|
|
Line 1: |
Line 1: |
| __TOC__ | | __TOC__ |
| | | |
− | == Module documentation ==
| + | Deploy Puppet OpenStack modules, deploy OpenStack with Puppet and test the setup with Tempest. |
− | All (or most of) Puppet OpenStack modules containsː
| |
− | * a README file that document how to use the module. Example with [https://github.com/openstack/puppet-cinder#beginning-with-cinder puppet-cinder].
| |
− | * some manifest example(s) with Puppet code. Example with [https://github.com/openstack/puppet-neutron/blob/master/examples/neutron.pp puppet-neutron].
| |
| | | |
− | Also note that 100% of module parameters are documented in the manifests.
| + | Software requirements: |
− | If you find any missing documentation, please submit a patch or create a bug.
| + | * Ubuntu 14.04 LTS or CentOS7 fresh install |
| + | * 'git' installed |
| | | |
− | == Single node deployment scenario ==
| + | Hardware requirements: |
− | This scenario documents how to deploy [http://governance.openstack.org/reference/tags/compute_starter_kit.html Compute Starter Kit] that deploys Keystone, Nova, Neutron, and Glance.
| + | * At least 4GB of memory, but 8GB is recommended |
| + | * At least 10GB of storage |
| | | |
− | === Requirements ===
| + | <syntaxhighlight lang="bash"> |
− | You'll need a physical or virtual machine with enough memory, storage and compute resources to run OpenStack. As an example, see which resources you need to run [http://docs.openstack.org/developer/devstack/guides/single-vm.html#virtual-machine DevStack].
| + | curl -sL http://tinyurl.com/PuppetOpenStackAIO | bash |
− | Also, you need to make sure your system is [[Puppet/supported_platforms|supported]].
| |
− | Finally, you need to install Puppet. You can read the official [https://docs.puppetlabs.com/guides/install_puppet/pre_install.html Puppet documentation] to learn how to do it.
| |
− | | |
− | === Install Puppet modules ===
| |
− | You can use this [http://git.openstack.org/cgit/openstack/puppet-openstack-integration/tree/install_modules.sh script] that will clone Puppet OpenStack modules and all dependencies.
| |
− | Note the script should be run with sudo or in root.
| |
− | | |
− | === Compose your manifest ===
| |
− | | |
− | We are going to compose a manifest.ppː
| |
− | | |
− | ==== Repositories ====
| |
− | First, you need to manage OpenStack repositories.
| |
− | To install OpenStack Liberty, here is what you'll need to applyː
| |
− | | |
− | <syntaxhighlight lang="ruby"> | |
− | case $::osfamily {
| |
− | 'Debian': {
| |
− | include ::apt
| |
− | class { '::openstack_extras::repo::debian::ubuntu':
| |
− | release => 'liberty',
| |
− | repo => 'proposed',
| |
− | package_require => true,
| |
− | }
| |
− | $package_provider = 'apt'
| |
− | }
| |
− | 'RedHat': {
| |
− | class { '::openstack_extras::repo::redhat::redhat':
| |
− | manage_rdo => false,
| |
− | repo_hash => {
| |
− | 'openstack-common-testing' => {
| |
− | 'baseurl' => 'http://cbs.centos.org/repos/cloud7-openstack-common-testing/x86_64/os/',
| |
− | 'descr' => 'openstack-common-testing',
| |
− | 'gpgcheck' => 'no',
| |
− | },
| |
− | 'openstack-liberty-testing' => {
| |
− | 'baseurl' => 'http://cbs.centos.org/repos/cloud7-openstack-liberty-testing/x86_64/os/',
| |
− | 'descr' => 'openstack-liberty-testing',
| |
− | 'gpgcheck' => 'no',
| |
− | },
| |
− | 'openstack-liberty-trunk' => {
| |
− | 'baseurl' => 'http://trunk.rdoproject.org/centos7-liberty/current/',
