "sahara")) manifestdata += getManifestTemplate("sahara.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('sahara_ceilometer') fw_details = dict() key = "sahara-api" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "sahara api" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["8386"] fw_details[key]["proto"] = "tcp" config["FIREWALL_SAHARA_CFN_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES") appendManifestFile(manifestfile, manifestdata, marker='sahara')
def createstoragemanifest(): # this need to happen once per storage host for host in set([device['host'] for device in devices]): controller.CONF["CONFIG_SWIFT_STORAGE_CURRENT"] = host manifestfile = "%s_swift.pp"%host manifestdata = getManifestTemplate("swift_storage.pp") appendManifestFile(manifestfile, manifestdata) # this need to happen once per storage device for device in devices: host = device['host'] devicename = device['device_name'] device = device['device'] server = utils.ScriptRunner(host) validate.r_validateDevice(server, device) server.execute() manifestfile = "%s_swift.pp"%host if device: manifestdata = "\n" + 'swift::storage::%s{"%s":\n device => "/dev/%s",\n}'% (controller.CONF["CONFIG_SWIFT_STORAGE_FSTYPE"], devicename, device) else: controller.CONF["SWIFT_STORAGE_DEVICES"] = "'%s'"%devicename manifestdata = "\n" + getManifestTemplate("swift_loopback.pp") appendManifestFile(manifestfile, manifestdata)
def createL2AgentManifests(config): global compute_hosts, dhcp_host, l3_hosts if controller.CONF["CONFIG_NEUTRON_L2_PLUGIN"] == "openvswitch": host_var = 'CONFIG_NEUTRON_OVS_HOST' template_name = 'neutron_ovs_agent.pp' bm_arr = get_values(controller.CONF["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"]) iface_arr = get_values(controller.CONF["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"]) # The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a # comma-separated list of bridge mappings. Since the puppet module # expects this parameter to be an array, this parameter must be properly # formatted by packstack, then consumed by the puppet module. # For example, the input string 'A, B, C' should formatted as '['A','B','C']'. controller.CONF["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = str(bm_arr) elif controller.CONF["CONFIG_NEUTRON_L2_PLUGIN"] == "linuxbridge": host_var = 'CONFIG_NEUTRON_LB_HOST' template_name = 'neutron_lb_agent.pp' else: raise KeyError("Unknown layer2 agent") # Install l2 agents on every compute host in addition to any hosts listed # specifically for the l2 agent for host in compute_hosts | dhcp_hosts | l3_hosts: controller.CONF[host_var] = host manifestfile = "%s_neutron.pp" % (host,) manifestdata = getManifestTemplate(template_name) appendManifestFile(manifestfile, manifestdata + "\n") if controller.CONF["CONFIG_NEUTRON_L2_PLUGIN"] == "openvswitch": for if_map in iface_arr: controller.CONF['CONFIG_NEUTRON_OVS_BRIDGE'], controller.CONF['CONFIG_NEUTRON_OVS_IFACE'] = if_map.split(':') manifestdata = getManifestTemplate("neutron_ovs_port.pp") appendManifestFile(manifestfile, manifestdata + "\n")
def create_common_manifest(config, messages): global compute_hosts, network_hosts network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and 'neutron' or 'nova') network_multi = len(network_hosts) > 1 dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')]) dbacces_hosts |= network_hosts for manifestfile, marker in manifestfiles.getFiles(): if manifestfile.endswith("_nova.pp"): host, manifest = manifestfile.split('_', 1) host = host.strip() if host in compute_hosts and host not in dbacces_hosts: # we should omit password in case we are installing only # nova-compute to the host perms = "nova" else: perms = "nova:%(CONFIG_NOVA_DB_PW)s" sqlconn = "mysql://%s@%%(CONFIG_MYSQL_HOST)s/nova" % perms config['CONFIG_NOVA_SQL_CONN'] = sqlconn % config # for nova-network in multihost mode each compute host is metadata # host otherwise we use api host if (network_type == 'nova' and network_multi and host in compute_hosts): metadata = host else: metadata = config['CONFIG_CONTROLLER_HOST'] config['CONFIG_NOVA_METADATA_HOST'] = metadata data = getManifestTemplate(get_mq(config, "nova_common")) data += getManifestTemplate("nova_common.pp") appendManifestFile(os.path.split(manifestfile)[1], data)
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_glance.crt' ) ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_glance.key' ) service = 'glance' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "glance" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] # Setting the default to 'swift' when Ironic is enabled if config['CONFIG_IRONIC_INSTALL'] == 'y': backend = 'swift' config['CONFIG_GLANCE_BACKEND'] = backend manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "glance" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_ntp_manifest(config, messages): srvlist = [i.strip() for i in config['CONFIG_NTP_SERVERS'].split(',') if i.strip()] config['CONFIG_NTP_SERVERS'] = ' '.join(srvlist) definiton = '\n'.join(['server %s' % i for i in srvlist]) config['CONFIG_NTP_SERVER_DEF'] = '%s\n' % definiton marker = uuid.uuid4().hex[:16] for hostname in filtered_hosts(config): releaseos = config['HOST_DETAILS'][hostname]['os'] releasever = config['HOST_DETAILS'][hostname]['release'].split('.')[0] # Configure chrony for Fedora or RHEL/CentOS 7 if releaseos == 'Fedora' or releasever == '7': manifestdata = getManifestTemplate('chrony.pp') appendManifestFile('%s_chrony.pp' % hostname, manifestdata, marker=marker) # For previous versions, configure ntpd else: manifestdata = getManifestTemplate('ntpd.pp') appendManifestFile('%s_ntpd.pp' % hostname, manifestdata, marker=marker)
