Initial commit

70e2ea96 · Quentin Machu · 70e2ea96 · 70e2ea96 · 70e2ea96 · 70e2ea96
Commit 70e2ea96 authored 10 years ago by Quentin Machu
--- a/Gemfile
+++ b/Gemfile
+source 'https://rubygems.org'
+
+puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3']
+gem 'puppet', puppetversion
+gem 'puppetlabs_spec_helper', '>= 0.1.0'
+gem 'puppet-lint', '>= 0.3.2'
+gem 'facter', '>= 1.7.0'
--- a/Puppetfile
+++ b/Puppetfile
+#!/usr/bin/env ruby
+#^syntax detection
+
+forge "https://forge.puppetlabs.com"
+
+# Role base
+mod 'puppetlabs-ntp',
+    :git => 'https://github.com/puppetlabs/puppetlabs-ntp.git'
+mod 'saz-ssh',
+    :git => 'https://github.com/saz/puppet-ssh.git'
+mod 'saz-resolv_conf',
+    :git => 'https://github.com/saz/puppet-resolv_conf.git'
+mod 'saz-memcached',
+    :git => 'https://github.com/saz/puppet-memcached.git'
+mod 'saz-locales',
+    :git => 'https://github.com/saz/puppet-locales.git'
+mod 'camptocamp-kmod',
+    :git => 'https://github.com/camptocamp/puppet-kmod.git'
+mod 'adrien-network',
+    :git => 'https://github.com/puppet-community/puppet-network.git'
+
+# Role Controller
+mod 'puppetlabs-mysql', # This is only required because of https://github.com/michaeltchapman/puppet-galera/pull/22
+    :git => 'https://github.com/puppetlabs/puppetlabs-mysql.git',
+    :ref => '2.2.0'
+mod 'michaeltchapman-galera',
+    :git => 'https://github.com/michaeltchapman/puppet-galera.git'
+mod 'garethr-erlang', # Required by rabbitmq
+    :git => 'https://github.com/garethr/garethr-erlang.git'
+mod 'puppetlabs-rabbitmq',
+    :git => 'https://github.com/puppetlabs/puppetlabs-rabbitmq.git'
+
+# Role Storage
+mod 'stackforge-ceph',
+    :git => 'https://github.com/stackforge/puppet-ceph.git'
+
+# Role Endpoint
+mod 'puppetlabs-haproxy',
+    :git => 'https://github.com/puppetlabs/puppetlabs-haproxy.git'
--- a/README.md
+++ b/README.md
+# puppet-iaas
+
+#### Table of Contents
+
+1. [Overview](#overview)
+2. [Module Description - What the module does and why it is useful](#module-description)
+3. [Setup - The basics of getting started with iaas](#setup)
+    * [What iaas affects](#what-iaas-affects)
+    * [Setup requirements](#setup-requirements)
+    * [Beginning with iaas](#beginning-with-iaas)
+4. [Usage - Configuration options and additional functionality](#usage)
+5. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
+5. [Limitations - OS compatibility, etc.](#limitations)
+6. [Development - Guide for contributing to the module](#development)
+
+## Overview
+
+This Puppet module allows deploying a highly-available installation of OpenStack Juno on commodity servers (only one NIC and one disk).
+
+## Module Description
+
+Four types of nodes are created for the deployment :
+
+* Endpoint nodes that host load balancers and L2/L3 (Open vSwitch) routing and DHCP services 
+* Controller nodes that hosts API services, databases, message queues, caches, and every 
+* Storage nodes that hosts volumes, image storage, objects using Ceph
+* Compute nodes to run guest operating systems
+
+## Setup
+
+### Setup Requirements
+This module assumes nodes running Ubuntu 14.04 (Trusty) with either Puppet Enterprise or Puppet. Puppet must have pluginsync and storeconfigs enabled.
+
+This module depends on Hiera.
+ 
+### Beginning with puppet-iaas
+To ensure high availability, three storage nodes, three controller nodes and two endpoint nodes must be deployed, be sure to have eight available servers.
+
+## Usage
+
+### Hiera Configuration
+
+The first step to using the iaas-puppet module is to configure hiera with settings specific to your installation. In this module, the `examples` directory contains sample common.yaml file with all of the settings required by this module, as well as node configuration samples to test your deployment with. These configuration options include network settings, locations of specific nodes, and passwords. If any of these settings are undefined or not properly set, your deployment may fail.