| |
− | 'descr' => 'openstack-liberty-trunk',
| |
− | 'gpgcheck' => 'no',
| |
− | },
| |
− | },
| |
− | }
| |
− | package { 'openstack-selinux': ensure => 'latest' }
| |
− | $package_provider = 'yum'
| |
− | }
| |
− | default: {
| |
− | fail("Unsupported osfamily (${::osfamily})")
| |
− | }
| |
− | }
| |
| </syntaxhighlight> | | </syntaxhighlight> |
− |
| |
− | ==== Common resources ====
| |
− | Let's install common servicesː MySQL, RabbitMQ and their resources needed to run OpenStackː
| |
− | <syntaxhighlight lang="ruby">
| |
− | # Deploy MySQL Server
| |
− | class { '::mysql::server': }
| |
− |
| |
− | # Deploy RabbitMQ
| |
− | class { '::rabbitmq':
| |
− | delete_guest_user => true,
| |
− | package_provider => $package_provider,
| |
− | }
| |
− | rabbitmq_vhost { '/':
| |
− | provider => 'rabbitmqctl',
| |
− | require => Class['rabbitmq'],
| |
− | }
| |
− | rabbitmq_user { ['neutron', 'nova']:
| |
− | admin => true,
| |
− | password => 'an_even_bigger_secret',
| |
− | provider => 'rabbitmqctl',
| |
− | require => Class['rabbitmq'],
| |
− | }
| |
− | rabbitmq_user_permissions { ['neutron@/', 'nova@/']:
| |
− | configure_permission => '.*',
| |
− | write_permission => '.*',
| |
− | read_permission => '.*',
| |
− | provider => 'rabbitmqctl',
| |
− | require => Class['rabbitmq'],
| |
− | }
| |
− | </syntaxhighlight>
| |
− |
| |
− | ==== Keystone ====
| |
− | Now, let's deploy Keystone in WSGIː
| |
− | <syntaxhighlight lang="ruby">
| |
− | # Deploy Keystone
| |
− | class { '::keystone::client': }
| |
− | class { '::keystone::cron::token_flush': }
| |
− | class { '::keystone::db::mysql':
| |
− | password => 'keystone',
| |
− | }
| |
− | class { '::keystone':
| |
− | verbose => true,
| |
− | debug => true,
| |
− | database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
| |
− | admin_token => 'admin_token',
| |
− | enabled => true,
| |
− | service_name => 'httpd',
| |
− | default_domain => 'default_domain',
| |
− | }
| |
− | include ::apache
| |
− | class { '::keystone::wsgi::apache':
| |
− | ssl => false,
| |
− | }
| |
− | class { '::keystone::roles::admin':
| |
− | email => 'test@example.tld',
| |
− | password => 'a_big_secret',
| |
− | }
| |
− | class { '::keystone::endpoint':
| |
− | default_domain => 'admin',
| |
− | }
| |
− | </syntaxhighlight>
| |
− |
| |
− | ==== Glance ====
| |
− | Here is how to deploy Glanceː
| |
− | <syntaxhighlight lang="ruby">
| |
− | # Deploy Glance
| |
− | class { '::glance::db::mysql':
| |
− | password => 'glance',
| |
− | }
| |
− | include ::glance
| |
− | include ::glance::client
| |
− | class { '::glance::keystone::auth':
| |
− | password => 'a_big_secret',
| |
− | }
| |
− | class { '::glance::api':
| |
− | debug => true,
| |
− | verbose => true,
| |
− | database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8',
| |
− | keystone_password => 'a_big_secret',
| |
− | }
| |
− | class { '::glance::registry':
| |
− | debug => true,
| |
− | verbose => true,
| |
− | database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8',
| |
− | keystone_password => 'a_big_secret',
| |
− | }
| |
− | </syntaxhighlight>
| |
− |
| |
− | ==== Neutron ====
| |
− | Here is the magic that deploys Neutronː
| |
− | <syntaxhighlight lang="ruby">
| |
− | # Deploy Neutron
| |
− | class { '::neutron::db::mysql':
| |
− | password => 'neutron',
| |
− | }
| |
− | class { '::neutron::keystone::auth':
| |
− | password => 'a_big_secret',
