Difference between revisions of "Puppet/Deploy"
(→Single node deployment scenario) |
(→Compose your manifest) |
||
Line 24: | Line 24: | ||
We are going to compose a manifest.ppː | We are going to compose a manifest.ppː | ||
+ | ==== Repositories ==== | ||
First, you need to manage OpenStack repositories. | First, you need to manage OpenStack repositories. | ||
To install OpenStack Liberty, here is what you'll need to applyː | To install OpenStack Liberty, here is what you'll need to applyː | ||
Line 68: | Line 69: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | ==== Common resources ==== | ||
Let's install common servicesː MySQL, RabbitMQ and their resources needed to run OpenStackː | Let's install common servicesː MySQL, RabbitMQ and their resources needed to run OpenStackː | ||
<syntaxhighlight lang="ruby"> | <syntaxhighlight lang="ruby"> | ||
Line 97: | Line 99: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | ==== Keystone ==== | ||
Now, let's deploy Keystone in WSGIː | Now, let's deploy Keystone in WSGIː | ||
<syntaxhighlight lang="ruby"> | <syntaxhighlight lang="ruby"> | ||
Line 127: | Line 130: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | ==== Glance ==== | ||
Here is how to deploy Glanceː | Here is how to deploy Glanceː | ||
<syntaxhighlight lang="ruby"> | <syntaxhighlight lang="ruby"> | ||
Line 152: | Line 156: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | ==== Neutron ==== | ||
Here is the magic that deploys Neutronː | Here is the magic that deploys Neutronː | ||
<syntaxhighlight lang="ruby"> | <syntaxhighlight lang="ruby"> | ||
Line 210: | Line 215: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | ==== Nova ==== | ||
And finally, the code that will deploy Novaː | And finally, the code that will deploy Novaː | ||
<syntaxhighlight lang="ruby"> | <syntaxhighlight lang="ruby"> | ||
Line 252: | Line 258: | ||
} | } | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | <br /> | ||
All this code should reside in a single manifest. You can run ```puppet apply``` to run the catalog, and one single apply should be enough. The catalog should be idempotent, that means you can run Puppet a second time, nothing should change. | All this code should reside in a single manifest. You can run ```puppet apply``` to run the catalog, and one single apply should be enough. The catalog should be idempotent, that means you can run Puppet a second time, nothing should change. |
Revision as of 19:51, 15 September 2015
Contents
Module documentation
All (or most of) Puppet OpenStack modules containsː
- a README file that document how to use the module. Example with puppet-cinder.
- some manifest example(s) with Puppet code. Example with puppet-neutron.
Also note that 100% of module parameters are documented in the manifests. If you find any missing documentation, please submit a patch or create a bug.
Single node deployment scenario
This scenario documents how to deploy Compute Starter Kit that deploys Keystone, Nova, Neutron, and Glance.
Requirements
You'll need a physical or virtual machine with enough memory, storage and compute resources to run OpenStack. As an example, see which resources you need to run DevStack. Also, you need to make sure your system is supported. Finally, you need to install Puppet. You can read the official Puppet documentation to learn how to do it.
Install Puppet modules
You can use this script that will clone Puppet OpenStack modules and all dependencies.
Compose your manifest
We are going to compose a manifest.ppː
Repositories
First, you need to manage OpenStack repositories. To install OpenStack Liberty, here is what you'll need to applyː
case $::osfamily {
'Debian': {
include ::apt
class { '::openstack_extras::repo::debian::ubuntu':
release => 'liberty',
repo => 'proposed',
package_require => true,
}
$package_provider = 'apt'
}
'RedHat': {
class { '::openstack_extras::repo::redhat::redhat':
manage_rdo => false,
repo_hash => {
'openstack-common-testing' => {
'baseurl' => 'http://cbs.centos.org/repos/cloud7-openstack-common-testing/x86_64/os/',
'descr' => 'openstack-common-testing',
'gpgcheck' => 'no',
},
'openstack-liberty-testing' => {
'baseurl' => 'http://cbs.centos.org/repos/cloud7-openstack-liberty-testing/x86_64/os/',
'descr' => 'openstack-liberty-testing',
'gpgcheck' => 'no',
},
'openstack-liberty-trunk' => {
'baseurl' => 'http://trunk.rdoproject.org/centos7-liberty/current/',
'descr' => 'openstack-liberty-trunk',
'gpgcheck' => 'no',
},
},
}
package { 'openstack-selinux': ensure => 'latest' }
$package_provider = 'yum'
}
default: {
fail("Unsupported osfamily (${::osfamily})")
}
}
Common resources
Let's install common servicesː MySQL, RabbitMQ and their resources needed to run OpenStackː
# Deploy MySQL Server
class { '::mysql::server': }
# Deploy RabbitMQ
class { '::rabbitmq':
delete_guest_user => true,
package_provider => $package_provider,
}
rabbitmq_vhost { '/':
provider => 'rabbitmqctl',
require => Class['rabbitmq'],
}
rabbitmq_user { ['neutron', 'nova']:
admin => true,
password => 'an_even_bigger_secret',
provider => 'rabbitmqctl',
require => Class['rabbitmq'],
}
rabbitmq_user_permissions { ['neutron@/', 'nova@/']:
configure_permission => '.*',
write_permission => '.*',
read_permission => '.*',
provider => 'rabbitmqctl',
require => Class['rabbitmq'],
}
Keystone
Now, let's deploy Keystone in WSGIː
# Deploy Keystone
class { '::keystone::client': }
class { '::keystone::cron::token_flush': }
class { '::keystone::db::mysql':
password => 'keystone',
}
class { '::keystone':
verbose => true,
debug => true,
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'admin_token',
enabled => true,
service_name => 'httpd',
default_domain => 'default_domain',
}
include ::apache
class { '::keystone::wsgi::apache':
ssl => false,
}
class { '::keystone::roles::admin':
email => 'test@example.tld',
password => 'a_big_secret',
}
class { '::keystone::endpoint':
default_domain => 'admin',
}
Glance
Here is how to deploy Glanceː
# Deploy Glance
class { '::glance::db::mysql':
password => 'glance',
}
include ::glance
include ::glance::client
class { '::glance::keystone::auth':
password => 'a_big_secret',
}
class { '::glance::api':
debug => true,
verbose => true,
database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8',
keystone_password => 'a_big_secret',
}
class { '::glance::registry':
debug => true,
verbose => true,
database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8',
keystone_password => 'a_big_secret',
}
Neutron
Here is the magic that deploys Neutronː
# Deploy Neutron
class { '::neutron::db::mysql':
password => 'neutron',
}
class { '::neutron::keystone::auth':
password => 'a_big_secret',
}
class { '::neutron':
rabbit_user => 'neutron',
rabbit_password => 'an_even_bigger_secret',
rabbit_host => '127.0.0.1',
allow_overlapping_ips => true,
core_plugin => 'ml2',
service_plugins => ['router', 'metering'],
debug => true,
verbose => true,
}
class { '::neutron::client': }
class { '::neutron::server':
database_connection => 'mysql://neutron:neutron@127.0.0.1/neutron?charset=utf8',
auth_password => 'a_big_secret',
identity_uri => 'http://127.0.0.1:35357/',
sync_db => true,
}
class { '::neutron::plugins::ml2':
type_drivers => ['vxlan'],
tenant_network_types => ['vxlan'],
mechanism_drivers => ['openvswitch'],
}
class { '::neutron::agents::ml2::ovs':
enable_tunneling => true,
local_ip => '127.0.0.1',
tunnel_types => ['vxlan'],
}
class { '::neutron::agents::metadata':
debug => true,
auth_password => 'a_big_secret',
shared_secret => 'a_big_secret',
}
class { '::neutron::agents::lbaas':
debug => true,
}
class { '::neutron::agents::l3':
debug => true,
}
class { '::neutron::agents::dhcp':
debug => true,
}
class { '::neutron::agents::metering':
debug => true,
}
class { '::neutron::server::notifications':
nova_admin_password => 'a_big_secret',
}
Nova
And finally, the code that will deploy Novaː
# Deploy Nova
class { '::nova::db::mysql':
password => 'nova',
}
class { '::nova::keystone::auth':
password => 'a_big_secret',
}
class { '::nova':
database_connection => 'mysql://nova:nova@127.0.0.1/nova?charset=utf8',
rabbit_host => '127.0.0.1',
rabbit_userid => 'nova',
rabbit_password => 'an_even_bigger_secret',
glance_api_servers => 'localhost:9292',
verbose => true,
debug => true,
}
class { '::nova::api':
admin_password => 'a_big_secret',
identity_uri => 'http://127.0.0.1:35357/',
osapi_v3 => true,
neutron_metadata_proxy_shared_secret => 'a_big_secret',
}
class { '::nova::cert': }
class { '::nova::client': }
class { '::nova::conductor': }
class { '::nova::consoleauth': }
class { '::nova::cron::archive_deleted_rows': }
class { '::nova::compute': vnc_enabled => true }
class { '::nova::compute::libvirt':
libvirt_virt_type => 'qemu',
migration_support => true,
vncserver_listen => '0.0.0.0',
}
class { '::nova::scheduler': }
class { '::nova::vncproxy': }
class { '::nova::network::neutron':
neutron_admin_password => 'a_big_secret',
neutron_admin_auth_url => 'http://127.0.0.1:35357/v2.0',
}
All this code should reside in a single manifest. You can run ```puppet apply``` to run the catalog, and one single apply should be enough. The catalog should be idempotent, that means you can run Puppet a second time, nothing should change.