puppet manifest svm for openstack

1. node 'vsim' {
2. # SVM creation
3. netapp_vserver { 'openstack_svm' :
4. ensure => present,
5. allowedprotos => ["nfs", "cifs", "iscsi"],
6. rootvol => "vsim_root",
7. language => "c.UTF-8",
8. rootvolsecstyle => "unix",
9. rootvolaggr => "aggr1_1",
10. aggregatelist => ["aggr1_1"]
11. }
12. #Create an NFS/CIFS lif
13. netapp_lif { 'openstack_svm_lif':
14. ensure => present,
15. vserver => "openstack_svm",
16. role => "data",
17. administrativestatus => "up",
18. dataprotocols => ["nfs","cifs"],
19. address => "172.32.0.183",
20. homenode => "vsim-01",
21. homeport => "e0c",
22. netmask => "255.255.255.0"
23. }
24. # Security role creation
25. #Cinder sections
26. #All installs
27. netapp_security_login_role {'vserver:cinder_cli:vsim':
28. ensure => present,
29. access_level => readonly,
30. }
31. netapp_security_login_role {'system node:cinder_cli:vsim':
32. ensure => present,
33. access_level => readonly,
34. }
35. netapp_security_login_role {'security:cinder_cli:vsim':
36. ensure => present,
37. access_level => readonly,
38. }
39. netapp_security_login_role {'security login role:cinder_cli:vsim':
40. ensure => present,
41. access_level => readonly,
42. }
43. netapp_security_login_role {'statistics:cinder_cli:vsim':
44. ensure => present,
45. access_level => readonly,
46. }
47. netapp_security_login_role {'statistics catalog counter:cinder_cli:vsim':
48. ensure => present,
49. access_level => readonly,
50. }
51. netapp_security_login_role {'statistics catalog instance:cinder_cli:vsim':
52. ensure => present,
53. access_level => readonly,
54. }
55. netapp_security_login_role {'statistics catalog:cinder_cli:vsim':
56. ensure => present,
57. access_level => readonly,
58. }
59. netapp_security_login_role {'storage disk:cinder_cli:vsim':
60. ensure => present,
61. access_level => readonly,
62. }
63. netapp_security_login_role {'storage aggregate:cinder_cli:vsim':
64. ensure => present,
65. access_level => readonly,
66. }
67. netapp_security_login_role {'network interface:cinder_cli:vsim':
68. ensure => present,
69. access_level => readonly,
70. }
71. netapp_security_login_role {'volume efficiency:cinder_cli:vsim':
72. ensure => present,
73. }
74. netapp_security_login_role {'qos policy-group:cinder_cli:vsim':
75. ensure => present,
76. }
77. netapp_security_login_role {'version:cinder_cli:vsim':
78. ensure => present,
79. }
80. netapp_security_login_role {'event:cinder_cli:vsim':
81. ensure => present,
82. }
83. netapp_security_login_role {'volume file clone:cinder_cli:vsim':
84. ensure => present,
85. access_level => readonly,
86. }
87. netapp_security_login_role {'volume file clone split:cinder_cli:vsim':
88. ensure => present,
89. access_level => readonly,
90. }
91. netapp_security_login_role {'volume snapshot:cinder_cli:vsim':
92. ensure => present,
93. }
94.  
95. #With NFS
96. netapp_security_login_role {'volume file:cinder_cli:vsim':
97. ensure => present,
98. }
99.  
100. #With iscsi or fc
101.  
102. # netapp_security_login_role {'lun:cinder_cli:vsim':
103. # ensure => present,
104. # }
105. # netapp_security_login_role {'lun mapping:cinder_cli:vsim':
106. # ensure => present,
107. # }
108. # netapp_security_login_role {'lun igroup:cinder_cli:vsim':
109. # ensure => present,
110. # }
111.  
112. #With iscsi
113.  
114. # netapp_security_login_role {'vserver iscsi interface:cinder_cli:vsim':
115. # ensure => present,
116. # }
117. # netapp_security_login_role {'vserver iscsi security:cinder_cli:vsim':
118. # ensure => present,
119. # }
120. # netapp_security_login_role {'vserver iscsi:cinder_cli:vsim':
121. # ensure => present,
122. # access_level => readonly,
123. # }
124.  
125. #With FC
126.  
127. # netapp_security_login_role {'vserver fcp portname:cinder_cli:vsim':
128. # ensure => present,
129. # }
130. # netapp_security_login_role {'vserver fcp interface:cinder_cli:vsim':
131. # ensure => present,
132. # access_level => readonly,
133. # }
134. # netapp_security_login_role {'vserver fcp:cinder_cli:vsim':
135. # ensure => present,
136. # access_level => readonly,
137. # }
138.  
139. #With replication
140.  
141. # netapp_security_login_role {'snapmirror:cinder_cli:vsim':
142. # ensure => present,
143. # access_level => readonly,
144. # }
145. # netapp_security_login_role {'volume:cinder_cli:vsim':
146. # ensure => present,
147. # access_level => readonly,
148. # }
149.  
150. #With Cheesecake
151.  
152. # netapp_security_login_role {'cluster peer:cinder_cli:vsim':
153. # ensure => present,
154. # }
155. # netapp_security_login_role {'cluster peer policy:cinder_cli:vsim':
156. # ensure => present,
157. # }
158. # netapp_security_login_role {'vserver peer:cinder_cli:vsim':
159. # ensure => present,
160. # }
161. # netapp_security_login_role {'snapmirror:cinder_cli:vsim':
162. # ensure => present,
163. # }
164. # netapp_security_login_role {'volume:cinder_cli:vsim':
165. # ensure => present,
166. # }
167. #Creating the user
168. netapp_security_login {'ontapi:password:cinder_cli:vsim':
169. ensure => present,
170. role_name => "cinder_cli",
171. password => "MyP@$\$w0rd",
172. }
173.  
