summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--capabilities-map.yaml (renamed from capabilities_map.yaml)0
-rw-r--r--docker/firstboot/install_docker_agents.yaml7
-rw-r--r--docker/firstboot/start_docker_agents.sh5
-rw-r--r--environments/docker.yaml2
-rwxr-xr-xextraconfig/tasks/yum_update.sh4
-rw-r--r--network/endpoints/endpoint_map.yaml10
-rw-r--r--overcloud-resource-registry-puppet.yaml1
-rw-r--r--overcloud.yaml2
-rw-r--r--puppet/all-nodes-config.yaml2
-rw-r--r--puppet/cinder-storage.yaml2
-rw-r--r--puppet/controller.yaml16
-rw-r--r--puppet/hieradata/controller.yaml6
-rw-r--r--puppet/hieradata/database.yaml7
-rw-r--r--puppet/manifests/overcloud_compute.pp10
-rw-r--r--puppet/manifests/overcloud_controller.pp17
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp138
-rwxr-xr-xtools/yaml-validate.py41
17 files changed, 155 insertions, 115 deletions
diff --git a/capabilities_map.yaml b/capabilities-map.yaml
index 30ee211e..30ee211e 100644
--- a/capabilities_map.yaml
+++ b/capabilities-map.yaml
diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml
index 348c1755..2858552f 100644
--- a/docker/firstboot/install_docker_agents.yaml
+++ b/docker/firstboot/install_docker_agents.yaml
@@ -3,7 +3,7 @@ heat_template_version: 2014-10-16
parameters:
DockerAgentImage:
type: string
- default: tripleoupstream/heat-docker-agents
+ default: heat-docker-agents
DockerNamespace:
type: string
default: kollaglue
@@ -26,7 +26,10 @@ resources:
config:
str_replace:
params:
- $agent_image: {get_param: DockerAgentImage}
+ $agent_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerAgentImage} ]
$docker_registry: {get_param: DockerNamespace}
$docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry}
template: {get_file: ./start_docker_agents.sh}
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index a0e95d11..2b03b96e 100644
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -39,7 +39,10 @@ EOF
# Local docker registry 1.8
if [ $docker_namespace_is_registry ]; then
- /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry '/INSECURE_REGISTRY='--insecure-registry $docker_registry'/g" /etc/sysconfig/docker
+ # if namespace is used with local registry, trim all namespacing
+ trim_var=$docker_registry
+ registry_host="${trim_var%%/*}"
+ /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker
fi
/sbin/setenforce 0
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 6376b749..7c6dc407 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -8,7 +8,7 @@ parameters:
parameter_defaults:
# Defaults to 'tripleoupstream'. Specify a local docker registry
- # Example: 192.168.122.131:8787
+ # Example: 192.0.2.1:8787/tripleoupstream
DockerNamespace: tripleoupstream
# Enable local Docker registry
DockerNamespaceIsRegistry: false
diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh
index 39179024..869b1a42 100755
--- a/extraconfig/tasks/yum_update.sh
+++ b/extraconfig/tasks/yum_update.sh
@@ -151,14 +151,14 @@ openstack-nova-scheduler"
kill $(ps ax | grep -e "radvd.*\.pid\.radvd" | awk '{print $1}') 2>/dev/null || :
else
echo "Upgrading openstack-puppet-modules"
- yum -y update openstack-puppet-modules
+ yum -q -y update openstack-puppet-modules
echo "Upgrading other packages is handled by config management tooling"
echo -n "true" > $heat_outputs_path.update_managed_packages
exit 0
fi
command=${command:-update}
-full_command="yum -y $command $command_arguments"
+full_command="yum -q -y $command $command_arguments"
echo "Running: $full_command"
result=$($full_command)
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
index f6063c0e..096ee558 100644
--- a/network/endpoints/endpoint_map.yaml
+++ b/network/endpoints/endpoint_map.yaml
@@ -185,19 +185,19 @@ resources:
GlanceRegistryInternal:
type: OS::TripleO::Endpoint
properties:
- EndpointName: GlanceInternal
+ EndpointName: GlanceRegistryInternal
EndpointMap: { get_param: EndpointMap }
IP: {get_param: GlanceRegistryVirtualIP}
GlanceRegistryPublic:
type: OS::TripleO::Endpoint
properties:
- EndpointName: GlancePublic
+ EndpointName: GlanceRegistryPublic
EndpointMap: { get_param: EndpointMap }
IP: {get_param: PublicVirtualIP}
GlanceRegistryAdmin:
type: OS::TripleO::Endpoint
properties:
- EndpointName: GlanceAdmin
+ EndpointName: GlanceRegistryAdmin
EndpointMap: { get_param: EndpointMap }
IP: {get_param: GlanceRegistryVirtualIP}
@@ -229,7 +229,7 @@ resources:
HorizonPublic:
type: OS::TripleO::Endpoint
properties:
- EndpointName: HeatPublic
+ EndpointName: HorizonPublic
EndpointMap: { get_param: EndpointMap }
IP: {get_param: PublicVirtualIP}
CloudName: {get_param: CloudName}
@@ -481,4 +481,4 @@ outputs:
SwiftS3Admin: {get_attr: [ SwiftS3Admin, endpoint] }
SaharaInternal: {get_attr: [ SaharaInternal, endpoint] }
SaharaPublic: {get_attr: [ SaharaPublic, endpoint] }
- SaharaAdmin: {get_attr: [ SaharaAdmin, endpoint] } \ No newline at end of file
