-
Notifications
You must be signed in to change notification settings - Fork 21
/
neutron.pp
298 lines (285 loc) · 17 KB
/
neutron.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
class contrail::profile::openstack::neutron(
$host_control_ip = $::contrail::params::host_ip,
$allowed_hosts = $::contrail::params::os_mysql_allowed_hosts,
$config_ip = $::contrail::params::config_ip_to_use,
$multi_tenancy = $::contrail::params::multi_tenancy,
$collector_ip = $::contrail::params::collector_ip_to_use,
$keystone_admin_user = $::contrail::params::keystone_admin_user,
$keystone_admin_password = $::contrail::params::keystone_admin_password,
$keystone_admin_tenant = $::contrail::params::keystone_admin_tenant,
$contrail_plugin_location = $::contrail::params::contrail_plugin_location,
$openstack_verbose = $::contrail::params::os_verbose,
$openstack_debug = $::contrail::params::os_debug,
$region_name = $::contrail::params::os_region,
$nova_password = $::contrail::params::os_nova_password,
$rabbitmq_user = $::contrail::params::os_rabbitmq_user,
$rabbitmq_password = $::contrail::params::os_rabbitmq_password,
$internal_vip = $::contrail::params::internal_vip,
$neutron_password = $::contrail::params::os_neutron_password,
$service_password = $::contrail::params::os_mysql_service_password,
$neutron_pkg_name = $::contrail::params::neutron_pkg_name,
$controller = $::contrail::params::keystone_ip_to_use,
$contrail_host_roles = $::contrail::params::host_roles,
$contrail_rabbit_servers = $::contrail::params::contrail_rabbit_hosts,
$rabbit_use_ssl = $::contrail::params::rabbit_ssl_support,
$kombu_ssl_ca_certs = $::contrail::params::kombu_ssl_ca_certs,
$kombu_ssl_certfile = $::contrail::params::kombu_ssl_certfile,
$kombu_ssl_keyfile = $::contrail::params::kombu_ssl_keyfile,
$keystone_auth_protocol = $::contrail::params::keystone_auth_protocol,
$keystone_admin_token = $::contrail::params::os_keystone_admin_token,
$controller_mgmt_address = $::contrail::params::os_controller_mgmt_address,
$package_sku = $::contrail::params::package_sku,
$keystone_ip_to_use = $::contrail::params::keystone_ip_to_use,
$neutron_mysql_ip = $::contrail::params::neutron_mysql_to_use,
$manage_neutron = $::contrail::params::manage_neutron,
) {
$database_credentials = join([$service_password, "@", $host_control_ip],'')
$keystone_db_conn = join(["mysql://neutron:",$database_credentials,"/neutron"],'')
if ($keystone_auth_protocol == "https") {
$insecure = true
} else {
$insecure = false
}
if ($manage_neutron == false) {
package { [ 'neutron-plugin-contrail', 'python-neutron-lbaas' ] :
ensure => present
}
} else {
package { $neutron_pkg_name :
ensure => present
}
}
class {'::neutron::db::mysql':
password => $service_password,
allowed_hosts => $allowed_hosts,
} ->
class {'::contrail::profile::neutron_db_sync':
database_connection => $keystone_db_conn
}
if ($manage_neutron == false) {
if ($internal_vip != "" and $internal_vip != undef) {
$neutron_port = "9697"
} else {
$neutron_port = "9696"
}
# Neutron needs to authenticate with keystone but doesn't need keystone installed
# keystone_authtoken params
$keystone_identity_uri = "${keystone_auth_protocol}://${keystone_ip_to_use}:35357/"
$keystone_auth_uri = "${keystone_auth_protocol}://${keystone_ip_to_use}:5000"
# sku pattern for centos is 12.0.1-1.el7.noarch. while
# sku pattern for ubuntu is 2:12.0.1-0ubuntu1~cloud0.1contrail
if ( $package_sku =~ /12\.0./) {
$neutron_extensions = ":${::python_dist}/neutron_lbaas/extensions"
} elsif ( $package_sku =~ /13\.0./) {
$neutron_extensions = ":${::python_dist}/neutron_lbaas/extensions"
} elsif ( $package_sku =~ /14\.0./) {
$neutron_extensions = ":${::python_dist}/neutron_lbaas/extensions"
} else {
$neutron_extensions = ""
}
class { '::neutron':
rabbit_hosts => $contrail_rabbit_servers,
rabbit_use_ssl => $rabbit_use_ssl,
kombu_ssl_ca_certs => $kombu_ssl_ca_certs,
kombu_ssl_certfile => $kombu_ssl_certfile,
kombu_ssl_keyfile => $kombu_ssl_keyfile,
bind_port => $neutron_port,
auth_strategy => 'keystone',
core_plugin => 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2',
allow_overlapping_ips => true,
rabbit_user => $rabbitmq_user,
rabbit_password => $rabbitmq_password,
verbose => $openstack_verbose,
debug => $openstack_debug,
