def create_network_manifest(config, messages):
global compute_hosts, network_hosts
if config['CONFIG_NEUTRON_INSTALL'] == "y":
return
# set default values for VlanManager in case this values are not in config
for key, value in [('CONFIG_NOVA_NETWORK_VLAN_START', 100),
('CONFIG_NOVA_NETWORK_SIZE', 255),
('CONFIG_NOVA_NETWORK_NUMBER', 1)]:
config[key] = config.get(key, value)
api_host = config['CONFIG_CONTROLLER_HOST']
multihost = len(network_hosts) > 1
config['CONFIG_NOVA_NETWORK_MULTIHOST'] = multihost and 'true' or 'false'
for host in network_hosts:
for i in ('CONFIG_NOVA_NETWORK_PRIVIF', 'CONFIG_NOVA_NETWORK_PUBIF'):
if not config[i].strip():
config[i] = dummy_interface(host)
netface = config[i]
if config['CONFIG_USE_SUBNETS'] == 'y':
netface = common.cidr_to_ifname(netface, host, config)
check_ifcfg(host, netface)
try:
bring_up_ifcfg(host, netface)
except exceptions.ScriptRuntimeError as ex:
# just warn user to do it by himself
messages.append(str(ex))
key = 'CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'
config[key] = config[key] == "y"
# We need to explicitly set the network size
routing_prefix = config['CONFIG_NOVA_NETWORK_FIXEDRANGE'].split('/')[1]
net_size = 2 ** (32 - int(routing_prefix))
config['CONFIG_NOVA_NETWORK_FIXEDSIZE'] = str(net_size)
def create_network_manifest(config, messages):
global compute_hosts, network_hosts
if config['CONFIG_NEUTRON_INSTALL'] == "y":
return
# set default values for VlanManager in case this values are not in config
for key, value in [('CONFIG_NOVA_NETWORK_VLAN_START', 100),
('CONFIG_NOVA_NETWORK_SIZE', 255),
('CONFIG_NOVA_NETWORK_NUMBER', 1)]:
config[key] = config.get(key, value)
api_host = config['CONFIG_CONTROLLER_HOST']
multihost = len(network_hosts) > 1
config['CONFIG_NOVA_NETWORK_MULTIHOST'] = multihost and 'true' or 'false'
for host in network_hosts:
for i in ('CONFIG_NOVA_NETWORK_PRIVIF', 'CONFIG_NOVA_NETWORK_PUBIF'):
if not config[i].strip():
config[i] = dummy_interface(host)
netface = config[i]
if config['CONFIG_USE_SUBNETS'] == 'y':
netface = common.cidr_to_ifname(netface, host, config)
check_ifcfg(host, netface)
try:
bring_up_ifcfg(host, netface)
except exceptions.ScriptRuntimeError as ex:
# just warn user to do it by himself
messages.append(str(ex))
key = 'CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'
config[key] = config[key] == "y"
# We need to explicitly set the network size
routing_prefix = config['CONFIG_NOVA_NETWORK_FIXEDRANGE'].split('/')[1]
net_size = 2 ** (32 - int(routing_prefix))
config['CONFIG_NOVA_NETWORK_FIXEDSIZE'] = str(net_size)
def create_l2_agent_manifests(config, messages):
global network_hosts, compute_hosts
agent = config["CONFIG_NEUTRON_L2_AGENT"]
# CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2
# plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also
# for other plugin template generation
if ('l2population' in config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS',
[])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent == "openvswitch":
ovs_type = 'CONFIG_NEUTRON_ML2_TYPE_DRIVERS'
ovs_type = config.get(ovs_type, 'local')
tunnel = use_openvswitch_vxlan(config) or use_openvswitch_gre(config)
config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel
tunnel_types = set(ovs_type) & set(['gre', 'vxlan'])
config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types)
template_name = "neutron_ovs_agent"
bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = []
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent'
else:
raise KeyError("Unknown layer2 agent")
for host in network_hosts | compute_hosts:
manifestfile = "%s_neutron.pp" % (host, )
manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host
if host in network_hosts:
manifestdata += "$create_bridges = true\n"
else:
manifestdata += "$create_bridges = false\n"
# neutron ovs port only on network hosts
if (agent == "openvswitch" and
((host in network_hosts and tunnel_types) or 'vlan' in ovs_type)):
if config['CONFIG_USE_SUBNETS'] == 'y':
iface_arr = [
common.cidr_to_ifname(i, host, config) for i in iface_arr
]
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr
manifestdata += getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
# Additional configurations required for compute hosts and
# network hosts.
manifestdata = getManifestTemplate('neutron_bridge_module')
appendManifestFile(manifestfile, manifestdata + '\n')
def create_l2_agent_manifests(config, messages):
global network_hosts, compute_hosts
agent = config["CONFIG_NEUTRON_L2_AGENT"]
# CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2
# plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also
# for other plugin template generation
if ('l2population' in
config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', [])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent == "openvswitch":
ovs_type = 'CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'
ovs_type = config.get(ovs_type, 'local')
tunnel = use_openvswitch_vxlan(config) or use_openvswitch_gre(config)
config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel
tunnel_types = set(ovs_type) & set(['gre', 'vxlan'])
config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types)
template_name = "neutron_ovs_agent"
bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = []
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent'
else:
raise KeyError("Unknown layer2 agent")
for host in network_hosts | compute_hosts:
manifestfile = "%s_neutron.pp" % (host,)
manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host
# neutron ovs port only on network hosts
if (
agent == "openvswitch" and (
(host in network_hosts and tunnel_types)
or 'vlan' in ovs_type)
):
if config['CONFIG_USE_SUBNETS'] == 'y':
iface_arr = [
common.cidr_to_ifname(i, host, config) for i in iface_arr
]