+
+### Site configuration
+You then have to write your `site.pp` according to your deployment. Below is an example :
+
+```
+Exec {
+  path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin'
+}
+
+node /^ceph-\d+.iaas$/ {
+  include 'iaas::role::storage'
+}
+
+node /^endpoint-\d+.iaas$/ {
+  include 'iaas::role::endpoint'
+}
+
+node /^controller-\d+.iaas$/ {
+  include 'iaas::role::controller'
+}
+
+node /^compute-\d+.iaas$/ {
+  include 'iaas::role::compute'
+}
+```
+
+The nodes should be deployed in the following order : storage nodes, endpoints, controllers and then compute nodes.
+
+### Balancing the endpoint nodes
+
+In order to balance requests across the different endpoints nodes, several solutions could be imagined but I believe that DNS Round-Robin is the easiest solution.
+
+## Limitations
+
+This module is still under development and doesn't include every feature yet.
--- a/Rakefile
+++ b/Rakefile
+require 'rubygems'
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+PuppetLint.configuration.send('disable_80chars')
+PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
+
+desc "Validate manifests, templates, and ruby files"
+task :validate do
+  Dir['manifests/**/*.pp'].each do |manifest|
+    sh "puppet parser validate --noop #{manifest}"
+  end
+  Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file|
+    sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/
+  end
+  Dir['templates/**/*.erb'].each do |template|
+    sh "erb -P -x -T '-' #{template} | ruby -c"
+  end
+end
--- a/examples/common.yaml
+++ b/examples/common.yaml
+# Node
+iaas::profile::base::netmask: 255.255.192.0
+iaas::profile::base::gateway: 192.168.0.1
+iaas::profile::base::dns_servers: [192.168.0.1, 8.8.8.8, 8.8.4.4]
+iaas::profile::base::dns_searchdomain: iaas
+iaas::profile::base::ssh_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAo/JkbGO6R7g1ZxARi0xWVM7FOfN02snRAcIO6vT9M7xMUkWVLgD+hM/o91lk+UFiYdql0CATobpFWncRL36KaUqsbw9/1BlI40wg296XHXSSnxhxZ4L7ytf6G1tyN319HXlI2kh9vAf/fy++yDvkH8dI3k1oLoW+mZPET6Pff04/6AXXrRlS5mhmGv9irGwiDHtVKpj6lU8DN/UtOrv1tiQ0pgwEJq05fLGoQfgPNaBCnW2z4Ubpn2gyMcMBMpSwo4hCqJePd349e4bLmFcT+gXYg7Mnup1DoTDlowFFN56wpxQbdp96IxWzU+jYPaIAuRo+BJzCyOS8qBv0Z4RZrgop0qp2JYiVwmViO6TZhIDz6loQJXUOIleQmNgTbiZx8Bwv5GY2jMYoVwlBp7yy5bRjxfbFsJ0vU7TVzNAG7oEJy/74HmHmWzRQlSlQjesr8gRbm9zgR8wqc/L107UOWFg7Cgh8ZNjKuADbXqYuda1Y9m2upcfS26UPz5l5PW5uFRMHZSi8pb1XV6/0Z8H8vwsh37Ur6aLi/5jruRmKhdlsNrB1IiDicBsPW3yg7HHSIdPU4oBNPC77yDCT3l4CKr4el81RrZt7FbJPfY+Ig9Q5O+05f6I8+ZOlJGyZ/Qfyl2aVm1HnlJKuBqPxeic8tMng/9B5N7uZL6Y3k5jFU8c= contact@harmony-hosting.com
+iaas::profile::base::ntp_servers: [puppet]
+
+# Endpoints
+iaas::role::endpoint::haproxy_port: [8140]
+
+# Controller
+iaas::role::controller::servers: [192.168.3.1, 192.168.3.2, 192.168.3.3]
+iaas::role::controller::server_hosts: [controller-1, controller-2, controller-3]
+
+iaas::role::controller::galera_master: controller-1.iaas
+iaas::role::controller::galera_password: iaas
+galera::status::status_allow: localhost
+
+iaas::role::controller::rabbitmq_user: openstack
+iaas::role::controller::rabbitmq_password: iaas
+iaas::role::controller::rabbitmq_erlang: GWFFDKEXVWEMGMFLSFQX