+ SaharaAdmin: {get_attr: [ SaharaAdmin, endpoint] }
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 888a3c89..7288aba8 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -124,3 +124,4 @@ resource_registry:
parameter_defaults:
EnablePackageInstall: false
+ SoftwareConfigTransport: POLL_TEMP_URL
diff --git a/overcloud.yaml b/overcloud.yaml
index 019779ab..c2a47b8d 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -325,7 +325,7 @@ parameters:
type: string
hidden: true
CinderLVMLoopDeviceSize:
- default: 5000
+ default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderNfsMountOptions:
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 00766193..e85975d4 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -69,8 +69,8 @@ resources:
allNodesConfigImpl:
type: OS::Heat::StructuredConfig
properties:
+ group: os-apply-config
config:
- completion-signal: {get_input: deploy_signal_id}
hosts:
list_join:
- "\n"
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index f7e8f907..0bec3e93 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -13,7 +13,7 @@ parameters:
description: The iSCSI helper to use with cinder.
type: string
CinderLVMLoopDeviceSize:
- default: 5000
+ default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderPassword:
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index ea19c711..bad99378 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -61,7 +61,7 @@ parameters:
description: The iSCSI helper to use with cinder.
type: string
CinderLVMLoopDeviceSize:
- default: 5000
+ default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderNfsMountOptions:
@@ -1104,6 +1104,14 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/nova'
+ nova_api_dsn:
+ list_join:
+ - ''
+ - - 'mysql+pymysql://nova_api:'
+ - {get_param: NovaPassword}
+ - '@'
+ - {get_param: MysqlVirtualIP}
+ - '/nova_api'
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
@@ -1334,8 +1342,10 @@ resources:
keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
keystone::database_connection: {get_input: keystone_dsn}
- keystone::public_bind_host: {get_input: keystone_public_api_network}
keystone::admin_bind_host: {get_input: keystone_admin_api_network}
+ keystone::public_bind_host: {get_input: keystone_public_api_network}
+ keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
+ keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::debug: {get_input: debug}
keystone::db::mysql::password: {get_input: admin_token}
keystone::rabbit_userid: {get_input: rabbit_username}
@@ -1466,6 +1476,7 @@ resources:
nova::api::ec2_workers: {get_input: nova_workers}
nova::api::metadata_workers: {get_input: nova_workers}
nova::database_connection: {get_input: nova_dsn}
+ nova::api_database_connection: {get_input: nova_api_dsn}
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::api::instance_name_template: {get_input: instance_name_template}
@@ -1474,6 +1485,7 @@ resources:
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
+ nova::db::mysql_api::password: {get_input: nova_password}
nova_enable_db_purge: {get_input: nova_enable_db_purge}
# Horizon
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 06be40e4..a4dda4b4 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -52,6 +52,8 @@ keystone::config::keystone_config:
value: 'HTTP_X_FORWARDED_PROTO'
ec2/driver:
value: 'keystone.contrib.ec2.backends.sql.Ec2'
+keystone::service_name: 'httpd'
+keystone::wsgi::apache::ssl: false
#swift
swift::proxy::pipeline:
@@ -85,6 +87,7 @@ neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
nova::notify_on_state_change: 'vm_and_task_state'
nova::api::default_floating_pool: 'public'
nova::api::osapi_v3: true
+nova::api::sync_db_api: true
nova::scheduler::filter::ram_allocation_ratio: '1.0'
nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
@@ -95,6 +98,9 @@ ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
# cinder
cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
cinder::cron::db_purge::destination: '/dev/null'
+cinder::config::cinder_config:
+ DEFAULT/host:
+ value: hostgroup
# heat
heat::engine::configure_delegated_roles: false
diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml
index 89577505..61714691 100644
--- a/puppet/hieradata/database.yaml
+++ b/puppet/hieradata/database.yaml
@@ -6,6 +6,13 @@ nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+nova::db::mysql_api::user: nova_api
+nova::db::mysql_api::host: "%{hiera('mysql_virtual_ip')}"
+nova::db::mysql_api::dbname: nova_api
+nova::db::mysql_api::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+
# Glance
glance::db::mysql::user: glance
glance::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 593cc500..4b0f98e4 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -37,6 +37,16 @@ exec { 'libvirt-default-net-destroy':
before => Service['libvirt'],
}
