From 6b5ac01d2e61af9efddd01b58bfc0f6cd1e8518f Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Thu, 12 Feb 2015 14:34:16 -0500 Subject: Move all puppet templates into puppet directory. This cleans up the top level tree by moving all the puppet related bits into the puppet directory. The only exception is overcloud-resource-registry-puppet.yaml which is the puppet environment file and is used externally. Change-Id: Idb65a7143b0f29e5579d4e9d1642e4cda6f65d50 --- ceph-storage-puppet.yaml | 2 - cinder-storage-puppet.yaml | 186 ------- compute-puppet.yaml | 413 --------------- controller-puppet.yaml | 868 ------------------------------- overcloud-resource-registry-puppet.yaml | 10 +- puppet/ceph-storage-puppet.yaml | 2 + puppet/cinder-storage-puppet.yaml | 186 +++++++ puppet/compute-puppet.yaml | 413 +++++++++++++++ puppet/controller-puppet.yaml | 868 +++++++++++++++++++++++++++++++ puppet/loadbalancer.pp | 386 -------------- puppet/manifests/loadbalancer.pp | 386 ++++++++++++++ puppet/manifests/overcloud_compute.pp | 83 +++ puppet/manifests/overcloud_controller.pp | 314 +++++++++++ puppet/manifests/overcloud_object.pp | 56 ++ puppet/manifests/overcloud_volume.pp | 44 ++ puppet/manifests/ringbuilder.pp | 101 ++++ puppet/overcloud_compute.pp | 83 --- puppet/overcloud_controller.pp | 314 ----------- puppet/overcloud_object.pp | 56 -- puppet/overcloud_volume.pp | 44 -- puppet/ringbuilder.pp | 101 ---- puppet/swift-storage-puppet.yaml | 171 ++++++ swift-storage-puppet.yaml | 171 ------ 23 files changed, 2629 insertions(+), 2629 deletions(-) delete mode 100644 ceph-storage-puppet.yaml delete mode 100644 cinder-storage-puppet.yaml delete mode 100644 compute-puppet.yaml delete mode 100644 controller-puppet.yaml create mode 100644 puppet/ceph-storage-puppet.yaml create mode 100644 puppet/cinder-storage-puppet.yaml create mode 100644 puppet/compute-puppet.yaml create mode 100644 puppet/controller-puppet.yaml delete mode 100644 puppet/loadbalancer.pp create mode 100644 puppet/manifests/loadbalancer.pp create mode 100644 puppet/manifests/overcloud_compute.pp create mode 100644 puppet/manifests/overcloud_controller.pp create mode 100644 puppet/manifests/overcloud_object.pp create mode 100644 puppet/manifests/overcloud_volume.pp create mode 100644 puppet/manifests/ringbuilder.pp delete mode 100644 puppet/overcloud_compute.pp delete mode 100644 puppet/overcloud_controller.pp delete mode 100644 puppet/overcloud_object.pp delete mode 100644 puppet/overcloud_volume.pp delete mode 100644 puppet/ringbuilder.pp create mode 100644 puppet/swift-storage-puppet.yaml delete mode 100644 swift-storage-puppet.yaml diff --git a/ceph-storage-puppet.yaml b/ceph-storage-puppet.yaml deleted file mode 100644 index c9aa7bcf..00000000 --- a/ceph-storage-puppet.yaml +++ /dev/null @@ -1,2 +0,0 @@ -heat_template_version: 2014-10-16 -description: 'Common Ceph Storage Configuration by Puppet' diff --git a/cinder-storage-puppet.yaml b/cinder-storage-puppet.yaml deleted file mode 100644 index 433df328..00000000 --- a/cinder-storage-puppet.yaml +++ /dev/null @@ -1,186 +0,0 @@ -heat_template_version: 2014-10-16 -description: 'Block Storage Configuration w/ Puppet' -parameters: - Image: - default: overcloud-cinder-volume - type: string - CinderISCSIHelper: - default: tgtadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 5000 - description: The size of the loopback file used by the cinder LVM driver. - type: number - VirtualIP: - default: '' - type: string - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - Flavor: - description: Flavor for block storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - GlancePort: - default: "9292" - description: Glance port. - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - RabbitPassword: - default: '' - type: string - RabbitUserName: - default: '' - type: string - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - NtpServer: - type: string - default: '' - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean - -resources: - BlockStorage: - type: OS::Nova::Server - properties: - image: - {get_param: Image} - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - user_data_format: SOFTWARE_CONFIG - networks: - - network: ctlplane - - BlockStorageDeployment: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: BlockStorage} - config: {get_resource: BlockStorageConfig} - input_values: - cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - cinder_lvm_loop_device_size: - str_replace: - template: sizeM - params: - size: {get_param: CinderLVMLoopDeviceSize} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} - rabbit_hosts: - str_replace: - template: '["host"]' - params: - host: {get_param: VirtualIP} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} - enable_package_install: {get_param: EnablePackageInstall} - signal_transport: NO_SIGNAL - - # Map heat metadata into hiera datafiles - BlockStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - hierarchy: - - heat_config_%{::deploy_config_name} - - volume - - common - datafiles: - common: - raw_data: {get_file: puppet/hieradata/common.yaml} - volume: - raw_data: {get_file: puppet/hieradata/volume.yaml} - oac_data: - cinder::volume::iscsi::iscsi_ip_address: local-ipv4 - mapped_data: - # Cinder - cinder::setup_test_volume::size: {get_input: cinder_lvm_loop_device_size} - cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper} - cinder::database_connection: {get_input: cinder_dsn} - cinder::rabbit_hosts: {get_input: rabbit_hosts} - cinder::rabbit_userid: {get_input: rabbit_username} - cinder::rabbit_password: {get_input: rabbit_password} - ntp::servers: {get_input: ntp_servers} - enable_package_install: {get_input: enable_package_install} - - VolumePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - outputs: - - name: result - config: - get_file: puppet/overcloud_volume.pp - - VolumePuppetDeployment: - type: OS::Heat::StructuredDeployment - properties: - name: puppet_1 - server: {get_resource: BlockStorage} - config: {get_resource: VolumePuppetConfig} - -outputs: - hosts_entry: - value: - str_replace: - template: "IP HOST HOST.novalocal" - params: - IP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - HOST: {get_attr: [BlockStorage, name]} diff --git a/compute-puppet.yaml b/compute-puppet.yaml deleted file mode 100644 index 0448b7bf..00000000 --- a/compute-puppet.yaml +++ /dev/null @@ -1,413 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - OpenStack hypervisor node configured via Puppet. - -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - Flavor: - description: Flavor for the nova compute node - type: string - constraints: - - custom_constraint: nova.flavor - GlanceHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - Image: - type: string - default: overcloud-compute - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - KeystoneHost: - type: string - default: '' - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: string - default: "" - NeutronEnableTunnelling: - type: string - default: "True" - NeutronFlatNetworks: - type: string - default: '' - description: > - If set, flat networks to configure in neutron plugins. - NeutronHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - NeutronNetworkType: - type: string - description: The tenant network type for Neutron, either gre or vxlan. - default: 'gre' - NeutronNetworkVLANRanges: - default: 'datacentre' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: string - NeutronPassword: - default: unset - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - NeutronPhysicalBridge: - default: '' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: nic1 - description: A port to add to the NeutronPhysicalBridge. - type: string - NeutronTunnelTypes: - type: string - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - default: 'gre' - NeutronPublicInterfaceRawDevice: - default: '' - type: string - NeutronDVR: - default: 'False' - type: string - NeutronMetadataProxySharedSecret: - default: 'unset' - description: Shared secret to prevent spoofing - type: string - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronL3HA: #FIXME this isn't wired in - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NovaApiHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - NovaComputeDriver: - type: string - default: libvirt.LibvirtDriver - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeLibvirtType: - type: string - default: '' - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NovaPublicIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - NtpServer: - type: string - default: '' - RabbitHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean - -resources: - - NovaCompute: - type: OS::Nova::Server - properties: - image: - {get_param: Image} - image_update_policy: - get_param: ImageUpdatePolicy - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - - NetworkConfig: - type: OS::TripleO::Net::SoftwareConfig - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_attr: [NetworkConfig, config_id]} - server: {get_resource: NovaCompute} - input_values: - bridge_name: {get_param: NeutronPhysicalBridge} - interface_name: {get_param: NeutronPublicInterface} - - ComputePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - outputs: - - name: result - config: - get_file: puppet/overcloud_compute.pp - - ComputePuppetDeployment: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: NovaCompute} - config: {get_resource: ComputePuppetConfig} - - NovaComputeConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - hierarchy: - - heat_config_%{::deploy_config_name} - - compute - - common - datafiles: - common: - raw_data: {get_file: puppet/hieradata/common.yaml} - compute: - raw_data: {get_file: puppet/hieradata/compute.yaml} - oac_data: - nova::compute::vncserver_proxyclient_address: local-ipv4 - mapped_data: - #nova::debug: {get_input: debug} - nova_compute_driver: {get_input: nova_compute_driver} - nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} - nova_api_host: {get_input: nova_api_host} - nova::compute::vncproxy_host: {get_input: nova_public_ip} - nova_password: {get_input: nova_password} - #ceilometer::debug: {get_input: debug} - ceilometer::metering_secret: {get_input: ceilometer_metering_secret} - ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer_compute_agent: {get_input: ceilometer_compute_agent} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - glance_host: {get_input: glance_host} - glance_port: {get_input: glance_port} - glance_protocol: {get_input: glance_protocol} - keystone_host: {get_input: keystone_host} - #neutron::debug: {get_input: debug} - neutron_flat_networks: {get_input: neutron_flat_networks} - neutron_host: {get_input: neutron_host} - neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} - neutron_tenant_network_type: {get_input: neutron_tenant_network_type} - neutron_tunnel_types: {get_input: neutron_tunnel_types} - neutron::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - neutron_bridge_mappings: {get_input: neutron_bridge_mappings} - neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} - neutron_physical_bridge: {get_input: neutron_physical_bridge} - neutron_public_interface: {get_input: neutron_public_interface} - nova::network::neutron::neutron_admin_password: {get_input: neutron_password} - neutron_router_distributed: {get_input: neutron_router_distributed} - neutron_agent_mode: {get_input: neutron_agent_mode} - neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} - neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover} - neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover} - neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - admin_password: {get_input: admin_password} - nova::rabbit_host: {get_input: rabbit_host} - neutron::rabbit_host: {get_input: rabbit_host} - ceilometer::rabbit_host: {get_input: rabbit_host} - nova::rabbit_userid: {get_input: rabbit_username} - neutron::rabbit_user: {get_input: rabbit_username} - ceilometer::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_password: {get_input: rabbit_password} - ntp::servers: {get_input: ntp_servers} - enable_package_install: {get_input: enable_package_install} - - NovaComputeDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_resource: NovaComputeConfig} - server: {get_resource: NovaCompute} - input_values: - debug: {get_param: Debug} - nova_compute_driver: {get_param: NovaComputeDriver} - nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} - nova_public_ip: {get_param: NovaPublicIP} - nova_api_host: {get_param: NovaApiHost} - nova_password: {get_param: NovaPassword} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_compute_agent: {get_param: CeilometerComputeAgent} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - glance_host: {get_param: GlanceHost} - glance_port: {get_param: GlancePort} - glance_protocol: {get_param: GlanceProtocol} - keystone_host: {get_param: KeystoneHost} - neutron_flat_networks: {get_param: NeutronFlatNetworks} - neutron_host: {get_param: NeutronHost} - neutron_local_ip: {get_attr: [NovaCompute, networks, ctlplane, 0]} - neutron_tenant_network_type: {get_param: NeutronNetworkType} - neutron_tunnel_types: {get_param: NeutronTunnelTypes} - neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: {get_param: NeutronBridgeMappings} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - neutron_physical_bridge: {get_param: NeutronPhysicalBridge} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_password: {get_param: NeutronPassword} - neutron_agent_mode: {get_param: NeutronAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} - neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - admin_password: {get_param: AdminPassword} - rabbit_host: {get_param: RabbitHost} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} - enable_package_install: {get_param: EnablePackageInstall} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [NovaCompute, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [NovaCompute, name]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: "IP HOST HOST.novalocal" - params: - IP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - HOST: {get_attr: [NovaCompute, name]} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: NovaCompute} diff --git a/controller-puppet.yaml b/controller-puppet.yaml deleted file mode 100644 index 5974f9e4..00000000 --- a/controller-puppet.yaml +++ /dev/null @@ -1,868 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - OpenStack controller node configured by Puppet. - -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AdminToken: - default: unset - description: The keystone auth secret. - type: string - hidden: true - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - CinderISCSIHelper: - default: tgtadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 5000 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderPassword: - default: unset - description: The password for the cinder service account, used by cinder-api. - type: string - hidden: true - CloudName: - default: '' - description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org - type: string - ControllerExtraConfig: - default: {} - description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "compute_manager", - "value": "ironic.nova.compute.manager.ClusterComputeManager" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - Flavor: - description: Flavor for control nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlancePassword: - default: unset - description: The password for the glance service account, used by the glance services. - type: string - hidden: true - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - HeatPassword: - default: unset - description: The password for the Heat service account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. - type: string - default: '' - hidden: true - Image: - type: string - default: overcloud-control - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - MysqlClusterUniquePart: - description: A unique identifier of the MySQL cluster the controller is in. - type: string - default: 'unset' # Has to be here because of the ignored empty value bug - # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 - # constraints: - # - length: {min: 4, max: 10} - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - MysqlRootPassword: - type: string - hidden: true - default: '' # Has to be here because of the ignored empty value bug - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: string - default: "" - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,1400' - description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NeutronL3HA: #FIXME this isn't wired in - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronDVR: - default: 'False' - description: Whether to configure Neutron Distributed Virtual Routers - type: string - NeutronMetadataProxySharedSecret: - default: 'unset' - description: Shared secret to prevent spoofing - type: string - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronEnableTunnelling: - type: string - default: "True" - NeutronFlatNetworks: - type: string - default: '' - description: If set, flat networks to configure in neutron plugins. - NeutronNetworkType: - default: 'gre' - description: The tenant network type for Neutron, either gre or vxlan. - type: string - NeutronNetworkVLANRanges: - default: 'datacentre' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: string - NeutronPassword: - default: unset - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge for each control plane node, - and that port will be given the IP address returned by neutron from the - public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling - overcloud.yaml to include the deployment of VLAN ports to the control - plane. - type: string - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: A custom IP address to put onto the NeutronPublicInterface. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string - NeutronTunnelTypes: - default: 'gre' - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - type: string - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NtpServer: - type: string - default: '' - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - PublicVirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - RabbitCookie: - type: string - default: '' # Has to be here because of the ignored empty value bug - hidden: true - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - SSLCACertificate: - default: '' - description: If set, the contents of an SSL certificate authority file. - type: string - SSLCertificate: - default: '' - description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. - type: string - hidden: true - SSLKey: - default: '' - description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. - type: string - hidden: true - SwiftHashSuffix: - default: unset - description: A random string to be used as a salt when hashing to determine mappings - in the ring. - hidden: true - type: string - SwiftMountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - SwiftMinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - SwiftPartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - SwiftPassword: - default: unset - description: The password for the swift service account, used by the swift proxy - services. - hidden: true - type: string - SwiftReplicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. - VirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean - -resources: - - Controller: - type: OS::Nova::Server - properties: - image: {get_param: Image} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - - NetworkConfig: - type: OS::TripleO::Net::SoftwareConfig - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_attr: [NetworkConfig, config_id]} - server: {get_resource: Controller} - input_values: - bridge_name: br-ex - interface_name: {get_param: NeutronPublicInterface} - - ControllerDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_resource: ControllerConfig} - server: {get_resource: Controller} - input_values: - bootstack_nodeid: {get_attr: [Controller, name]} - controller_host: {get_attr: [Controller, networks, ctlplane, 0]} - controller_virtual_ip: {get_param: VirtualIP} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - heat.watch_server_url: - list_join: - - '' - - - 'http://' - - {get_param: VirtualIP} - - ':8003' - heat.metadata_server_url: - list_join: - - '' - - - 'http://' - - {get_param: VirtualIP} - - ':8000' - heat.waitcondition_server_url: - list_join: - - '' - - - 'http://' - - {get_param: VirtualIP} - - ':8000/v1/waitcondition' - admin_password: {get_param: AdminPassword} - admin_token: {get_param: AdminToken} - neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} - debug: {get_param: Debug} - cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} - cinder_password: {get_param: CinderPassword} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} - cinder_dsn: - list_join: - - '' - - - 'mysql://cinder:unset@' - - {get_param: VirtualIP} - - '/cinder' - glance_port: {get_param: GlancePort} - glance_protocol: {get_param: GlanceProtocol} - glance_password: {get_param: GlancePassword} - glance_notifier_strategy: {get_param: GlanceNotifierStrategy} - glance_log_file: {get_param: GlanceLogFile} - glance_dsn: - list_join: - - '' - - - 'mysql://glance:unset@' - - {get_param: VirtualIP} - - '/glance' - heat_password: {get_param: HeatPassword} - heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} - heat_dsn: - list_join: - - '' - - - 'mysql://heat:unset@' - - {get_param: VirtualIP} - - '/heat' - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} - keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} - keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} - keystone_dsn: - list_join: - - '' - - - 'mysql://keystone:unset@' - - {get_param: VirtualIP} - - '/keystone' - mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - mysql_root_password: {get_param: MysqlRootPassword} - mysql_cluster_name: - str_replace: - template: tripleo-CLUSTER - params: - CLUSTER: {get_param: MysqlClusterUniquePart} - neutron_flat_networks: {get_param: NeutronFlatNetworks} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_agent_mode: {get_param: NeutronAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} - neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: {get_param: NeutronBridgeMappings} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} - neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag} - neutron_tenant_network_type: {get_param: NeutronNetworkType} - neutron_tunnel_types: {get_param: NeutronTunnelTypes} - neutron_password: {get_param: NeutronPassword} - neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} - neutron_dsn: - list_join: - - '' - - - 'mysql://neutron:unset@' - - {get_param: VirtualIP} - - '/ovs_neutron?charset=utf8' - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_dsn: - list_join: - - '' - - - 'mysql://ceilometer:unset@' - - {get_param: VirtualIP} - - '/ceilometer' - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - nova_password: {get_param: NovaPassword} - nova_dsn: - list_join: - - '' - - - 'mysql://nova:unset@' - - {get_param: VirtualIP} - - '/nova' - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_cookie: {get_param: RabbitCookie} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} - control_virtual_interface: {get_param: ControlVirtualInterface} - public_virtual_interface: {get_param: PublicVirtualInterface} - public_virtual_ip: {get_param: PublicVirtualIP} - swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_password: {get_param: SwiftPassword} - swift_part_power: {get_param: SwiftPartPower} - swift_replicas: {get_param: SwiftReplicas} - swift_min_part_hours: {get_param: SwiftMinPartHours} - swift_mount_check: {get_param: SwiftMountCheck} - enable_package_install: {get_param: EnablePackageInstall} - - # Map heat metadata into hiera datafiles - ControllerConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - hierarchy: - - heat_config_%{::deploy_config_name} - - controller - - object - - common - datafiles: - common: - raw_data: {get_file: puppet/hieradata/common.yaml} - object: - raw_data: {get_file: puppet/hieradata/object.yaml} - controller: - raw_data: {get_file: puppet/hieradata/controller.yaml} - oac_data: # data we map in from other OAC configurations - bootstrap_nodeid: bootstrap_host.bootstrap_nodeid - # Swift - tripleo::ringbuilder::devices: swift.devices - mapped_data: # data supplied directly to this deployment configuration, etc - debug: {get_input: debug} - bootstack_nodeid: {get_input: bootstack_nodeid} - controller_host: {get_input: controller_host} #local-ipv4 - # Swift - swift::proxy::proxy_local_net_ip: {get_input: controller_host} - swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip} - swift::storage::all::storage_local_net_ip: {get_input: controller_host} - swift::swift_hash_suffix: {get_input: swift_hash_suffix} - swift::proxy::authtoken::admin_password: {get_input: swift_password} - tripleo::ringbuilder::part_power: {get_input: swift_part_power} - tripleo::ringbuilder::replicas: {get_input: swift_replicas} - tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} - swift_mount_check: {get_input: swift_mount_check} - - # NOTE(dprince): build_ring support is currently not wired in. - # See: https://review.openstack.org/#/c/109225/ - tripleo::ringbuilder::build_ring: True - # Cinder - cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} - cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper} - cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host} - cinder::database_connection: {get_input: cinder_dsn} - cinder::api::keystone_password: {get_input: cinder_password} - cinder::api::keystone_auth_host: {get_input: controller_virtual_ip} - cinder::api::bind_host: {get_input: controller_host} - cinder::rabbit_userid: {get_input: rabbit_username} - cinder::rabbit_password: {get_input: rabbit_password} - #cinder::debug: {get_input: debug} - # Glance - glance::api::bind_port: {get_input: glance_port} - glance::api::bind_host: {get_input: controller_host} - glance::api::auth_host: {get_input: controller_virtual_ip} - glance::api::registry_host: {get_input: controller_host} - glance::api::keystone_password: {get_input: glance_password} - # used to construct glance_api_servers - glance_port: {get_input: glance_port} - glance_protocol: {get_input: glance_protocol} - glance_notifier_strategy: {get_input: glance_notifier_strategy} - glance_log_file: {get_input: glance_log_file} - glance_log_file: {get_input: glance_log_file} - glance::api::database_connection: {get_input: glance_dsn} - glance::registry::keystone_password: {get_input: glance_password} - glance::registry::database_connection: {get_input: glance_dsn} - glance::registry::bind_host: {get_input: controller_host} - glance::registry::auth_host: {get_input: controller_virtual_ip} - glance::backend::swift::swift_store_user: service:glance - glance::backend::swift::swift_store_key: {get_input: glance_password} - # Heat - heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} - heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} - heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url} - heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url} - heat::engine::auth_encryption_key: unset___________ - heat::rabbit_userid: {get_input: rabbit_username} - heat::rabbit_password: {get_input: rabbit_password} - heat::rabbit_host: {get_input: controller_virtual_ip} - heat::keystone_host: {get_input: controller_virtual_ip} - heat::keystone_password: {get_input: heat_password} - heat::api::bind_host: {get_input: controller_host} - heat::api_cloudwatch::bind_host: {get_input: controller_host} - heat::api_cfn::bind_host: {get_input: controller_host} - heat::database_connection: {get_input: heat_dsn} - - # Keystone - keystone::admin_token: {get_input: admin_token} - keystone_ca_certificate: {get_input: keystone_ca_certificate} - keystone_signing_key: {get_input: keystone_signing_key} - keystone_signing_certificate: {get_input: keystone_signing_certificate} - keystone_ssl_certificate: {get_input: keystone_ssl_certificate} - keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} - keystone::database_connection: {get_input: keystone_dsn} - keystone::public_bind_host: {get_input: controller_host} - keystone::admin_bind_host: {get_input: controller_host} - #keystone::debug: {get_input: debug} - # MySQL - admin_password: {get_input: admin_password} - mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} - mysql_root_password: {get_input: mysql_root_password} - mysql_cluster_name: {get_input: mysql_cluster_name} - # Neutron - neutron::bind_host: {get_input: controller_host} - neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_user} - #neutron::debug: {get_input: debug} - neutron::server::auth_host: {get_input: controller_virtual_ip} - neutron::server::database_connection: {get_input: neutron_dsn} - neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} - neutron::agents::ml2::ovs::local_ip: {get_input: controller_host} - neutron_flat_networks: {get_input: neutron_flat_networks} - neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - neutron::agents::metadata::metadata_ip: {get_input: controller_virtual_ip} - neutron_agent_mode: {get_input: neutron_agent_mode} - neutron_router_distributed: {get_input: neutron_router_distributed} - neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} - neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover} - neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - neutron_bridge_mappings: {get_input: neutron_bridge_mappings} - neutron_public_interface: {get_input: neutron_public_interface} - neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} - neutron_public_interface_tag: {get_input: neutron_public_interface_tag} - neutron_tenant_network_type: {get_input: neutron_tenant_network_type} - neutron_tunnel_types: {get_input: neutron_tunnel_types} - neutron::server::auth_password: {get_input: neutron_password} - neutron::agents::metadata::auth_password: {get_input: neutron_password} - neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} - neutron_dsn: {get_input: neutron_dsn} - # Ceilometer - ceilometer::metering_secret: {get_input: ceilometer_metering_secret} - ceilometer::rabbit_userid: {get_input: rabbit_username} - ceilometer::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_host: {get_input: controller_virtual_ip} - ceilometer::api::host: {get_input: controller_host} - ceilometer::api::keystone_password: {get_input: ceilometer_password} - ceilometer::api::keystone_host: {get_input: controller_virtual_ip} - ceilometer::db::database_connection: {get_input: ceilometer_dsn} - ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - # Nova - nova::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - nova::api::auth_host: {get_input: controller_virtual_ip} - nova::api::api_bind_address: {get_input: controller_host} - nova::api::metadata_listen: {get_input: controller_host} - nova::api::admin_password: {get_input: nova_password} - nova::database_connection: {get_input: nova_dsn} - nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - # Rabbit - rabbit_username: {get_input: rabbit_username} - rabbit_password: {get_input: rabbit_password} - rabbit_cookie: {get_input: rabbit_cookie} - rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl} - rabbit_client_port: {get_input: rabbit_client_port} - # Misc - neutron_public_interface_ip: {get_input: neutron_public_interface_ip} - ntp::servers: {get_input: ntp_servers} - control_virtual_interface: {get_input: control_virtual_interface} - controller_virtual_ip: {get_input: controller_virtual_ip} - public_virtual_interface: {get_input: public_virtual_interface} - public_virtual_ip: {get_input: public_virtual_ip} - enable_package_install: {get_input: enable_package_install} - - # NOTE(dprince): this example uses a composition class - # on the puppet side (loadbalancer.pp). This seemed like the - # cleanest way to encapulate the puppet resources definitions - # for HAProxy and Keepalived. - ControllerLoadbalancerPuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_hiera: True - enable_facter: False - inputs: - - name: tripleo::loadbalancer::keystone_admin - default: true - - name: tripleo::loadbalancer::keystone_public - default: true - - name: tripleo::loadbalancer::neutron - default: true - - name: tripleo::loadbalancer::cinder - default: true - - name: tripleo::loadbalancer::glance_api - default: true - - name: tripleo::loadbalancer::glance_registry - default: true - - name: tripleo::loadbalancer::nova_ec2 - default: true - - name: tripleo::loadbalancer::nova_osapi - default: true - - name: tripleo::loadbalancer::nova_metadata - default: true - - name: tripleo::loadbalancer::nova_novncproxy - default: true - - name: tripleo::loadbalancer::mysql - default: true - - name: tripleo::loadbalancer::rabbitmq - default: true - - name: tripleo::loadbalancer::swift_proxy_server - default: true - - name: tripleo::loadbalancer::ceilometer - default: true - - name: tripleo::loadbalancer::heat_api - default: true - - name: tripleo::loadbalancer::heat_cloudwatch - default: true - - name: tripleo::loadbalancer::heat_cfn - default: true - outputs: - - name: result - config: - get_file: puppet/loadbalancer.pp - - ControllerLoadbalancerPuppetDeployment: - type: OS::Heat::SoftwareDeployment - properties: - name: puppet_1 - server: {get_resource: Controller} - config: {get_resource: ControllerLoadbalancerPuppetConfig} - - ControllerPuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_hiera: True - enable_facter: False - inputs: - - name: step - outputs: - - name: result - config: - get_file: puppet/overcloud_controller.pp - - # Step through a series of Puppet runs using the same manifest. - # NOTE(dprince): Heat breakpoints would make for a really cool way to step - # through breakpoints in a controlled manner across the entire cluster - ControllerPuppetDeploymentServicesBase: - type: OS::Heat::StructuredDeployment - properties: - name: puppet_2 - server: {get_resource: Controller} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 1 - actions: ['CREATE'] # no need for two passes on an UPDATE - - ControllerRingbuilderPuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_hiera: True - enable_facter: False - inputs: - outputs: - - name: result - config: - get_file: puppet/ringbuilder.pp - - ControllerRingbuilderPuppetDeployment: - type: OS::Heat::StructuredDeployment - properties: - name: puppet_3 - server: {get_resource: Controller} - config: {get_resource: ControllerRingbuilderPuppetConfig} - - ControllerPuppetDeploymentOvercloudServices: - type: OS::Heat::StructuredDeployment - properties: - name: puppet_4 - server: {get_resource: Controller} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 2 - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [Controller, networks, ctlplane, 0]} - hostname: - description: Hostname of the server - value: {get_attr: [Controller, name]} - corosync_node: - description: > - Node object in the format {ip: ..., name: ...} format that the corosync - element expects - value: - ip: {get_attr: [Controller, networks, ctlplane, 0]} - name: {get_attr: [Controller, name]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: IP HOST HOST.novalocal CLOUDNAME - params: - IP: {get_attr: [Controller, networks, ctlplane, 0]} - HOST: {get_attr: [Controller, name]} - CLOUDNAME: {get_param: CloudName} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: Controller} - swift_device: - description: Swift device formatted for swift-ring-builder - value: - str_replace: - template: 'r1z1-IP:%PORT%/d1' - params: - IP: {get_attr: [Controller, networks, ctlplane, 0]} - swift_proxy_memcache: - description: Swift proxy-memcache value - value: - str_replace: - template: "IP:11211" - params: - IP: {get_attr: [Controller, networks, ctlplane, 0]} diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index f7b237c8..1068e6eb 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -1,11 +1,11 @@ resource_registry: - OS::TripleO::BlockStorage: cinder-storage-puppet.yaml - OS::TripleO::Compute: compute-puppet.yaml + OS::TripleO::BlockStorage: puppet/cinder-storage-puppet.yaml + OS::TripleO::Compute: puppet/compute-puppet.yaml OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment - OS::TripleO::Controller: controller-puppet.yaml - OS::TripleO::ObjectStorage: swift-storage-puppet.yaml + OS::TripleO::Controller: puppet/controller-puppet.yaml + OS::TripleO::ObjectStorage: puppet/swift-storage-puppet.yaml OS::TripleO::Net::SoftwareConfig: net-config-bridge.yaml - OS::TripleO::CephStorage: ceph-storage-puppet.yaml + OS::TripleO::CephStorage: puppet/ceph-storage-puppet.yaml # NOTE(dprince): requires a new release of python-heatclient #default_parameters: diff --git a/puppet/ceph-storage-puppet.yaml b/puppet/ceph-storage-puppet.yaml new file mode 100644 index 00000000..c9aa7bcf --- /dev/null +++ b/puppet/ceph-storage-puppet.yaml @@ -0,0 +1,2 @@ +heat_template_version: 2014-10-16 +description: 'Common Ceph Storage Configuration by Puppet' diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml new file mode 100644 index 00000000..befd8e4e --- /dev/null +++ b/puppet/cinder-storage-puppet.yaml @@ -0,0 +1,186 @@ +heat_template_version: 2014-10-16 +description: 'Block Storage Configuration w/ Puppet' +parameters: + Image: + default: overcloud-cinder-volume + type: string + CinderISCSIHelper: + default: tgtadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 5000 + description: The size of the loopback file used by the cinder LVM driver. + type: number + VirtualIP: + default: '' + type: string + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The JSON should have + the following structure: + {"FILEKEY": + {"config": + [{"section": "SECTIONNAME", + "values": + [{"option": "OPTIONNAME", + "value": "VALUENAME" + } + ] + } + ] + } + } + For instance: + {"nova": + {"config": + [{"section": "default", + "values": + [{"option": "force_config_drive", + "value": "always" + } + ] + }, + {"section": "cells", + "values": + [{"option": "driver", + "value": "nova.cells.rpc_driver.CellsRPCDriver" + } + ] + } + ] + } + } + type: json + Flavor: + description: Flavor for block storage nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + GlancePort: + default: "9292" + description: Glance port. + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + RabbitPassword: + default: '' + type: string + RabbitUserName: + default: '' + type: string + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + NtpServer: + type: string + default: '' + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +resources: + BlockStorage: + type: OS::Nova::Server + properties: + image: + {get_param: Image} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + user_data_format: SOFTWARE_CONFIG + networks: + - network: ctlplane + + BlockStorageDeployment: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: BlockStorage} + config: {get_resource: BlockStorageConfig} + input_values: + cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]} + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + cinder_lvm_loop_device_size: + str_replace: + template: sizeM + params: + size: {get_param: CinderLVMLoopDeviceSize} + cinder_iscsi_helper: {get_param: CinderISCSIHelper} + rabbit_hosts: + str_replace: + template: '["host"]' + params: + host: {get_param: VirtualIP} + rabbit_username: {get_param: RabbitUserName} + rabbit_password: {get_param: RabbitPassword} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + enable_package_install: {get_param: EnablePackageInstall} + signal_transport: NO_SIGNAL + + # Map heat metadata into hiera datafiles + BlockStorageConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - volume + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + volume: + raw_data: {get_file: hieradata/volume.yaml} + oac_data: + cinder::volume::iscsi::iscsi_ip_address: local-ipv4 + mapped_data: + # Cinder + cinder::setup_test_volume::size: {get_input: cinder_lvm_loop_device_size} + cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper} + cinder::database_connection: {get_input: cinder_dsn} + cinder::rabbit_hosts: {get_input: rabbit_hosts} + cinder::rabbit_userid: {get_input: rabbit_username} + cinder::rabbit_password: {get_input: rabbit_password} + ntp::servers: {get_input: ntp_servers} + enable_package_install: {get_input: enable_package_install} + + VolumePuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + outputs: + - name: result + config: + get_file: manifests/overcloud_volume.pp + + VolumePuppetDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_1 + server: {get_resource: BlockStorage} + config: {get_resource: VolumePuppetConfig} + +outputs: + hosts_entry: + value: + str_replace: + template: "IP HOST HOST.novalocal" + params: + IP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + HOST: {get_attr: [BlockStorage, name]} diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml new file mode 100644 index 00000000..ab2d0a32 --- /dev/null +++ b/puppet/compute-puppet.yaml @@ -0,0 +1,413 @@ +heat_template_version: 2014-10-16 + +description: > + OpenStack hypervisor node configured via Puppet. + +parameters: + AdminPassword: + default: unset + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + CeilometerComputeAgent: + description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly + type: string + default: '' + constraints: + - allowed_values: ['', Present] + CeilometerMeteringSecret: + default: unset + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + default: unset + description: The password for the ceilometer service account. + type: string + hidden: true + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The JSON should have + the following structure: + {"FILEKEY": + {"config": + [{"section": "SECTIONNAME", + "values": + [{"option": "OPTIONNAME", + "value": "VALUENAME" + } + ] + } + ] + } + } + For instance: + {"nova": + {"config": + [{"section": "default", + "values": + [{"option": "force_config_drive", + "value": "always" + } + ] + }, + {"section": "cells", + "values": + [{"option": "driver", + "value": "nova.cells.rpc_driver.CellsRPCDriver" + } + ] + } + ] + } + } + type: json + Flavor: + description: Flavor for the nova compute node + type: string + constraints: + - custom_constraint: nova.flavor + GlanceHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + GlancePort: + default: "9292" + description: Glance port. + type: string + GlanceProtocol: + default: http + description: Protocol to use when connecting to glance, set to https for SSL. + type: string + Image: + type: string + default: overcloud-compute + constraints: + - custom_constraint: glance.image + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + default: default + constraints: + - custom_constraint: nova.keypair + KeystoneHost: + type: string + default: '' + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: string + default: "" + NeutronEnableTunnelling: + type: string + default: "True" + NeutronFlatNetworks: + type: string + default: '' + description: > + If set, flat networks to configure in neutron plugins. + NeutronHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + NeutronNetworkType: + type: string + description: The tenant network type for Neutron, either gre or vxlan. + default: 'gre' + NeutronNetworkVLANRanges: + default: 'datacentre' + description: > + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + type: string + NeutronPassword: + default: unset + description: The password for the neutron service account, used by neutron agents. + type: string + hidden: true + NeutronPhysicalBridge: + default: '' + description: An OVS bridge to create for accessing external networks. + type: string + NeutronPublicInterface: + default: nic1 + description: A port to add to the NeutronPhysicalBridge. + type: string + NeutronTunnelTypes: + type: string + description: | + The tunnel types for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'gre,vxlan' + default: 'gre' + NeutronPublicInterfaceRawDevice: + default: '' + type: string + NeutronDVR: + default: 'False' + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string + NeutronL3HA: #FIXME this isn't wired in + default: 'False' + description: Whether to enable l3-agent HA + type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NovaApiHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + NovaComputeDriver: + type: string + default: libvirt.LibvirtDriver + NovaComputeExtraConfig: + default: {} + description: | + NovaCompute specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + NovaComputeLibvirtType: + type: string + default: '' + NovaPassword: + default: unset + description: The password for the nova service account, used by nova-api. + type: string + hidden: true + NovaPublicIP: + type: string + default: '' # Has to be here because of the ignored empty value bug + NtpServer: + type: string + default: '' + RabbitHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + RabbitPassword: + default: guest + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +resources: + + NovaCompute: + type: OS::Nova::Server + properties: + image: + {get_param: Image} + image_update_policy: + get_param: ImageUpdatePolicy + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + + NetworkConfig: + type: OS::TripleO::Net::SoftwareConfig + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + signal_transport: NO_SIGNAL + config: {get_attr: [NetworkConfig, config_id]} + server: {get_resource: NovaCompute} + input_values: + bridge_name: {get_param: NeutronPhysicalBridge} + interface_name: {get_param: NeutronPublicInterface} + + ComputePuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + outputs: + - name: result + config: + get_file: manifests/overcloud_compute.pp + + ComputePuppetDeployment: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: NovaCompute} + config: {get_resource: ComputePuppetConfig} + + NovaComputeConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - compute + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + compute: + raw_data: {get_file: hieradata/compute.yaml} + oac_data: + nova::compute::vncserver_proxyclient_address: local-ipv4 + mapped_data: + #nova::debug: {get_input: debug} + nova_compute_driver: {get_input: nova_compute_driver} + nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} + nova_api_host: {get_input: nova_api_host} + nova::compute::vncproxy_host: {get_input: nova_public_ip} + nova_password: {get_input: nova_password} + #ceilometer::debug: {get_input: debug} + ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} + ceilometer_compute_agent: {get_input: ceilometer_compute_agent} + snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} + snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + glance_host: {get_input: glance_host} + glance_port: {get_input: glance_port} + glance_protocol: {get_input: glance_protocol} + keystone_host: {get_input: keystone_host} + #neutron::debug: {get_input: debug} + neutron_flat_networks: {get_input: neutron_flat_networks} + neutron_host: {get_input: neutron_host} + neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} + neutron_tenant_network_type: {get_input: neutron_tenant_network_type} + neutron_tunnel_types: {get_input: neutron_tunnel_types} + neutron::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} + neutron_bridge_mappings: {get_input: neutron_bridge_mappings} + neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron_physical_bridge: {get_input: neutron_physical_bridge} + neutron_public_interface: {get_input: neutron_public_interface} + nova::network::neutron::neutron_admin_password: {get_input: neutron_password} + neutron_router_distributed: {get_input: neutron_router_distributed} + neutron_agent_mode: {get_input: neutron_agent_mode} + neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} + neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover} + neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover} + neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} + admin_password: {get_input: admin_password} + nova::rabbit_host: {get_input: rabbit_host} + neutron::rabbit_host: {get_input: rabbit_host} + ceilometer::rabbit_host: {get_input: rabbit_host} + nova::rabbit_userid: {get_input: rabbit_username} + neutron::rabbit_user: {get_input: rabbit_username} + ceilometer::rabbit_userid: {get_input: rabbit_username} + nova::rabbit_password: {get_input: rabbit_password} + neutron::rabbit_password: {get_input: rabbit_password} + ceilometer::rabbit_password: {get_input: rabbit_password} + ntp::servers: {get_input: ntp_servers} + enable_package_install: {get_input: enable_package_install} + + NovaComputeDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + signal_transport: NO_SIGNAL + config: {get_resource: NovaComputeConfig} + server: {get_resource: NovaCompute} + input_values: + debug: {get_param: Debug} + nova_compute_driver: {get_param: NovaComputeDriver} + nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} + nova_public_ip: {get_param: NovaPublicIP} + nova_api_host: {get_param: NovaApiHost} + nova_password: {get_param: NovaPassword} + ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} + ceilometer_password: {get_param: CeilometerPassword} + ceilometer_compute_agent: {get_param: CeilometerComputeAgent} + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + glance_host: {get_param: GlanceHost} + glance_port: {get_param: GlancePort} + glance_protocol: {get_param: GlanceProtocol} + keystone_host: {get_param: KeystoneHost} + neutron_flat_networks: {get_param: NeutronFlatNetworks} + neutron_host: {get_param: NeutronHost} + neutron_local_ip: {get_attr: [NovaCompute, networks, ctlplane, 0]} + neutron_tenant_network_type: {get_param: NeutronNetworkType} + neutron_tunnel_types: {get_param: NeutronTunnelTypes} + neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} + neutron_bridge_mappings: {get_param: NeutronBridgeMappings} + neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron_physical_bridge: {get_param: NeutronPhysicalBridge} + neutron_public_interface: {get_param: NeutronPublicInterface} + neutron_password: {get_param: NeutronPassword} + neutron_agent_mode: {get_param: NeutronAgentMode} + neutron_router_distributed: {get_param: NeutronDVR} + neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} + neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} + admin_password: {get_param: AdminPassword} + rabbit_host: {get_param: RabbitHost} + rabbit_username: {get_param: RabbitUserName} + rabbit_password: {get_param: RabbitPassword} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + enable_package_install: {get_param: EnablePackageInstall} + +outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [NovaCompute, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [NovaCompute, name]} + hosts_entry: + description: > + Server's IP address and hostname in the /etc/hosts format + value: + str_replace: + template: "IP HOST HOST.novalocal" + params: + IP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + HOST: {get_attr: [NovaCompute, name]} + nova_server_resource: + description: Heat resource handle for the Nova compute server + value: + {get_resource: NovaCompute} diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml new file mode 100644 index 00000000..399ad86b --- /dev/null +++ b/puppet/controller-puppet.yaml @@ -0,0 +1,868 @@ +heat_template_version: 2014-10-16 + +description: > + OpenStack controller node configured by Puppet. + +parameters: + AdminPassword: + default: unset + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + AdminToken: + default: unset + description: The keystone auth secret. + type: string + hidden: true + CeilometerMeteringSecret: + default: unset + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + default: unset + description: The password for the ceilometer service account. + type: string + hidden: true + CinderISCSIHelper: + default: tgtadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 5000 + description: The size of the loopback file used by the cinder LVM driver. + type: number + CinderPassword: + default: unset + description: The password for the cinder service account, used by cinder-api. + type: string + hidden: true + CloudName: + default: '' + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + type: string + ControllerExtraConfig: + default: {} + description: | + Controller specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The JSON should have + the following structure: + {"FILEKEY": + {"config": + [{"section": "SECTIONNAME", + "values": + [{"option": "OPTIONNAME", + "value": "VALUENAME" + } + ] + } + ] + } + } + For instance: + {"nova": + {"config": + [{"section": "default", + "values": + [{"option": "compute_manager", + "value": "ironic.nova.compute.manager.ClusterComputeManager" + } + ] + }, + {"section": "cells", + "values": + [{"option": "driver", + "value": "nova.cells.rpc_driver.CellsRPCDriver" + } + ] + } + ] + } + } + type: json + Flavor: + description: Flavor for control nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + GlanceNotifierStrategy: + description: Strategy to use for Glance notification queue + type: string + default: noop + GlanceLogFile: + description: The filepath of the file to use for logging messages from Glance. + type: string + default: '' + GlancePassword: + default: unset + description: The password for the glance service account, used by the glance services. + type: string + hidden: true + GlancePort: + default: "9292" + description: Glance port. + type: string + GlanceProtocol: + default: http + description: Protocol to use when connecting to glance, set to https for SSL. + type: string + HeatPassword: + default: unset + description: The password for the Heat service account, used by the Heat services. + type: string + hidden: true + HeatStackDomainAdminPassword: + description: Password for heat_domain_admin user. + type: string + default: '' + hidden: true + Image: + type: string + default: overcloud-control + constraints: + - custom_constraint: glance.image + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + constraints: + - custom_constraint: nova.keypair + KeystoneCACertificate: + default: '' + description: Keystone self-signed certificate authority certificate. + type: string + KeystoneSigningCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSigningKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + MysqlClusterUniquePart: + description: A unique identifier of the MySQL cluster the controller is in. + type: string + default: 'unset' # Has to be here because of the ignored empty value bug + # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 + # constraints: + # - length: {min: 4, max: 10} + MysqlInnodbBufferPoolSize: + description: > + Specifies the size of the buffer pool in megabytes. Setting to + zero should be interpreted as "no value" and will defer to the + lower level default. + type: number + default: 0 + MysqlRootPassword: + type: string + hidden: true + default: '' # Has to be here because of the ignored empty value bug + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: string + default: "" + NeutronDnsmasqOptions: + default: 'dhcp-option-force=26,1400' + description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. + type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NeutronL3HA: #FIXME this isn't wired in + default: 'False' + description: Whether to enable l3-agent HA + type: string + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string + NeutronEnableTunnelling: + type: string + default: "True" + NeutronFlatNetworks: + type: string + default: '' + description: If set, flat networks to configure in neutron plugins. + NeutronNetworkType: + default: 'gre' + description: The tenant network type for Neutron, either gre or vxlan. + type: string + NeutronNetworkVLANRanges: + default: 'datacentre' + description: > + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + type: string + NeutronPassword: + default: unset + description: The password for the neutron service account, used by neutron agents. + type: string + hidden: true + NeutronPublicInterface: + default: nic1 + description: What interface to bridge onto br-ex for network nodes. + type: string + NeutronPublicInterfaceTag: + default: '' + description: > + VLAN tag for creating a public VLAN. The tag will be used to + create an access port on the exterior bridge for each control plane node, + and that port will be given the IP address returned by neutron from the + public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling + overcloud.yaml to include the deployment of VLAN ports to the control + plane. + type: string + NeutronPublicInterfaceDefaultRoute: + default: '' + description: A custom default route for the NeutronPublicInterface. + type: string + NeutronPublicInterfaceIP: + default: '' + description: A custom IP address to put onto the NeutronPublicInterface. + type: string + NeutronPublicInterfaceRawDevice: + default: '' + description: If set, the public interface is a vlan with this device as the raw device. + type: string + NeutronTunnelTypes: + default: 'gre' + description: | + The tunnel types for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'gre,vxlan' + type: string + NovaPassword: + default: unset + description: The password for the nova service account, used by nova-api. + type: string + hidden: true + NtpServer: + type: string + default: '' + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string + PublicVirtualIP: + type: string + default: '' # Has to be here because of the ignored empty value bug + RabbitCookie: + type: string + default: '' # Has to be here because of the ignored empty value bug + hidden: true + RabbitPassword: + default: guest + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + SSLCACertificate: + default: '' + description: If set, the contents of an SSL certificate authority file. + type: string + SSLCertificate: + default: '' + description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. + type: string + hidden: true + SSLKey: + default: '' + description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. + type: string + hidden: true + SwiftHashSuffix: + default: unset + description: A random string to be used as a salt when hashing to determine mappings + in the ring. + hidden: true + type: string + SwiftMountCheck: + default: 'false' + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + SwiftMinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + SwiftPartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + SwiftPassword: + default: unset + description: The password for the swift service account, used by the swift proxy + services. + hidden: true + type: string + SwiftReplicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + VirtualIP: + type: string + default: '' # Has to be here because of the ignored empty value bug + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +resources: + + Controller: + type: OS::Nova::Server + properties: + image: {get_param: Image} + image_update_policy: {get_param: ImageUpdatePolicy} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + + NetworkConfig: + type: OS::TripleO::Net::SoftwareConfig + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + signal_transport: NO_SIGNAL + config: {get_attr: [NetworkConfig, config_id]} + server: {get_resource: Controller} + input_values: + bridge_name: br-ex + interface_name: {get_param: NeutronPublicInterface} + + ControllerDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + signal_transport: NO_SIGNAL + config: {get_resource: ControllerConfig} + server: {get_resource: Controller} + input_values: + bootstack_nodeid: {get_attr: [Controller, name]} + controller_host: {get_attr: [Controller, networks, ctlplane, 0]} + controller_virtual_ip: {get_param: VirtualIP} + neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + heat.watch_server_url: + list_join: + - '' + - - 'http://' + - {get_param: VirtualIP} + - ':8003' + heat.metadata_server_url: + list_join: + - '' + - - 'http://' + - {get_param: VirtualIP} + - ':8000' + heat.waitcondition_server_url: + list_join: + - '' + - - 'http://' + - {get_param: VirtualIP} + - ':8000/v1/waitcondition' + admin_password: {get_param: AdminPassword} + admin_token: {get_param: AdminToken} + neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} + debug: {get_param: Debug} + cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} + cinder_password: {get_param: CinderPassword} + cinder_iscsi_helper: {get_param: CinderISCSIHelper} + cinder_dsn: + list_join: + - '' + - - 'mysql://cinder:unset@' + - {get_param: VirtualIP} + - '/cinder' + glance_port: {get_param: GlancePort} + glance_protocol: {get_param: GlanceProtocol} + glance_password: {get_param: GlancePassword} + glance_notifier_strategy: {get_param: GlanceNotifierStrategy} + glance_log_file: {get_param: GlanceLogFile} + glance_dsn: + list_join: + - '' + - - 'mysql://glance:unset@' + - {get_param: VirtualIP} + - '/glance' + heat_password: {get_param: HeatPassword} + heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} + heat_dsn: + list_join: + - '' + - - 'mysql://heat:unset@' + - {get_param: VirtualIP} + - '/heat' + keystone_ca_certificate: {get_param: KeystoneCACertificate} + keystone_signing_key: {get_param: KeystoneSigningKey} + keystone_signing_certificate: {get_param: KeystoneSigningCertificate} + keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} + keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone_dsn: + list_join: + - '' + - - 'mysql://keystone:unset@' + - {get_param: VirtualIP} + - '/keystone' + mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} + mysql_root_password: {get_param: MysqlRootPassword} + mysql_cluster_name: + str_replace: + template: tripleo-CLUSTER + params: + CLUSTER: {get_param: MysqlClusterUniquePart} + neutron_flat_networks: {get_param: NeutronFlatNetworks} + neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron_agent_mode: {get_param: NeutronAgentMode} + neutron_router_distributed: {get_param: NeutronDVR} + neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} + neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} + neutron_bridge_mappings: {get_param: NeutronBridgeMappings} + neutron_public_interface: {get_param: NeutronPublicInterface} + neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} + neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} + neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag} + neutron_tenant_network_type: {get_param: NeutronNetworkType} + neutron_tunnel_types: {get_param: NeutronTunnelTypes} + neutron_password: {get_param: NeutronPassword} + neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} + neutron_dsn: + list_join: + - '' + - - 'mysql://neutron:unset@' + - {get_param: VirtualIP} + - '/ovs_neutron?charset=utf8' + ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} + ceilometer_password: {get_param: CeilometerPassword} + ceilometer_dsn: + list_join: + - '' + - - 'mysql://ceilometer:unset@' + - {get_param: VirtualIP} + - '/ceilometer' + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + nova_password: {get_param: NovaPassword} + nova_dsn: + list_join: + - '' + - - 'mysql://nova:unset@' + - {get_param: VirtualIP} + - '/nova' + rabbit_username: {get_param: RabbitUserName} + rabbit_password: {get_param: RabbitPassword} + rabbit_cookie: {get_param: RabbitCookie} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_client_port: {get_param: RabbitClientPort} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + control_virtual_interface: {get_param: ControlVirtualInterface} + public_virtual_interface: {get_param: PublicVirtualInterface} + public_virtual_ip: {get_param: PublicVirtualIP} + swift_hash_suffix: {get_param: SwiftHashSuffix} + swift_password: {get_param: SwiftPassword} + swift_part_power: {get_param: SwiftPartPower} + swift_replicas: {get_param: SwiftReplicas} + swift_min_part_hours: {get_param: SwiftMinPartHours} + swift_mount_check: {get_param: SwiftMountCheck} + enable_package_install: {get_param: EnablePackageInstall} + + # Map heat metadata into hiera datafiles + ControllerConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - controller + - object + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + object: + raw_data: {get_file: hieradata/object.yaml} + controller: + raw_data: {get_file: hieradata/controller.yaml} + oac_data: # data we map in from other OAC configurations + bootstrap_nodeid: bootstrap_host.bootstrap_nodeid + # Swift + tripleo::ringbuilder::devices: swift.devices + mapped_data: # data supplied directly to this deployment configuration, etc + debug: {get_input: debug} + bootstack_nodeid: {get_input: bootstack_nodeid} + controller_host: {get_input: controller_host} #local-ipv4 + # Swift + swift::proxy::proxy_local_net_ip: {get_input: controller_host} + swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip} + swift::storage::all::storage_local_net_ip: {get_input: controller_host} + swift::swift_hash_suffix: {get_input: swift_hash_suffix} + swift::proxy::authtoken::admin_password: {get_input: swift_password} + tripleo::ringbuilder::part_power: {get_input: swift_part_power} + tripleo::ringbuilder::replicas: {get_input: swift_replicas} + tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} + swift_mount_check: {get_input: swift_mount_check} + + # NOTE(dprince): build_ring support is currently not wired in. + # See: https://review.openstack.org/#/c/109225/ + tripleo::ringbuilder::build_ring: True + # Cinder + cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} + cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper} + cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host} + cinder::database_connection: {get_input: cinder_dsn} + cinder::api::keystone_password: {get_input: cinder_password} + cinder::api::keystone_auth_host: {get_input: controller_virtual_ip} + cinder::api::bind_host: {get_input: controller_host} + cinder::rabbit_userid: {get_input: rabbit_username} + cinder::rabbit_password: {get_input: rabbit_password} + #cinder::debug: {get_input: debug} + # Glance + glance::api::bind_port: {get_input: glance_port} + glance::api::bind_host: {get_input: controller_host} + glance::api::auth_host: {get_input: controller_virtual_ip} + glance::api::registry_host: {get_input: controller_host} + glance::api::keystone_password: {get_input: glance_password} + # used to construct glance_api_servers + glance_port: {get_input: glance_port} + glance_protocol: {get_input: glance_protocol} + glance_notifier_strategy: {get_input: glance_notifier_strategy} + glance_log_file: {get_input: glance_log_file} + glance_log_file: {get_input: glance_log_file} + glance::api::database_connection: {get_input: glance_dsn} + glance::registry::keystone_password: {get_input: glance_password} + glance::registry::database_connection: {get_input: glance_dsn} + glance::registry::bind_host: {get_input: controller_host} + glance::registry::auth_host: {get_input: controller_virtual_ip} + glance::backend::swift::swift_store_user: service:glance + glance::backend::swift::swift_store_key: {get_input: glance_password} + # Heat + heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} + heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} + heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url} + heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url} + heat::engine::auth_encryption_key: unset___________ + heat::rabbit_userid: {get_input: rabbit_username} + heat::rabbit_password: {get_input: rabbit_password} + heat::rabbit_host: {get_input: controller_virtual_ip} + heat::keystone_host: {get_input: controller_virtual_ip} + heat::keystone_password: {get_input: heat_password} + heat::api::bind_host: {get_input: controller_host} + heat::api_cloudwatch::bind_host: {get_input: controller_host} + heat::api_cfn::bind_host: {get_input: controller_host} + heat::database_connection: {get_input: heat_dsn} + + # Keystone + keystone::admin_token: {get_input: admin_token} + keystone_ca_certificate: {get_input: keystone_ca_certificate} + keystone_signing_key: {get_input: keystone_signing_key} + keystone_signing_certificate: {get_input: keystone_signing_certificate} + keystone_ssl_certificate: {get_input: keystone_ssl_certificate} + keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} + keystone::database_connection: {get_input: keystone_dsn} + keystone::public_bind_host: {get_input: controller_host} + keystone::admin_bind_host: {get_input: controller_host} + #keystone::debug: {get_input: debug} + # MySQL + admin_password: {get_input: admin_password} + mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} + mysql_root_password: {get_input: mysql_root_password} + mysql_cluster_name: {get_input: mysql_cluster_name} + # Neutron + neutron::bind_host: {get_input: controller_host} + neutron::rabbit_password: {get_input: rabbit_password} + neutron::rabbit_user: {get_input: rabbit_user} + #neutron::debug: {get_input: debug} + neutron::server::auth_host: {get_input: controller_virtual_ip} + neutron::server::database_connection: {get_input: neutron_dsn} + neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron::agents::ml2::ovs::local_ip: {get_input: controller_host} + neutron_flat_networks: {get_input: neutron_flat_networks} + neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + neutron::agents::metadata::metadata_ip: {get_input: controller_virtual_ip} + neutron_agent_mode: {get_input: neutron_agent_mode} + neutron_router_distributed: {get_input: neutron_router_distributed} + neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} + neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover} + neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} + neutron_bridge_mappings: {get_input: neutron_bridge_mappings} + neutron_public_interface: {get_input: neutron_public_interface} + neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} + neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} + neutron_public_interface_tag: {get_input: neutron_public_interface_tag} + neutron_tenant_network_type: {get_input: neutron_tenant_network_type} + neutron_tunnel_types: {get_input: neutron_tunnel_types} + neutron::server::auth_password: {get_input: neutron_password} + neutron::agents::metadata::auth_password: {get_input: neutron_password} + neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} + neutron_dsn: {get_input: neutron_dsn} + # Ceilometer + ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::rabbit_userid: {get_input: rabbit_username} + ceilometer::rabbit_password: {get_input: rabbit_password} + ceilometer::rabbit_host: {get_input: controller_virtual_ip} + ceilometer::api::host: {get_input: controller_host} + ceilometer::api::keystone_password: {get_input: ceilometer_password} + ceilometer::api::keystone_host: {get_input: controller_virtual_ip} + ceilometer::db::database_connection: {get_input: ceilometer_dsn} + ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} + snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} + snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + # Nova + nova::rabbit_userid: {get_input: rabbit_username} + nova::rabbit_password: {get_input: rabbit_password} + nova::api::auth_host: {get_input: controller_virtual_ip} + nova::api::api_bind_address: {get_input: controller_host} + nova::api::metadata_listen: {get_input: controller_host} + nova::api::admin_password: {get_input: nova_password} + nova::database_connection: {get_input: nova_dsn} + nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + # Rabbit + rabbit_username: {get_input: rabbit_username} + rabbit_password: {get_input: rabbit_password} + rabbit_cookie: {get_input: rabbit_cookie} + rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl} + rabbit_client_port: {get_input: rabbit_client_port} + # Misc + neutron_public_interface_ip: {get_input: neutron_public_interface_ip} + ntp::servers: {get_input: ntp_servers} + control_virtual_interface: {get_input: control_virtual_interface} + controller_virtual_ip: {get_input: controller_virtual_ip} + public_virtual_interface: {get_input: public_virtual_interface} + public_virtual_ip: {get_input: public_virtual_ip} + enable_package_install: {get_input: enable_package_install} + + # NOTE(dprince): this example uses a composition class + # on the puppet side (loadbalancer.pp). This seemed like the + # cleanest way to encapulate the puppet resources definitions + # for HAProxy and Keepalived. + ControllerLoadbalancerPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_hiera: True + enable_facter: False + inputs: + - name: tripleo::loadbalancer::keystone_admin + default: true + - name: tripleo::loadbalancer::keystone_public + default: true + - name: tripleo::loadbalancer::neutron + default: true + - name: tripleo::loadbalancer::cinder + default: true + - name: tripleo::loadbalancer::glance_api + default: true + - name: tripleo::loadbalancer::glance_registry + default: true + - name: tripleo::loadbalancer::nova_ec2 + default: true + - name: tripleo::loadbalancer::nova_osapi + default: true + - name: tripleo::loadbalancer::nova_metadata + default: true + - name: tripleo::loadbalancer::nova_novncproxy + default: true + - name: tripleo::loadbalancer::mysql + default: true + - name: tripleo::loadbalancer::rabbitmq + default: true + - name: tripleo::loadbalancer::swift_proxy_server + default: true + - name: tripleo::loadbalancer::ceilometer + default: true + - name: tripleo::loadbalancer::heat_api + default: true + - name: tripleo::loadbalancer::heat_cloudwatch + default: true + - name: tripleo::loadbalancer::heat_cfn + default: true + outputs: + - name: result + config: + get_file: manifests/loadbalancer.pp + + ControllerLoadbalancerPuppetDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: puppet_1 + server: {get_resource: Controller} + config: {get_resource: ControllerLoadbalancerPuppetConfig} + + ControllerPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_hiera: True + enable_facter: False + inputs: + - name: step + outputs: + - name: result + config: + get_file: manifests/overcloud_controller.pp + + # Step through a series of Puppet runs using the same manifest. + # NOTE(dprince): Heat breakpoints would make for a really cool way to step + # through breakpoints in a controlled manner across the entire cluster + ControllerPuppetDeploymentServicesBase: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_2 + server: {get_resource: Controller} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 1 + actions: ['CREATE'] # no need for two passes on an UPDATE + + ControllerRingbuilderPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_hiera: True + enable_facter: False + inputs: + outputs: + - name: result + config: + get_file: manifests/ringbuilder.pp + + ControllerRingbuilderPuppetDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_3 + server: {get_resource: Controller} + config: {get_resource: ControllerRingbuilderPuppetConfig} + + ControllerPuppetDeploymentOvercloudServices: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_4 + server: {get_resource: Controller} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 2 + +outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [Controller, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [Controller, name]} + corosync_node: + description: > + Node object in the format {ip: ..., name: ...} format that the corosync + element expects + value: + ip: {get_attr: [Controller, networks, ctlplane, 0]} + name: {get_attr: [Controller, name]} + hosts_entry: + description: > + Server's IP address and hostname in the /etc/hosts format + value: + str_replace: + template: IP HOST HOST.novalocal CLOUDNAME + params: + IP: {get_attr: [Controller, networks, ctlplane, 0]} + HOST: {get_attr: [Controller, name]} + CLOUDNAME: {get_param: CloudName} + nova_server_resource: + description: Heat resource handle for the Nova compute server + value: + {get_resource: Controller} + swift_device: + description: Swift device formatted for swift-ring-builder + value: + str_replace: + template: 'r1z1-IP:%PORT%/d1' + params: + IP: {get_attr: [Controller, networks, ctlplane, 0]} + swift_proxy_memcache: + description: Swift proxy-memcache value + value: + str_replace: + template: "IP:11211" + params: + IP: {get_attr: [Controller, networks, ctlplane, 0]} diff --git a/puppet/loadbalancer.pp b/puppet/loadbalancer.pp deleted file mode 100644 index 88e6bdd4..00000000 --- a/puppet/loadbalancer.pp +++ /dev/null @@ -1,386 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} - -class tripleo::loadbalancer ( - $keystone_admin = false, - $keystone_public = false, - $neutron = false, - $cinder = false, - $glance_api = false, - $glance_registry = false, - $nova_ec2 = false, - $nova_osapi = false, - $nova_metadata = false, - $nova_novncproxy = false, - $ceilometer = false, - $swift_proxy_server = false, - $heat_api = false, - $heat_cloudwatch = false, - $heat_cfn = false, - $horizon = false, - $mysql = false, - $rabbitmq = false, -) { - - case $::osfamily { - 'RedHat': { - $keepalived_name_is_process = false - $keepalived_vrrp_script = 'systemctl status haproxy.service' - } # RedHat - 'Debian': { - $keepalived_name_is_process = true - $keepalived_vrrp_script = undef - } - } - - class { 'keepalived': } - keepalived::vrrp_script { 'haproxy': - name_is_process => $keepalived_name_is_process, - script => $keepalived_vrrp_script, - } - - # KEEPALIVE INSTANCE CONTROL - keepalived::instance { '51': - interface => hiera('control_virtual_interface'), - virtual_ips => [join([hiera('controller_virtual_ip'), ' dev ', hiera('control_virtual_interface')])], - state => 'MASTER', - track_script => ['haproxy'], - priority => 101, - } - - # KEEPALIVE INSTANCE PUBLIC - keepalived::instance { '52': - interface => hiera('public_virtual_interface'), - virtual_ips => [join([hiera('public_virtual_ip'), ' dev ', hiera('public_virtual_interface')])], - state => 'MASTER', - track_script => ['haproxy'], - priority => 101, - } - - sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' } - - class { 'haproxy': - global_options => { - 'log' => '/dev/log local0', - 'pidfile' => '/var/run/haproxy.pid', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'maxconn' => '4000', - }, - defaults_options => { - 'mode' => 'tcp', - 'log' => 'global', - 'retries' => '3', - 'maxconn' => '150', - 'option' => [ 'tcpka', 'tcplog' ], - 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], - }, - } - - haproxy::listen { 'haproxy.stats': - ipaddress => '*', - ports => '1993', - mode => 'http', - options => { - 'stats' => 'enable', - }, - collect_exported => false, - } - - if $keystone_admin { - haproxy::listen { 'keystone_admin': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 35357, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'keystone_admin': - listening_service => 'keystone_admin', - ports => '35357', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $keystone_public { - haproxy::listen { 'keystone_public': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 