+
+# Ceph
+iaas::role::storage::cluster_vlan: 8
+iaas::role::storage::cluster_netmask: 255.255.252.0
+
+ceph::profile::params:release: 'firefly'
+ceph::profile::params::fsid: '8bd6398b-65a2-4254-bb00-1ff2468d2806'
+ceph::profile::params:authentication_type: 'cephx'
+ceph::profile::params:mon_initial_members: ''
+ceph::profile::params::mon_host: '192.168.1.1:6789, 192.168.1.2:6789, 192.168.1.3:6789'
+ceph::profile::params::osd_pool_default_pg_num: 128
+ceph::profile::params::osd_pool_default_pgp_num: 128
+ceph::profile::params::osd_pool_default_size: 3
+ceph::profile::params::osd_pool_default_min_size: 2
+ceph::profile::params::cluster_network: '172.16.64.0/22'
+ceph::profile::params::public_network: '192.168.0.0/18'
+
+ceph::profile::params::mon_key: 'AQCdC8FU+HpKKRAAdjPWy4epdofGDpJQJi9iiA=='
+ceph::profile::params::admin_key: 'AQAZksZUEByAJhAA4EeT6P7RBy94sThGb2cP6Q=='
+ceph::profile::params::admin_key_mode: '0600'
+ceph::profile::params::bootstrap_osd_key: 'AQAhksZU+JhpIxAACevduqas0p+fRJDhGLg9lw=='
+ceph::profile::params::bootstrap_mds_key: 'AQApksZUIJhXJxAAEHVW/dbL1OeLA7Om++zdVw=='
+
+ceph::keys::args:
+  client.app:
+    secret: AQCdC8FU+HpKKRAAdjPWy4epdofGDpJQJi9iiA==
+    cap_mon: allow r
--- a/examples/hiera.yaml
+++ b/examples/hiera.yaml
+/etc/puppet/hiera.yaml
\ No newline at end of file
--- a/examples/nodes/ceph-1.iaas.yaml
+++ b/examples/nodes/ceph-1.iaas.yaml
+# Node
+iaas::profile::base::ipaddress: 192.168.1.1
+
+# Ceph
+iaas::role::storage::cluster_ipaddress: 172.16.64.1
+iaas::role::storage::osd_disk: /dev/sda
+iaas::role::storage::osd_partition: 4
+iaas::role::storage::osd_uuid: 30677c33-3916-44a8-b48e-59990f23fe4e
+
+ceph::profile::params::osds:
+  '/dev/sda4':
+    journal:
+
+ceph::keys::args:
+  client.app:
+    secret: AQCdC8FU+HpKKRAAdjPWy4epdofGDpJQJi9iiA==
+    cap_mon: allow r
+    inject: true
+    inject_as_id: mon.
+    inject_keyring: /var/lib/ceph/mon/ceph-%{::hostname}/keyring
--- a/examples/nodes/ceph-2.iaas.yaml
+++ b/examples/nodes/ceph-2.iaas.yaml
+# Node
+iaas::profile::base::ipaddress: 192.168.1.2
+
+# Ceph
+iaas::role::storage::cluster_ipaddress: 172.16.64.2
+iaas::role::storage::osd_disk: /dev/sda
+iaas::role::storage::osd_partition: 4
+iaas::role::storage::osd_uuid: 33c17404-ecbc-420c-a747-0c32b0450711
+
+ceph::profile::params::osds:
+  '/dev/sda4':
+    journal:
+
+ceph::keys::args:
+  client.app:
+    secret: AQCdC8FU+HpKKRAAdjPWy4epdofGDpJQJi9iiA==
+    cap_mon: allow r
+    inject: true
+    inject_as_id: mon.
+    inject_keyring: /var/lib/ceph/mon/ceph-%{::hostname}/keyring
--- a/examples/nodes/ceph-3.iaas.yaml
+++ b/examples/nodes/ceph-3.iaas.yaml
+# Node
+iaas::profile::base::ipaddress: 192.168.1.3
+
+# Ceph
+iaas::role::storage::cluster_ipaddress: 172.16.64.3
+iaas::role::storage::osd_disk: /dev/sda
+iaas::role::storage::osd_partition: 4
+iaas::role::storage::osd_uuid: 22b58306-3182-4340-9bd8-822b8e06f898
+
+ceph::profile::params::osds:
+  '/dev/sda4':
+    journal:
+
+ceph::keys::args:
+  client.app:
+    secret: AQCdC8FU+HpKKRAAdjPWy4epdofGDpJQJi9iiA==
+    cap_mon: allow r
+    inject: true
+    inject_as_id: mon.