def create_manifest(config, messages): if config["CONFIG_AMQP_ENABLE_SSL"] == "y": ssl_host = config["CONFIG_CONTROLLER_HOST"] ssl_cert_file = config["CONFIG_HEAT_SSL_CERT"] = "/etc/pki/tls/certs/ssl_amqp_heat.crt" ssl_key_file = config["CONFIG_HEAT_SSL_KEY"] = "/etc/pki/tls/private/ssl_amqp_heat.key" service = "heat" generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_heat.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat") manifestdata += getManifestTemplate("keystone_heat") fw_details = dict() key = "heat" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "heat" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["8004"] fw_details[key]["proto"] = "tcp" config["FIREWALL_HEAT_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_HEAT_RULES") appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_manifest(config, messages): manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "aodh")) manifestdata += getManifestTemplate("aodh") if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_aodh.crt' ) ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_aodh.key' ) ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'aodh' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "aodh_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "aodh-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8042'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AODH_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_AODH_RULES') appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_manifest(config, messages): if config['CONFIG_MARIADB_INSTALL'] == 'y': suffix = 'install' host = config['CONFIG_MARIADB_HOST'] else: suffix = 'noinstall' host = config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_mariadb.pp" % host manifestdata = [getManifestTemplate('mariadb_%s.pp' % suffix)] def append_for(module, suffix): # Modules have to be appended to the existing mysql.pp # otherwise pp will fail for some of them saying that # Mysql::Config definition is missing. template = "mariadb_%s_%s.pp" % (module, suffix) manifestdata.append(getManifestTemplate(template)) append_for("keystone", suffix) for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat']: if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y': append_for(mod, suffix) hosts = filtered_hosts(config, exclude=False, dbhost=True) config['FIREWALL_SERVICE_NAME'] = "mariadb" config['FIREWALL_PORTS'] = "'3306'" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' for host in hosts: config['FIREWALL_ALLOWED'] = "'%s'" % host config['FIREWALL_SERVICE_ID'] = "mariadb_%s" % host manifestdata.append(getManifestTemplate("firewall.pp")) appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def createManifest(config): global q_hosts service_plugins = [] if config['CONFIG_NEUTRON_LBAAS_HOSTS']: lbp = 'neutron.services.loadbalancer.plugin.LoadBalancerPlugin' service_plugins.append(lbp) config['SERVICE_PLUGINS'] = (str(service_plugins) if service_plugins else 'undef') for host in q_hosts: manifest_file = "%s_neutron.pp" % (host,) manifest_data = getManifestTemplate("neutron.pp") appendManifestFile(manifest_file, manifest_data, 'neutron') if host in api_hosts: manifest_file = "%s_neutron.pp" % (host,) manifest_data = getManifestTemplate("neutron_api.pp") # Firewall Rules config['FIREWALL_ALLOWED'] = ",".join(["'%s'" % i for i in q_hosts]) config['FIREWALL_SERVICE_NAME'] = "neutron" config['FIREWALL_PORTS'] = "'9696','67','68'" manifest_data += getManifestTemplate("firewall.pp") appendManifestFile(manifest_file, manifest_data, 'neutron') # Set up any l2 plugin configs we need anywhere we install neutron # XXX I am not completely sure about this, but it seems necessary if controller.CONF['CONFIG_NEUTRON_L2_PLUGIN'] == 'openvswitch': nettype = config.get("CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE", "local") manifest_data = getManifestTemplate("neutron_ovs_plugin_%s.pp" % (nettype,)) appendManifestFile(manifest_file, manifest_data, 'neutron') elif controller.CONF['CONFIG_NEUTRON_L2_PLUGIN'] == 'linuxbridge': manifest_data = getManifestTemplate("neutron_lb_plugin.pp") appendManifestFile(manifest_file, manifest_data, 'neutron')
def createmanifest(config): manifestfile = "%s_qpid.pp"%config['CONFIG_QPID_HOST'] manifestdata = "" ssl_manifestdata = "" server = utils.ScriptRunner(config['CONFIG_QPID_HOST']) ports = set(["'5672'"]) if config['CONFIG_QPID_ENABLE_SSL'] == 'y': ports.add("'%s'" % (config['CONFIG_QPID_SSL_PORT'])) config['CONFIG_QPID_ENABLE_SSL'] = 'true' if config['CONFIG_QPID_SSL_SELF_SIGNED'] == 'y': server.append( "openssl req -batch -new -x509 -nodes -keyout %s -out %s -days 1095" % (config['CONFIG_QPID_SSL_KEY_FILE'], config['CONFIG_QPID_SSL_CERT_FILE']) ) server.execute() ssl_manifestdata = getManifestTemplate('qpid_ssl.pp') else: #Set default values config['CONFIG_QPID_SSL_PORT'] = "5671" config['CONFIG_QPID_SSL_CERT_FILE'] = "" config['CONFIG_QPID_SSL_KEY_FILE'] = "" config['CONFIG_QPID_NSS_CERTDB_PW'] = "" config['CONFIG_QPID_ENABLE_SSL'] = 'false' manifestdata = getManifestTemplate('qpid.pp') manifestdata += ssl_manifestdata #All hosts should be able to talk to qpid hosts = ["'%s'" % i for i in filtered_hosts(config, exclude=False)] config['FIREWALL_ALLOWED'] = ','.join(hosts) config['FIREWALL_SERVICE_NAME'] = "qpid" config['FIREWALL_PORTS'] = ','.join(ports) manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages): if config['CONFIG_MYSQL_INSTALL'] == 'y': install = True suffix = 'install' else: install = False suffix = 'noinstall' manifestfile = "%s_mysql.pp" % config['CONFIG_MYSQL_HOST'] manifestdata = [getManifestTemplate('mysql_%s.pp' % suffix)] def append_for(module, suffix): # Modules have to be appended to the existing mysql.pp # otherwise pp will fail for some of them saying that # Mysql::Config definition is missing. template = "mysql_%s_%s.pp" % (module, suffix) manifestdata.append(getManifestTemplate(template)) append_for("keystone", suffix) for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat']: if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y': append_for(mod, suffix) hosts = set([config['CONFIG_CONTROLLER_HOST']]) hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS']) config['FIREWALL_SERVICE_NAME'] = "mysql" config['FIREWALL_PORTS'] = "'3306'" config['FIREWALL_CHAIN'] = "INPUT" for host in hosts: config['FIREWALL_ALLOWED'] = "'%s'" % host config['FIREWALL_SERVICE_ID'] = "mysql_%s" % host manifestdata.append(getManifestTemplate("firewall.pp")) appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_CONTROLLER_HOST'] ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_heat.crt' ) ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_heat.key' ) service = 'heat' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat") manifestdata += getManifestTemplate("keystone_heat") fw_details = dict() key = "heat" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "heat" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8004'] fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_HEAT_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_dhcp_manifests(config): global dhcp_hosts plugin = config['CONFIG_NEUTRON_L2_PLUGIN'] for host in dhcp_hosts: config["CONFIG_NEUTRON_DHCP_HOST"] = host