| |
− | }
| |
− | class { '::neutron':
| |
− | rabbit_user => 'neutron',
| |
− | rabbit_password => 'an_even_bigger_secret',
| |
− | rabbit_host => '127.0.0.1',
| |
− | allow_overlapping_ips => true,
| |
− | core_plugin => 'ml2',
| |
− | service_plugins => ['router', 'metering'],
| |
− | debug => true,
| |
− | verbose => true,
| |
− | }
| |
− | class { '::neutron::client': }
| |
− | class { '::neutron::server':
| |
− | database_connection => 'mysql://neutron:neutron@127.0.0.1/neutron?charset=utf8',
| |
− | auth_password => 'a_big_secret',
| |
− | identity_uri => 'http://127.0.0.1:35357/',
| |
− | sync_db => true,
| |
− | }
| |
− | class { '::neutron::plugins::ml2':
| |
− | type_drivers => ['vxlan'],
| |
− | tenant_network_types => ['vxlan'],
| |
− | mechanism_drivers => ['openvswitch'],
| |
− | }
| |
− | class { '::neutron::agents::ml2::ovs':
| |
− | enable_tunneling => true,
| |
− | local_ip => '127.0.0.1',
| |
− | tunnel_types => ['vxlan'],
| |
− | }
| |
− | class { '::neutron::agents::metadata':
| |
− | debug => true,
| |
− | auth_password => 'a_big_secret',
| |
− | shared_secret => 'a_big_secret',
| |
− | }
| |
− | class { '::neutron::agents::lbaas':
| |
− | debug => true,
| |
− | }
| |
− | class { '::neutron::agents::l3':
| |
− | debug => true,
| |
− | }
| |
− | class { '::neutron::agents::dhcp':
| |
− | debug => true,
| |
− | }
| |
− | class { '::neutron::agents::metering':
| |
− | debug => true,
| |
− | }
| |
− | class { '::neutron::server::notifications':
| |
− | nova_admin_password => 'a_big_secret',
| |
− | }
| |
− | </syntaxhighlight>
| |
− |
| |
− | ==== Nova ====
| |
− | And finally, the code that will deploy Novaː
| |
− | <syntaxhighlight lang="ruby">
| |
− | # Deploy Nova
| |
− | class { '::nova::db::mysql':
| |
− | password => 'nova',
| |
− | }
| |
− | class { '::nova::keystone::auth':
| |
− | password => 'a_big_secret',
| |
− | }
| |
− | class { '::nova':
| |
− | database_connection => 'mysql://nova:nova@127.0.0.1/nova?charset=utf8',
| |
− | rabbit_host => '127.0.0.1',
| |
− | rabbit_userid => 'nova',
| |
− | rabbit_password => 'an_even_bigger_secret',
| |
− | glance_api_servers => 'localhost:9292',
| |
− | verbose => true,
| |
− | debug => true,
| |
− | }
| |
− | class { '::nova::api':
| |
− | admin_password => 'a_big_secret',
| |
− | identity_uri => 'http://127.0.0.1:35357/',
| |
− | osapi_v3 => true,
| |
− | neutron_metadata_proxy_shared_secret => 'a_big_secret',
| |
− | }
| |
− | class { '::nova::cert': }
| |
− | class { '::nova::client': }
| |
− | class { '::nova::conductor': }
| |
− | class { '::nova::consoleauth': }
| |
− | class { '::nova::cron::archive_deleted_rows': }
| |
− | class { '::nova::compute': vnc_enabled => true }
| |
− | class { '::nova::compute::libvirt':
| |
− | libvirt_virt_type => 'qemu',
| |
− | migration_support => true,
| |
− | vncserver_listen => '0.0.0.0',
| |
− | }
| |
− | class { '::nova::scheduler': }
| |
− | class { '::nova::vncproxy': }
| |
− | class { '::nova::network::neutron':
| |
− | neutron_admin_password => 'a_big_secret',
| |
− | neutron_admin_auth_url => 'http://127.0.0.1:35357/v2.0',
| |
− | }
| |
− | </syntaxhighlight>
| |
− | <br />
| |
− |
| |
− | All this code should reside in a single manifest. You can run '''sudo puppet apply''' to run the catalog, and one single apply should be enough. The catalog should be idempotent, that means you can run Puppet a second time, nothing should change.
| |