Feature/manila

.gitignore

@@ -1 +1,14 @@
 templates/credentials.yaml
+templates/overcloud_images.yaml
+local_registry_images.yaml
+
+overcloudrc*
+patches/docker/*/Dockerfile
+patches/docker/horizon/moc_theme/
+patches/docker/overcloud_images.yaml
+patches/tripleo-heat-templates/
+puppet-modules.tar.gz
+seed/credentials/
+tempest-deployer-input.conf
+templates/puppet_modules.yaml
+templates/deploy.yaml

Makefile

@@ -0,0 +1,25 @@
+CUSTOM_ROLES = \
+	       roles/ControllerDeployedServer.yaml \
+	       roles/ComputeDeployedServer.yaml \
+	       roles/NetworkerDeployedServer.yaml
+
+CONTROLLER_SRC_ROLES = \
+	    roles/ControllerOpenstack.yaml \
+	    roles/Database.yaml \
+	    roles/Messaging.yaml
+
+ENVIRONMENTS = templates/deploy.yaml
+
+%.html: %.md
+	$(PANDOC) -s $< -o $@ --toc --css github-pandoc.css
+
+all: $(ENVIRONMENTS) roles_data.yaml
+
+templates/deploy.yaml: templates/deploy.yaml.in
+	ansible-playbook -e @templates/credentials.yaml generate-deploy-files.yaml
+
+roles_data.yaml: $(CUSTOM_ROLES)
+	openstack overcloud roles generate --roles-path roles -o $@ \
+		ControllerDeployedServer \
+		ComputeDeployedServer \
+		NetworkerDeployedServer

Makefile.devel

@@ -0,0 +1,58 @@
+PANDOC = pandoc
+
+MDDOCS = README.md
+HTMLDOCS = $(MDDOCS:.md=.html)
+CUSTOM_ROLES = \
+	       roles/ControllerDeployedServer.yaml \
+	       roles/ComputeDeployedServer.yaml \
+	       roles/NetworkerDeployedServer.yaml
+
+CONTROLLER_SRC_ROLES = \
+	    roles/ControllerOpenstack.yaml \
+	    roles/Database.yaml \
+	    roles/Messaging.yaml
+
+COMPUTE_SRC_ROLES = \
+		    roles/Compute.yaml
+
+NETWORKER_SRC_ROLES = \
+		    roles/Networker.yaml
+
+%.html: %.md
+	$(PANDOC) -s $< -o $@ --toc --css docs/github-pandoc.css
+
+all: $(CUSTOM_ROLES) $(ENVIRONMENTS)
+
+doc: $(HTMLDOCS)
+
+roles/ControllerDeployedServer.yaml: $(CONTROLLER_SRC_ROLES)
+	./scripts/merge-roles.py -o $@ \
+		-s OS::Local::Services::PatchPuppetModules \
+		-s OS::TripleO::Services::Securetty \
+		-s OS::TripleO::Services::ExternalSwiftProxy \
+		-x disable_constraints=true \
+		-x HostnameFormatDefault='%stackname%-controller-%index%' \
+		--remove-network Tenant \
+		ControllerDeployedServer \
+		$(CONTROLLER_SRC_ROLES)
+
+roles/ComputeDeployedServer.yaml: $(COMPUTE_SRC_ROLES)
+	./scripts/merge-roles.py -o $@ \
+		-s OS::Local::Services::PatchPuppetModules \
+		-s OS::TripleO::Services::Securetty \
+		-x disable_constraints=true \
+		-x HostnameFormatDefault='%stackname%-compute-%index%' \
+		ComputeDeployedServer \
+		$(COMPUTE_SRC_ROLES)
+
+roles/NetworkerDeployedServer.yaml: $(NETWORKER_SRC_ROLES)
+	./scripts/merge-roles.py -o $@ \
+		-s OS::Local::Services::PatchPuppetModules \
+		-s OS::TripleO::Services::Securetty \
+		-x disable_constraints=true \
+		-x HostnameFormatDefault='%stackname%-networker-%index%' \
+		NetworkerDeployedServer \
+		$(NETWORKER_SRC_ROLES)
+
+clean:
+	rm -f $(HTMLDOCS) $(CUSTOM_ROLES)

README.md

@@ -1,5 +1,5 @@
 ---
-title: Boston University MoC Director Configuration
+title: MOC OSP Director Configuration
 ---
 
