Rush has uploaded a new change for review.
https://gerrit.wikimedia.org/r/254056
Change subject: WIP: hiera-ize labs openstack nova configuration
......................................................................
WIP: hiera-ize labs openstack nova configuration
This is not the ultimate final state.
Change-Id: I57f52537ad8ff326160a678b7a182cb64807bcc9
---
M hieradata/common.yaml
M hieradata/eqiad.yaml
M manifests/role/ceilometer.pp
M manifests/role/horizon.pp
M manifests/role/labs/openstack/nova.pp
M manifests/role/nodepool.pp
M modules/role/manifests/salt/masters/labs.pp
7 files changed, 117 insertions(+), 204 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/56/254056/1
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index f1bc271..fffa883 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -267,7 +267,39 @@
# LABS
-labs_designate_hostname: "holmium.wikimedia.org"
-labs_nova_api_host: "labnet1002.eqiad.wmnet"
-labs_nova_network_host: "labnet1002"
-labs_nova_network_ip: "10.64.20.25"
+labs_designate_hostname: &labsdesignatehostname "holmium.wikimedia.org"
+labs_nova_api_host: &labsnovaapihost "labnet1002.eqiad.wmnet"
+labs_nova_network_host: &labsnovanetworkhost "labnet1002"
+labs_nova_network_ip: &labsnovanetworkip "10.64.20.25"
+status_wiki_host_master: 'wikitech.wikimedia.org'
+
+# By default, don't allow projects to allocate public IPs; this way we can
+# let users have network admin rights, for firewall rules and such, and can
+# give them public ips by increasing their quota
+novaconfig:
+ network_host: *labsnovanetworkip
+ api_host: *labsnovaapihost
+ db_name: 'nova'
+ db_user: 'nova'
+ ceilometer_db_name: 'ceilometer'
+ ldap_base_dn: 'dc=wikimedia,dc=org'
+ ldap_user_dn: 'uid=novaadmin,ou=people,dc=wikimedia,dc=org'
+ ldap_proxyagent: 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org'
+ puppet_db_name: 'puppet'
+ puppet_db_user: 'puppet'
+ quota_floating_ips: '0'
+ libvirt_type: 'kvm'
+ my_ip: "%{::ipaddress_eth0}"
+ zone: "${::site}"
+ network_public_interface: 'eth0'
+ dhcp_domain: "${::site}.wmflabs"
+ network_flat_interface: 'eth1.1102'
+ network_flat_tagged_base_interface: 'eth1'
+ network_flat_interface_vlan: '1102'
+ flat_network_bridge: 'br1102'
+ live_migration_uri: "qemu://%s.${::site}.wmnet/system?pkipath=/var/lib/nova"
+ fixed_range: '10.68.16.0/21'
+ dhcp_start: '10.68.16.4'
+ network_public_ip: '208.80.155.255'
+ dmz_cidr: '208.80.155.0/22,10.0.0.0/8'
+
diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml
index f17b200..62e2967 100644
--- a/hieradata/eqiad.yaml
+++ b/hieradata/eqiad.yaml
@@ -26,26 +26,6 @@
#
ganglia_aggregators: carbon.wikimedia.org:9649
-#
-# Labs
-#
-labs_nova_controller: "labcontrol1001.wikimedia.org"
-# _spare is a duplicate/backup controller. In theory it has the
-# same state as the main controller
-labs_nova_controller_spare: "labcontrol1002.wikimedia.org"
-# _other is the controller in the other datacenter
-labs_nova_controller_other: "labcontrol2001.wikimedia.org"
-labs_glance_controller: "labcontrol1001.wikimedia.org"
-labs_puppet_master: "labs-puppetmaster-eqiad.wikimedia.org"
-labs_keystone_host: "labcontrol1001.wikimedia.org"
-# These are the old, soon-to-be-phased-out dns servers:
-labs_ldap_dns_host: "labs-ns0.wikimedia.org"
-labs_ldap_dns_host_secondary: "labs-ns1.wikimedia.org"
-# These are the up-and-coming, better dns servers:
-labs_dns_host: "labs-ns2.wikimedia.org"
-labs_recursor: "labs-recursor0.wikimedia.org"
-labs_designate_hostname_secondary: "labservices1001.wikimedia.org"
-