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr
manifestdata += getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
# Additional configurations required for compute hosts and
# network hosts.
manifestdata = getManifestTemplate('neutron_bridge_module')
appendManifestFile(manifestfile, manifestdata + '\n')
def create_network_manifest(config, messages):
global compute_hosts, network_hosts
if config['CONFIG_NEUTRON_INSTALL'] == "y":
return
# set default values for VlanManager in case this values are not in config
for key, value in [('CONFIG_NOVA_NETWORK_VLAN_START', 100),
('CONFIG_NOVA_NETWORK_SIZE', 255),
('CONFIG_NOVA_NETWORK_NUMBER', 1)]:
config[key] = config.get(key, value)
api_host = config['CONFIG_CONTROLLER_HOST']
multihost = len(network_hosts) > 1
config['CONFIG_NOVA_NETWORK_MULTIHOST'] = multihost and 'true' or 'false'
for host in network_hosts:
for i in ('CONFIG_NOVA_NETWORK_PRIVIF', 'CONFIG_NOVA_NETWORK_PUBIF'):
netface = config[i]
if config['CONFIG_USE_SUBNETS'] == 'y':
netface = common.cidr_to_ifname(netface, host, config)
check_ifcfg(host, netface)
try:
bring_up_ifcfg(host, netface)
except ScriptRuntimeError as ex:
# just warn user to do it by himself
messages.append(str(ex))
key = 'CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'
config[key] = config[key] == "y"
# We need to explicitly set the network size
routing_prefix = config['CONFIG_NOVA_NETWORK_FIXEDRANGE'].split('/')[1]
net_size = 2**(32 - int(routing_prefix))
config['CONFIG_NOVA_NETWORK_FIXEDSIZE'] = str(net_size)
manifestfile = "%s_nova.pp" % host
manifestdata = getManifestTemplate("nova_network")
# Restart libvirt if we deploy nova network on compute
if host in compute_hosts:
manifestdata += getManifestTemplate("nova_network_libvirt")
# in multihost mode each compute host runs nova-api-metadata
if multihost and host != api_host and host in compute_hosts:
manifestdata += getManifestTemplate("nova_metadata")
appendManifestFile(manifestfile, manifestdata)
def create_network_manifest(config, messages):
global compute_hosts, network_hosts
if config['CONFIG_NEUTRON_INSTALL'] == "y":
return
# set default values for VlanManager in case this values are not in config
for key, value in [('CONFIG_NOVA_NETWORK_VLAN_START', 100),
('CONFIG_NOVA_NETWORK_SIZE', 255),
('CONFIG_NOVA_NETWORK_NUMBER', 1)]:
config[key] = config.get(key, value)
api_host = config['CONFIG_CONTROLLER_HOST']
multihost = len(network_hosts) > 1
config['CONFIG_NOVA_NETWORK_MULTIHOST'] = multihost and 'true' or 'false'
for host in network_hosts:
for i in ('CONFIG_NOVA_NETWORK_PRIVIF', 'CONFIG_NOVA_NETWORK_PUBIF'):
netface = config[i]
if config['CONFIG_USE_SUBNETS'] == 'y':
netface = common.cidr_to_ifname(netface, host, config)
check_ifcfg(host, netface)
try:
bring_up_ifcfg(host, netface)
except ScriptRuntimeError as ex:
# just warn user to do it by himself
messages.append(str(ex))
key = 'CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'
config[key] = config[key] == "y"
# We need to explicitly set the network size
routing_prefix = config['CONFIG_NOVA_NETWORK_FIXEDRANGE'].split('/')[1]
net_size = 2 ** (32 - int(routing_prefix))
config['CONFIG_NOVA_NETWORK_FIXEDSIZE'] = str(net_size)
manifestfile = "%s_nova.pp" % host
manifestdata = getManifestTemplate("nova_network")
# Restart libvirt if we deploy nova network on compute
if host in compute_hosts:
manifestdata += getManifestTemplate("nova_network_libvirt")
# in multihost mode each compute host runs nova-api-metadata
if multihost and host != api_host and host in compute_hosts:
manifestdata += getManifestTemplate("nova_metadata")
appendManifestFile(manifestfile, manifestdata)
def create_l2_agent_manifests(config, messages):
global network_hosts, compute_hosts
agent = config["CONFIG_NEUTRON_L2_AGENT"]
# CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2
# plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also
# for other plugin template generation
if ('l2population' in
config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', [])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent == "openvswitch":
ovs_type = 'CONFIG_NEUTRON_ML2_TYPE_DRIVERS'
ovs_type = config.get(ovs_type, 'local')
tunnel = use_openvswitch_vxlan(config) or use_openvswitch_gre(config)
config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel
tunnel_types = set(ovs_type) & set(['gre', 'vxlan'])
config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types)
template_name = "neutron_ovs_agent"
bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = []
# Bridge configuration and mappings for compute nodes can be different.
# Parameter CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE contains the list of
# bridge names, included in bridge mappings and bridge interfaces, that
# must be created in compute nodes.
brd_arr_cmp = get_values(config["CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE"])
if_arr_cmp = []
mapp_arr_cmp = []
for brd in brd_arr_cmp:
if_arr_cmp.append(common.find_pair_with(iface_arr, brd, 0))
mapp_arr_cmp.append(common.find_pair_with(bm_arr, brd, 1))
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE"] = mapp_arr_cmp
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = []
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent'
else:
raise KeyError("Unknown layer2 agent")
no_local_types = set(ovs_type) & set(['gre', 'vxlan', 'vlan', 'flat'])
no_tunnel_types = set(ovs_type) & set(['vlan', 'flat'])
for host in network_hosts | compute_hosts:
manifestfile = "%s_neutron.pp" % (host,)
manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host
# NICs connected to OVS bridges can be required in network nodes if
# vlan, flat, vxlan or gre are enabled. For compute nodes, they are
# only required if vlan or flat are enabled.
if (
agent == "openvswitch" and (
(host in network_hosts and no_local_types)
or no_tunnel_types)
):
if config['CONFIG_USE_SUBNETS'] == 'y':
iface_arr = [
common.cidr_to_ifname(i, host, config) for i in iface_arr
]
if_arr_cmp = [
common.cidr_to_ifname(i, host, config) for i in if_arr_cmp
]
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = if_arr_cmp
manifestdata += "$create_bridges = true\n"
else:
manifestdata += "$create_bridges = false\n"
is_network_host = str(host in network_hosts).lower()
manifestdata += "$network_host = %s\n" % is_network_host
manifestdata += getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
# Additional configurations required for compute hosts and
# network hosts.
manifestdata = getManifestTemplate('neutron_bridge_module')
appendManifestFile(manifestfile, manifestdata + '\n')
def create_manifests(config, messages):
global q_hosts
service_plugins = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
service_plugins.append('lbaas')
# ML2 uses the L3 Router service plugin to implement l3 agent
service_plugins.append('router')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append('metering')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append('firewall')
if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
service_plugins.append('vpnaas')
config['SERVICE_PLUGINS'] = (service_plugins if service_plugins
else 'undef')
config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall."
"OVSHybridIptablesFirewallDriver")
plugin_manifest = 'neutron_ml2_plugin'
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_neutron.crt'
)
ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_neutron.key'
)
service = 'neutron'
for host in q_hosts:
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron_api")
if config['CONFIG_NOVA_INSTALL'] == 'y':
template_name = "neutron_notifications"
manifest_data += getManifestTemplate(template_name)
# Set up any l2 plugin configs we need only on neutron api nodes
# XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest)
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent
manifest_data = ""
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
tunnel_subnets = map(
str.strip,
config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(',')
)
for subnet in tunnel_subnets:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s"
% (host, subnet))
config[cf_fw_nt_key] = tunnel_fw_details(config,
host, subnet)
manifest_data += createFirewallResources(cf_fw_nt_key)
else:
for n_host in network_hosts | compute_hosts:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s"
% (host, n_host))
if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
if config['CONFIG_USE_SUBNETS'] == 'y':
iface = common.cidr_to_ifname(
config['CONFIG_NEUTRON_OVS_TUNNEL_IF'],
n_host, config)
else:
iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
ifip = ("ipaddress_%s" % iface)
try:
src_host = config['HOST_DETAILS'][n_host][ifip]
except KeyError:
raise KeyError('Couldn\'t detect ipaddress of '
'interface %s on node %s' %
(iface, n_host))
else:
src_host = n_host
config[cf_fw_nt_key] = tunnel_fw_details(config,
host, src_host)
manifest_data += createFirewallResources(cf_fw_nt_key)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_compute_manifest(config, messages):
global compute_hosts, network_hosts
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
else:
config["CONFIG_VNCPROXY_PROTOCOL"] = "http"
migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL']
if migrate_protocol == 'ssh':
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+ssh://nova@%s/system?no_verify=1&'
'keyfile=/etc/nova/ssh/nova_migration_key')
else:
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+tcp://nova@%s/system')
ssh_hostkeys = ''
ssh_keys_details = {}
for host in compute_hosts:
try:
hostname, aliases, addrs = socket.gethostbyaddr(host)
except socket.herror:
hostname, aliases, addrs = (host, [], [])
for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
hostkey = hostkey.strip()
if not hostkey:
continue
_, host_key_type, host_key_data = hostkey.split()
key = "%s.%s" % (host_key_type, hostname)
ssh_keys_details.setdefault(key, {})
ssh_keys_details[key]['ensure'] = 'present'
ssh_keys_details[key]['host_aliases'] = aliases + addrs
ssh_keys_details[key]['key'] = host_key_data
ssh_keys_details[key]['type'] = host_key_type
config['SSH_KEYS'] = ssh_keys_details
ssh_hostkeys += getManifestTemplate("sshkey")
for host in compute_hosts:
if config['CONFIG_IRONIC_INSTALL'] == 'y':
cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm
manifestdata = getManifestTemplate("nova_compute")
fw_details = dict()
cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
for c_host in compute_hosts:
key = "nova_qemu_migration_%s_%s" % (host, c_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % c_host
fw_details[key]['service_name'] = "nova qemu migration"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['16509', '49152-49215']
fw_details[key]['proto'] = "tcp"
config[cf_fw_qemu_mig_key] = fw_details
manifestdata += createFirewallResources(cf_fw_qemu_mig_key)