config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config) manifest_data = getManifestTemplate("neutron_dhcp.pp") manifest_file = "%s_neutron.pp" % (host,) # Firewall Rules for f_host in q_hosts: config['FIREWALL_ALLOWED'] = "'%s'" % f_host config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in" config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_in_%s_%s" % (host, f_host) config['FIREWALL_PORTS'] = "'67'" config['FIREWALL_CHAIN'] = "INPUT" manifest_data += getManifestTemplate("firewall.pp") config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out" config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_out_%s_%s" % (host, f_host) config['FIREWALL_PORTS'] = "'68'" config['FIREWALL_CHAIN'] = "OUTPUT" manifest_data += getManifestTemplate("firewall.pp") appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_l3_manifests(config, messages): global network_hosts plugin = config['CONFIG_NEUTRON_L2_PLUGIN'] if config['CONFIG_NEUTRON_L3_EXT_BRIDGE'] == 'provider': config['CONFIG_NEUTRON_L3_EXT_BRIDGE'] = '' for host in network_hosts: config['CONFIG_NEUTRON_L3_HOST'] = host config['CONFIG_NEUTRON_L3_INTERFACE_DRIVER'] = get_if_driver(config) manifestdata = getManifestTemplate("neutron_l3.pp") manifestfile = "%s_neutron.pp" % (host,) appendManifestFile(manifestfile, manifestdata + '\n') ext_bridge = config['CONFIG_NEUTRON_L3_EXT_BRIDGE'] mapping = find_mapping(config['CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'], ext_bridge) if ext_bridge else None if (config['CONFIG_NEUTRON_L2_AGENT'] == 'openvswitch' and ext_bridge and not mapping): config['CONFIG_NEUTRON_OVS_BRIDGE'] = ext_bridge manifestdata = getManifestTemplate('neutron_ovs_bridge.pp') appendManifestFile(manifestfile, manifestdata + '\n') if config['CONFIG_NEUTRON_FWAAS']: manifestfile = "%s_neutron_fwaas.pp" % (host,) manifestdata = getManifestTemplate("neutron_fwaas.pp") appendManifestFile(manifestfile, manifestdata + '\n')
def create_l2_agent_manifests(config, messages): global network_hosts, compute_hosts agent = config["CONFIG_NEUTRON_L2_AGENT"] # CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2 # plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also # for other plugin template generation if ('l2population' in config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', [])): config['CONFIG_NEUTRON_USE_L2POPULATION'] = True else: config['CONFIG_NEUTRON_USE_L2POPULATION'] = False if agent == "openvswitch": ovs_type = 'CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES' ovs_type = config.get(ovs_type, 'local') tunnel = use_openvswitch_vxlan(config) or use_openvswitch_gre(config) config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel tunnel_types = set(ovs_type) & set(['gre', 'vxlan']) config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types) template_name = "neutron_ovs_agent" bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"]) iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"]) # The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a # comma-separated list of bridge mappings. Since the puppet module # expects this parameter to be an array, this parameter must be # properly formatted by packstack, then consumed by the puppet module. # For example, the input string 'A, B' should formatted as '['A','B']'. config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr elif agent == "linuxbridge": host_var = 'CONFIG_NEUTRON_LB_HOST' template_name = 'neutron_lb_agent' else: raise KeyError("Unknown layer2 agent") for host in network_hosts | compute_hosts: manifestfile = "%s_neutron.pp" % (host,) manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host manifestdata += getManifestTemplate(template_name) appendManifestFile(manifestfile, manifestdata + "\n") # neutron ovs port only on network hosts if ( agent == "openvswitch" and ( (host in network_hosts and tunnel_types) or 'vlan' in ovs_type) ): bridge_key = 'CONFIG_NEUTRON_OVS_BRIDGE' iface_key = 'CONFIG_NEUTRON_OVS_IFACE' for if_map in iface_arr: config[bridge_key], config[iface_key] = if_map.split(':') manifestdata = getManifestTemplate("neutron_ovs_port") appendManifestFile(manifestfile, manifestdata + "\n") # Additional configurations required for compute hosts and # network hosts. manifestdata = getManifestTemplate('neutron_bridge_module') appendManifestFile(manifestfile, manifestdata + '\n')
def create_manifests(config): global q_hosts service_plugins = [] if config['CONFIG_NEUTRON_LBAAS_HOSTS']: service_plugins.append( 'neutron.services.loadbalancer.plugin.LoadBalancerPlugin' ) if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'ml2': # ML2 uses the L3 Router service plugin to implement l3 agent service_plugins.append( 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' ) config['SERVICE_PLUGINS'] = (str(service_plugins) if service_plugins else 'undef') if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'openvswitch': nettype = config.get("CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE", "local") plugin_manifest = 'neutron_ovs_plugin_%s.pp' % nettype elif config['CONFIG_NEUTRON_L2_PLUGIN'] == 'linuxbridge': plugin_manifest = 'neutron_lb_plugin.pp' elif config['CONFIG_NEUTRON_L2_PLUGIN'] == 'ml2': plugin_manifest = 'neutron_ml2_plugin.pp' # host to which allow neutron server allowed_hosts = set(q_hosts) if config['CONFIG_CLIENT_INSTALL'] == 'y': allowed_hosts.add(config['CONFIG_OSCLIENT_HOST']) if config['CONFIG_HORIZON_INSTALL'] == 'y': allowed_hosts.add(config['CONFIG_HORIZON_HOST']) if config['CONFIG_NOVA_INSTALL'] == 'y': allowed_hosts.add(config['CONFIG_NOVA_API_HOST']) config['FIREWALL_SERVICE_NAME'] = "neutron server" config['FIREWALL_PORTS'] = "'9696'" config['FIREWALL_CHAIN'] = "INPUT" for host in q_hosts: manifest_file = "%s_neutron.pp" % (host,) manifest_data = getManifestTemplate("neutron.pp") manifest_data += getManifestTemplate(get_mq(config, "neutron")) appendManifestFile(manifest_file, manifest_data, 'neutron') if host in api_hosts: manifest_file = "%s_neutron.pp" % (host,) manifest_data = getManifestTemplate("neutron_api.pp") # Firewall Rules for f_host in allowed_hosts: config['FIREWALL_ALLOWED'] = "'%s'" % f_host config['FIREWALL_SERVICE_ID'] = "neutron_server_%s_%s" % (host, f_host) manifest_data += getManifestTemplate("firewall.pp") appendManifestFile(manifest_file, manifest_data, 'neutron') # Set up any l2 plugin configs we need anywhere we install neutron # XXX I am not completely sure about this, but it seems necessary: manifest_data = getManifestTemplate(plugin_manifest) appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_manifest(config, messages): manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer") if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis': # Determine if we need to configure multiple sentinel hosts as # fallbacks for use in coordination url. sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']) sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT'] sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % ( sentinel_host) else: config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] if len(sentinel_hosts) > 1: sentinel_format = 'sentinel_fallback=%s:%s' if config['CONFIG_IP_VERSION'] == 'ipv6': sentinel_format = 'sentinel_fallback=[%s]:%s' sentinel_fallbacks = '&'.join([sentinel_format % (host, sentinel_port) for host in sentinel_hosts if host != sentinel_contact]) else: sentinel_fallbacks = '' config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt' ) ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_ceilometer.key' ) ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'ceilometer' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "ceilometer_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ceilometer-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8777'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CEILOMETER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES') # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': manifestdata += getManifestTemplate("ceilometer_nova_disabled") appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_common_manifest(config, messages): global compute_hosts, network_hosts network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and 'neutron' or 'nova') network_multi = len(network_hosts) > 1 dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')]) dbacces_hosts |= network_hosts for manifestfile, marker in manifestfiles.getFiles(): pw_in_sqlconn = False if manifestfile.endswith("_nova.pp"): host, manifest = manifestfile.split('_', 1) host = host.strip() if host in compute_hosts and host not in dbacces_hosts: # we should omit password in case we are installing only # nova-compute to the host perms = "nova" pw_in_sqlconn = False else: perms = "nova:%s" % config['CONFIG_NOVA_DB_PW'] pw_in_sqlconn = True mariadb_host_url = config['CONFIG_MARIADB_HOST_URL'] sqlconn = "mysql://%s@%s/nova" % (perms, mariadb_host_url) if pw_in_sqlconn: config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn else: config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn # for nova-network in multihost mode each compute host is metadata # host otherwise we use api host if (network_type == 'nova' and network_multi and host in compute_hosts): metadata = host else: metadata = config['CONFIG_CONTROLLER_HOST'] config['CONFIG_NOVA_METADATA_HOST'] = metadata data = getManifestTemplate(get_mq(config, "nova_common")) if pw_in_sqlconn: data += getManifestTemplate("nova_common_pw") else: data += getManifestTemplate("nova_common_nopw") appendManifestFile(os.path.split(manifestfile)[1], data) if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': nova_hosts = compute_hosts nova_hosts |= set([config.get('CONFIG_CONTROLLER_HOST')]) ssl_cert_file = config['CONFIG_NOVA_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_nova.crt' ) ssl_key_file = config['CONFIG_NOVA_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_nova.key' ) service = 'nova' for host in nova_hosts: generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file)
def create_keystone_manifest(config, messages): manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("keystone_heat.pp") if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y': manifestdata += getManifestTemplate("keystone_heat_trusts.pp") appendManifestFile(manifestfile, manifestdata)
def create_mongodb_manifest(config): manifestfile = "%s_mongodb.pp" % config["CONFIG_MONGODB_HOST"] manifestdata = getManifestTemplate("mongodb.pp") config["FIREWALL_ALLOWED"] = "'%s'" % config["CONFIG_CEILOMETER_HOST"] config["FIREWALL_SERVICE_NAME"] = "mongodb-server" config["FIREWALL_PORTS"] = "'27017'" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata, "pre")
def create_manifest(config): manifestfile = "%s_keystone.pp" % config['CONFIG_KEYSTONE_HOST'] manifestdata = getManifestTemplate("keystone.pp") config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_NAME'] = "keystone" config['FIREWALL_PORTS'] = "'5000', '35357'" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def createmanifest(): manifest_entries = '' # I should be adding service entries with nagios_service but it appears to be broken # http://projects.puppetlabs.com/issues/3420 service_entries = '' for hostname in gethostlist(controller.CONF): manifest_entries += "nagios_host{'%s': address => '%s', use => 'linux-server', }\n" % ( hostname, hostname) service_entries += _serviceentry( name='load5-%s' % hostname, service_description='5 minute load average', host_name=hostname, check_command="check_nrpe!load5", use="generic-service", normal_check_interval='5') service_entries += _serviceentry( name='df_var-%s' % hostname, service_description='Percent disk space used on /var', host_name=hostname, check_command="check_nrpe!df_var", use="generic-service") manifest_entries += _copy_script(name="keystone-user-list") service_entries += _serviceentry( name='keystone-user-list', service_description='number of keystone users', host_name=controller.CONF['CONFIG_NAGIOS_HOST'], check_command="keystone-user-list", use="generic-service", normal_check_interval='5') if controller.CONF['CONFIG_GLANCE_INSTALL'] == 'y': manifest_entries += _copy_script(name="glance-index") service_entries += _serviceentry( name='glance-index', service_description='number of glance images', host_name=controller.CONF['CONFIG_NAGIOS_HOST'], check_command="glance-index", use="generic-service", normal_check_interval='5') if controller.CONF['CONFIG_NOVA_INSTALL'] == 'y': manifest_entries += _copy_script(name="nova-list") service_entries += _serviceentry( name='nova-list', service_description='number of nova vm instances', host_name=controller.CONF['CONFIG_NAGIOS_HOST'], check_command="nova-list", use="generic-service", normal_check_interval='5') if controller.CONF['CONFIG_CINDER_INSTALL'] == 'y': manifest_entries += _copy_script(name="cinder-list") service_entries += _serviceentry( name='cinder-list', service_description='number of cinder volumes', host_name=controller.CONF['CONFIG_NAGIOS_HOST'], check_command="cinder-list", use="generic-service", normal_check_interval='5') if controller.CONF['CONFIG_SWIFT_INSTALL'] == 'y': manifest_entries += _copy_script(name="swift-list") service_entries += _serviceentry( name='swift-list', service_description='number of swift containers', host_name=controller.CONF['CONFIG_NAGIOS_HOST'], check_command="swift-list", use="generic-service", normal_check_interval='5') manifest_entries+="file{'/etc/nagios/resource.d/nagios_service.cfg': \n" \ "ensure => present, mode => 644,\n" \ "content => '%s'}" % service_entries controller.CONF['CONFIG_NAGIOS_MANIFEST_CONFIG'] = manifest_entries manifestfile = "%s_nagios.pp" % controller.CONF['CONFIG_NAGIOS_HOST'] manifestdata = getManifestTemplate("nagios_server.pp") appendManifestFile(manifestfile, manifestdata)
def create_keystone_manifest(config, messages): manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("keystone_cinder") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): config["CONFIG_HORIZON_SECRET_KEY"] = uuid.uuid4().hex horizon_host = config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_horizon.pp" % horizon_host proto = "http" config["CONFIG_HORIZON_PORT"] = "'80'" sslmanifestdata = '' if config["CONFIG_HORIZON_SSL"] == 'y': config["CONFIG_HORIZON_SSL"] = 'true' config["CONFIG_HORIZON_PORT"] = "'443'" proto = "https" # Are we using the users cert/key files if config["CONFIG_SSL_CERT"]: ssl_cert = config["CONFIG_SSL_CERT"] ssl_key = config["CONFIG_SSL_KEY"] ssl_chain = config["CONFIG_SSL_CACHAIN"] if not os.path.exists(ssl_cert): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_cert) if not os.path.exists(ssl_key): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_key) if not os.path.exists(ssl_chain): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_chain) resources = config.setdefault('RESOURCES', {}) host_resources = resources.setdefault(horizon_host, []) host_resources.append((ssl_cert, 'ssl_ps_server.crt')) host_resources.append(ssl_key, 'ssl_ps_server.key') host_resources.append((ssl_chain, 'ssl_ps_chain.crt')) else: messages.append( "%sNOTE%s : A certificate was generated to be used for ssl, " "You should change the ssl certificate configured in " "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." % (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host)) else: config["CONFIG_HORIZON_SSL"] = 'false' config["CONFIG_HORIZON_NEUTRON_LB"] = 'false' config["CONFIG_HORIZON_NEUTRON_FW"] = 'false' if config['CONFIG_NEUTRON_INSTALL'] == 'y': if config["CONFIG_LBAAS_INSTALL"] == 'y': config["CONFIG_HORIZON_NEUTRON_LB"] = 'true' if config["CONFIG_NEUTRON_FWAAS"] == 'y': config["CONFIG_HORIZON_NEUTRON_FW"] = 'true' manifestdata = getManifestTemplate("horizon.pp") appendManifestFile(manifestfile, manifestdata) msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n" "Please, find your login credentials stored in the keystonerc_admin" " in your home directory." % (proto, config['CONFIG_CONTROLLER_HOST'])) messages.append(msg)
def createapimanifest(): manifestfile = "%s_api_nova.pp" % controller.CONF['CONFIG_NOVA_API_HOST'] manifestdata = getManifestTemplate("nova_api.pp") appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_tempest_manifest(config, messages): manifest_file = ('%s_provision_tempest.pp' % config['CONFIG_TEMPEST_HOST']) manifest_data = getManifestTemplate("provision_tempest") appendManifestFile(manifest_file, manifest_data, 'tempest')
def create_manifest(config, messages): manifestfile = "%s_apache.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("apache") appendManifestFile(manifestfile, manifestdata, 'apache')
def createmanifest(): manifestfile = "%s_qpid.pp" % controller.CONF['CONFIG_QPID_HOST'] manifestdata = getManifestTemplate("qpid.pp") appendManifestFile(manifestfile, manifestdata, 'pre')
def createkeystonemanifest(config): manifestfile = "%s_keystone.pp"%controller.CONF['CONFIG_KEYSTONE_HOST'] controller.CONF['CONFIG_SWIFT_PROXY'] = controller.CONF['CONFIG_SWIFT_PROXY_HOSTS'].split(',')[0] manifestdata = getManifestTemplate("keystone_swift.pp") appendManifestFile(manifestfile, manifestdata)
def createcommonmanifest(config): for manifestfile, marker in manifestfiles.getFiles(): if manifestfile.endswith("_swift.pp"): data = getManifestTemplate("swift_common.pp") appendManifestFile(os.path.split(manifestfile)[1], data)
def create_manifest(config, messages): horizon_host = config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_horizon.pp" % horizon_host proto = "http" config["CONFIG_HORIZON_PORT"] = 80 sslmanifestdata = '' if config["CONFIG_HORIZON_SSL"] == 'y': config["CONFIG_HORIZON_PORT"] = 443 proto = "https" # Are we using the users cert/key files if config["CONFIG_HORIZON_SSL_CERT"]: ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"] ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] ssl_chain_file = config["CONFIG_HORIZON_SSL_CACERT"] if not os.path.exists(ssl_cert_file): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_cert_file) if not os.path.exists(ssl_key_file): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_key_file) if not os.path.exists(ssl_chain_file): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_chain_file) final_cert = open(ssl_cert_file, 'rt').read() final_key = open(ssl_key_file, 'rt').read() final_cacert = open(ssl_chain_file, 'rt').read() host = config['CONFIG_CONTROLLER_HOST'] deliver_ssl_file(final_cacert, ssl_chain_file, host) deliver_ssl_file(final_cert, ssl_cert_file, host) deliver_ssl_file(final_key, ssl_key_file, host) else: ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"] = ( '/etc/pki/tls/certs/ssl_dashboard.crt' ) ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] = ( '/etc/pki/tls/private/ssl_dashboard.key' ) cacert = config['CONFIG_SSL_CACERT'] config["CONFIG_HORIZON_SSL_CACERT"] = cacert ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'dashboard' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) messages.append( "%sNOTE%s : A certificate was generated to be used for ssl, " "You should change the ssl certificate configured in " "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." % (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host)) config["CONFIG_HORIZON_NEUTRON_LB"] = False config["CONFIG_HORIZON_NEUTRON_FW"] = False config["CONFIG_HORIZON_NEUTRON_VPN"] = False if config['CONFIG_NEUTRON_INSTALL'] == 'y': if config["CONFIG_LBAAS_INSTALL"] == 'y': config["CONFIG_HORIZON_NEUTRON_LB"] = True if config["CONFIG_NEUTRON_FWAAS"] == 'y': config["CONFIG_HORIZON_NEUTRON_FW"] = True if config["CONFIG_NEUTRON_VPNAAS"] == 'y': config["CONFIG_HORIZON_NEUTRON_VPN"] = True manifestdata = getManifestTemplate("horizon") manifestdata += getManifestTemplate("apache_ports") appendManifestFile(manifestfile, manifestdata) msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n" "Please, find your login credentials stored in the keystonerc_admin" " in your home directory." % (proto, config['CONFIG_CONTROLLER_HOST'])) messages.append(msg)