# Eventlogging
eventlogging_host: 10.64.32.167 # eventlog1001
@@ -76,3 +56,43 @@
- conf1001.eqiad.wmnet
- conf1002.eqiad.wmnet
- conf1003.eqiad.wmnet
+
+#
+# Labs
+#
+
+labs_nova_controller: &labsnovacontroller "labcontrol1001.wikimedia.org"
+# _spare is a duplicate/backup controller. In theory it has the
+# same state as the main controller
+labs_nova_controller_spare: &labsnovacontrollerspare
"labcontrol1002.wikimedia.org"
+
+# _other is the controller in the other datacenter
+labs_nova_controller_other: &labsnovacontrollerother
"labcontrol2001.wikimedia.org"
+labs_glance_controller: &labsglancecontroller "labcontrol1001.wikimedia.org"
+labs_puppet_master: &labspuppetmaster "labs-puppetmaster-eqiad.wikimedia.org"
+labs_keystone_host: &labskeystonehost "labcontrol1001.wikimedia.org"
+
+# These are the old, soon-to-be-phased-out dns servers:
+labs_ldap_dns_host: &labsldapdnshost "labs-ns0.wikimedia.org"
+labs_ldap_dns_host_secondary: &labsldapdnshostsecondary
"labs-ns1.wikimedia.org"
+
+# These are the up-and-coming, better dns servers:
+labs_dns_host: &labsdnshost "labs-ns2.wikimedia.org"
+labs_recursor: &labsrecursor "labs-recursor0.wikimedia.org"
+labs_designate_hostname_secondary: &labs_designate_hostname_secondary
"labservices1001.wikimedia.org"
+designate_hostname: $designatehostname 'holmium.wikimedia.org'
+
+novaconfig:
+ db_host: 'm5-master.eqiad.wmnet'
+ glance_host: *labsnovacontroller
+ rabbit_host: *labsnovacontroller
+ cc_host: *labsnovacontroller
+ site_address: '208.80.155.255'
+ controller_hostname: *labsnovacontroller
+ ldap_host: *labsnovacontroller
+ puppet_host: *labsnovacontroller
+ puppet_db_host: *labsnovacontroller
+
+keystone:
+ auth_port: '35357'
+ auth_protocol: 'http'
diff --git a/manifests/role/ceilometer.pp b/manifests/role/ceilometer.pp
index 9e5eac3..b60b59b 100644
--- a/manifests/role/ceilometer.pp
+++ b/manifests/role/ceilometer.pp
@@ -1,6 +1,6 @@
class role::ceilometer::controller {
- include role::labs::openstack::nova::config
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
+ include role::labs::openstack::nova::common
+ $novaconfig = $role::labs::openstack::nova::common::novaconfig
class { 'openstack::ceilometer::controller':
openstack_version => $::openstack_version,
@@ -9,8 +9,8 @@
}
class role::ceilometer::compute {
- include role::labs::openstack::nova::config
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
+ include role::labs::openstack::nova::common
+ $novaconfig = $role::labs::openstack::nova::common::novaconfig
class { 'openstack::ceilometer::compute':
openstack_version => $::openstack_version,
diff --git a/manifests/role/horizon.pp b/manifests/role/horizon.pp
index 0b7c6ad..287ce4e 100644
--- a/manifests/role/horizon.pp
+++ b/manifests/role/horizon.pp
@@ -1,6 +1,6 @@
class role::horizon {
- include role::labs::openstack::nova::config
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
+ include role::labs::openstack::nova::common
+ $novaconfig = $role::labs::openstack::nova::common::novaconfig
class { 'openstack::horizon::service':
openstack_version => $::openstack_version,
diff --git a/manifests/role/labs/openstack/nova.pp
b/manifests/role/labs/openstack/nova.pp
index 1a58aeb..713049b 100644
--- a/manifests/role/labs/openstack/nova.pp
+++ b/manifests/role/labs/openstack/nova.pp
@@ -1,158 +1,30 @@
-class role::labs::openstack::nova::config {
-
- include role::labs::openstack::nova::config::eqiad
- include role::labs::openstack::nova::config::codfw
-
- $novaconfig = $::site ? {
- 'eqiad' => $role::labs::openstack::nova::config::eqiad::novaconfig,
