-
Riccardo Bucchi authoredRiccardo Bucchi authored
site.pp 7.65 KiB
Exec {
path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin'
}
hiera_include('default')
# PARAMS
# ======
$vip = '192.168.0.127'
## HAPROXY
$ha_servers = {
priority_hostname => 'ocp-tb-1',
priority_ip => '192.168.0.18',
hostnames => ['ocp-tb-2', 'ocp-tb-3'],
ips => ['192.168.0.19', '192.168.0.20'],
}
# controller hostnames and ips
$haproxy_controller_hosts = ['ocp-tb-7', 'ocp-tb-8']
$haproxy_controller_ips = ['192.168.0.31', '192.168.0.32']
## PERCONA
# every openstack user must be created on rhmk servers. '%' is mysql wildcard.
$mysql_users = {
'keystone@ocp-tb-%' => {
password_hash => mysql_password('keystone'),
},
'glance@ocp-tb-%' => {
password_hash => mysql_password('glance'),
},
'nova@ocp-tb-%' => {
password_hash => mysql_password('nova'),
},
'cinder@ocp-tb-%' => {
password_hash => mysql_password('cinder'),
},
'neutron@ocp-tb-%' => {
password_hash => mysql_password('neutron'),
},
'ceilometer@ocp-tb-%' => {
password_hash => mysql_password('ceilometer'),
},
'heat@ocp-tb-%' => {
password_hash => mysql_password('heat'),
},
}
# create a database for every openstack service.
$mysql_databases = {
'keystone' => {
charset => 'utf8',
collate => 'utf8_general_ci',},
'glance' => {
charset => 'utf8',
collate => 'utf8_general_ci',},
'nova' => {
charset => 'utf8',
collate => 'utf8_general_ci',},
'cinder' => {
charset => 'utf8',
collate => 'utf8_general_ci',},
'neutron' => {
charset => 'utf8',
collate => 'utf8_general_ci',},
'ceilometer' => {
charset => 'utf8',
collate => 'utf8_general_ci',},
'heat' => {
charset => 'utf8', collate => 'utf8_general_ci',},
}
# assign grants for every string user@host/database.table
$mysql_grants = {
'keystone@ocp-tb-%/*.*' => {
user => 'keystone@ocp-tb-%',
},
'glance@ocp-tb-%/*.*' => {
user => 'glance@ocp-tb-%',
},
'nova@ocp-tb-%/*.*' => {
user => 'nova@ocp-tb-%',
},
'cinder@ocp-tb-%/*.*' => {
user => 'cinder@ocp-tb-%',
},
'neutron@ocp-tb-%/*.*' => {
user => 'neutron@ocp-tb-%',
},
'ceilometer@ocp-tb-%/*.*' => {
user => 'neutron@ocp-tb-%',
},
'heat@ocp-tb-%/*.*' => {
user => 'neutron@ocp-tb-%',
},
}
# NODE DEFINITION
# ===============
## RHMK NODES
node '<RHMK_HOSTNAME1>' {
class {'iaas::role::rhmk':
# to be true only if renewing the cluster
# percona_master => true,
keepalived_state => 'MASTER',
keepalived_priority => 102,
ha_servers => $ha_servers,
mysql_users => $mysql_users,
mysql_databases => $mysql_databases,
mysql_grants => $mysql_grants,
vip => $vip,
haproxy_controller_hosts => $haproxy_controller_hosts,
haproxy_controller_ips => $haproxy_controller_ips,
}
}
node '<RHMK_HOSTNAME2>' {
class {'iaas::role::rhmk':
keepalived_state => 'BACKUP',
keepalived_priority => 101,
ha_servers => $ha_servers,
mysql_users => $mysql_users,
mysql_databases => $mysql_databases,
mysql_grants => $mysql_grants,
vip => $vip,
haproxy_controller_hosts => $haproxy_controller_hosts,
haproxy_controller_ips => $haproxy_controller_ips,
}
}
node '<RHMK_HOSTNAME3>' {
class {'iaas::role::rhmk':