5000, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'keystone_public': - listening_service => 'keystone_public', - ports => '5000', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $neutron { - haproxy::listen { 'neutron': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 9696, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'neutron': - listening_service => 'neutron', - ports => '9696', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $cinder { - haproxy::listen { 'cinder': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8776, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'cinder': - listening_service => 'cinder', - ports => '8776', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $glance_api { - haproxy::listen { 'glance_api': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 9292, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'glance_api': - listening_service => 'glance_api', - ports => '9292', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - - if $glance_registry { - haproxy::listen { 'glance_registry': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 9191, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'glance_registry': - listening_service => 'glance_registry', - ports => '9191', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_ec2 { - haproxy::listen { 'nova_ec2': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8773, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_ec2': - listening_service => 'nova_ec2', - ports => '8773', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_osapi { - haproxy::listen { 'nova_osapi': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8774, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_osapi': - listening_service => 'nova_osapi', - ports => '8774', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_metadata { - haproxy::listen { 'nova_metadata': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8775, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_metadata': - listening_service => 'nova_metadata', - ports => '8775', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_novncproxy { - haproxy::listen { 'nova_novncproxy': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 6080, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_novncproxy': - listening_service => 'nova_novncproxy', - ports => '6080', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $ceilometer { - haproxy::listen { 'ceilometer': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8777, - collect_exported => false, - } - haproxy::balancermember { 'ceilometer': - listening_service => 'ceilometer', - ports => '8777', - ipaddresses => hiera('controller_host'), - options => [], - } - } - - if $swift_proxy_server { - haproxy::listen { 'swift_proxy_server': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8080, - options => { 'option' => [ 'httpchk GET /info' ] }, - collect_exported => false, - } - haproxy::balancermember { 'swift_proxy_server': - listening_service => 'swift_proxy_server', - ports => '8080', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $heat_api { - haproxy::listen { 'heat_api': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8004, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'heat_api': - listening_service => 'heat_api', - ports => '8004', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $heat_cloudwatch { - haproxy::listen { 'heat_cloudwatch': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8003, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'heat_cloudwatch': - listening_service => 'heat_cloudwatch', - ports => '8003', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $heat_cfn { - haproxy::listen { 'heat_cfn': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8000, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'heat_cfn': - listening_service => 'heat_cfn', - ports => '8000', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $horizon { - haproxy::listen { 'horizon': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 80, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'horizon': - listening_service => 'horizon', - ports => '80', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $mysql { - haproxy::listen { 'mysql': - ipaddress => [hiera('controller_virtual_ip')], - ports => 3306, - options => { 'timeout' => [ 'client 0', 'server 0' ] }, - collect_exported => false, - } - haproxy::balancermember { 'mysql': - listening_service => 'mysql', - ports => '3306', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $rabbitmq { - haproxy::listen { 'rabbitmq': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 5672, - options => { 'timeout' => [ 'client 0', 'server 0' ] }, - collect_exported => false, - } - haproxy::balancermember { 'rabbitmq': - listening_service => 'rabbitmq', - ports => '5672', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - -} - -include ::tripleo::loadbalancer diff --git a/puppet/manifests/loadbalancer.pp b/puppet/manifests/loadbalancer.pp new file mode 100644 index 00000000..88e6bdd4 --- /dev/null +++ b/puppet/manifests/loadbalancer.pp @@ -0,0 +1,386 @@ +# Copyright 2014 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if !str2bool(hiera('enable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('enable_package_install option not supported.') + } + } +} + +class tripleo::loadbalancer ( + $keystone_admin = false, + $keystone_public = false, + $neutron = false, + $cinder = false, + $glance_api = false, + $glance_registry = false, + $nova_ec2 = false, + $nova_osapi = false, + $nova_metadata = false, + $nova_novncproxy = false, + $ceilometer = false, + $swift_proxy_server = false, + $heat_api = false, + $heat_cloudwatch = false, + $heat_cfn = false, + $horizon = false, + $mysql = false, + $rabbitmq = false, +) { + + case $::osfamily { + 'RedHat': { + $keepalived_name_is_process = false + $keepalived_vrrp_script = 'systemctl status haproxy.service' + } # RedHat + 'Debian': { + $keepalived_name_is_process = true + $keepalived_vrrp_script = undef + } + } + + class { 'keepalived': } + keepalived::vrrp_script { 'haproxy': + name_is_process => $keepalived_name_is_process, + script => $keepalived_vrrp_script, + } + + # KEEPALIVE INSTANCE CONTROL + keepalived::instance { '51': + interface => hiera('control_virtual_interface'), + virtual_ips => [join([hiera('controller_virtual_ip'), ' dev ', hiera('control_virtual_interface')])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + + # KEEPALIVE INSTANCE PUBLIC + keepalived::instance { '52': + interface => hiera('public_virtual_interface'), + virtual_ips => [join([hiera('public_virtual_ip'), ' dev ', hiera('public_virtual_interface')])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + + sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' } + + class { 'haproxy': + global_options => { + 'log' => '/dev/log local0', + 'pidfile' => '/var/run/haproxy.pid', + 'user' => 'haproxy', + 'group' => 'haproxy', + 'daemon' => '', + 'maxconn' => '4000', + }, + defaults_options => { + 'mode' => 'tcp', + 'log' => 'global', + 'retries' => '3', + 'maxconn' => '150', + 'option' => [ 'tcpka', 'tcplog' ], + 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], + }, + } + + haproxy::listen { 'haproxy.stats': + ipaddress => '*', + ports => '1993', + mode => 'http', + options => { + 'stats' => 'enable', + }, + collect_exported => false, + } + + if $keystone_admin { + haproxy::listen { 'keystone_admin': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 35357, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'keystone_admin': + listening_service => 'keystone_admin', + ports => '35357', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $keystone_public { + haproxy::listen { 'keystone_public': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 5000, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'keystone_public': + listening_service => 'keystone_public', + ports => '5000', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $neutron { + haproxy::listen { 'neutron': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 9696, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'neutron': + listening_service => 'neutron', + ports => '9696', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $cinder { + haproxy::listen { 'cinder': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8776, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'cinder': + listening_service => 'cinder', + ports => '8776', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $glance_api { + haproxy::listen { 'glance_api': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 9292, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'glance_api': + listening_service => 'glance_api', + ports => '9292', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + + if $glance_registry { + haproxy::listen { 'glance_registry': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 9191, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'glance_registry': + listening_service => 'glance_registry', + ports => '9191', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $nova_ec2 { + haproxy::listen { 'nova_ec2': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8773, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'nova_ec2': + listening_service => 'nova_ec2', + ports => '8773', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $nova_osapi { + haproxy::listen { 'nova_osapi': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8774, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'nova_osapi': + listening_service => 'nova_osapi', + ports => '8774', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $nova_metadata { + haproxy::listen { 'nova_metadata': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8775, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'nova_metadata': + listening_service => 'nova_metadata', + ports => '8775', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $nova_novncproxy { + haproxy::listen { 'nova_novncproxy': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 6080, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'nova_novncproxy': + listening_service => 'nova_novncproxy', + ports => '6080', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $ceilometer { + haproxy::listen { 'ceilometer': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8777, + collect_exported => false, + } + haproxy::balancermember { 'ceilometer': + listening_service => 'ceilometer', + ports => '8777', + ipaddresses => hiera('controller_host'), + options => [], + } + } + + if $swift_proxy_server { + haproxy::listen { 'swift_proxy_server': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8080, + options => { 'option' => [ 'httpchk GET /info' ] }, + collect_exported => false, + } + haproxy::balancermember { 'swift_proxy_server': + listening_service => 'swift_proxy_server', + ports => '8080', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $heat_api { + haproxy::listen { 'heat_api': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8004, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'heat_api': + listening_service => 'heat_api', + ports => '8004', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $heat_cloudwatch { + haproxy::listen { 'heat_cloudwatch': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8003, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'heat_cloudwatch': + listening_service => 'heat_cloudwatch', + ports => '8003', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $heat_cfn { + haproxy::listen { 'heat_cfn': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8000, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'heat_cfn': + listening_service => 'heat_cfn', + ports => '8000', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $horizon { + haproxy::listen { 'horizon': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 80, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'horizon': + listening_service => 'horizon', + ports => '80', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $mysql { + haproxy::listen { 'mysql': + ipaddress => [hiera('controller_virtual_ip')], + ports => 3306, + options => { 'timeout' => [ 'client 0', 'server 0' ] }, + collect_exported => false, + } + haproxy::balancermember { 'mysql': + listening_service => 'mysql', + ports => '3306', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $rabbitmq { + haproxy::listen { 'rabbitmq': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 5672, + options => { 'timeout' => [ 'client 0', 'server 0' ] }, + collect_exported => false, + } + haproxy::balancermember { 'rabbitmq': + listening_service => 'rabbitmq', + ports => '5672', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + +} + +include ::tripleo::loadbalancer diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp new file mode 100644 index 00000000..0d2790b2 --- /dev/null +++ b/puppet/manifests/overcloud_compute.pp @@ -0,0 +1,83 @@ +# Copyright 2014 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if !str2bool(hiera('enable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('enable_package_install option not supported.') + } + } +} + +if count(hiera('ntp::servers')) > 0 { + include ::ntp +} + +class { 'nova': + glance_api_servers => join([hiera('glance_protocol'), '://', hiera('glance_host'), ':', hiera('glance_port')]), +} + +file { ['/etc/libvirt/qemu/networks/autostart/default.xml', + '/etc/libvirt/qemu/networks/default.xml']: + ensure => absent, + before => Service['libvirt'] +} + +include ::nova::compute + +nova_config { + 'DEFAULT/my_ip': value => $ipaddress; + 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; +} + +include ::nova::compute::libvirt + +class { 'nova::network::neutron': + neutron_admin_auth_url => join(['http://', hiera('neutron_host'), ':35357/v2.0']), + neutron_url => join(['http://', hiera('neutron_host'), ':9696']), +} + +include ::neutron + +class { 'neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), + tenant_network_types => [hiera('neutron_tenant_network_type')], + type_drivers => [hiera('neutron_tenant_network_type')], +} + +class { 'neutron::agents::ml2::ovs': + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), +} + +include ::ceilometer +include ::ceilometer::agent::compute + +class { 'ceilometer::agent::auth': + auth_url => join(['http://', hiera('keystone_host'), ':5000/v2.0']), +} + +$snmpd_user = hiera('snmpd_readonly_user_name') +snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), +} +class { 'snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], +} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp new file mode 100644 index 00000000..4801107b --- /dev/null +++ b/puppet/manifests/overcloud_controller.pp @@ -0,0 +1,314 @@ +# Copyright 2014 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if !str2bool(hiera('enable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('enable_package_install option not supported.') + } + } +} + +if hiera('step') >= 1 { + + if count(hiera('ntp::servers')) > 0 { + include ::ntp + } + + # TODO Galara + class { 'mysql::server': + override_options => { + 'mysqld' => { + 'bind-address' => hiera('controller_host') + } + } + } + + # FIXME: this should only occur on the bootstrap host (ditto for db syncs) + # Create all the database schemas + # Example DSN format: mysql://user:password@host/dbname + $allowed_hosts = ['%',hiera('controller_host')] + $keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]') + class { 'keystone::db::mysql': + user => $keystone_dsn[3], + password => $keystone_dsn[4], + host => $keystone_dsn[5], + dbname => $keystone_dsn[6], + allowed_hosts => $allowed_hosts, + } + $glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]') + class { 'glance::db::mysql': + user => $glance_dsn[3], + password => $glance_dsn[4], + host => $glance_dsn[5], + dbname => $glance_dsn[6], + allowed_hosts => $allowed_hosts, + } + $nova_dsn = split(hiera('nova::database_connection'), '[@:/?]') + class { 'nova::db::mysql': + user => $nova_dsn[3], + password => $nova_dsn[4], + host => $nova_dsn[5], + dbname => $nova_dsn[6], + allowed_hosts => $allowed_hosts, + } + $neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]') + class { 'neutron::db::mysql': + user => $neutron_dsn[3], + password => $neutron_dsn[4], + host => $neutron_dsn[5], + dbname => $neutron_dsn[6], + allowed_hosts => $allowed_hosts, + } + $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]') + class { 'cinder::db::mysql': + user => $cinder_dsn[3], + password => $cinder_dsn[4], + host => $cinder_dsn[5], + dbname => $cinder_dsn[6], + allowed_hosts => $allowed_hosts, + } + $heat_dsn = split(hiera('heat::database_connection'), '[@:/?]') + class { 'heat::db::mysql': + user => $heat_dsn[3], + password => $heat_dsn[4], + host => $heat_dsn[5], + dbname => $heat_dsn[6], + allowed_hosts => $allowed_hosts, + } + $ceilometer_dsn = split(hiera('ceilometer::db::database_connection'), '[@:/?]') + class { 'ceilometer::db::mysql': + user => $ceilometer_dsn[3], + password => $ceilometer_dsn[4], + host => $ceilometer_dsn[5], + dbname => $ceilometer_dsn[6], + allowed_hosts => $allowed_hosts, + } + + if $::osfamily == 'RedHat' { + $rabbit_provider = 'yum' + } else { + $rabbit_provider = undef + } + + Class['rabbitmq'] -> Rabbitmq_vhost <| |> + Class['rabbitmq'] -> Rabbitmq_user <| |> + Class['rabbitmq'] -> Rabbitmq_user_permissions <| |> + + # TODO Rabbit HA + class { 'rabbitmq': + package_provider => $rabbit_provider, + config_cluster => false, + node_ip_address => hiera('controller_host'), + } + + rabbitmq_vhost { '/': + provider => 'rabbitmqctl', + } + rabbitmq_user { ['nova','glance','neutron','cinder','ceilometer','heat']: + admin => true, + password => hiera('rabbit_password'), + provider => 'rabbitmqctl', + } + + rabbitmq_user_permissions {[ + 'nova@/', + 'glance@/', + 'neutron@/', + 'cinder@/', + 'ceilometer@/', + 'heat@/', + ]: + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + } + + # pre-install swift here so we can build rings + include ::swift + +} #END STEP 1 + +if hiera('step') >= 2 { + + include ::keystone + + #TODO: need a cleanup-keystone-tokens.sh solution here + keystone_config { + 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2'; + } + file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: + ensure => 'directory', + owner => 'keystone', + group => 'keystone', + require => Package['keystone'], + } + file { '/etc/keystone/ssl/certs/signing_cert.pem': + content => hiera('keystone_signing_certificate'), + owner => 'keystone', + group => 'keystone', + notify => Service['keystone'], + require => File['/etc/keystone/ssl/certs'], + } + file { '/etc/keystone/ssl/private/signing_key.pem': + content => hiera('keystone_signing_key'), + owner => 'keystone', + group => 'keystone', + notify => Service['keystone'], + require => File['/etc/keystone/ssl/private'], + } + file { '/etc/keystone/ssl/certs/ca.pem': + content => hiera('keystone_ca_certificate'), + owner => 'keystone', + group => 'keystone', + notify => Service['keystone'], + require => File['/etc/keystone/ssl/certs'], + } + + # TODO: notifications, scrubber, etc. + include ::glance::api + include ::glance::registry + #class { 'glance::backend::swift': + #swift_store_auth_address => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']), + #} + + class { 'nova': + rabbit_hosts => [hiera('controller_virtual_ip')], + glance_api_servers => join([hiera('glance_protocol'), '://', hiera('controller_virtual_ip'), ':', hiera('glance_port')]), + } + + include ::nova::api + include ::nova::cert + include ::nova::conductor + include ::nova::consoleauth + include ::nova::vncproxy + include ::nova::scheduler + + class {'neutron': + rabbit_hosts => [hiera('controller_virtual_ip')], + } + + include ::neutron::server + include ::neutron::agents::dhcp + include ::neutron::agents::l3 + + file { '/etc/neutron/dnsmasq-neutron.conf': + content => hiera('neutron_dnsmasq_options'), + owner => 'neutron', + group => 'neutron', + notify => Service['neutron-dhcp-service'], + require => Package['neutron'], + } + + class { 'neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), + tenant_network_types => [hiera('neutron_tenant_network_type')], + type_drivers => [hiera('neutron_tenant_network_type')], + } + + class { 'neutron::agents::ml2::ovs': + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), + } + + class { 'neutron::agents::metadata': + auth_url => join(['http://', hiera('controller_virtual_ip'), ':35357/v2.0']), + } + + class {'cinder': + rabbit_hosts => [hiera('controller_virtual_ip')], + } + + include ::cinder::api + include ::cinder::scheduler + include ::cinder::volume + include ::cinder::volume::iscsi + class {'cinder::setup_test_volume': + size => join([hiera('cinder_lvm_loop_device_size'), 'M']), + } + + # swift proxy + include ::memcached + #include ::swift::proxy + #include ::swift::proxy::proxy_logging + #include ::swift::proxy::healthcheck + #include ::swift::proxy::cache + #include ::swift::proxy::keystone + #include ::swift::proxy::authtoken + #include ::swift::proxy::staticweb + #include ::swift::proxy::ceilometer + #include ::swift::proxy::ratelimit + #include ::swift::proxy::catch_errors + #include ::swift::proxy::tempurl + #include ::swift::proxy::formpost + + # swift storage + class {'swift::storage::all': + mount_check => str2bool(hiera('swift_mount_check')) + } + if(!defined(File['/srv/node'])) { + file { '/srv/node': + ensure => directory, + owner => 'swift', + group => 'swift', + require => Package['openstack-swift'], + } + } + $swift_components = ['account', 'container', 'object'] + swift::storage::filter::recon { $swift_components : } + swift::storage::filter::healthcheck { $swift_components : } + + # Ceilometer + include ::ceilometer + include ::ceilometer::api + include ::ceilometer::db + include ::ceilometer::agent::notification + include ::ceilometer::agent::central + include ::ceilometer::alarm::notifier + include ::ceilometer::alarm::evaluator + include ::ceilometer::expirer + include ::ceilometer::collector + class { 'ceilometer::agent::auth': + auth_url => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']), + } + + Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } + + # Heat + include ::heat + include ::heat::api + include ::heat::api_cfn + include ::heat::api_cloudwatch + include ::heat::engine + + heat_config { + 'DEFAULT/instance_user': value => 'heat-admin'; + } + + $snmpd_user = hiera('snmpd_readonly_user_name') + snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), + } + class { 'snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + } + +} #END STEP 2 diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp new file mode 100644 index 00000000..8d0ad783 --- /dev/null +++ b/puppet/manifests/overcloud_object.pp @@ -0,0 +1,56 @@ +# Copyright 2015 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if !str2bool(hiera('enable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('enable_package_install option not supported.') + } + } +} + +if count(hiera('ntp::servers')) > 0 { + include ::ntp +} + +include ::swift +class {'swift::storage::all': + mount_check => str2bool(hiera('swift_mount_check')) +} +if(!defined(File['/srv/node'])) { + file { '/srv/node': + ensure => directory, + owner => 'swift', + group => 'swift', + require => Package['openstack-swift'], + } +} + +$swift_components = ['account', 'container', 'object'] +swift::storage::filter::recon { $swift_components : } +swift::storage::filter::healthcheck { $swift_components : } + +$snmpd_user = hiera('snmpd_readonly_user_name') +snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), +} +class { 'snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], +} diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp new file mode 100644 index 00000000..b433321a --- /dev/null +++ b/puppet/manifests/overcloud_volume.pp @@ -0,0 +1,44 @@ +# Copyright 2015 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if str2bool(hiera('disable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('disable_package_install option not supported.') + } + } +} + +if count(hiera('ntp::servers')) > 0 { + include ::ntp +} + +include ::cinder +include ::cinder::volume +include ::cinder::volume::iscsi +include ::cinder::setup_test_volume + +$snmpd_user = hiera('snmpd_readonly_user_name') +snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), +} +class { 'snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], +} diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp new file mode 100644 index 00000000..531706d2 --- /dev/null +++ b/puppet/manifests/ringbuilder.pp @@ -0,0 +1,101 @@ +# Copyright 2015 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if str2bool(hiera('disable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('disable_package_install option not supported.') + } + } +} + +define add_devices( + $swift_zones = '1' +){ + + # NOTE(dprince): Swift zones is not yet properly wired into the Heat + # templates. See: https://review.openstack.org/#/c/97758/3 + # For now our regex supports the r1z1-192.0.2.6:%PORT%/d1 syntax or the + # newer r1z%%-192.0.2.6:%PORT%/d1 syntax. + $server_num_or_device = regsubst($name,'^r1z%+[A-Za-z]*([0-9]+)%+-(.*)$','\1') + if (is_integer($server_num_or_device)) { + $server_num = $server_num_or_device + } else { + $server_num = '1' + } + # Function to place server in its zone. Zone is calculated by + # server number in heat template modulo the number of zones + 1. + $zone = (($server_num%$swift_zones) + 1) + + # add the rings + $base = regsubst($name,'^r1.*-(.*)$','\1') + $object = regsubst($base, '%PORT%', '6000') + ring_object_device { $object: + zone => '1', + weight => 100, + } + $container = regsubst($base, '%PORT%', '6001') + ring_container_device { $container: + zone => '1', + weight => 100, + } + $account = regsubst($base, '%PORT%', '6002') + ring_account_device { $account: + zone => '1', + weight => 100, + } +} + +class tripleo::ringbuilder ( + $swift_zones = '1', + $devices = '', + $build_ring = 'True', + $part_power, + $replicas, + $min_part_hours, +) { + + if str2bool(downcase("$build_ring")) { + + $device_array = strip(split(rstrip($devices), ',')) + + # create local rings + swift::ringbuilder::create{ ['object', 'account', 'container']: + part_power => $part_power, + replicas => $replicas, + min_part_hours => $min_part_hours, + } -> + + # add all other devices + add_devices {$device_array: + swift_zones => $swift_zones + } -> + + # rebalance + swift::ringbuilder::rebalance{ ['object', 'account', 'container']: + seed => 999, + } + + Ring_object_device<| |> ~> Exec['rebalance_object'] + Ring_object_device<| |> ~> Exec['rebalance_account'] + Ring_object_device<| |> ~> Exec['rebalance_container'] + + } +} + +include ::tripleo::ringbuilder diff --git a/puppet/overcloud_compute.pp b/puppet/overcloud_compute.pp deleted file mode 100644 index 0d2790b2..00000000 --- a/puppet/overcloud_compute.pp +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} - -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - -class { 'nova': - glance_api_servers => join([hiera('glance_protocol'), '://', hiera('glance_host'), ':', hiera('glance_port')]), -} - -file { ['/etc/libvirt/qemu/networks/autostart/default.xml', - '/etc/libvirt/qemu/networks/default.xml']: - ensure => absent, - before => Service['libvirt'] -} - -include ::nova::compute - -nova_config { - 'DEFAULT/my_ip': value => $ipaddress; - 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; -} - -include ::nova::compute::libvirt - -class { 'nova::network::neutron': - neutron_admin_auth_url => join(['http://', hiera('neutron_host'), ':35357/v2.0']), - neutron_url => join(['http://', hiera('neutron_host'), ':9696']), -} - -include ::neutron - -class { 'neutron::plugins::ml2': - flat_networks => split(hiera('neutron_flat_networks'), ','), - tenant_network_types => [hiera('neutron_tenant_network_type')], - type_drivers => [hiera('neutron_tenant_network_type')], -} - -class { 'neutron::agents::ml2::ovs': - bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), - tunnel_types => split(hiera('neutron_tunnel_types'), ','), -} - -include ::ceilometer -include ::ceilometer::agent::compute - -class { 'ceilometer::agent::auth': - auth_url => join(['http://', hiera('keystone_host'), ':5000/v2.0']), -} - -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { 'snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], -} diff --git a/puppet/overcloud_controller.pp b/puppet/overcloud_controller.pp deleted file mode 100644 index 4801107b..00000000 --- a/puppet/overcloud_controller.pp +++ /dev/null @@ -1,314 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} - -if hiera('step') >= 1 { - - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } - - # TODO Galara - class { 'mysql::server': - override_options => { - 'mysqld' => { - 'bind-address' => hiera('controller_host') - } - } - } - - # FIXME: this should only occur on the bootstrap host (ditto for db syncs) - # Create all the database schemas - # Example DSN format: mysql://user:password@host/dbname - $allowed_hosts = ['%',hiera('controller_host')] - $keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]') - class { 'keystone::db::mysql': - user => $keystone_dsn[3], - password => $keystone_dsn[4], - host => $keystone_dsn[5], - dbname => $keystone_dsn[6], - allowed_hosts => $allowed_hosts, - } - $glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]') - class { 'glance::db::mysql': - user => $glance_dsn[3], - password => $glance_dsn[4], - host => $glance_dsn[5], - dbname => $glance_dsn[6], - allowed_hosts => $allowed_hosts, - } - $nova_dsn = split(hiera('nova::database_connection'), '[@:/?]') - class { 'nova::db::mysql': - user => $nova_dsn[3], - password => $nova_dsn[4], - host => $nova_dsn[5], - dbname => $nova_dsn[6], - allowed_hosts => $allowed_hosts, - } - $neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]') - class { 'neutron::db::mysql': - user => $neutron_dsn[3], - password => $neutron_dsn[4], - host => $neutron_dsn[5], - dbname => $neutron_dsn[6], - allowed_hosts => $allowed_hosts, - } - $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]') - class { 'cinder::db::mysql': - user => $cinder_dsn[3], - password => $cinder_dsn[4], - host => $cinder_dsn[5], - dbname => $cinder_dsn[6], - allowed_hosts => $allowed_hosts, - } - $heat_dsn = split(hiera('heat::database_connection'), '[@:/?]') - class { 'heat::db::mysql': - user => $heat_dsn[3], - password => $heat_dsn[4], - host => $heat_dsn[5], - dbname => $heat_dsn[6], - allowed_hosts => $allowed_hosts, - } - $ceilometer_dsn = split(hiera('ceilometer::db::database_connection'), '[@:/?]') - class { 'ceilometer::db::mysql': - user => $ceilometer_dsn[3], - password => $ceilometer_dsn[4], - host => $ceilometer_dsn[5], - dbname => $ceilometer_dsn[6], - allowed_hosts => $allowed_hosts, - } - - if $::osfamily == 'RedHat' { - $rabbit_provider = 'yum' - } else { - $rabbit_provider = undef - } - - Class['rabbitmq'] -> Rabbitmq_vhost <| |> - Class['rabbitmq'] -> Rabbitmq_user <| |> - Class['rabbitmq'] -> Rabbitmq_user_permissions <| |> - - # TODO Rabbit HA - class { 'rabbitmq': - package_provider => $rabbit_provider, - config_cluster => false, - node_ip_address => hiera('controller_host'), - } - - rabbitmq_vhost { '/': - provider => 'rabbitmqctl', - } - rabbitmq_user { ['nova','glance','neutron','cinder','ceilometer','heat']: - admin => true, - password => hiera('rabbit_password'), - provider => 'rabbitmqctl', - } - - rabbitmq_user_permissions {[ - 'nova@/', - 'glance@/', - 'neutron@/', - 'cinder@/', - 'ceilometer@/', - 'heat@/', - ]: - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - } - - # pre-install swift here so we can build rings - include ::swift - -} #END STEP 1 - -if hiera('step') >= 2 { - - include ::keystone - - #TODO: need a cleanup-keystone-tokens.sh solution here - keystone_config { - 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2'; - } - file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: - ensure => 'directory', - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - } - file { '/etc/keystone/ssl/certs/signing_cert.pem': - content => hiera('keystone_signing_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - file { '/etc/keystone/ssl/private/signing_key.pem': - content => hiera('keystone_signing_key'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/private'], - } - file { '/etc/keystone/ssl/certs/ca.pem': - content => hiera('keystone_ca_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - - # TODO: notifications, scrubber, etc. - include ::glance::api - include ::glance::registry - #class { 'glance::backend::swift': - #swift_store_auth_address => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']), - #} - - class { 'nova': - rabbit_hosts => [hiera('controller_virtual_ip')], - glance_api_servers => join([hiera('glance_protocol'), '://', hiera('controller_virtual_ip'), ':', hiera('glance_port')]), - } - - include ::nova::api - include ::nova::cert - include ::nova::conductor - include ::nova::consoleauth - include ::nova::vncproxy - include ::nova::scheduler - - class {'neutron': - rabbit_hosts => [hiera('controller_virtual_ip')], - } - - include ::neutron::server - include ::neutron::agents::dhcp - include ::neutron::agents::l3 - - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], - } - - class { 'neutron::plugins::ml2': - flat_networks => split(hiera('neutron_flat_networks'), ','), - tenant_network_types => [hiera('neutron_tenant_network_type')], - type_drivers => [hiera('neutron_tenant_network_type')], - } - - class { 'neutron::agents::ml2::ovs': - bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), - tunnel_types => split(hiera('neutron_tunnel_types'), ','), - } - - class { 'neutron::agents::metadata': - auth_url => join(['http://', hiera('controller_virtual_ip'), ':35357/v2.0']), - } - - class {'cinder': - rabbit_hosts => [hiera('controller_virtual_ip')], - } - - include ::cinder::api - include ::cinder::scheduler - include ::cinder::volume - include ::cinder::volume::iscsi - class {'cinder::setup_test_volume': - size => join([hiera('cinder_lvm_loop_device_size'), 'M']), - } - - # swift proxy - include ::memcached - #include ::swift::proxy - #include ::swift::proxy::proxy_logging - #include ::swift::proxy::healthcheck - #include ::swift::proxy::cache - #include ::swift::proxy::keystone - #include ::swift::proxy::authtoken - #include ::swift::proxy::staticweb - #include ::swift::proxy::ceilometer - #include ::swift::proxy::ratelimit - #include ::swift::proxy::catch_errors - #include ::swift::proxy::tempurl - #include ::swift::proxy::formpost - - # swift storage - class {'swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')) - } - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } - } - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - - # Ceilometer - include ::ceilometer - include ::ceilometer::api - include ::ceilometer::db - include ::ceilometer::agent::notification - include ::ceilometer::agent::central - include ::ceilometer::alarm::notifier - include ::ceilometer::alarm::evaluator - include ::ceilometer::expirer - include ::ceilometer::collector - class { 'ceilometer::agent::auth': - auth_url => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']), - } - - Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } - - # Heat - include ::heat - include ::heat::api - include ::heat::api_cfn - include ::heat::api_cloudwatch - include ::heat::engine - - heat_config { - 'DEFAULT/instance_user': value => 'heat-admin'; - } - - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { 'snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - -} #END STEP 2 diff --git a/puppet/overcloud_object.pp b/puppet/overcloud_object.pp deleted file mode 100644 index 8d0ad783..00000000 --- a/puppet/overcloud_object.pp +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} - -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - -include ::swift -class {'swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')) -} -if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } -} - -$swift_components = ['account', 'container', 'object'] -swift::storage::filter::recon { $swift_components : } -swift::storage::filter::healthcheck { $swift_components : } - -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { 'snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], -} diff --git a/puppet/overcloud_volume.pp b/puppet/overcloud_volume.pp deleted file mode 100644 index b433321a..00000000 --- a/puppet/overcloud_volume.pp +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if str2bool(hiera('disable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('disable_package_install option not supported.') - } - } -} - -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - -include ::cinder -include ::cinder::volume -include ::cinder::volume::iscsi -include ::cinder::setup_test_volume - -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { 'snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], -} diff --git a/puppet/ringbuilder.pp b/puppet/ringbuilder.pp deleted file mode 100644 index 531706d2..00000000 --- a/puppet/ringbuilder.pp +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if str2bool(hiera('disable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('disable_package_install option not supported.') - } - } -} - -define add_devices( - $swift_zones = '1' -){ - - # NOTE(dprince): Swift zones is not yet properly wired into the Heat - # templates. See: https://review.openstack.org/#/c/97758/3 - # For now our regex supports the r1z1-192.0.2.6:%PORT%/d1 syntax or the - # newer r1z%%-192.0.2.6:%PORT%/d1 syntax. - $server_num_or_device = regsubst($name,'^r1z%+[A-Za-z]*([0-9]+)%+-(.*)$','\1') - if (is_integer($server_num_or_device)) { - $server_num = $server_num_or_device - } else { - $server_num = '1' - } - # Function to place server in its zone. Zone is calculated by - # server number in heat template modulo the number of zones + 1. - $zone = (($server_num%$swift_zones) + 1) - - # add the rings - $base = regsubst($name,'^r1.*-(.*)$','\1') - $object = regsubst($base, '%PORT%', '6000') - ring_object_device { $object: - zone => '1', - weight => 100, - } - $container = regsubst($base, '%PORT%', '6001') - ring_container_device { $container: - zone => '1', - weight => 100, - } - $account = regsubst($base, '%PORT%', '6002') - ring_account_device { $account: - zone => '1', - weight => 100, - } -} - -class tripleo::ringbuilder ( - $swift_zones = '1', - $devices = '', - $build_ring = 'True', - $part_power, - $replicas, - $min_part_hours, -) { - - if str2bool(downcase("$build_ring")) { - - $device_array = strip(split(rstrip($devices), ',')) - - # create local rings - swift::ringbuilder::create{ ['object', 'account', 'container']: - part_power => $part_power, - replicas => $replicas, - min_part_hours => $min_part_hours, - } -> - - # add all other devices - add_devices {$device_array: - swift_zones => $swift_zones - } -> - - # rebalance - swift::ringbuilder::rebalance{ ['object', 'account', 'container']: - seed => 999, - } - - Ring_object_device<| |> ~> Exec['rebalance_object'] - Ring_object_device<| |> ~> Exec['rebalance_account'] - Ring_object_device<| |> ~> Exec['rebalance_container'] - - } -} - -include ::tripleo::ringbuilder diff --git a/puppet/swift-storage-puppet.yaml b/puppet/swift-storage-puppet.yaml new file mode 100644 index 00000000..7a831a58 --- /dev/null +++ b/puppet/swift-storage-puppet.yaml @@ -0,0 +1,171 @@ +heat_template_version: 2014-10-16 +description: 'Common Swift Storage Configuration' +parameters: + Flavor: + description: Flavor for Swift storage nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + HashSuffix: + default: unset + description: A random string to be used as a salt when hashing to determine mappings + in the ring. + hidden: true + type: string + Image: + default: overcloud-swift-storage + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + MountCheck: + default: 'false' + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + MinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + PartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + Replicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + NtpServer: + type: string + default: '' + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +resources: + + SwiftStorage: + type: OS::Nova::Server + properties: + image: {get_param: Image} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + user_data_format: SOFTWARE_CONFIG + networks: + - network: ctlplane + + StoragePuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + outputs: + - name: result + config: + get_file: manifests/overcloud_object.pp + + StoragePuppetDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_1 + server: {get_resource: SwiftStorage} + config: {get_resource: StoragePuppetConfig} + + StorageRingbuilderPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + outputs: + - name: result + config: + get_file: manifests/ringbuilder.pp + + StorageRingbuilderPuppetDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_2 + server: {get_resource: SwiftStorage} + config: {get_resource: StorageRingbuilderPuppetConfig} + + SwiftStorageHieraConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - object + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + object: + raw_data: {get_file: hieradata/object.yaml} + oac_data: # data we map in from other OAC configurations + tripleo::ringbuilder::devices: swift.devices + mapped_data: # data supplied directly to this deployment configuration, etc + swift::swift_hash_suffix: { get_input: swift_hash_suffix } + tripleo::ringbuilder::part_power: { get_input: swift_part_power } + tripleo::ringbuilder::replicas: {get_input: swift_replicas } + # Swift + swift::storage::all::storage_local_net_ip: {get_input: local_ip} + swift_mount_check: {get_input: swift_mount_check } + tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } + ntp::servers: {get_input: ntp_servers} + # NOTE(dprince): build_ring support is currently not wired in. + # See: https://review.openstack.org/#/c/109225/ + tripleo::ringbuilder::build_ring: True + enable_package_install: {get_input: enable_package_install} + + + SwiftStorageHieraDeploy: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: SwiftStorage} + config: {get_resource: SwiftStorageHieraConfig} + signal_transport: NO_SIGNAL + input_values: + local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + swift_hash_suffix: {get_param: HashSuffix} + swift_mount_check: {get_param: MountCheck} + swift_min_part_hours: {get_param: MinPartHours} + swift_part_power: {get_param: PartPower} + swift_replicas: { get_param: Replicas} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + enable_package_install: {get_param: EnablePackageInstall} + +outputs: + hosts_entry: + value: + str_replace: + template: "IP HOST HOST.novalocal" + params: + IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + HOST: {get_attr: [SwiftStorage, name]} + nova_server_resource: + description: Heat resource handle for the swift storage server + value: + {get_resource: SwiftStorage} + swift_device: + description: Swift device formatted for swift-ring-builder + value: + str_replace: + template: 'r1z1-IP:%PORT%/d1' + params: + IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} diff --git a/swift-storage-puppet.yaml b/swift-storage-puppet.yaml deleted file mode 100644 index a529330f..00000000 --- a/swift-storage-puppet.yaml +++ /dev/null @@ -1,171 +0,0 @@ -heat_template_version: 2014-10-16 -description: 'Common Swift Storage Configuration' -parameters: - Flavor: - description: Flavor for Swift storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - HashSuffix: - default: unset - description: A random string to be used as a salt when hashing to determine mappings - in the ring. - hidden: true - type: string - Image: - default: overcloud-swift-storage - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - MountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - MinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - PartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - Replicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - NtpServer: - type: string - default: '' - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean - -resources: - - SwiftStorage: - type: OS::Nova::Server - properties: - image: {get_param: Image} - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - user_data_format: SOFTWARE_CONFIG - networks: - - network: ctlplane - - StoragePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - outputs: - - name: result - config: - get_file: puppet/overcloud_object.pp - - StoragePuppetDeployment: - type: OS::Heat::StructuredDeployment - properties: - name: puppet_1 - server: {get_resource: SwiftStorage} - config: {get_resource: StoragePuppetConfig} - - StorageRingbuilderPuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - outputs: - - name: result - config: - get_file: puppet/ringbuilder.pp - - StorageRingbuilderPuppetDeployment: - type: OS::Heat::StructuredDeployment - properties: - name: puppet_2 - server: {get_resource: SwiftStorage} - config: {get_resource: StorageRingbuilderPuppetConfig} - - SwiftStorageHieraConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - hierarchy: - - heat_config_%{::deploy_config_name} - - object - - common - datafiles: - common: - raw_data: {get_file: puppet/hieradata/common.yaml} - object: - raw_data: {get_file: puppet/hieradata/object.yaml} - oac_data: # data we map in from other OAC configurations - tripleo::ringbuilder::devices: swift.devices - mapped_data: # data supplied directly to this deployment configuration, etc - swift::swift_hash_suffix: { get_input: swift_hash_suffix } - tripleo::ringbuilder::part_power: { get_input: swift_part_power } - tripleo::ringbuilder::replicas: {get_input: swift_replicas } - # Swift - swift::storage::all::storage_local_net_ip: {get_input: local_ip} - swift_mount_check: {get_input: swift_mount_check } - tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } - ntp::servers: {get_input: ntp_servers} - # NOTE(dprince): build_ring support is currently not wired in. - # See: https://review.openstack.org/#/c/109225/ - tripleo::ringbuilder::build_ring: True - enable_package_install: {get_input: enable_package_install} - - - SwiftStorageHieraDeploy: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: SwiftStorage} - config: {get_resource: SwiftStorageHieraConfig} - signal_transport: NO_SIGNAL - input_values: - local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - swift_hash_suffix: {get_param: HashSuffix} - swift_mount_check: {get_param: MountCheck} - swift_min_part_hours: {get_param: MinPartHours} - swift_part_power: {get_param: PartPower} - swift_replicas: { get_param: Replicas} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} - enable_package_install: {get_param: EnablePackageInstall} - -outputs: - hosts_entry: - value: - str_replace: - template: "IP HOST HOST.novalocal" - params: - IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - HOST: {get_attr: [SwiftStorage, name]} - nova_server_resource: - description: Heat resource handle for the swift storage server - value: - {get_resource: SwiftStorage} - swift_device: - description: Swift device formatted for swift-ring-builder - value: - str_replace: - template: 'r1z1-IP:%PORT%/d1' - params: - IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} -- cgit 1.2.3-korg