- 'codfw' => $role::labs::openstack::nova::config::codfw::novaconfig,
- }
-}
-
-class role::labs::openstack::nova::config::common {
-
- require openstack
- include passwords::openstack::nova
- include passwords::openstack::ceilometer
- include passwords::labs::rabbitmq
-
- $commonnovaconfig = {
- db_name => 'nova',
- db_user => 'nova',
- db_pass =>
$passwords::openstack::nova::nova_db_pass,
- metadata_pass =>
$passwords::openstack::nova::nova_metadata_pass,
- rabbit_user =>
$passwords::labs::rabbitmq::rabbit_userid,
- rabbit_pass =>
$passwords::labs::rabbitmq::rabbit_password,
- ceilometer_user =>
$passwords::openstack::ceilometer::db_user,
- ceilometer_pass =>
$passwords::openstack::ceilometer::db_pass,
- ceilometer_secret_key =>
$passwords::openstack::ceilometer::secret_key,
- ceilometer_db_name => 'ceilometer',
- my_ip => $::ipaddress_eth0,
- ldap_base_dn => 'dc=wikimedia,dc=org',
- ldap_user_dn =>
'uid=novaadmin,ou=people,dc=wikimedia,dc=org',
- ldap_user_pass =>
$passwords::openstack::nova::nova_ldap_user_pass,
- ldap_proxyagent =>
'cn=proxyagent,ou=profile,dc=wikimedia,dc=org',
- ldap_proxyagent_pass =>
$passwords::openstack::nova::nova_ldap_proxyagent_pass,
- controller_mysql_root_pass =>
$passwords::openstack::nova::controller_mysql_root_pass,
- puppet_db_name => 'puppet',
- puppet_db_user => 'puppet',
- puppet_db_pass =>
$passwords::openstack::nova::nova_puppet_user_pass,
- # By default, don't allow projects to allocate public IPs; this way we
can
- # let users have network admin rights, for firewall rules and such,
and can
- # give them public ips by increasing their quota
- quota_floating_ips => '0',
- libvirt_type => 'kvm',
- }
-}
-
-class role::labs::openstack::nova::config::codfw inherits
role::labs::openstack::nova::config::common {
-
- include role::labs::openstack::keystone::config::eqiad
-
- $nova_controller = hiera('labs_nova_controller')
- $keystoneconfig =
$role::labs::openstack::keystone::config::eqiad::keystoneconfig
- $controller_hostname = $nova_controller
- $controller_address = ipresolve($nova_controller, 4)
- $designate_hostname = 'holmium.wikimedia.org'
-
- $codfwnovaconfig = {
- db_host => $controller_hostname,
- dhcp_domain => 'codfw.wmflabs',
- glance_host => $controller_hostname,
- rabbit_host => $controller_hostname,
- cc_host => $controller_hostname,
- designate_hostname => $designate_hostname,
- network_flat_interface => 'eth1.1102',
- network_flat_tagged_base_interface => 'eth1',
- network_flat_interface_vlan => '1102',
- flat_network_bridge => 'br1102',
- network_public_interface => 'eth0',
- network_host => hiera('labs_nova_network_ip'),
- api_host => hiera('labs_nova_api_host'),
- api_ip =>
ipresolve(hiera('labs_nova_api_host'),4),
- fixed_range => '10.68.16.0/21',
- dhcp_start => '10.68.16.4',
- network_public_ip => '208.80.155.255',
- dmz_cidr => '208.80.155.0/22,10.0.0.0/8',
- auth_uri => "http://${nova_controller}:5000";,
- controller_hostname => $controller_hostname,
- controller_address => $controller_address,
- ldap_host => $controller_hostname,
- puppet_host => $controller_hostname,
- puppet_db_host => $controller_hostname,
- live_migration_uri =>
'qemu://%s.codfw.wmnet/system?pkipath=/var/lib/nova',
- zone => 'codfw',
- keystone_admin_token => $keystoneconfig['admin_token'],
- keystone_auth_host => $keystoneconfig['bind_ip'],
- keystone_auth_protocol => $keystoneconfig['auth_protocol'],
- keystone_auth_port => $keystoneconfig['auth_port'],
- }
-
- $novaconfig = merge( $codfwnovaconfig, $commonnovaconfig )
-}
-