if config['CONFIG_VMWARE_BACKEND'] == 'y':
manifestdata += getManifestTemplate("nova_compute_vmware.pp")
elif config['CONFIG_IRONIC_INSTALL'] == 'y':
manifestdata += getManifestTemplate("nova_compute_ironic.pp")
else:
manifestdata += getManifestTemplate("nova_compute_libvirt.pp")
if (config['CONFIG_VMWARE_BACKEND'] != 'y'
and config['CONFIG_CINDER_INSTALL'] == 'y'
and 'gluster' in config['CONFIG_CINDER_BACKEND']):
manifestdata += getManifestTemplate("nova_gluster")
if (config['CONFIG_VMWARE_BACKEND'] != 'y'
and config['CONFIG_CINDER_INSTALL'] == 'y'
and 'nfs' in config['CONFIG_CINDER_BACKEND']):
manifestdata += getManifestTemplate("nova_nfs")
manifestfile = "%s_nova.pp" % host
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
if host not in network_hosts:
manifestdata += getManifestTemplate('nova_compute_flat')
if config['CONFIG_USE_SUBNETS'] == 'y':
netface = common.cidr_to_ifname(
config['CONFIG_NOVA_COMPUTE_PRIVIF'], host, config)
else:
netface = config['CONFIG_NOVA_COMPUTE_PRIVIF']
check_ifcfg(host, netface)
try:
bring_up_ifcfg(host, netface)
except ScriptRuntimeError as ex:
# just warn user to do it by himself
messages.append(str(ex))
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt')
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key')
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
mq_template = get_mq(config, "nova_ceilometer")
manifestdata += getManifestTemplate(mq_template)
manifestdata += getManifestTemplate("nova_ceilometer")
fw_details = dict()
key = "nova_compute"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "nova compute"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5900-5999']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
manifestdata += "\n" + createFirewallResources(
'FIREWALL_NOVA_COMPUTE_RULES')
manifestdata += "\n" + ssh_hostkeys
appendManifestFile(manifestfile, manifestdata)
def create_compute_manifest(config, messages):
global compute_hosts, network_hosts
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
else:
config["CONFIG_VNCPROXY_PROTOCOL"] = "http"
migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL']
if migrate_protocol == 'ssh':
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+ssh://nova@%s/system?no_verify=1&'
'keyfile=/etc/nova/ssh/nova_migration_key'
)
else:
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+tcp://nova@%s/system'
)
ssh_hostkeys = ''
ssh_keys_details = {}
for host in compute_hosts:
try:
hostname, aliases, addrs = socket.gethostbyaddr(host)
except socket.herror:
hostname, aliases, addrs = (host, [], [])
for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
hostkey = hostkey.strip()
if not hostkey:
continue
_, host_key_type, host_key_data = hostkey.split()
key = "%s.%s" % (host_key_type, hostname)
ssh_keys_details.setdefault(key, {})
ssh_keys_details[key]['ensure'] = 'present'
ssh_keys_details[key]['host_aliases'] = aliases + addrs
ssh_keys_details[key]['key'] = host_key_data
ssh_keys_details[key]['type'] = host_key_type
config['SSH_KEYS'] = ssh_keys_details
ssh_hostkeys += getManifestTemplate("sshkey")
for host in compute_hosts:
if config['CONFIG_IRONIC_INSTALL'] == 'y':
cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm
manifestdata = getManifestTemplate("nova_compute")
fw_details = dict()
cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
for c_host in compute_hosts:
key = "nova_qemu_migration_%s_%s" % (host, c_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % c_host
fw_details[key]['service_name'] = "nova qemu migration"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['16509', '49152-49215']
fw_details[key]['proto'] = "tcp"
config[cf_fw_qemu_mig_key] = fw_details
manifestdata += createFirewallResources(cf_fw_qemu_mig_key)
if config['CONFIG_VMWARE_BACKEND'] == 'y':
manifestdata += getManifestTemplate("nova_compute_vmware.pp")
elif config['CONFIG_IRONIC_INSTALL'] == 'y':
manifestdata += getManifestTemplate("nova_compute_ironic.pp")
else:
manifestdata += getManifestTemplate("nova_compute_libvirt.pp")
if (config['CONFIG_VMWARE_BACKEND'] != 'y' and
config['CONFIG_CINDER_INSTALL'] == 'y' and
'gluster' in config['CONFIG_CINDER_BACKEND']):
manifestdata += getManifestTemplate("nova_gluster")
if (config['CONFIG_VMWARE_BACKEND'] != 'y' and
config['CONFIG_CINDER_INSTALL'] == 'y' and
'nfs' in config['CONFIG_CINDER_BACKEND']):
manifestdata += getManifestTemplate("nova_nfs")
manifestfile = "%s_nova.pp" % host
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
if host not in network_hosts:
manifestdata += getManifestTemplate('nova_compute_flat')
if config['CONFIG_USE_SUBNETS'] == 'y':
netface = common.cidr_to_ifname(
config['CONFIG_NOVA_COMPUTE_PRIVIF'], host, config
)
else:
netface = config['CONFIG_NOVA_COMPUTE_PRIVIF']
check_ifcfg(host, netface)
try:
bring_up_ifcfg(host, netface)
except ScriptRuntimeError as ex:
# just warn user to do it by himself
messages.append(str(ex))
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
)
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
mq_template = get_mq(config, "nova_ceilometer")
manifestdata += getManifestTemplate(mq_template)
manifestdata += getManifestTemplate("nova_ceilometer")
fw_details = dict()
key = "nova_compute"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "nova compute"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5900-5999']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
manifestdata += "\n" + createFirewallResources(
'FIREWALL_NOVA_COMPUTE_RULES'
)
manifestdata += "\n" + ssh_hostkeys
appendManifestFile(manifestfile, manifestdata)
def create_l2_agent_manifests(config, messages):
global network_hosts, compute_hosts
agent = config["CONFIG_NEUTRON_L2_AGENT"]
# CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2
# plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also
# for other plugin template generation
if ('l2population' in config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS',
[])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent in ["openvswitch", "ovn"]:
ovs_type = 'CONFIG_NEUTRON_ML2_TYPE_DRIVERS'
ovs_type = config.get(ovs_type, 'local')
tunnel_types = set(ovs_type) & set(['gre', 'vxlan'])
config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types)
bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = []
# Bridge configuration and mappings for compute nodes can be different.
# Parameter CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE contains the list of
# bridge names, included in bridge mappings and bridge interfaces, that
# must be created in compute nodes.
brd_arr_cmp = get_values(config["CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE"])
if_arr_cmp = []
mapp_arr_cmp = []
for brd in brd_arr_cmp:
if_arr_cmp.append(common.find_pair_with(iface_arr, brd, 0))
mapp_arr_cmp.append(common.find_pair_with(bm_arr, brd, 1))
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE"] = mapp_arr_cmp
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = []
no_local_types = set(ovs_type) & set(['gre', 'vxlan', 'vlan', 'flat'])
no_tunnel_types = set(ovs_type) & set(['vlan', 'flat'])
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
else:
raise KeyError("Unknown layer2 agent")
for host in network_hosts | compute_hosts:
# NICs connected to OVS bridges can be required in network nodes if
# vlan, flat, vxlan or gre are enabled. For compute nodes, they are
# only required if vlan or flat are enabled.
if (agent in ["openvswitch", "ovn"] and
((host in network_hosts and no_local_types) or no_tunnel_types)):
if config['CONFIG_USE_SUBNETS'] == 'y':
iface_arr = [
common.cidr_to_ifname(i, host, config) for i in iface_arr
]
if_arr_cmp = [
common.cidr_to_ifname(i, host, config) for i in if_arr_cmp
]
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = if_arr_cmp
config['CREATE_BRIDGES'] = 'y'
else:
config['CREATE_BRIDGES'] = 'n'
def create_manifests(config, messages):
global q_hosts
service_plugins = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
service_plugins.append('lbaas')
# ML2 uses the L3 Router service plugin to implement l3 agent
service_plugins.append('router')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append('metering')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append('firewall')
if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
service_plugins.append('vpnaas')
config['SERVICE_PLUGINS'] = (service_plugins
if service_plugins else 'undef')
plugin_manifest = 'neutron_ml2_plugin'
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_neutron.crt')
ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_neutron.key')
service = 'neutron'
for host in q_hosts:
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
manifest_file = "%s_neutron.pp" % (host, )
manifest_data = getManifestTemplate("neutron")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host, )
manifest_data = getManifestTemplate("neutron_api")
if config['CONFIG_NOVA_INSTALL'] == 'y':
template_name = "neutron_notifications"
manifest_data += getManifestTemplate(template_name)
# Set up any l2 plugin configs we need only on neutron api nodes
# XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest)
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES')
appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent
manifest_data = ""
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
tunnel_subnets = map(
str.strip,
config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(','))
for subnet in tunnel_subnets:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" %
(host, subnet))
config[cf_fw_nt_key] = tunnel_fw_details(
config, host, subnet)
manifest_data += createFirewallResources(cf_fw_nt_key)
else:
for n_host in network_hosts | compute_hosts:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" %
(host, n_host))
if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
if config['CONFIG_USE_SUBNETS'] == 'y':
iface = common.cidr_to_ifname(
config['CONFIG_NEUTRON_OVS_TUNNEL_IF'], n_host,
config)
else:
iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
ifip = ("ipaddress_%s" % iface)
try:
src_host = config['HOST_DETAILS'][n_host][ifip]
except KeyError:
raise KeyError('Couldn\'t detect ipaddress of '
'interface %s on node %s' %
(iface, n_host))
else:
src_host = n_host
config[cf_fw_nt_key] = tunnel_fw_details(
config, host, src_host)
manifest_data += createFirewallResources(cf_fw_nt_key)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_manifests(config, messages):
global q_hosts
service_plugins = ['qos', 'trunk']
service_providers = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
lbaas_plugin = ('neutron_lbaas.services.loadbalancer.plugin.'
'LoadBalancerPluginv2')
service_plugins.append(lbaas_plugin)
lbaas_sp = ('LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.'
