Merge "Move tripleo::certmonger::httpd to defines folder and fix suffix" - apex-puppet-tripleo

about summary refs log tree commit diff stats

path: root/manifests/profile/base/nova/libvirt.pp

diff options

author	Jenkins <jenkins@review.openstack.org>	2017-06-08 20:55:47 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-06-08 20:55:47 +0000
commit	cb52018401aec9a3c684159dafe0b8520795bfba (patch)
tree	94b1c62f0e5bd2ae9acb183da190795fd150ba72 /manifests/profile/base/nova/libvirt.pp
parent	1041ef2305c0261608d52ad9c727667be4e76d99 (diff)
parent	5247b9904575629121c6ec72e3e6ff3a665bd9a7 (diff)

Merge "Move tripleo::certmonger::httpd to defines folder and fix suffix"

Diffstat (limited to 'manifests/profile/base/nova/libvirt.pp')

0 files changed, 0 insertions, 0 deletions

Open Platform for NFV and OPNFV are trademarks of the Open Platform for NFV Project, Inc.

Linux Foundation is a registered trademark of The Linux Foundation. Linux is a registered trademark of Linus Torvalds.

Please see our terms of use, trademark policy, and privacy policy.

n167'>167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285

heat_template_version: pike

description: >
  OpenStack Nova API service configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  NovaWorkers:
    default: 0
    description: Number of workers for Nova API service.
    type: number
  NovaPassword:
    description: The password for the nova service and db account, used by nova-api.
    type: string
    hidden: true
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  NeutronMetadataProxySharedSecret:
    description: Shared secret to prevent spoofing
    type: string
    hidden: true
  InstanceNameTemplate:
    default: 'instance-%08x'
    description: Template string to be used to generate instance names
    type: string
  NovaEnableDBPurge:
    default: true
    description: |
        Whether to create cron job for purging soft deleted rows in Nova database.
    type: boolean
  MonitoringSubscriptionNovaApi:
    default: 'overcloud-nova-api'
    type: string
  NovaApiLoggingSource:
    type: json
    default:
      tag: openstack.nova.api
      path: /var/log/nova/nova-api.log
  EnableInternalTLS:
    type: boolean
    default: false
  NovaDefaultFloatingPool:
    default: 'public'
    description: Default pool for floating IP addresses
    type: string
  NovaDbSyncTimeout:
    default: 300
    description: Timeout for Nova db sync
    type: number
  NovaApiPolicies:
    description: |
      A hash of policies to configure for Nova API.
      e.g. { nova-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
    default: {}
    type: json

conditions:
  nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}

resources:
  # Temporarily disable Nova API deployed in WSGI
  # https://bugs.launchpad.net/nova/+bug/1661360
  # ApacheServiceBase:
  #   type: ./apache.yaml
  #   properties:
  #     ServiceNetMap: {get_param: ServiceNetMap}
  #     DefaultPasswords: {get_param: DefaultPasswords}
  #     EndpointMap: {get_param: EndpointMap}
  #     RoleName: {get_param: RoleName}
  #     RoleParameters: {get_param: RoleParameters}
  #     EnableInternalTLS: {get_param: EnableInternalTLS}

  NovaBase:
    type: ./nova-base.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