-class role::labs::openstack::nova::config::eqiad inherits
role::labs::openstack::nova::config::common {
-
- include role::labs::openstack::keystone::config::eqiad
-
- $nova_controller = hiera('labs_nova_controller')
- $keystoneconfig =
$role::labs::openstack::keystone::config::eqiad::keystoneconfig
- $controller_hostname = $nova_controller
- $designate_hostname ='holmium.wikimedia.org'
- $controller_address = ipresolve($nova_controller,4)
-
- $eqiadnovaconfig = {
- db_host => 'm5-master.eqiad.wmnet',
- dhcp_domain => 'eqiad.wmflabs',
- glance_host => $controller_hostname,
- rabbit_host => $controller_hostname,
- cc_host => $controller_hostname,
- designate_hostname => $designate_hostname,
- network_flat_interface => 'eth1.1102',
- network_flat_tagged_base_interface => 'eth1',
- network_flat_interface_vlan => '1102',
- flat_network_bridge => 'br1102',
- network_public_interface => 'eth0',
- network_host => hiera('labs_nova_network_ip'),
- api_host => hiera('labs_nova_api_host'),
- api_ip =>
ipresolve(hiera('labs_nova_api_host'),4),
- fixed_range => '10.68.16.0/21',
- dhcp_start => '10.68.16.4',
- network_public_ip => '208.80.155.255',
- dmz_cidr => '208.80.155.0/22,10.0.0.0/8',
- auth_uri => "http://${nova_controller}:5000";,
- controller_hostname => $controller_hostname,
- controller_address => $controller_address,
- ldap_host => $controller_hostname,
- puppet_host => $controller_hostname,
- puppet_db_host => $controller_hostname,
- live_migration_uri =>
'qemu://%s.eqiad.wmnet/system?pkipath=/var/lib/nova',
- zone => 'eqiad',
- keystone_admin_token => $keystoneconfig['admin_token'],
- keystone_auth_host => $keystoneconfig['bind_ip'],
- keystone_auth_protocol => $keystoneconfig['auth_protocol'],
- keystone_auth_port => $keystoneconfig['auth_port'],
- }
-
- if ( $::hostname == hiera('labs_nova_network_host') ) {
- $networkconfig = {
- network_flat_interface => 'eth1.1102',
- network_flat_tagged_base_interface => 'eth1',
- }
- $novaconfig = merge( $eqiadnovaconfig, $commonnovaconfig,
$networkconfig )
- } else {
- $novaconfig = merge( $eqiadnovaconfig, $commonnovaconfig )
- }
-}
-
class role::labs::openstack::nova::common {
include passwords::misc::scripts
- include role::labs::openstack::nova::config
include role::labs::openstack::nova::wikiupdates
- $status_wiki_host_master = 'wikitech.wikimedia.org'
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
+ $novaconfig = hiera_hash('novaconfig', {})
+ $keystone = hiera_hash('keystone', {})
+
+ $keystone_host = hiera('labs_keystone_host')
+ $nova_controller = hiera('labs_nova_controller')
+ $nova_api_host = hiera('labs_nova_api_host')
+ $network_host = hiera('labs_nova_network_host')
+ $status_wiki_host_master = hiera('status_wiki_host_master')
+
+ $novaconfig['bind_ip'] = ipresolve($keystone_host,4)
+ $novaconfig['keystone_auth_port'] = $keystone['auth_port']
+ $novaconfig['keystone_admin_token'] = $keystone['admin_token']
+ $novaconfig['keystone_auth_protocol'] = $keystone['auth_protocol']
+
+ $novaconfig['auth_uri'] = "http://${nova_controller}:5000";
+ $novaconfig['api_ip'] = ipresolve($nova_api_host,4)
+ $novaconfig['controller_address'] = ipresolve($nova_controller,4)
+
+ if ( $::hostname == $network_host ) {
+ $novaconfig['network_flat_interface'] = 'eth1.1102'
+ $novaconfig['network_flat_tagged_base_interface'] = 'eth1'
+ }
class { '::openstack::common':
novaconfig => $novaconfig,
@@ -169,13 +41,13 @@
# This is the wikitech UI
class role::labs::openstack::nova::manager {
- include role::labs::openstack::nova::config
include ::nutcracker::monitoring