keepalived_state => 'BACKUP',
keepalived_priority => 100,
ha_servers => $ha_servers,
mysql_users => $mysql_users,
mysql_databases => $mysql_databases, mysql_grants => $mysql_grants,
vip => $vip,
haproxy_controller_hosts => $haproxy_controller_hosts,
haproxy_controller_ips => $haproxy_controller_ips,
}
}
## CEPH STORAGE NODES
node '<storage_hostname>' {
include 'iaas::role::storage'
ceph::osd {
'/dev/vdb':
journal => '/osd1';
'/dev/vdc':
journal => '/osd2',
}
ceph::key {
'client.admin':
secret => 'AQDgL/hUSC2kLBAAnWJaSiqJG+YMk+XV9sapnw==',
cap_mon => 'allow *',
cap_osd => 'allow *',
cap_mds => 'allow',
inject => 'true',
inject_as_id => 'mon.',
inject_keyring => "/var/lib/ceph/mon/ceph-$::hostname/keyring";
'client.bootstrap-osd':
secret => 'AQDlL/hUUCpdFBAAZeo6mKj4yeKPmVKfUY5awA==',
cap_mon => 'allow profile bootstrap-osd',
keyring_path => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
inject => 'true',
inject_as_id => 'mon.',
inject_keyring => "/var/lib/ceph/mon/ceph-$::hostname/keyring";
'client.glance':
secret => 'AQBgGdJUCPwjLRAARZ0KEaxewYcYHT3j5Gl5Cg==',
cap_mon => 'allow r',
cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=images',
inject => 'true',
inject_as_id => 'mon.',
inject_keyring => "/var/lib/ceph/mon/ceph-$::hostname/keyring";
'client.cinder':
secret => 'AQAvxQpVKJ03KxAADFv78tedrAWZx1SoRdsQUA==',
cap_mon => 'allow r',
cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images',
inject => 'true',
inject_as_id => 'mon.',
inject_keyring => "/var/lib/ceph/mon/ceph-$::hostname/keyring";
'client.cinder-backup':
secret => 'AQBKvuVUMHvaGhAADT6nvBv9LFs7dqpB8Kis0Q==',
cap_mon => 'allow r',
cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=backups',
inject => 'true',
inject_as_id => 'mon.',
inject_keyring => "/var/lib/ceph/mon/ceph-$::hostname/keyring",
}
ceph::pool { 'images':
pg_num => 128;
'volumes':
pg_num => 128;
'vms':
pg_num => 128; 'backups':
pg_num => 128,
}
}
## CONTROLLER NODE(s)
node '<CONTROLLER_HOSTNAME>' {
class { 'iaas::role::controller' :
#set zookeeper index (1,..,N)
zookeeper_id => '1',
}
ceph::key {
'client.glance':
secret => 'AQBgGdJUCPwjLRAARZ0KEaxewYcYHT3j5Gl5Cg==',
cap_mon => 'allow r',
cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=images',
user => 'glance',
group => 'glance',
mode => '0550';
'client.cinder':
secret => 'AQAvxQpVKJ03KxAADFv78tedrAWZx1SoRdsQUA==',
cap_mon => 'allow r',
cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images',
user => 'cinder',
group => 'cinder',
mode => '0550';
'client.cinder-backup':
secret => 'AQBKvuVUMHvaGhAADT6nvBv9LFs7dqpB8Kis0Q==',
cap_mon => 'allow r',
cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=backups',
user => 'cinder',
group => 'cinder',
mode => '0550',
}
}
##COMPUTE NODE(s)
node '<COMPUTE_HOSTNAME>' {
include 'iaas::role::compute'
ceph::key {
'client.cinder':
secret => 'AQAvxQpVKJ03KxAADFv78tedrAWZx1SoRdsQUA==',
cap_mon => 'allow r',
cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images',
user => 'nova',
group => 'nova',
mode => '0550';
}
}