+    inject_keyring: /var/lib/ceph/mon/ceph-%{::hostname}/keyring
--- a/examples/nodes/controller-1.iaas.yaml
+++ b/examples/nodes/controller-1.iaas.yaml
+# Node
+iaas::profile::base::ipaddress: 192.168.3.1
--- a/examples/nodes/controller-2.iaas.yaml
+++ b/examples/nodes/controller-2.iaas.yaml
+# Node
+iaas::profile::base::ipaddress: 192.168.3.2
--- a/examples/nodes/controller-3.iaas.yaml
+++ b/examples/nodes/controller-3.iaas.yaml
+# Node
+iaas::profile::base::ipaddress: 192.168.3.3
--- a/examples/nodes/endpoint-1.iaas.yaml
+++ b/examples/nodes/endpoint-1.iaas.yaml
+# Node
+iaas::profile::base::ipaddress: 192.168.2.1
+
+# Proxy
+iaas::role::endpoint::haproxy_ip: 192.168.2.1
--- a/examples/nodes/endpoint-2.iaas.yaml
+++ b/examples/nodes/endpoint-2.iaas.yaml
+# Node
+iaas::profile::base::ipaddress: 192.168.2.2
+
+# Proxy
+iaas::role::endpoint::haproxy_ip: 192.168.2.2
--- a/manifests/init.pp
+++ b/manifests/init.pp
+# == Class: iaas
+#
+# Full description of class iaas here.
+#
+# === Parameters
+#
+# Document parameters here.
+#
+# [*sample_parameter*]
+#   Explanation of what this parameter affects and what it defaults to.
+#   e.g. "Specify one or more upstream ntp servers as an array."
+#
+# === Variables
+#
+# Here you should define a list of variables that this module would require.
+#
+# [*sample_variable*]
+#   Explanation of how this variable affects the funtion of this class and if
+#   it has a default. e.g. "The parameter enc_ntp_servers must be set by the
+#   External Node Classifier as a comma separated list of hostnames." (Note,
+#   global variables should be avoided in favor of class parameters as
+#   of Puppet 2.6.)
+#
+# === Examples
+#
+#  class { 'iaas':
+#    servers => [ 'pool.ntp.org', 'ntp.local.company.com' ],
+#  }
+#
+# === Authors
+#
+# Author Name <author@domain.com>
+#
+# === Copyright
+#
+# Copyright 2015 Your name here, unless otherwise noted.
+#
+class iaas {
+
+}
--- a/manifests/profile/base.pp
+++ b/manifests/profile/base.pp
+class iaas::profile::base (
+  $ipaddress,
+  $netmask,
+  $gateway,
+  $dns_servers,
+  $dns_searchdomain,
+  $ssh_public_key,
+  $ntp_servers
+) {
+  # Locales
+  class { 'locales':
+    default_locale  => 'en_US.UTF-8',
+    locales         => ['en_US.UTF-8 UTF-8'],
+    lc_ctype => 'en_US.UTF-8'
+  }
+
+  # VLAN module
+  package { 'vlan': }
+  kmod::load {'8021q':
+    require => Package['vlan']
+  }
+
+  # NTP
+  class { '::ntp':
+    servers => $ntp_servers,
+    restrict => ['127.0.0.1'],
+  }
+
+  # Network
+  package { 'ifupdown-extra': } ->
+  network_config { "eth0":
+    ensure => 'present',
+    family => 'inet',
+    method => 'static',
+    ipaddress => $ipaddress,
+    netmask => $netmask,
+  } ~>
+  network_route { 'route_default':
+    ensure => 'present',
+    gateway => $gateway,
+    interface => 'eth0',
+    netmask => '0.0.0.0',
+    network => 'default'
+  } ~>
+  exec { "ifup_eth0":
+    command => "ifdown eth0 && ifup eth0"
+  }
+
+  class { 'resolv_conf':
+    nameservers => $dns_servers,
+    domainname  => $dns_searchdomain,
+  }
+
+  # SSH
+  class { 'ssh::server':
+    storeconfigs_enabled => false,
+    options => {
+      'PermitRootLogin'        => 'yes',
+      'Port'                   => [22],
+    }
+  } ~>
+  exec { 'sshd_restart':
+    command => '/etc/init.d/ssh restart',
+    returns => [0, 1]
+  }
+  file { "/root/.ssh":
+    ensure => "directory",
+    owner  => "root",
+    group  => "root",
+    mode   => 755,
+  }
+  file { '/root/.ssh/authorized_keys2':
+    owner => root,
+    group => root,
+    mode => 644,
+    content => $ssh_public_key
+  }
+
+  # Puppet
+  service { "puppet":
+    ensure => "running",
+  }
+}
--- a/manifests/role/compute.pp
+++ b/manifests/role/compute.pp
+class iaas::role::compute (