include ::mediawiki::packages::php5
include ::mediawiki::cgroup
include ::scap::scripts
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
+ include role::labs::openstack::nova::common
+ $novaconfig = $role::labs::openstack::nova::common::novaconfig
case $::realm {
'production': {
@@ -242,14 +114,12 @@
class role::labs::openstack::nova::controller {
require openstack
- include role::labs::openstack::nova::config
include role::labs::puppetmaster
- include role::labs::openstack::keystone::config::eqiad
include role::labs::openstack::glance::config::eqiad
include role::labs::openstack::nova::wikiupdates
- include role::labs::openstack::nova::common
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
+ include role::labs::openstack::nova::common
+ $novaconfig = $role::labs::openstack::nova::common::novaconfig
$glanceconfig = $::site ? {
'eqiad' => $role::labs::openstack::glance::config::eqiad::glanceconfig,
@@ -288,10 +158,8 @@
class role::labs::openstack::nova::api {
require openstack
- include role::labs::openstack::nova::config
include role::labs::openstack::nova::common
-
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
+ $novaconfig = $role::labs::openstack::nova::common::novaconfig
class { '::openstack::nova::api':
novaconfig => $novaconfig,
@@ -308,19 +176,13 @@
class role::labs::openstack::nova::network {
require openstack
- include role::labs::openstack::nova::config
include role::labs::openstack::nova::common
include role::labs::openstack::nova::wikiupdates
-
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
-
- $site_address = $::site ? {
- 'eqiad' => '208.80.155.255',
- }
+ $novaconfig = $role::labs::openstack::nova::common::novaconfig
interface::ip { 'openstack::network_service_public_dynamic_snat':
interface => 'lo',
- address => $site_address,
+ address => $novaconfig['site_address'],
}
interface::tagged { $novaconfig['network_flat_interface']:
@@ -368,9 +230,9 @@
}
require openstack
- include role::labs::openstack::nova::config
include role::labs::openstack::nova::common
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
+ $novaconfig = $role::labs::openstack::nova::common::novaconfig
+
ganglia::plugin::python {'diskstat': }
diff --git a/manifests/role/nodepool.pp b/manifests/role/nodepool.pp
index fdae43f..103675d 100644
--- a/manifests/role/nodepool.pp
+++ b/manifests/role/nodepool.pp
@@ -8,10 +8,9 @@
system::role { 'role::nodepool': description => 'CI Nodepool' }
- include role::labs::openstack::nova::config
include passwords::nodepool
-
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
+ include role::labs::openstack::nova::common
+ $novaconfig = $role::labs::openstack::nova::common::novaconfig
# dib scripts
git::clone { 'integration/config':
diff --git a/modules/role/manifests/salt/masters/labs.pp
b/modules/role/manifests/salt/masters/labs.pp
index 7dcdfd0..5ba865f 100644
--- a/modules/role/manifests/salt/masters/labs.pp
+++ b/modules/role/manifests/salt/masters/labs.pp
@@ -26,8 +26,8 @@
if ! defined(Class['puppetmaster::certmanager']) {
- include role::labs::openstack::nova::config
- $novaconfig = $role::labs::openstack::nova::config::novaconfig
+ include role::labs::openstack::nova::common
+ $novaconfig = $role::labs::openstack::nova::common::novaconfig
class { 'puppetmaster::certmanager':
remote_cert_cleaner => $novaconfig['designate_hostname'],
--
To view, visit https://gerrit.wikimedia.org/r/254056
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I57f52537ad8ff326160a678b7a182cb64807bcc9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