+# When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique
+exec { 'reset-iscsi-initiator-name':
+ command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi',
+ onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset',
+}->
+
+file { '/etc/iscsi/.initiator_reset':
+ ensure => present,
+}
+
include ::nova
include ::nova::config
include ::nova::compute
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index bb65cf44..8d5abf83 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -100,6 +100,7 @@ if hiera('step') >= 2 {
include ::keystone::db::mysql
include ::glance::db::mysql
include ::nova::db::mysql
+ include ::nova::db::mysql_api
include ::neutron::db::mysql
include ::cinder::db::mysql
include ::heat::db::mysql
@@ -173,6 +174,7 @@ if hiera('step') >= 3 {
include ::keystone::config
include ::keystone::roles::admin
include ::keystone::endpoint
+ include ::keystone::wsgi::apache
#TODO: need a cleanup-keystone-tokens.sh solution here
@@ -366,6 +368,7 @@ if hiera('step') >= 3 {
include ::cinder
include ::cinder::config
+ include ::tripleo::ssl::cinder_config
include ::cinder::api
include ::cinder::glance
include ::cinder::scheduler
@@ -413,10 +416,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_eqlx_backend', false) {
$cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name')
- cinder_config {
- "${cinder_eqlx_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::eqlx { $cinder_eqlx_backend :
volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef),
san_ip => hiera('cinder::backend::eqlx::san_ip', undef),
@@ -424,7 +423,7 @@ if hiera('step') >= 3 {
san_password => hiera('cinder::backend::eqlx::san_password', undef),
san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef),
eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef),
- eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef),
+ eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef),
eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef),
eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef),
eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef),
@@ -434,10 +433,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_dellsc_backend', false) {
$cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name')
- cinder_config {
- "${cinder_dellsc_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend :
volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef),
san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef),
@@ -455,10 +450,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_netapp_backend', false) {
$cinder_netapp_backend = hiera('cinder::backend::netapp::title')
- cinder_config {
- "${cinder_netapp_backend}/host": value => 'hostgroup';
- }
-
if hiera('cinder::backend::netapp::nfs_shares', undef) {
$cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',')
}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 37eb01e4..fd9b3b78 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -429,6 +429,9 @@ MYSQL_HOST=localhost\n",
class { '::nova::db::mysql':
require => Exec['galera-ready'],
}
+ class { '::nova::db::mysql_api':
+ require => Exec['galera-ready'],
+ }
class { '::neutron::db::mysql':
require => Exec['galera-ready'],
}
@@ -574,6 +577,7 @@ if hiera('step') >= 3 {
class { '::nova::api' :
sync_db => $sync_db,
+ sync_db_api => $sync_db,
manage_service => false,
enabled => false,
}
@@ -732,6 +736,7 @@ if hiera('step') >= 3 {
include ::cinder
include ::cinder::config
+ include ::tripleo::ssl::cinder_config
class { '::cinder::api':
sync_db => $sync_db,
manage_service => false,
@@ -789,10 +794,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_eqlx_backend', false) {
$cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name')
- cinder_config {
- "${cinder_eqlx_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::eqlx { $cinder_eqlx_backend :
volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef),
san_ip => hiera('cinder::backend::eqlx::san_ip', undef),
@@ -800,7 +801,7 @@ if hiera('step') >= 3 {
san_password => hiera('cinder::backend::eqlx::san_password', undef),
san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef),
eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef),
- eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef),
+ eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef),
eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef),
eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef),
eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef),
@@ -810,10 +811,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_dellsc_backend', false) {
$cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name')
- cinder_config {
- "${cinder_dellsc_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend :
volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef),
san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef),