'plugin_driver.HaproxyOnHostPluginDriver:default')
service_providers.append(lbaas_sp)
if use_ml2_with_ovn(config):
service_plugins.append('ovn-router')
else:
# ML2 uses the L3 Router service plugin to implement l3 agent for linuxbridge and ovs
service_plugins.append('router')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append('metering')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append('firewall')
fwaas_sp = ('FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.'
'OVSHybridIptablesFirewallDriver:default')
service_providers.append(fwaas_sp)
if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
service_plugins.append('vpnaas')
vpnaas_sp = ('VPN:libreswan:neutron_vpnaas.services.vpn.'
'service_drivers.ipsec.IPsecVPNDriver:default')
service_providers.append(vpnaas_sp)
config['SERVICE_PLUGINS'] = (service_plugins if service_plugins
else 'undef')
config['SERVICE_PROVIDERS'] = (service_providers if service_providers
else [])
config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall."
"OVSHybridIptablesFirewallDriver")
plugin_manifest = 'neutron_ml2_plugin'
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_neutron.crt'
)
ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_neutron.key'
)
service = 'neutron'
for host in q_hosts:
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
if host in api_hosts:
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
if use_ml2_with_ovn(config):
key = "ovn_northd_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ovn northd"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6641']
fw_details[key]['proto'] = "tcp"
key = "ovn_southd_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ovn southd"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6642']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
# We also need to open VXLAN/GRE port for agent
if (use_openvswitch_vxlan(config) or use_openvswitch_gre(config) or
use_ovn_geneve(config)):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
fw_details = dict()
if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
tunnel_subnets = map(
str.strip,
config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(',')
)
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host)
for subnet in tunnel_subnets:
tunnel_fw_details(config, host, subnet, fw_details)
config[cf_fw_nt_key] = fw_details
else:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host)
for n_host in network_hosts | compute_hosts:
if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
if config['CONFIG_USE_SUBNETS'] == 'y':
iface = common.cidr_to_ifname(
config['CONFIG_NEUTRON_OVS_TUNNEL_IF'],
n_host, config)
else:
iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
ifip = ("ipaddress_%s" % iface)
ifip = re.sub('[\.\-\:]', '_', ifip)
try:
src_host = config['HOST_DETAILS'][n_host][ifip]
except KeyError:
raise KeyError('Couldn\'t detect ipaddress of '
'interface %s on node %s' %
(iface, n_host))
else:
src_host = n_host
tunnel_fw_details(config, host, src_host, fw_details)
config[cf_fw_nt_key] = fw_details
def create_l2_agent_manifests(config, messages):
global network_hosts, compute_hosts
agent = config["CONFIG_NEUTRON_L2_AGENT"]
# CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2
# plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also
# for other plugin template generation
if ('l2population' in config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS',
[])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent == "openvswitch":
ovs_type = 'CONFIG_NEUTRON_ML2_TYPE_DRIVERS'
ovs_type = config.get(ovs_type, 'local')
tunnel = use_openvswitch_vxlan(config) or use_openvswitch_gre(config)
config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel
tunnel_types = set(ovs_type) & set(['gre', 'vxlan'])
config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types)
template_name = "neutron_ovs_agent"
bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = []
# Bridge configuration and mappings for compute nodes can be different.
# Parameter CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE contains the list of
# bridge names, included in bridge mappings and bridge interfaces, that
# must be created in compute nodes.
brd_arr_cmp = get_values(config["CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE"])
if_arr_cmp = []
mapp_arr_cmp = []
for brd in brd_arr_cmp:
if_arr_cmp.append(common.find_pair_with(iface_arr, brd, 0))
mapp_arr_cmp.append(common.find_pair_with(bm_arr, brd, 1))
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE"] = mapp_arr_cmp
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = []
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent'
else:
raise KeyError("Unknown layer2 agent")
no_local_types = set(ovs_type) & set(['gre', 'vxlan', 'vlan', 'flat'])
no_tunnel_types = set(ovs_type) & set(['vlan', 'flat'])
for host in network_hosts | compute_hosts:
manifestfile = "%s_neutron.pp" % (host, )
manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host
# NICs connected to OVS bridges can be required in network nodes if
# vlan, flat, vxlan or gre are enabled. For compute nodes, they are
# only required if vlan or flat are enabled.
if (agent == "openvswitch" and
((host in network_hosts and no_local_types) or no_tunnel_types)):
if config['CONFIG_USE_SUBNETS'] == 'y':
iface_arr = [
common.cidr_to_ifname(i, host, config) for i in iface_arr
]
if_arr_cmp = [
common.cidr_to_ifname(i, host, config) for i in if_arr_cmp
]
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = if_arr_cmp
manifestdata += "$create_bridges = true\n"
else:
manifestdata += "$create_bridges = false\n"
is_network_host = str(host in network_hosts).lower()
manifestdata += "$network_host = %s\n" % is_network_host
manifestdata += getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
# Additional configurations required for compute hosts and
# network hosts.
manifestdata = getManifestTemplate('neutron_bridge_module')
appendManifestFile(manifestfile, manifestdata + '\n')
def create_l2_agent_manifests(config, messages):
global network_hosts, compute_hosts
agent = config["CONFIG_NEUTRON_L2_AGENT"]
# CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS will be available only for ML2
# plugin deployment, but we need CONFIG_NEUTRON_USE_L2POPULATION also
# for other plugin template generation
if ('l2population' in
config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', [])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent in ["openvswitch", "ovn"]:
ovs_type = 'CONFIG_NEUTRON_ML2_TYPE_DRIVERS'
ovs_type = config.get(ovs_type, 'local')
tunnel_types = set(ovs_type) & set(['gre', 'vxlan'])
config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types)
bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
# The CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS parameter contains a
# comma-separated list of bridge mappings. Since the puppet module
# expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = []
# Bridge configuration and mappings for compute nodes can be different.
# Parameter CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE contains the list of
# bridge names, included in bridge mappings and bridge interfaces, that
# must be created in compute nodes.
brd_arr_cmp = get_values(config["CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE"])
if_arr_cmp = []
mapp_arr_cmp = []
for brd in brd_arr_cmp:
if_arr_cmp.append(common.find_pair_with(iface_arr, brd, 0))
mapp_arr_cmp.append(common.find_pair_with(bm_arr, brd, 1))
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE"] = mapp_arr_cmp
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = []
no_local_types = set(ovs_type) & set(['gre', 'vxlan', 'vlan', 'flat'])
no_tunnel_types = set(ovs_type) & set(['vlan', 'flat'])
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
else:
raise KeyError("Unknown layer2 agent")
for host in network_hosts | compute_hosts:
# NICs connected to OVS bridges can be required in network nodes if
# vlan, flat, vxlan or gre are enabled. For compute nodes, they are
# only required if vlan or flat are enabled.
if (
agent in ["openvswitch", "ovn"] and (
(host in network_hosts and no_local_types)
or no_tunnel_types)
):
if config['CONFIG_USE_SUBNETS'] == 'y':
iface_arr = [
common.cidr_to_ifname(i, host, config) for i in iface_arr
]
if_arr_cmp = [
common.cidr_to_ifname(i, host, config) for i in if_arr_cmp
]
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = if_arr_cmp
config['CREATE_BRIDGES'] = 'y'
else:
config['CREATE_BRIDGES'] = 'n'
def create_compute_manifest(config, messages):
global compute_hosts, network_hosts
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
else:
config["CONFIG_VNCPROXY_PROTOCOL"] = "http"
migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL']
if migrate_protocol == 'ssh':
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+ssh://nova@%s/system?no_verify=1&'
'keyfile=/etc/nova/ssh/nova_migration_key'
)
else:
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+tcp://nova@%s/system'
)
ssh_keys_details = {}
for host in compute_hosts:
try:
hostname, aliases, addrs = socket.gethostbyaddr(host)
except socket.herror:
hostname, aliases, addrs = (host, [], [])
for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
hostkey = hostkey.strip()
if not hostkey:
continue
_, host_key_type, host_key_data = hostkey.split()
key = "%s.%s" % (host_key_type, hostname)
ssh_keys_details.setdefault(key, {})
ssh_keys_details[key]['ensure'] = 'present'
ssh_keys_details[key]['host_aliases'] = aliases + addrs
ssh_keys_details[key]['key'] = host_key_data
ssh_keys_details[key]['type'] = host_key_type
config['SSH_KEYS'] = ssh_keys_details
if config['CONFIG_VMWARE_BACKEND'] == 'y':
vcenters = [i.strip() for i in
config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',')
if i.strip()]
if not vcenters:
raise exceptions.ParamValidationError(
"Please specify at least one VMware vCenter cluster in"
" CONFIG_VCENTER_CLUSTER_NAMES"
)
if len(vcenters) != len(compute_hosts):
if len(vcenters) > 1:
raise exceptions.ParamValidationError(
"Number of vmware clusters %s is not same"
" as number of nova computes %s", (vcenters, compute_hosts)
)
else:
vcenters = len(compute_hosts) * [vcenters[0]]
vmware_clusters = dict(zip(compute_hosts, vcenters))
config['CONFIG_VCENTER_CLUSTERS'] = vmware_clusters
for host in compute_hosts:
if config['CONFIG_IRONIC_INSTALL'] == 'y':
cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm
fw_details = dict()
cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
for c_host in compute_hosts:
key = "nova_qemu_migration_%s_%s" % (host, c_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % c_host
fw_details[key]['service_name'] = "nova qemu migration"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['16509', '49152-49215']
fw_details[key]['proto'] = "tcp"
config[cf_fw_qemu_mig_key] = fw_details
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
key = 'CONFIG_NOVA_COMPUTE_PRIVIF'
if not config[key].strip():
config[key] = dummy_interface(host)
if config['CONFIG_USE_SUBNETS'] == 'y':
netface = common.cidr_to_ifname(
config[key], host, config
)
else:
netface = config[key]
check_ifcfg(host, netface)
try:
bring_up_ifcfg(host, netface)
except exceptions.ScriptRuntimeError as ex:
# just warn user to do it by himself
messages.append(str(ex))
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
)
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "nova_compute"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "nova compute"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5900-5999']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
def create_manifests(config, messages):
global q_hosts
service_plugins = ['qos', 'trunk']
service_providers = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
lbaas_plugin = ('neutron_lbaas.services.loadbalancer.plugin.'
'LoadBalancerPluginv2')
service_plugins.append(lbaas_plugin)
lbaas_sp = ('LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.'