174. #If iSCSI
175. netapp_security_login {'ssh:password:cinder_cli:vsim':
176. ensure => present,
177. role_name => "cinder_cli",
178. password => "MyP@$\$w0rd",
179. }
180.  
181. #Manila sections
182. #All configurations (Requires Cluster-level admin account)
183. netapp_security_login_role {'vserver cifs share:manila_cli:vsim':
184. ensure => present,
185. access_level => all,
186. }
187. netapp_security_login_role {'event:manila_cli:vsim':
188. ensure => present,
189. access_level => all,
190. }
191. netapp_security_login_role {'network interface:manila_cli:vsim':
192. ensure => present,
193. }
194. netapp_security_login_role {'vserver export-policy:manila_cli:vsim':
195. ensure => present,
196. access_level => all,
197. }
198. netapp_security_login_role {'volume snapshot:manila_cli:vsim':
199. ensure => present,
200. access_level => all,
201. }
202. netapp_security_login_role {'version:manila_cli:vsim':
203. ensure => present,
204. }
205. netapp_security_login_role {'system node:manila_cli:vsim':
206. ensure => present,
207. }
208. netapp_security_login_role {'volume:manila_cli:vsim':
209. ensure => present,
210. access_level => all,
211. }
212. netapp_security_login_role {'vserver:manila_cli:vsim':
213. ensure => present,
214. }
215. netapp_security_login_role {'security:manila_cli:vsim':
216. ensure => present,
217. }
218. #With share server management (Requires Cluster-level admin account)
219. # netapp_security_login_role {'cifs create:manila_cli:vsim':
220. # ensure => present,
221. # access_level => all,
222. # }
223. # netapp_security_login_role {'cifs delete:manila_cli:vsim':
224. # ensure => present,
225. # access_level => all,
226. # }
227. # netapp_security_login_role {'kerberos-config:manila_cli:vsim':
228. # ensure => present,
229. # access_level => all,
230. # }
231. # netapp_security_login_role {'kerberos-realm:manila_cli:vsim':
232. # ensure => present,
233. # access_level => all,
234. # }
235. # netapp_security_login_role {'ldap client:manila_cli:vsim':
236. # ensure => present,
237. # access_level => all,
238. # }
239. # netapp_security_login_role {'ldap create:manila_cli:vsim':
240. # ensure => present,
241. # access_level => all,
242. # }
243. # netapp_security_login_role {'license:manila_cli:vsim':
244. # ensure => present,
245. # }
246. # netapp_security_login_role {'dns create:manila_cli:vsim':
247. # ensure => present,
248. # access_level => all,
249. # }
250. # netapp_security_login_role {'network interface:manila_cli:vsim':
251. # ensure => present,
252. # access_level => all,
253. # }
254. # netapp_security_login_role {'network port:manila_cli:vsim':
255. # ensure => present,
256. # }
257. # netapp_security_login_role {'network port vlan:manila_cli:vsim':
258. # ensure => present,
259. # access_level => all,
260. # }
261. # netapp_security_login_role {'vserver:manila_cli:vsim':
262. # ensure => present,
263. # access_level => all,
264. # }
265. # netapp_security_login_role {'qos policy-group:manila_cli:vsim':
266. # ensure => present,
267. # access_level => all,
268. # }
269. #Without share server management (requires cluster-wide admin account)
270. netapp_security_login_role {'license:manila_cli:vsim':
271. ensure => present,
272. }
273. netapp_security_login_role {'storage aggregate:manila_cli:vsim':
274. ensure => present,
275. }
276. netapp_security_login_role {'storage disk:manila_cli:vsim':
277. ensure => present,
278. }
279. netapp_security_login_role {'qos policy-group:manila_cli:vsim':
280. ensure => present,
281. access_level => all,
282. }
283. #Creating the user
284. netapp_security_login {'ontapi:password:manila_cli:vsim':
285. ensure => present,
286. role_name => "manila_cli",
287. password => "MyP@$\$w0rd",
288. }
289. }
290. node 'openstack_svm.vsim' {
291. #Export policy and rule creation
292. #Create export policy OpenStack
293. netapp_export_policy { 'exp_openstack':
294. ensure => present,
295. }
296. #Create rule(s) for OpenStack nodes (Repeat for every node in cluster, or set subnet for client match. i.e. 172.32.0.0/24)
297. netapp_export_rule {'exp_openstack:1':
298. ensure => present,
299. clientmatch => "172.32.0.155",
300. rorule => ["any"],
301. rwrule => ["any"],
302. superusersecurity => ["any"],
303. }
304. #Volume creation
305. #Volume for Cinder
306. netapp_volume { 'cinder_vol' :
307. ensure => present,
308. aggregate => "aggr1_1",
309. initsize => "100g",
310. state => "online",
311. exportpolicy => "exp_openstack",
312. spaceres => 'none',
313. snapreserve => "0"
314. }
315. #Volume for Glance
316. netapp_volume { 'glance_vol' :
317. ensure => present,
318. aggregate => "aggr1_1",
319. initsize => "50g",
320. state => "online",
321. exportpolicy => "exp_openstack",
322. spaceres => 'none',
323. snapreserve => "0"
324. }
325. #Volume for Cinder
326. netapp_volume { 'nova_vol' :
327. ensure => present,
328. aggregate => "aggr1_1",
329. initsize => "50g",
330. state => "online",
331. exportpolicy => "exp_openstack",
332. spaceres => 'none',
333. snapreserve => "0"
334. }
335. }