def create_keystone_manifest(config): manifestfile = "%s_keystone.pp" % config['CONFIG_KEYSTONE_HOST'] manifestdata = getManifestTemplate("keystone_ceilometer.pp") appendManifestFile(manifestfile, manifestdata)
def createKeystoneManifest(config): manifestfile = "%s_keystone.pp"%controller.CONF['CONFIG_KEYSTONE_HOST'] manifestdata = getManifestTemplate("keystone_neutron.pp") appendManifestFile(manifestfile, manifestdata)
def create_conductor_manifest(config, messages): manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("nova_conductor") appendManifestFile(manifestfile, manifestdata)
def create_manifests(config, messages): global q_hosts service_plugins = [] if config['CONFIG_LBAAS_INSTALL'] == 'y': service_plugins.append( 'neutron.services.loadbalancer.plugin.LoadBalancerPlugin') # ML2 uses the L3 Router service plugin to implement l3 agent service_plugins.append( 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin') if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y': service_plugins.append( 'neutron.services.metering.metering_plugin.MeteringPlugin') if config['CONFIG_NEUTRON_FWAAS'] == 'y': service_plugins.append( 'neutron.services.firewall.fwaas_plugin.FirewallPlugin') config['SERVICE_PLUGINS'] = (service_plugins if service_plugins else 'undef') plugin_manifest = 'neutron_ml2_plugin' for host in q_hosts: manifest_file = "%s_neutron.pp" % (host, ) manifest_data = getManifestTemplate("neutron") manifest_data += getManifestTemplate(get_mq(config, "neutron")) appendManifestFile(manifest_file, manifest_data, 'neutron') if host in api_hosts: manifest_file = "%s_neutron.pp" % (host, ) manifest_data = getManifestTemplate("neutron_api") if config['CONFIG_NOVA_INSTALL'] == 'y': template_name = "neutron_notifications" manifest_data += getManifestTemplate(template_name) # Set up any l2 plugin configs we need only on neutron api nodes # XXX I am not completely sure about this, but it seems necessary: manifest_data += getManifestTemplate(plugin_manifest) # Firewall fw_details = dict() key = "neutron_server_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "neutron server" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9696'] fw_details[key]['proto'] = "tcp" config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details manifest_data += createFirewallResources( 'FIREWALL_NEUTRON_SERVER_RULES') appendManifestFile(manifest_file, manifest_data, 'neutron') # We also need to open VXLAN/GRE port for agent manifest_data = "" if use_openvswitch_vxlan(config) or use_openvswitch_gre(config): for n_host in network_hosts: cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" % (host, n_host)) fw_details = dict() key = "neutron_tunnel_%s_%s" % (host, n_host) fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % n_host fw_details[key]['service_name'] = "neutron tunnel port" fw_details[key]['chain'] = "INPUT" if use_openvswitch_vxlan(config): fw_details[key]['proto'] = 'udp' tun_port = ("%s" % config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT']) else: fw_details[key]['proto'] = 'gre' tun_port = None fw_details[key]['ports'] = tun_port config[cf_fw_nt_key] = fw_details manifest_data += createFirewallResources(cf_fw_nt_key) appendManifestFile(manifest_file, manifest_data, 'neutron')
def createmanifest(): manifestfile = "%s_osclient.pp" % controller.CONF['CONFIG_OSCLIENT_HOST'] manifestdata = getManifestTemplate("openstack_client.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifests(config, messages): global q_hosts service_plugins = [] if config['CONFIG_LBAAS_INSTALL'] == 'y': service_plugins.append('lbaas') # ML2 uses the L3 Router service plugin to implement l3 agent service_plugins.append('router') if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y': service_plugins.append('metering') if config['CONFIG_NEUTRON_FWAAS'] == 'y': service_plugins.append('firewall') if config['CONFIG_NEUTRON_VPNAAS'] == 'y': service_plugins.append('vpnaas') config['SERVICE_PLUGINS'] = (service_plugins if service_plugins else 'undef') config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall." "OVSHybridIptablesFirewallDriver") plugin_manifest = 'neutron_ml2_plugin' if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_neutron.crt') ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_neutron.key') service = 'neutron' for host in q_hosts: if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file) manifest_file = "%s_neutron.pp" % (host, ) manifest_data = getManifestTemplate("neutron") manifest_data += getManifestTemplate(get_mq(config, "neutron")) appendManifestFile(manifest_file, manifest_data, 'neutron') if host in api_hosts: manifest_file = "%s_neutron.pp" % (host, ) manifest_data = getManifestTemplate("neutron_api") if config['CONFIG_NOVA_INSTALL'] == 'y': template_name = "neutron_notifications" manifest_data += getManifestTemplate(template_name) # Set up any l2 plugin configs we need only on neutron api nodes # XXX I am not completely sure about this, but it seems necessary: manifest_data += getManifestTemplate(plugin_manifest) # Firewall fw_details = dict() key = "neutron_server_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "neutron server" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9696'] fw_details[key]['proto'] = "tcp" config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details manifest_data += createFirewallResources( 'FIREWALL_NEUTRON_SERVER_RULES') appendManifestFile(manifest_file, manifest_data, 'neutron') # We also need to open VXLAN/GRE port for agent manifest_data = "" if use_openvswitch_vxlan(config) or use_openvswitch_gre(config): if config['CONFIG_IP_VERSION'] == 'ipv6': msg = output_messages.WARN_IPV6_OVS messages.append(utils.color_text(msg % host, 'red')) if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']): tunnel_subnets = map( str.strip, config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(',')) for subnet in tunnel_subnets: cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" % (host, subnet)) config[cf_fw_nt_key] = tunnel_fw_details( config, host, subnet) manifest_data += createFirewallResources(cf_fw_nt_key) else: for n_host in network_hosts | compute_hosts: cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" % (host, n_host)) if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']: if config['CONFIG_USE_SUBNETS'] == 'y': iface = common.cidr_to_ifname( config['CONFIG_NEUTRON_OVS_TUNNEL_IF'], n_host, config) else: iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF'] ifip = ("ipaddress_%s" % iface) try: src_host = config['HOST_DETAILS'][n_host][ifip] except KeyError: raise KeyError('Couldn\'t detect ipaddress of ' 'interface %s on node %s' % (iface, n_host)) else: src_host = n_host config[cf_fw_nt_key] = tunnel_fw_details( config, host, src_host) manifest_data += createFirewallResources(cf_fw_nt_key) appendManifestFile(manifest_file, manifest_data, 'neutron')
def createmanifest(config): for hostname in gethostlist(controller.CONF): manifestfile = "%s_postscript.pp" % hostname manifestdata = getManifestTemplate("postscript.pp") appendManifestFile(manifestfile, manifestdata, 'postscript')
def append_for(module, suffix): # Modules have to be appended to the existing mysql.pp # otherwise pp will fail for some of them saying that # Mysql::Config definition is missing. template = "mysql_%s_%s.pp" % (module, suffix) manifestdata.append(getManifestTemplate(template))
def create_provision_manifest(config, messages): manifest_file = '%s_provision.pp' % config['CONFIG_CONTROLLER_HOST'] manifest_data = getManifestTemplate("provision") appendManifestFile(manifest_file, manifest_data, 'provision')
def create_tempest_manifest(config, messages): using_neutron(config) manifest_file = '%s_provision_tempest.pp' % \ config['CONFIG_CONTROLLER_HOST'] manifest_data = getManifestTemplate("provision_tempest") appendManifestFile(manifest_file, manifest_data)
def create_l2_agent_manifests(config, messages): global network_hosts, compute_hosts agent = config["CONFIG_NEUTRON_L2_AGENT"] # CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2 # plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also # for other plugin template generation if ('l2population' in config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', [])): config['CONFIG_NEUTRON_USE_L2POPULATION'] = True else: config['CONFIG_NEUTRON_USE_L2POPULATION'] = False if agent == "openvswitch": ovs_type = 'CONFIG_NEUTRON_ML2_TYPE_DRIVERS' ovs_type = config.get(ovs_type, 'local') tunnel = use_openvswitch_vxlan(config) or use_openvswitch_gre(config) config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel tunnel_types = set(ovs_type) & set(['gre', 'vxlan']) config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types) template_name = "neutron_ovs_agent" bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"]) iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"]) # The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a # comma-separated list of bridge mappings. Since the puppet module # expects this parameter to be an array, this parameter must be # properly formatted by packstack, then consumed by the puppet module. # For example, the input string 'A, B' should formatted as '['A','B']'. config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = [] # Bridge configuration and mappings for compute nodes can be different. # Parameter CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE contains the list of # bridge names, included in bridge mappings and bridge interfaces, that # must be created in compute nodes. brd_arr_cmp = get_values(config["CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE"]) if_arr_cmp = [] mapp_arr_cmp = [] for brd in brd_arr_cmp: if_arr_cmp.append(common.find_pair_with(iface_arr, brd, 0)) mapp_arr_cmp.append(common.find_pair_with(bm_arr, brd, 1)) config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE"] = mapp_arr_cmp config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = [] elif agent == "linuxbridge": host_var = 'CONFIG_NEUTRON_LB_HOST' template_name = 'neutron_lb_agent' else: raise KeyError("Unknown layer2 agent") no_local_types = set(ovs_type) & set(['gre', 'vxlan', 'vlan', 'flat']) no_tunnel_types = set(ovs_type) & set(['vlan', 'flat']) for host in network_hosts | compute_hosts: manifestfile = "%s_neutron.pp" % (host, ) manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host # NICs connected to OVS bridges can be required in network nodes if # vlan, flat, vxlan or gre are enabled. For compute nodes, they are # only required if vlan or flat are enabled. if (agent == "openvswitch" and ((host in network_hosts and no_local_types) or no_tunnel_types)): if config['CONFIG_USE_SUBNETS'] == 'y': iface_arr = [ common.cidr_to_ifname(i, host, config) for i in iface_arr ] if_arr_cmp = [ common.cidr_to_ifname(i, host, config) for i in if_arr_cmp ] config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = if_arr_cmp manifestdata += "$create_bridges = true\n" else: manifestdata += "$create_bridges = false\n" is_network_host = str(host in network_hosts).lower() manifestdata += "$network_host = %s\n" % is_network_host manifestdata += getManifestTemplate(template_name) appendManifestFile(manifestfile, manifestdata + "\n") # Additional configurations required for compute hosts and # network hosts. manifestdata = getManifestTemplate('neutron_bridge_module') appendManifestFile(manifestfile, manifestdata + '\n')
def create_bridge_manifest(config, messages): for host in utils.split_hosts(config['CONFIG_NETWORK_HOSTS']): manifest_file = '{}_provision_bridge.pp'.format(host) manifest_data = getManifestTemplate("provision_bridge") appendManifestFile(manifest_file, manifest_data, 'bridge')
def create_storage_manifest(config, messages): if config['CONFIG_GLANCE_INSTALL'] == 'y': template = "provision_glance" manifest_file = '%s_provision_glance' % config['CONFIG_STORAGE_HOST'] manifest_data = getManifestTemplate(template) appendManifestFile(manifest_file, manifest_data, 'provision')
# just warn user to do it by himself controller.MESSAGES.append(str(ScriptRuntimeError)) if controller.CONF['CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'] == "y": controller.CONF['CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'] = True else: controller.CONF['CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'] = False # We need to explicitly set the network size routing_prefix = controller.CONF['CONFIG_NOVA_NETWORK_FIXEDRANGE'].split( '/')[1] net_size = 2**(32 - int(routing_prefix)) controller.CONF['CONFIG_NOVA_NETWORK_FIXEDSIZE'] = str(net_size) manifestfile = "%s_nova.pp" % host manifestdata = getManifestTemplate("nova_network.pp") appendManifestFile(manifestfile, manifestdata) def createschedmanifest(): manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_SCHED_HOST'] manifestdata = getManifestTemplate("nova_sched.pp") appendManifestFile(manifestfile, manifestdata) def createvncproxymanifest(): manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_VNCPROXY_HOST'] manifestdata = getManifestTemplate("nova_vncproxy.pp") appendManifestFile(manifestfile, manifestdata)
def createconductormanifest(): manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_CONDUCTOR_HOST'] manifestdata = getManifestTemplate("nova_conductor.pp") appendManifestFile(manifestfile, manifestdata)
def create_compute_manifest(config, messages): global compute_hosts, network_hosts if config["CONFIG_HORIZON_SSL"] == 'y': config["CONFIG_VNCPROXY_PROTOCOL"] = "https" else: config["CONFIG_VNCPROXY_PROTOCOL"] = "http" migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL'] if migrate_protocol == 'ssh': config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = ( 'qemu+ssh://nova@%s/system?no_verify=1&' 'keyfile=/etc/nova/ssh/nova_migration_key') else: config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = ( 'qemu+tcp://nova@%s/system') ssh_hostkeys = '' ssh_keys_details = {} for host in compute_hosts: try: hostname, aliases, addrs = socket.gethostbyaddr(host) except socket.herror: hostname, aliases, addrs = (host, [], []) for hostkey in config['HOST_KEYS_%s' % host].split('\n'): hostkey = hostkey.strip() if not hostkey: continue _, host_key_type, host_key_data = hostkey.split() key = "%s.%s" % (host_key_type, hostname) ssh_keys_details.setdefault(key, {}) ssh_keys_details[key]['ensure'] = 'present' ssh_keys_details[key]['host_aliases'] = aliases + addrs ssh_keys_details[key]['key'] = host_key_data ssh_keys_details[key]['type'] = host_key_type config['SSH_KEYS'] = ssh_keys_details ssh_hostkeys += getManifestTemplate("sshkey") if config['CONFIG_VMWARE_BACKEND'] == 'y': vcenters = [ i.strip() for i in config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',') if i.strip() ] if not vcenters: raise exceptions.ParamValidationError( "Please specify at least one VMware vCenter cluster in" " CONFIG_VCENTER_CLUSTER_NAMES") if len(vcenters) != len(compute_hosts): if len(vcenters) > 1: raise exceptions.ParamValidationError( "Number of vmware clusters %s is not same" " as number of nova computes %s", (vcenters, compute_hosts)) else: vcenters = len(compute_hosts) * [vcenters[0]] vmware_clusters = dict(zip(compute_hosts, vcenters)) for host in compute_hosts: if config['CONFIG_IRONIC_INSTALL'] == 'y': cm = 'ironic.nova.compute.manager.ClusteredComputeManager' config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm manifestdata = getManifestTemplate("nova_compute") fw_details = dict() cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host for c_host in compute_hosts: key = "nova_qemu_migration_%s_%s" % (host, c_host) fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % c_host fw_details[key]['service_name'] = "nova qemu migration" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['16509', '49152-49215'] fw_details[key]['proto'] = "tcp" config[cf_fw_qemu_mig_key] = fw_details manifestdata += createFirewallResources(cf_fw_qemu_mig_key) if config['CONFIG_VMWARE_BACKEND'] == 'y': manifestdata += ("\n$nova_vcenter_cluster_name = '%s'\n" % vmware_clusters[host]) manifestdata += getManifestTemplate("nova_compute_vmware.pp") elif config['CONFIG_IRONIC_INSTALL'] == 'y': manifestdata += getManifestTemplate("nova_compute_ironic.pp") else: manifestdata += getManifestTemplate("nova_compute_libvirt.pp") if (config['CONFIG_VMWARE_BACKEND'] != 'y' and config['CONFIG_CINDER_INSTALL'] == 'y' and 'gluster' in config['CONFIG_CINDER_BACKEND']): manifestdata += getManifestTemplate("nova_gluster") if (config['CONFIG_VMWARE_BACKEND'] != 'y' and config['CONFIG_CINDER_INSTALL'] == 'y' and 'nfs' in config['CONFIG_CINDER_BACKEND']): manifestdata += getManifestTemplate("nova_nfs") manifestfile = "%s_nova.pp" % host if config['CONFIG_NEUTRON_INSTALL'] != 'y': if host not in network_hosts: manifestdata += getManifestTemplate('nova_compute_flat') key = 'CONFIG_NOVA_COMPUTE_PRIVIF' if not config[key].strip(): config[key] = dummy_interface(host) if config['CONFIG_USE_SUBNETS'] == 'y': netface = common.cidr_to_ifname(config[key], host, config) else: netface = config[key] check_ifcfg(host, netface) try: bring_up_ifcfg(host, netface) except exceptions.ScriptRuntimeError as ex: # just warn user to do it by himself messages.append(str(ex)) if config['CONFIG_CEILOMETER_INSTALL'] == 'y': if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt') ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_ceilometer.key') ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'ceilometer' generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file) mq_template = get_mq(config, "nova_ceilometer") manifestdata += getManifestTemplate(mq_template) manifestdata += getManifestTemplate("nova_ceilometer") fw_details = dict() key = "nova_compute" fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST'] fw_details[key]['service_name'] = "nova compute" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['5900-5999'] fw_details[key]['proto'] = "tcp" config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details manifestdata += "\n" + createFirewallResources( 'FIREWALL_NOVA_COMPUTE_RULES') manifestdata += "\n" + ssh_hostkeys appendManifestFile(manifestfile, manifestdata)
def createschedmanifest(): manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_SCHED_HOST'] manifestdata = getManifestTemplate("nova_sched.pp") appendManifestFile(manifestfile, manifestdata)
def createvncproxymanifest(): manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_VNCPROXY_HOST'] manifestdata = getManifestTemplate("nova_vncproxy.pp") appendManifestFile(manifestfile, manifestdata)
def createcertmanifest(): manifestfile = "%s_nova.pp" % controller.CONF['CONFIG_NOVA_CERT_HOST'] manifestdata = getManifestTemplate("nova_cert.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(): manifestfile = "%s_cinder.pp" % controller.CONF['CONFIG_CINDER_HOST'] manifestdata = getManifestTemplate("cinder.pp") appendManifestFile(manifestfile, manifestdata)