outputs:
  role_data:
    description: Role data for the Nova API service.
    value:
      service_name: nova_api
      monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi}
      logging_source: {get_param: NovaApiLoggingSource}
      logging_groups:
        - nova
      config_settings:
        map_merge:
        - get_attr: [NovaBase, role_data, config_settings]
        # Temporarily disable Nova API deployed in WSGI
        # https://bugs.launchpad.net/nova/+bug/1661360
        # - get_attr: [ApacheServiceBase, role_data, config_settings]
        - nova::cron::archive_deleted_rows::hour: '*/12'
          nova::cron::archive_deleted_rows::destination: '/dev/null'
          tripleo.nova_api.firewall_rules:
            '113 nova_api':
              dport:
                - 8773
                - 3773
                - 8774
                - 13774
                - 8775
          nova::keystone::authtoken::project_name: 'service'
          nova::keystone::authtoken::user_domain_name: 'Default'
          nova::keystone::authtoken::project_domain_name: 'Default'
          nova::keystone::authtoken::password: {get_param: NovaPassword}
          nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
          nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
          nova::api::enabled: true
          nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool}
          nova::api::sync_db_api: true
          nova::api::enable_proxy_headers_parsing: true
          nova::api::api_bind_address:
            str_replace:
              template:
                "%{hiera('fqdn_$NETWORK')}"
              params:
                $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
          # Temporarily disable Nova API deployed in WSGI
          # https://bugs.launchpad.net/nova/+bug/1661360
          nova_wsgi_enabled: false
          # nova::api::service_name: 'httpd'
          # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
          # NOTE: bind IP is found in Heat replacing the network name with the local node IP
          # for the given network; replacement examples (eg. for internal_api):
          # internal_api -> IP
          # internal_api_uri -> [IP]
          # internal_api_subnet - > IP/CIDR
          # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
          # nova::wsgi::apache_api::servername:
          #   str_replace:
          #     template:
          #       "%{hiera('fqdn_$NETWORK')}"
          #     params:
          #       $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
          nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
          nova::api::instance_name_template: {get_param: InstanceNameTemplate}
          nova_enable_db_purge: {get_param: NovaEnableDBPurge}
          nova::policy::policies: {get_param: NovaApiPolicies}
        -
          if:
          - nova_workers_zero
          - {}
          - nova::api::osapi_compute_workers: {get_param: NovaWorkers}
          # Temporarily disable Nova API deployed in WSGI
          # https://bugs.launchpad.net/nova/+bug/1661360
          # nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
      step_config: |
        include tripleo::profile::base::nova::api
      service_config_settings:
        mysql:
          map_merge:
          - {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
          - nova::db::mysql::password: {get_param: NovaPassword}
            nova::db::mysql::user: nova
            nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
            nova::db::mysql::dbname: nova
            nova::db::mysql::allowed_hosts:
              - '%'
              - "%{hiera('mysql_bind_host')}"
            nova::db::mysql_api::password: {get_param: NovaPassword}
            nova::db::mysql_api::user: nova_api
            nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
            nova::db::mysql_api::dbname: nova_api
            nova::db::mysql_api::allowed_hosts:
              - '%'
              - "%{hiera('mysql_bind_host')}"
        keystone:
          nova::keystone::auth::tenant: 'service'
          nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
          nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
          nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
          nova::keystone::auth::password: {get_param: NovaPassword}
          nova::keystone::auth::region: {get_param: KeystoneRegion}
      # Temporarily disable Nova API deployed in WSGI
      # https://bugs.launchpad.net/nova/+bug/1661360
      # metadata_settings:
      #   get_attr: [ApacheServiceBase, role_data, metadata_settings]
      upgrade_tasks:
        - name: get bootstrap nodeid
          tags: common
          command: hiera bootstrap_nodeid
          register: bootstrap_node
        - name: set is_bootstrap_node fact
          tags: common
          set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}}
        - name: Extra migration for nova tripleo/+bug/1656791
          tags: step0,pre-upgrade
          when: is_bootstrap_node
          command: nova-manage db online_data_migrations
        - name: Stop and disable nova_api service (pre-upgrade not under httpd)
          tags: step2
          service: name=openstack-nova-api state=stopped enabled=no
        - name: Create puppet manifest to set transport_url in nova.conf
          tags: step5
          when: is_bootstrap_node
          copy:
            dest: /root/nova-api_upgrade_manifest.pp
            mode: 0600
            content: >
              $transport_url = os_transport_url({
                'transport' => hiera('messaging_service_name', 'rabbit'),
                'hosts'     => any2array(hiera('rabbitmq_node_names', undef)),
                'port'      => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
                'username'  => hiera('nova::rabbit_userid', 'guest'),
                'password'  => hiera('nova::rabbit_password'),
                'ssl'       => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
              })
              oslo::messaging::default { 'nova_config':
                transport_url => $transport_url
              }
        - name: Run puppet apply to set tranport_url in nova.conf
          tags: step5
          when: is_bootstrap_node
          command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
          register: puppet_apply_nova_api_upgrade
          failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
          changed_when: puppet_apply_nova_api_upgrade.rc == 2
        - name: Setup cell_v2 (map cell0)
          tags: step5
          when: is_bootstrap_node
          shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
        - name: Setup cell_v2 (create default cell)
          tags: step5
          when: is_bootstrap_node
          # (owalsh) puppet-nova expects the cell name 'default'
          # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
          shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
          register: nova_api_create_cell
          failed_when: nova_api_create_cell.rc not in [0,2]
          changed_when: nova_api_create_cell.rc == 0
        - name: Setup cell_v2 (sync nova/cell DB)
          tags: step5
          when: is_bootstrap_node
          command: nova-manage db sync
          async: {get_param: NovaDbSyncTimeout}
          poll: 10
        - name: Setup cell_v2 (get cell uuid)
          tags: step5
          when: is_bootstrap_node
          shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
          register: nova_api_cell_uuid
        - name: Setup cell_v2 (migrate hosts)
          tags: step5
          when: is_bootstrap_node
          command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
        - name: Setup cell_v2 (migrate instances)
          tags: step5
          when: is_bootstrap_node
          command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
        - name: Sync nova_api DB
          tags: step5
          command: nova-manage api_db sync
          when: is_bootstrap_node
        - name: Online data migration for nova
          tags: step5
          when: is_bootstrap_node
          command: nova-manage db online_data_migrations


context:
space:
mode: