Difference between revisions of "Puppet/Deploy"
< Puppet
(→Compose your manifest) |
(→Compose your manifest) |
||
| Line 260: | Line 260: | ||
<br /> | <br /> | ||
| − | All this code should reside in a single manifest. You can run | + | All this code should reside in a single manifest. You can run '''puppet apply''' to run the catalog, and one single apply should be enough. The catalog should be idempotent, that means you can run Puppet a second time, nothing should change. |
Revision as of 19:53, 15 September 2015
Contents
Module documentation
All (or most of) Puppet OpenStack modules containsː
- a README file that document how to use the module. Example with puppet-cinder.
- some manifest example(s) with Puppet code. Example with puppet-neutron.
Also note that 100% of module parameters are documented in the manifests. If you find any missing documentation, please submit a patch or create a bug.
Single node deployment scenario
This scenario documents how to deploy Compute Starter Kit that deploys Keystone, Nova, Neutron, and Glance.
Requirements
You'll need a physical or virtual machine with enough memory, storage and compute resources to run OpenStack. As an example, see which resources you need to run DevStack. Also, you need to make sure your system is supported. Finally, you need to install Puppet. You can read the official Puppet documentation to learn how to do it.
Install Puppet modules
You can use this script that will clone Puppet OpenStack modules and all dependencies.
Compose your manifest
We are going to compose a manifest.ppː
Repositories
First, you need to manage OpenStack repositories. To install OpenStack Liberty, here is what you'll need to applyː
case $::osfamily {
'Debian': {
include ::apt
class { '::openstack_extras::repo::debian::ubuntu':
release => 'liberty',
repo => 'proposed',
package_require => true,
}
$package_provider = 'apt'
}
'RedHat': {
class { '::openstack_extras::repo::redhat::redhat':
manage_rdo => false,
repo_hash => {
'openstack-common-testing' => {
'baseurl' => 'http://cbs.centos.org/repos/cloud7-openstack-common-testing/x86_64/os/',
'descr' => 'openstack-common-testing',
'gpgcheck' => 'no',
},
'openstack-liberty-testing' => {
'baseurl' => 'http://cbs.centos.org/repos/cloud7-openstack-liberty-testing/x86_64/os/',
'descr' => 'openstack-liberty-testing',
'gpgcheck' => 'no',
},
'openstack-liberty-trunk' => {
'baseurl' => 'http://trunk.rdoproject.org/centos7-liberty/current/',
'descr' => 'openstack-liberty-trunk',
'gpgcheck' => 'no',
},
},
}
package { 'openstack-selinux': ensure => 'latest' }
$package_provider = 'yum'
}
default: {
fail("Unsupported osfamily (${::osfamily})")
}
}
Common resources
Let's install common servicesː MySQL, RabbitMQ and their resources needed to run OpenStackː
# Deploy MySQL Server
class { '::mysql::server': }
# Deploy RabbitMQ
class { '::rabbitmq':
delete_guest_user => true,
package_provider => $package_provider,
}
rabbitmq_vhost { '/':
provider => 'rabbitmqctl',
require => Class['rabbitmq'],
}
rabbitmq_user { ['neutron', 'nova']:
admin => true,
password => 'an_even_bigger_secret',
provider => 'rabbitmqctl',
require => Class['rabbitmq'],
}
rabbitmq_user_permissions { ['neutron@/', 'nova@/']:
configure_permission => '.*',
write_permission => '.*',
read_permission => '.*',
provider => 'rabbitmqctl',
require => Class['rabbitmq'],
}
Keystone
Now, let's deploy Keystone in WSGIː
# Deploy Keystone
class { '::keystone::client': }
class { '::keystone::cron::token_flush': }
class { '::keystone::db::mysql':
password => 'keystone',
}
class { '::keystone':
verbose => true,
debug => true,
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'admin_token',
enabled => true,
service_name => 'httpd',
default_domain => 'default_domain',
}
include ::apache
class { '::keystone::wsgi::apache':
ssl => false,
}
class { '::keystone::roles::admin':
email => 'test@example.tld',
password => 'a_big_secret',
}
class { '::keystone::endpoint':
default_domain => 'admin',
}
Glance
Here is how to deploy Glanceː
# Deploy Glance
class { '::glance::db::mysql':
password => 'glance',
}
include ::glance
include ::glance::client
class { '::glance::keystone::auth':
password => 'a_big_secret',
}
class { '::glance::api':
debug => true,
verbose => true,
database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8',
keystone_password => 'a_big_secret',
}
class { '::glance::registry':
debug => true,
verbose => true,
database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8',
keystone_password => 'a_big_secret',
}
Neutron
Here is the magic that deploys Neutronː
# Deploy Neutron
class { '::neutron::db::mysql':
password => 'neutron',
}
class { '::neutron::keystone::auth':
password => 'a_big_secret',
}
class { '::neutron':
rabbit_user => 'neutron',
rabbit_password => 'an_even_bigger_secret',
rabbit_host => '127.0.0.1',
allow_overlapping_ips => true,
core_plugin => 'ml2',
service_plugins => ['router', 'metering'],
debug => true,
verbose => true,
}
class { '::neutron::client': }
class { '::neutron::server':
database_connection => 'mysql://neutron:neutron@127.0.0.1/neutron?charset=utf8',
auth_password => 'a_big_secret',
identity_uri => 'http://127.0.0.1:35357/',
sync_db => true,
}
class { '::neutron::plugins::ml2':
type_drivers => ['vxlan'],
tenant_network_types => ['vxlan'],
mechanism_drivers => ['openvswitch'],
}
class { '::neutron::agents::ml2::ovs':
enable_tunneling => true,
local_ip => '127.0.0.1',
tunnel_types => ['vxlan'],
}
class { '::neutron::agents::metadata':
debug => true,
auth_password => 'a_big_secret',
shared_secret => 'a_big_secret',
}
class { '::neutron::agents::lbaas':
debug => true,
}
class { '::neutron::agents::l3':
debug => true,
}
class { '::neutron::agents::dhcp':
debug => true,
}
class { '::neutron::agents::metering':
debug => true,
}
class { '::neutron::server::notifications':
nova_admin_password => 'a_big_secret',
}
Nova
And finally, the code that will deploy Novaː
# Deploy Nova
class { '::nova::db::mysql':
password => 'nova',
}
class { '::nova::keystone::auth':
password => 'a_big_secret',
}
class { '::nova':
database_connection => 'mysql://nova:nova@127.0.0.1/nova?charset=utf8',
rabbit_host => '127.0.0.1',
rabbit_userid => 'nova',
rabbit_password => 'an_even_bigger_secret',
glance_api_servers => 'localhost:9292',
verbose => true,
debug => true,
}
class { '::nova::api':
admin_password => 'a_big_secret',
identity_uri => 'http://127.0.0.1:35357/',
osapi_v3 => true,
neutron_metadata_proxy_shared_secret => 'a_big_secret',
}
class { '::nova::cert': }
class { '::nova::client': }
class { '::nova::conductor': }
class { '::nova::consoleauth': }
class { '::nova::cron::archive_deleted_rows': }
class { '::nova::compute': vnc_enabled => true }
class { '::nova::compute::libvirt':
libvirt_virt_type => 'qemu',
migration_support => true,
vncserver_listen => '0.0.0.0',
}
class { '::nova::scheduler': }
class { '::nova::vncproxy': }
class { '::nova::network::neutron':
neutron_admin_password => 'a_big_secret',
neutron_admin_auth_url => 'http://127.0.0.1:35357/v2.0',
}
All this code should reside in a single manifest. You can run puppet apply to run the catalog, and one single apply should be enough. The catalog should be idempotent, that means you can run Puppet a second time, nothing should change.