+
+) {
+  # Base
+  class { 'iaas::profile::base': }
+}
--- a/manifests/role/controller.pp
+++ b/manifests/role/controller.pp
+class iaas::role::controller (
+  $servers = undef,
+  $server_hosts = undef,
+  $galera_master = undef,
+  $galera_password = undef,
+  $rabbitmq_user = undef,
+  $rabbitmq_password = undef,
+  $rabbitmq_erlang = undef,
+) {
+  # Base
+  class { 'iaas::profile::base': } ->
+
+  # Galera MySQL
+  class { 'galera':
+    galera_servers => $servers,
+    galera_master => $galera_master,
+    root_password => $galera_password,
+    configure_firewall => false,
+  } ->
+
+  # RabbitMQ
+  class {'erlang': } ->
+  package { 'erlang-base':
+    ensure => 'latest',
+  } ->
+  class { '::rabbitmq':
+    service_ensure => 'running',
+    port => 5672,
+    delete_guest_user => true,
+    config_cluster => true,
+    cluster_nodes => $server_hosts,
+    erlang_cookie => $rabbitmq_erlang,
+    cluster_node_type => 'ram',
+    wipe_db_on_cookie_change => true,
+    cluster_partition_handling => 'pause_minority',
+  } ->
+  rabbitmq_user { $rabbitmq_user:
+    admin => true,
+    password => $rabbitmq_password,
+    provider => 'rabbitmqctl',
+  } ->
+  rabbitmq_user_permissions { "${rabbitmq_user}@/":
+    configure_permission => '.*',
+    write_permission => '.*',
+    read_permission => '.*',
+    provider => 'rabbitmqctl',
+  } -> # -> Anchor<| title == 'nova-start' |> ->
+
+  # Memcached
+  class { 'memcached': } #->
+
+  ####################################################################################################
+  ####################################################################################################
+  ####################################################################################################
+
+  # To a storage client : ceph::profile::client & ceph::keys to get keyrings in /etc/ceph/ceph.$key_name
+
+  # Export for clients who need a balanced service
+  #@@haproxy::balancermember { $::fqdn:
+  #  listening_service => 'puppet00',
+  #  server_names      => $::hostname,
+  #  ipaddresses       => $::ipaddress,
+  #  ports             => '8140',
+  #  options           => 'check',
+  #}
+}
--- a/manifests/role/endpoint.pp
+++ b/manifests/role/endpoint.pp
+class iaas::role::endpoint (
+  $haproxy_ip,
+  $haproxy_port
+) {
+  # Base
+  class { 'iaas::profile::base': } ->
+
+  # Proxy
+  class { 'haproxy': }
+  haproxy::listen { 'puppet00':
+    ipaddress => $haproxy_ip,
+    ports     => $haproxy_port,
+  }
+}
--- a/manifests/role/storage.pp
+++ b/manifests/role/storage.pp
+class iaas::role::storage (
+  $cluster_vlan = undef,
+  $cluster_ipaddress = undef,
+  $cluster_netmask = undef,
+  $osd_disk = undef,
+  $osd_partition = undef,
+  $osd_uuid = undef,
+) {
+  # Base
+  class { 'iaas::profile::base': } ->
+
+  # Ceph cluster network
+  network_config { "eth0.${cluster_vlan}":
+    ensure  => 'present',
+    family  => 'inet',
+    method  => 'static',
+    ipaddress => $cluster_ipaddress,
+    netmask   => $cluster_netmask,
+    onboot  => 'true',
+  } ->
+  exec { "ifup_eth0.${cluster_vlan}":
+    command => "ifup eth0.${cluster_vlan}",
+  } ->
+
+  # Ceph
+  class { 'ceph::profile::base': } ->
+  class { 'ceph::profile::mon': } ->
+  class { 'ceph::keys': } ->
+  exec { "ceph-osd-sgdisk-${osd_partition}":
+    command => "sgdisk --change-name='${osd_partition}:ceph data' --partition-guid=${osd_partition}:${osd_uuid} --typecode=${osd_partition}:4fbd7e29-9d25-41b8-afd0-062c0ceff05d -- ${osd_disk} && partprobe",
+    unless => "/bin/true  # comment to satisfy puppet syntax requirements
+set -ex
+ceph-disk list 2> /dev/null | grep ' *${osd_disk}${osd_partition}.*ceph data'
+",
+    logoutput => true,
+  } ->
+  class { 'ceph::profile::osd': }
+}