@@ -831,10 +828,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_netapp_backend', false) {
$cinder_netapp_backend = hiera('cinder::backend::netapp::title')
- cinder_config {
- "${cinder_netapp_backend}/host": value => 'hostgroup';
- }
-
if hiera('cinder::backend::netapp::nfs_shares', undef) {
$cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',')
}
@@ -1009,6 +1002,7 @@ if hiera('step') >= 3 {
service_enable => false,
# service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
}
+ include ::keystone::wsgi::apache
include ::apache::mod::status
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
@@ -1052,57 +1046,49 @@ if hiera('step') >= 4 {
if $pacemaker_master {
- # Keystone
- pacemaker::resource::service { $::keystone::params::service_name :
- clone_params => 'interleave=true',
- verify_on_create => true,
- require => [File['/etc/keystone/ssl/certs/ca.pem'],
- File['/etc/keystone/ssl/private/signing_key.pem'],
- File['/etc/keystone/ssl/certs/signing_cert.pem']],
- }
if $enable_load_balancer {
pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'haproxy-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::apache::params::service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
}
pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'rabbitmq-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::apache::params::service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Ocf['rabbitmq'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'memcached-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'memcached-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::apache::params::service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service['memcached'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'galera-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'galera-master',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::apache::params::service_name}-clone",
first_action => 'promote',
second_action => 'start',
require => [Pacemaker::Resource::Ocf['galera'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
# Cinder
pacemaker::resource::service { $::cinder::params::api_service :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
pacemaker::resource::service { $::cinder::params::scheduler_service :
clone_params => 'interleave=true',
@@ -1111,12 +1097,12 @@ if hiera('step') >= 4 {
pacemaker::constraint::base { 'keystone-then-cinder-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::cinder::params::api_service}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::cinder::params::api_service],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint':
constraint_type => 'order',
@@ -1154,25 +1140,25 @@ if hiera('step') >= 4 {
# Sahara
pacemaker::resource::service { $::sahara::params::api_service_name :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
pacemaker::resource::service { $::sahara::params::engine_service_name :
clone_params => 'interleave=true',
}
pacemaker::constraint::base { 'keystone-then-sahara-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::sahara::params::api_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
# Glance
pacemaker::resource::service { $::glance::params::registry_service_name :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
pacemaker::resource::service { $::glance::params::api_service_name :
clone_params => 'interleave=true',
@@ -1180,12 +1166,12 @@ if hiera('step') >= 4 {
pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::glance::params::registry_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
constraint_type => 'order',
@@ -1223,12 +1209,12 @@ if hiera('step') >= 4 {
} ->
pacemaker::resource::service { $::neutron::params::server_service:
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name]
+ require => Pacemaker::Resource::Service[$::apache::params::service_name]
}
} else {
pacemaker::resource::service { $::neutron::params::server_service:
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name]
+ require => Pacemaker::Resource::Service[$::apache::params::service_name]
}
}
if hiera('neutron::enable_l3_agent', true) {
@@ -1300,28 +1286,16 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
}
}
-
pacemaker::constraint::base { 'keystone-to-neutron-server-constraint':
- constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
- second_resource => "${::neutron::params::server_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
- Pacemaker::Resource::Service[$::neutron::params::server_service]],
- }
- if hiera('neutron::enable_ovs_agent',true) {
- pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::server_service}-clone",
- second_resource => "${::neutron::params::ovs_agent_service}-clone",
+ constraint_type => 'order',
+ first_resource => "${::apache::params::service_name}-clone",
+ second_resource => "${::neutron::params::server_service}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
- Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
+ require => [Pacemaker::Resource::Service[$::apache::params::service_name],
+ Pacemaker::Resource::Service[$::neutron::params::server_service]],
}
- }
- if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) {
+ if hiera('neutron::enable_ovs_agent',true) {
pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint':
constraint_type => 'order',
first_resource => "${::neutron::params::ovs_agent_service}-clone",
@@ -1330,8 +1304,19 @@ if hiera('step') >= 4 {
second_action => 'start',
require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
-
}
+ }
+ if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) {
+ pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
+ constraint_type => 'order',
+ first_resource => "${::neutron::params::server_service}-clone",
+ second_resource => "${::neutron::params::ovs_agent_service}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
+ Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
+ }
+
pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation':
source => "${::neutron::params::dhcp_agent_service}-clone",
target => "${::neutron::params::ovs_agent_service}-clone",
@@ -1426,7 +1411,7 @@ if hiera('step') >= 4 {
pacemaker::resource::service { $::nova::params::consoleauth_service_name :
clone_params => 'interleave=true',
op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
pacemaker::resource::service { $::nova::params::vncproxy_service_name :
clone_params => 'interleave=true',
@@ -1439,12 +1424,12 @@ if hiera('step') >= 4 {
pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::nova::params::consoleauth_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint':
constraint_type => 'order',
@@ -1516,14 +1501,14 @@ if hiera('step') >= 4 {
/mysql/: {
pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
}
default: {
pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
clone_params => 'interleave=true',
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
- Pacemaker::Resource::Service[$::mongodb::params::service_name]],
+ require => [Pacemaker::Resource::Service[$::apache::params::service_name],
+ Pacemaker::Resource::Service[$::mongodb::params::service_name]],
}
}
}
@@ -1559,12 +1544,12 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint':
constraint_type => 'order',
@@ -1634,12 +1619,12 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'keystone-then-heat-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::heat::params::api_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint':
constraint_type => 'order',
@@ -1699,9 +1684,13 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::ceilometer::params::agent_notification_service_name]],
}
- # Horizon
- pacemaker::resource::service { $::horizon::params::http_service:
- clone_params => 'interleave=true',
+ # Horizon and Keystone
+ pacemaker::resource::service { $::apache::params::service_name:
+ clone_params => 'interleave=true',
+ verify_on_create => true,
+ require => [File['/etc/keystone/ssl/certs/ca.pem'],
+ File['/etc/keystone/ssl/private/signing_key.pem'],
+ File['/etc/keystone/ssl/certs/signing_cert.pem']],
}
#VSM
@@ -1738,12 +1727,11 @@ if hiera('step') >= 5 {
if $pacemaker_master {
class {'::keystone::roles::admin' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
} ->
class {'::keystone::endpoint' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
-
}
} #END STEP 5
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index cb5669a7..fe690d8c 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -16,11 +16,13 @@ import sys
import traceback
import yaml
-base_path = sys.argv[1]
-exit_val = 0
-failed_files = []
+
+def exit_usage():
+ print('Usage %s <yaml file or directory>' % sys.argv[0])
+ sys.exit(1)
def validate(filename):
+ print('Validating %s' % filename)
try:
yaml.load(open(filename).read())
except Exception:
@@ -28,14 +30,31 @@ def validate(filename):
return 1
return 0
-for subdir, dirs, files in os.walk(base_path):
- for f in files:
- if f.endswith('.yaml'):
- file_path = os.path.join(subdir, f)
- failed = validate(file_path)
- if failed:
- failed_files.append(file_path)
- exit_val |= failed
+if len(sys.argv) < 2:
+ exit_usage()
+
+path_args = sys.argv[1:]
+exit_val = 0
+failed_files = []
+
+for base_path in path_args:
+ if os.path.isdir(base_path):
+ for subdir, dirs, files in os.walk(base_path):
+ for f in files:
+ if f.endswith('.yaml'):
+ file_path = os.path.join(subdir, f)
+ failed = validate(file_path)
+ if failed:
+ failed_files.append(file_path)
+ exit_val |= failed
+ elif os.path.isfile(base_path) and base_path.endswith('.yaml'):
+ failed = validate(base_path)
+ if failed:
+ failed_files.append(base_path)
+ exit_val |= failed
+ else:
+ print('Unexpected argument %s' % base_path)
+ exit_usage()
if failed_files:
print('Validation failed on:')