api_extensions_path => "extensions:${::python_dist}/neutron_plugin_contrail/extensions${neutron_extensions}",
service_plugins => ['neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2'],
}
case $package_sku {
/14\.0/: {
class {'::neutron::keystone::authtoken':
password => $neutron_password,
auth_url => $keystone_identity_uri,
auth_uri => $keystone_auth_uri,
}
class { '::neutron::server':
database_connection => $keystone_db_conn,
service_providers => ['LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default']
}
neutron_config {
'keystone_authtoken/auth_host' : value => "$keystone_ip_to_use";
'keystone_authtoken/auth_port' : value => "35357";
'keystone_authtoken/auth_protocol': value => "${keystone_auth_protocol}";
'keystone_authtoken/admin_user' : value => "$keystone_admin_user";
'keystone_authtoken/admin_password' : value => "$keystone_admin_password";
'keystone_authtoken/admin_tenant_name': value => "$keystone_admin_tenant";
}
contrail_plugin_ini {
'APISERVER/api_server_ip' : value => "$config_ip";
'APISERVER/api_server_port' : value => '8082';
'APISERVER/multi_tenancy' : value => "$multi_tenancy";
'APISERVER/contrail_extensions': value => 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None';
'KEYSTONE/auth_url' : value => "$keystone_auth_uri";
'KEYSTONE/admin_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_password' : value => "$keystone_admin_password";
'KEYSTONE/auth_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_tenant_name': value => "$keystone_admin_tenant";
} ->
#NOTE: commented out for now, this will replace opencontrail_plugin_ini
#class ::neutron::plugins::opencontrail {
#api_server_ip => "$config_ip",
#$api_server_port => "8082",
#$multi_tenancy =>"$multi_tenancy",
#$contrail_extensions => ["ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam",
#"route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc",
#"policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy",
#"contrail:None"]
#$keystone_auth_url => "$keystone_auth_uri",
#$keystone_admin_user =>"$keystone_admin_user",
#$keystone_admin_tenant_name =>"$keystone_admin_tenant",
#$keystone_admin_password =>"$keystone_admin_password",
#$keystone_admin_token =>
#}
# contrail plugin for opencontrail
opencontrail_plugin_ini {
'APISERVER/api_server_ip' : value => "$config_ip";
'APISERVER/api_server_port' : value => '8082';
'APISERVER/multi_tenancy' : value => "$multi_tenancy";
'APISERVER/contrail_extensions': value => 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None';
'KEYSTONE/auth_url' : value => "$keystone_auth_uri";
'KEYSTONE/admin_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_password' : value => "$keystone_admin_password";
'KEYSTONE/auth_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_tenant_name': value => "$keystone_admin_tenant";
'COLLECTOR/analytics_api_ip': value => "$collector_ip";
'COLLECTOR/analytics_api_port': value => "8081";
} ->
contrail::lib::augeas_conf_set { 'NEUTRON_PLUGIN_CONFIG':
config_file => '/etc/default/neutron-server',
settings_hash => { 'NEUTRON_PLUGIN_CONFIG' => $contrail_plugin_location, },
lens_to_use => 'properties.lns',
}
}
/13\.0/: {
class { '::neutron::server':
auth_password => $neutron_password,
auth_uri => $keystone_auth_uri,
identity_uri => $keystone_identity_uri,
database_connection => $keystone_db_conn,
service_providers => ['LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default']
}
neutron_config {
'keystone_authtoken/auth_host' : value => "$keystone_ip_to_use";
'keystone_authtoken/auth_port' : value => "35357";
'keystone_authtoken/auth_protocol': value => "${keystone_auth_protocol}";
'keystone_authtoken/insecure' : value => "$insecure";
}
contrail_plugin_ini {
'APISERVER/api_server_ip' : value => "$config_ip";
'APISERVER/api_server_port' : value => '8082';
'APISERVER/multi_tenancy' : value => "$multi_tenancy";
'APISERVER/contrail_extensions': value => 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None';
'KEYSTONE/auth_url' : value => "$keystone_auth_uri";
'KEYSTONE/admin_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_password' : value => "$keystone_admin_password";
'KEYSTONE/auth_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_tenant_name': value => "$keystone_admin_tenant";
} ->