'plugin_driver.HaproxyOnHostPluginDriver:default')
service_providers.append(lbaas_sp)
if use_ml2_with_ovn(config):
service_plugins.append('ovn-router')
else:
# ML2 uses the L3 Router service plugin to implement l3 agent for linuxbridge and ovs
service_plugins.append('router')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append('metering')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append('firewall_v2')
fwaas_sp = (
'FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.'
'service_drivers.agents.agents.FirewallAgentDriver:default')
service_providers.append(fwaas_sp)
if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
service_plugins.append('vpnaas')
vpnaas_sp = ('VPN:libreswan:neutron_vpnaas.services.vpn.'
'service_drivers.ipsec.IPsecVPNDriver:default')
service_providers.append(vpnaas_sp)
config['SERVICE_PLUGINS'] = (service_plugins
if service_plugins else 'undef')
config['SERVICE_PROVIDERS'] = (service_providers
if service_providers else [])
config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall."
"OVSHybridIptablesFirewallDriver")
plugin_manifest = 'neutron_ml2_plugin'
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_neutron.crt')
ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_neutron.key')
service = 'neutron'
for host in q_hosts:
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
if host in api_hosts:
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
if use_ml2_with_ovn(config):
key = "ovn_northd_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ovn northd"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6641']
fw_details[key]['proto'] = "tcp"
key = "ovn_southd_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ovn southd"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6642']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
# We also need to open VXLAN/GRE port for agent
if (use_openvswitch_vxlan(config) or use_openvswitch_gre(config)
or use_ovn_geneve(config)):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
fw_details = dict()
if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
tunnel_subnets = map(
str.strip,
config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(','))
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" %
host.replace('.', '_'))
for subnet in tunnel_subnets:
tunnel_fw_details(config, host, subnet, fw_details)
config[cf_fw_nt_key] = fw_details
else:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" %
host.replace('.', '_'))
for n_host in network_hosts | compute_hosts:
if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
if config['CONFIG_USE_SUBNETS'] == 'y':
iface = common.cidr_to_ifname(
config['CONFIG_NEUTRON_OVS_TUNNEL_IF'], n_host,
config)
else:
iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
ifip = ("ipaddress_%s" % iface)
ifip = re.sub('[\.\-\:]', '_', ifip)
try:
src_host = config['HOST_DETAILS'][n_host][ifip]
except KeyError:
raise KeyError('Couldn\'t detect ipaddress of '
'interface %s on node %s' %
(iface, n_host))
else:
src_host = n_host
tunnel_fw_details(config, host, src_host, fw_details)
config[cf_fw_nt_key] = fw_details
def create_compute_manifest(config, messages):
global compute_hosts, network_hosts
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
else:
config["CONFIG_VNCPROXY_PROTOCOL"] = "http"
migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL']
if migrate_protocol == 'ssh':
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+ssh://nova@%s/system?no_verify=1&'
'keyfile=/etc/nova/ssh/nova_migration_key'
)
else:
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+tcp://nova@%s/system'
)
ssh_keys_details = {}
for host in compute_hosts:
try:
hostname, aliases, addrs = socket.gethostbyaddr(host)
except socket.herror:
hostname, aliases, addrs = (host, [], [])
for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
hostkey = hostkey.strip()
if not hostkey:
continue
_, host_key_type, host_key_data = hostkey.split()
key = "%s.%s" % (host_key_type, hostname)
ssh_keys_details.setdefault(key, {})
ssh_keys_details[key]['ensure'] = 'present'
ssh_keys_details[key]['host_aliases'] = aliases + addrs
ssh_keys_details[key]['key'] = host_key_data
ssh_keys_details[key]['type'] = host_key_type
config['SSH_KEYS'] = ssh_keys_details
if config['CONFIG_VMWARE_BACKEND'] == 'y':
vcenters = [i.strip() for i in
config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',')
if i.strip()]
if not vcenters:
raise exceptions.ParamValidationError(
"Please specify at least one VMware vCenter cluster in"
" CONFIG_VCENTER_CLUSTER_NAMES"
)
if len(vcenters) != len(compute_hosts):
if len(vcenters) > 1:
raise exceptions.ParamValidationError(
"Number of vmware clusters %s is not same"
" as number of nova computes %s", (vcenters, compute_hosts)
)
else:
vcenters = len(compute_hosts) * [vcenters[0]]
vmware_clusters = dict(zip(compute_hosts, vcenters))
config['CONFIG_VCENTER_CLUSTERS'] = vmware_clusters
for host in compute_hosts:
if config['CONFIG_IRONIC_INSTALL'] == 'y':
cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm
fw_details = dict()
cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
for c_host in compute_hosts:
key = "nova_qemu_migration_%s_%s" % (host, c_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % c_host
fw_details[key]['service_name'] = "nova qemu migration"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['16509', '49152-49215']
fw_details[key]['proto'] = "tcp"
config[cf_fw_qemu_mig_key] = fw_details
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
key = 'CONFIG_NOVA_COMPUTE_PRIVIF'
if not config[key].strip():
config[key] = dummy_interface(host)
if config['CONFIG_USE_SUBNETS'] == 'y':
netface = common.cidr_to_ifname(
config[key], host, config
)
else:
netface = config[key]
check_ifcfg(host, netface)
try:
bring_up_ifcfg(host, netface)
except exceptions.ScriptRuntimeError as ex:
# just warn user to do it by himself
messages.append(str(ex))
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
)
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "nova_compute"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "nova compute"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5900-5999']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details