 ## Hosts
@@ -14,14 +14,15 @@ This configuration will provision:
 
 | Interface | VLAN | Tagged | CIDR              | DHCP? | Description         | Director network |
 |-----------|------|--------|-------------------|-------|---------------------|------------------|
-| eth0      | 4014 | N      |                   | Y     | foreman provisioning network | |
-| eth1      | ?    | N      |                   | Y     | bmi provisioning network | |
-| eth1      | 3700 | Y      | 192.168.16.0/22   | N     | ceph public network | Storage |
+| eth0      | ? |        |                   |       | unused  ||
+| eth1      | ? |        |                   |       | unused  ||
+| eth2      | 3699    | N      |                   | Y     | foreman provisioning network | |
 | eth2      | 105  | Y      | 192.12.185.0/24   | N     | public API/horizon | External |
 | eth2      | 3702 | Y      | 192.168.32.0/22   | N     | openstack api network | InternalApi |
 | eth2      | 3703 | Y      | 192.168.24.0/24   | N     | director control plane | ControlPlane |
 | eth2      | 3704 | Y      | 192.168.12.0/22   | N     | tenant networks | Tenant |
 | eth2      | 3803 | Y      | 128.31.28.0/24    | N     | floating ip | |
+| eth3      | 3700 | Y      | 192.168.16.0/22   | N     | ceph public network | Storage |
 
 ## Wrapper scripts
 
@@ -37,11 +38,21 @@ process of deploying RHOSP.
   It generates the `templates/overcloud_images.yaml` environment file
   that points the overcloud deploy at the local registry server.
 
+  This script is responsible for generating any patched Docker images
+  necessary for the deployment and pushing them into the local
+  registry.
+
 - `overcloud-deploy.sh`
 
-  Runs the actual overcloud deploy. Ensures that the environment files
-  necessary to realize our overcloud configuration are provide on the
-  deploy command line.
+  Runs the actual overcloud deploy. Generate `templates/deploy.yaml`
+  from `templates/deploy.yaml.in` (mostly just injecting some
+  credentials).  Ensures that the environment files necessary to
+  realize our overcloud configuration are provide on the deploy
+  command line.
+
+  Prior to running the `openstack overcloud deploy` command, this
+  script packages up any patched puppet modules and ensures that they
+  will be installed as part of the deploy process.
 
 - `overcloud-continue.sh`
 
@@ -57,8 +68,8 @@ process of deploying RHOSP.
 - `templates/network/network_data.yaml`
 
   This overrides the stock list of overcloud networks. We disable the
-  "storage management", since we're running all of our storage traffic
-  over a single vlan.
+  "storage management" network, since we're running all of our storage
+  traffic over a single vlan.
 
 - `templates/network/config/compute.yaml`
 
@@ -73,36 +84,67 @@ process of deploying RHOSP.
   This configures the overcloud to use an existing Ceph cluster rather
   than deploying a Ceph service as part of the overcloud.
 
-- `templates/deploy.yaml`
+- `templates/deploy.yaml.in`
 
   This contains the bulk of our custom configuration (including
   information about network address ranges and vlan ids).
 
-- `templates/services/horizon.yaml`
-
-  This is a patched version of
-  `/usr/share/openstack-tripleo-heat-templates/docker/services/horizon.yaml`
-  that enables the Neutron LBaaS dashboard.
-
-- `templates/extraconfig.yaml`
-
-  Contains some post-deploy actions required to finalize the network
-  configuration.
+- `templates/postconfig.yaml`
 
-- `templates/enable-lbaas-ui.yaml`
+  Contains post-deploy actions that take care of:
 
-  This replaces the stock `horizon.yaml` service template with our
-  local override.
+  - Finalizing the network configuration for br-ex
+  - Creating the necessary keystone resources to support openid
+    federation
+  - Creating some Nova flavors
 
 - `templates/swift-external.yaml`
 
   Configures the overcloud to use Ceph RadosGW for the object storage
   service, rather than deploying Swift as part of the overcloud
   install.
 
+- `templates/services/patch-puppet-modules.yaml`
+
+  Deploys patched puppet modules (from `patches/puppet-modules`) onto
+  the overcloud nodes.  This is a replacement for the existing
+  [DeployArtifacts][] feature, which was not suitable for this
+  purpose.
+
+  [deployartifacts]: http://hardysteven.blogspot.com/2016/08/tripleo-deploy-artifacts-and-puppet.html
+
+- `templates/single-signon.yaml`
+
+  Configuration for enabling Keystone federated authentication.
+
 ### Credentials
 
 The file `templates/credentials.yaml` is required by the
 `overcloud-deploy.sh` script, but it does not exist in this
 repository.  This file contains all passwords, keys, and other secrets
 required for the deployment.
+
+## Patches
+
+We are carrying several patches as part of our deployment.
+
+### Keystone Docker Image
+
+We are using a patched version of the Keystone docker image that
+includes the `mod_auth_openidc` package to support Keystone
+federation.
+
+### Horizon Docker Image
+
+We are using a patched version of the Horizon docker image in order to
+support our custom theme.
+
+### Puppet modules
+
+While not included in this repository, we are also making use of
+patches versions of `puppet-keystone` and `puppet-tripleo` in order to
+support Keystone federation.
+
+The changes can all be found at
+https://review.openstack.org/#/q/status:open+topic:feature/keystone/openidc.
+