# contrail plugin for opencontrail
opencontrail_plugin_ini {
'APISERVER/api_server_ip' : value => "$config_ip";
'APISERVER/api_server_port' : value => '8082';
'APISERVER/multi_tenancy' : value => "$multi_tenancy";
'APISERVER/contrail_extensions': value => 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None';
'KEYSTONE/auth_url' : value => "$keystone_auth_uri";
'KEYSTONE/admin_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_password' : value => "$keystone_admin_password";
'KEYSTONE/auth_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_tenant_name': value => "$keystone_admin_tenant";
'COLLECTOR/analytics_api_ip': value => "$collector_ip";
'COLLECTOR/analytics_api_port': value => "8081";
} ->
contrail::lib::augeas_conf_set { 'NEUTRON_PLUGIN_CONFIG':
config_file => '/etc/default/neutron-server',
settings_hash => { 'NEUTRON_PLUGIN_CONFIG' => $contrail_plugin_location, },
lens_to_use => 'properties.lns',
}
}
default: {
class { '::neutron::server':
auth_password => $neutron_password,
auth_uri => $keystone_auth_uri,
#identity_uri => $keystone_identity_uri,
database_connection => $keystone_db_conn,
auth_host =>"$keystone_ip_to_use",
auth_protocol => "http",
auth_port => "35357"
}
neutron_config {
#'keystone_authtoken/auth_host' : value => "$keystone_ip_to_use";
#'keystone_authtoken/auth_port' : value => "35357";
#'keystone_authtoken/auth_protocol': value => "http";
'DEFAULT/rpc_response_timeout' : value => '60';
'service_providers/service_provider': value => 'LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default';
}
contrail_plugin_ini {
'APISERVER/api_server_ip' : value => "$config_ip";
'APISERVER/api_server_port' : value => '8082';
'APISERVER/multi_tenancy' : value => "$multi_tenancy";
'APISERVER/contrail_extensions': value => 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None';
'KEYSTONE/auth_url' : value => "$keystone_auth_uri";
'KEYSTONE/admin_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_password' : value => "$keystone_admin_password";
'KEYSTONE/auth_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_tenant_name': value => "$keystone_admin_tenant";
} ->
# contrail plugin for opencontrail
opencontrail_plugin_ini {
'APISERVER/api_server_ip' : value => "$config_ip";
'APISERVER/api_server_port' : value => '8082';
'APISERVER/multi_tenancy' : value => "$multi_tenancy";
'APISERVER/contrail_extensions': value => 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None';
'KEYSTONE/auth_url' : value => "$keystone_auth_uri";
'KEYSTONE/admin_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_password' : value => "$keystone_admin_password";
'KEYSTONE/auth_user' : value => "$keystone_admin_user";
'KEYSTONE/admin_tenant_name': value => "$keystone_admin_tenant";
'COLLECTOR/analytics_api_ip': value => "$collector_ip";
'COLLECTOR/analytics_api_port': value => "8081";
} ->
contrail::lib::augeas_conf_set { 'NEUTRON_PLUGIN_CONFIG':
config_file => '/etc/default/neutron-server',
settings_hash => { 'NEUTRON_PLUGIN_CONFIG' => $contrail_plugin_location, },
lens_to_use => 'properties.lns',
}
}
}
class { '::neutron::server::notifications':
nova_url => "http://${controller_mgmt_address}:8774/v2/",
nova_admin_auth_url => "${keystone_auth_protocol}://${keystone_ip_to_use}:35357/v2.0/",
nova_admin_password => $nova_password,
nova_region_name => $region_name,
nova_admin_tenant_id => 'services'
}
# Contrail specific neutron config
$neutron_contrail_params = {
'quotas/quota_driver' => {value => 'neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver'},
'quotas/quota_network' => {value => '-1'},
'quotas/quota_subnet' => {value => '-1'},
'quotas/quota_port' => {value => '-1'},
'DEFAULT/log_format' => {value => '%(asctime)s.%(msecs)d %(levelname)8s [%(name)s] %(message)s'},
}
create_resources(neutron_config, $neutron_contrail_params, {} )
# Openstack HA specific config
if (($internal_vip != '')) {
$neutron_ha_params = {
'DEFAULT/rabbit_retry_interval' => { value => '1'},
'DEFAULT/rabbit_retry_backoff' => {value => '2'},
'DEFAULT/rabbit_max_retries' => { value => '0'},
'DEFAULT/rpc_cast_timeout' => {value => '30'},
'DEFAULT/rpc_conn_pool_size' => {value => '40'},
'DEFAULT/rpc_thread_pool_size' => {value => '70'}
}
create_resources(neutron_config, $neutron_ha_params, {} )
}
}
}