diff options
| -rw-r--r-- | docker/compute-post.yaml | 6 | ||||
| -rw-r--r-- | docker/firstboot/start_docker_agents.sh | 2 | ||||
| -rw-r--r-- | environments/puppet-pacemaker.yaml | 4 | ||||
| -rw-r--r-- | overcloud-resource-registry-puppet.yaml | 4 | ||||
| -rw-r--r-- | overcloud.yaml | 30 | ||||
| -rw-r--r-- | puppet/ceph-storage-post.yaml | 32 | ||||
| -rw-r--r-- | puppet/ceph-storage.yaml | 6 | ||||
| -rw-r--r-- | puppet/controller.yaml | 78 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_cephstorage.pp | 67 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 32 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 140 | ||||
| -rw-r--r-- | puppet/services/heat-api-cfn.yaml | 46 | ||||
| -rw-r--r-- | puppet/services/heat-api-cloudwatch.yaml | 33 | ||||
| -rw-r--r-- | puppet/services/heat-api.yaml | 46 | ||||
| -rw-r--r-- | puppet/services/heat-base.yaml | 40 | ||||
| -rw-r--r-- | puppet/services/heat-engine.yaml | 62 | ||||
| -rw-r--r-- | puppet/services/pacemaker/heat-api-cfn.yaml | 35 | ||||
| -rw-r--r-- | puppet/services/pacemaker/heat-api-cloudwatch.yaml | 35 | ||||
| -rw-r--r-- | puppet/services/pacemaker/heat-api.yaml | 33 | ||||
| -rw-r--r-- | puppet/services/pacemaker/heat-engine.yaml | 36 |
20 files changed, 467 insertions, 300 deletions
diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml index a2c7d787..3c4a9413 100644 --- a/docker/compute-post.yaml +++ b/docker/compute-post.yaml @@ -173,7 +173,7 @@ resources: NovaComputeContainersConfigOVS: type: OS::Heat::StructuredConfig properties: - group: docker-compose + group: docker-cmd config: ovsvswitchd: image: @@ -236,7 +236,7 @@ resources: LibvirtContainersConfig: type: OS::Heat::StructuredConfig properties: - group: docker-compose + group: docker-cmd config: computedata: image: @@ -281,7 +281,7 @@ resources: NovaComputeContainersConfig: type: OS::Heat::StructuredConfig properties: - group: docker-compose + group: docker-cmd config: neutronovsagent: image: diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index 027aed40..cb8b2a5d 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -23,7 +23,7 @@ Restart=on-failure ExecStartPre=-/usr/bin/docker kill heat-agents ExecStartPre=-/usr/bin/docker rm heat-agents ExecStartPre=/usr/bin/docker pull $agent_image -ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools --entrypoint=/usr/bin/os-collect-config $agent_image +ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image ExecStop=/usr/bin/docker stop heat-agents [Install] diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 30898857..679b79cb 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -12,6 +12,10 @@ resource_registry: OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml + OS::TripleO::Services::HeatApi: ../puppet/services/pacemaker/heat-api.yaml + OS::TripleO::Services::HeatApiCfn: ../puppet/services/pacemaker/heat-api-cfn.yaml + OS::TripleO::Services::HeatApiCloudwatch: ../puppet/services/pacemaker/heat-api-cloudwatch.yaml + OS::TripleO::Services::HeatEngine: ../puppet/services/pacemaker/heat-engine.yaml OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/pacemaker/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../puppet/services/pacemaker/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/pacemaker/neutron-metadata.yaml diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 5807bdff..b207a1fe 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -125,6 +125,10 @@ resource_registry: OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml + OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml + OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml + OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml + OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml diff --git a/overcloud.yaml b/overcloud.yaml index 147065ce..6a8081af 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -463,14 +463,6 @@ parameters: description: The password for the gnocchi service account. type: string hidden: true - HeatPassword: - description: The password for the Heat service account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_stack_domain_admin user. - type: string - hidden: true InstanceNameTemplate: default: 'instance-%08x' description: Template string to be used to generate instance names @@ -654,6 +646,10 @@ parameters: - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent @@ -737,7 +733,12 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} - + CephStorageServices: + default: [] + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the CephStorage nodes. + type: comma_delimited_list # Hostname format for each role # Note %index% is translated into the index of the node, e.g 0/1/2 etc @@ -902,8 +903,6 @@ resources: GnocchiBackend: {get_param: GnocchiBackend} GnocchiIndexerBackend: {get_param: GnocchiIndexerBackend} HAProxySyslogAddress: {get_param: HAProxySyslogAddress} - HeatPassword: {get_param: HeatPassword} - HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword} HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} HorizonAllowedHosts: {get_param: HorizonAllowedHosts} HorizonSecret: {get_resource: HorizonSecret} @@ -1149,6 +1148,13 @@ resources: SchedulerHints: {get_param: ObjectStorageSchedulerHints} NodeIndex: '%index%' + CephStorageServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: CephStorageServices} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + MysqlVirtualIPUri: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + CephStorage: type: OS::Heat::ResourceGroup depends_on: Networks @@ -1176,6 +1182,7 @@ resources: ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: CephStorageSchedulerHints} NodeIndex: '%index%' + ServiceConfigSettings: {get_attr: [CephStorageServiceChain, config_settings]} ControllerIpListMap: type: OS::TripleO::Network::Ports::NetIpListMap @@ -1580,6 +1587,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} cephstorage_config: {get_attr: [CephStorage, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} + StepConfig: {get_attr: [CephStorageServiceChain, step_config]} outputs: KeystoneURL: diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml index e90710c7..2b9ae751 100644 --- a/puppet/ceph-storage-post.yaml +++ b/puppet/ceph-storage-post.yaml @@ -13,6 +13,10 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' resources: @@ -33,26 +37,44 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: - get_file: manifests/overcloud_cephstorage.pp + list_join: + - '' + - - get_file: manifests/overcloud_cephstorage.pp + - {get_param: StepConfig} - CephStorageDeployment_Step1: + CephStorageDeployment_Step2: type: OS::Heat::StructuredDeployments depends_on: CephStorageArtifactsDeploy properties: - name: CephStorageDeployment_Step1 + name: CephStorageDeployment_Step2 servers: {get_param: servers} config: {get_resource: CephStoragePuppetConfig} input_values: + step: 2 + update_identifier: {get_param: NodeConfigIdentifiers} + + CephStorageDeployment_Step3: + type: OS::Heat::StructuredDeployments + depends_on: CephStorageDeployment_Step2 + properties: + name: CephStorageDeployment_Step3 + servers: {get_param: servers} + config: {get_resource: CephStoragePuppetConfig} + input_values: + step: 3 update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. ExtraConfig: - depends_on: CephStorageDeployment_Step1 + depends_on: CephStorageDeployment_Step3 type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: servers} - diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index d2b90c59..eedb35e4 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -96,6 +96,9 @@ parameters: NodeIndex: type: number default: 0 + ServiceConfigSettings: + type: json + default: {} resources: CephStorage: @@ -247,6 +250,7 @@ resources: - heat_config_%{::deploy_config_name} - ceph_extraconfig - extraconfig + - service_configs - ceph_cluster # provided by CephClusterConfig - ceph - '"%{::osfamily}"' @@ -254,6 +258,8 @@ resources: - network merge_behavior: deeper datafiles: + service_configs: + mapped_data: {get_param: ServiceConfigSettings} common: raw_data: {get_file: hieradata/common.yaml} network: diff --git a/puppet/controller.yaml b/puppet/controller.yaml index f3724764..3aa0df14 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -220,14 +220,6 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string - HeatPassword: - description: The password for the Heat service and db account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_stack_domain_admin user. - type: string - hidden: true HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string @@ -236,15 +228,6 @@ parameters: default: '*' description: A list of IP/Hostname allowed to connect to horizon type: comma_delimited_list - HeatWorkers: - default: 0 - description: Number of workers for Heat service. - type: number - HeatEnableDBPurge: - type: boolean - default: true - description: | - Whether to create cron job for purging soft deleted rows in the Heat database. HorizonSecret: description: Secret key for Django type: string @@ -842,7 +825,6 @@ resources: bootstack_nodeid: {get_attr: [Controller, name]} ceilometer_workers: {get_param: CeilometerWorkers} cinder_workers: {get_param: CinderWorkers} - heat_workers: {get_param: HeatWorkers} nova_workers: {get_param: NovaWorkers} neutron_workers: {get_param: NeutronWorkers} swift_workers: {get_param: SwiftWorkers} @@ -851,29 +833,7 @@ resources: haproxy_log_address: {get_param: HAProxySyslogAddress} haproxy_stats_password: {get_param: HAProxyStatsPassword} haproxy_stats_user: {get_param: HAProxyStatsUser} - heat.watch_server_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIPUri} - - ':8003' - heat.metadata_server_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIPUri} - - ':8000' - heat.waitcondition_server_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIPUri} - - ':8000/v1/waitcondition' - heat_public_url: {get_param: [EndpointMap, HeatPublic, uri]} - heat_internal_url: {get_param: [EndpointMap, HeatInternal, uri]} - heat_admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} - heat_enable_db_purge: {get_param: HeatEnableDBPurge} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} admin_password: {get_param: AdminPassword} @@ -907,16 +867,6 @@ resources: cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} - heat_password: {get_param: HeatPassword} - heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} - heat_dsn: - list_join: - - '' - - - 'mysql+pymysql://heat:' - - {get_param: HeatPassword} - - '@' - - {get_param: MysqlVirtualIPUri} - - '/heat' keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } @@ -1308,36 +1258,10 @@ resources: glance::keystone::auth::region: {get_input: keystone_region} # Heat - heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} - heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} - heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url} - heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url} - heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} - heat::rabbit_userid: {get_input: rabbit_username} - heat::rabbit_password: {get_input: rabbit_password} - heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - heat::rabbit_port: {get_input: rabbit_client_port} - heat::auth_uri: {get_input: keystone_auth_uri} - heat::keystone_ec2_uri: {get_input: keystone_ec2_uri} - heat::identity_uri: {get_input: keystone_identity_uri} - heat::keystone_password: {get_input: heat_password} heat::api::bind_host: {get_input: heat_api_network} - heat::api::workers: {get_input: heat_workers} heat::api_cloudwatch::bind_host: {get_input: heat_api_network} - heat::api_cloudwatch::workers: {get_input: heat_workers} heat::api_cfn::bind_host: {get_input: heat_api_network} - heat::api_cfn::workers: {get_input: heat_workers} - heat::engine::num_engine_workers: {get_input: heat_workers} - heat::database_connection: {get_input: heat_dsn} - heat::debug: {get_input: debug} - heat::db::mysql::password: {get_input: heat_password} - heat_enable_db_purge: {get_input: heat_enable_db_purge} - heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} - heat::keystone::auth::public_url: {get_input: heat_public_url } - heat::keystone::auth::internal_url: {get_input: heat_internal_url } - heat::keystone::auth::admin_url: {get_input: heat_admin_url } - heat::keystone::auth::password: {get_input: heat_password } - heat::keystone::auth::region: {get_input: keystone_region} + heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} # Keystone keystone::admin_bind_host: {get_input: keystone_admin_api_network} diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index fd7faff1..4add2f02 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -16,41 +16,46 @@ include ::tripleo::packages include ::tripleo::firewall -create_resources(kmod::load, hiera('kernel_modules'), {}) -create_resources(sysctl::value, hiera('sysctl_settings'), {}) -Exec <| tag == 'kmod::load' |> -> Sysctl <| |> +if hiera('step') >= 1 { -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} + create_resources(kmod::load, hiera('kernel_modules'), {}) + create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> -include ::timezone + include ::timezone -if str2bool(hiera('ceph_osd_selinux_permissive', true)) { - exec { 'set selinux to permissive on boot': - command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", - onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", - path => ['/usr/bin', '/usr/sbin'], + if count(hiera('ntp::servers')) > 0 { + include ::ntp } - - exec { 'set selinux to permissive': - command => 'setenforce 0', - onlyif => "which setenforce && getenforce | grep -i 'enforcing'", - path => ['/usr/bin', '/usr/sbin'], - } -> Class['ceph::profile::osd'] } -if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') -} else { - $mon_host = hiera('ceph_mon_host') -} -class { '::ceph::profile::params': - mon_host => $mon_host, -} -include ::ceph::conf -include ::ceph::profile::client -include ::ceph::profile::osd +if hiera('step') >= 3 { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ['/usr/bin', '/usr/sbin'], + } + + exec { 'set selinux to permissive': + command => 'setenforce 0', + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ['/usr/bin', '/usr/sbin'], + } -> Class['ceph::profile::osd'] + } -hiera_include('ceph_classes') -package_manifest{'/var/lib/tripleo/installed-packages/overcloud_ceph': ensure => present} + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } + include ::ceph::conf + include ::ceph::profile::client + include ::ceph::profile::osd + + hiera_include('ceph_classes') + package_manifest{'/var/lib/tripleo/installed-packages/overcloud_ceph': ensure => present} +} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 9a2249d7..536c680f 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -108,7 +108,6 @@ if hiera('step') >= 2 { include ::nova::db::mysql_api include ::neutron::db::mysql include ::cinder::db::mysql - include ::heat::db::mysql include ::sahara::db::mysql if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { include ::gnocchi::db::mysql @@ -316,7 +315,6 @@ if hiera('step') >= 4 { include ::cinder include ::cinder::config - include ::tripleo::ssl::cinder_config include ::cinder::api include ::cinder::glance include ::cinder::scheduler @@ -522,16 +520,6 @@ if hiera('step') >= 4 { include ::aodh::listener include ::aodh::client - # Heat - class { '::heat' : - notification_driver => 'messaging', - } - include ::heat::config - include ::heat::api - include ::heat::api_cfn - include ::heat::api_cloudwatch - include ::heat::engine - # Sahara include ::sahara include ::sahara::service::api @@ -595,7 +583,6 @@ if hiera('step') >= 4 { if hiera('step') >= 5 { $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) - $heat_enable_db_purge = hiera('heat_enable_db_purge', true) if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows @@ -603,25 +590,6 @@ if hiera('step') >= 5 { if $cinder_enable_db_purge { include ::cinder::cron::db_purge } - if $heat_enable_db_purge { - include ::heat::cron::purge_deleted - } - - if downcase(hiera('bootstrap_nodeid')) == $::hostname { - # Class ::heat::keystone::domain has to run on bootstrap node - # because it creates DB entities via API calls. - include ::heat::keystone::domain - - Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] - } else { - # On non-bootstrap node we don't need to create Keystone resources again - class { '::heat::keystone::domain': - manage_domain => false, - manage_user => false, - manage_role => false, - } - } - } #END STEP 5 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 95021a74..30345694 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -24,7 +24,6 @@ Service <| tag == 'cinder-service' or tag == 'ceilometer-service' or tag == 'gnocchi-service' or - tag == 'heat-service' or tag == 'neutron-service' or tag == 'nova-service' or tag == 'sahara-service' @@ -302,9 +301,6 @@ if hiera('step') >= 2 { class { '::cinder::db::mysql': require => Exec['galera-ready'], } - class { '::heat::db::mysql': - require => Exec['galera-ready'], - } if downcase(hiera('ceilometer_backend')) == 'mysql' { class { '::ceilometer::db::mysql': @@ -546,7 +542,6 @@ MYSQL_HOST=localhost\n", include ::cinder include ::cinder::config - include ::tripleo::ssl::cinder_config class { '::cinder::api': sync_db => $sync_db, manage_service => false, @@ -787,29 +782,6 @@ MYSQL_HOST=localhost\n", Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } - # Heat - include ::heat::config - class { '::heat' : - sync_db => $sync_db, - notification_driver => 'messaging', - } - class { '::heat::api' : - manage_service => false, - enabled => false, - } - class { '::heat::api_cfn' : - manage_service => false, - enabled => false, - } - class { '::heat::api_cloudwatch' : - manage_service => false, - enabled => false, - } - class { '::heat::engine' : - manage_service => false, - enabled => false, - } - # httpd/apache and horizon # NOTE(gfidente): server-status can be consumed by the pacemaker resource agent class { '::apache' : @@ -937,7 +909,6 @@ password=\"${mysql_root_password}\"", $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) - $heat_enable_db_purge = hiera('heat_enable_db_purge', true) if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows @@ -945,9 +916,6 @@ password=\"${mysql_root_password}\"", if $cinder_enable_db_purge { include ::cinder::cron::db_purge } - if $heat_enable_db_purge { - include ::heat::cron::purge_deleted - } if $pacemaker_master { @@ -1258,11 +1226,6 @@ password=\"${mysql_root_password}\"", pacemaker::resource::service { $::ceilometer::params::agent_notification_service_name : clone_params => 'interleave=true', } - pacemaker::resource::ocf { 'delay' : - ocf_agent_name => 'heartbeat:Delay', - clone_params => 'interleave=true', - resource_params => 'startdelay=10', - } # Fedora doesn't know `require-all` parameter for constraints yet if $::operatingsystem == 'Fedora' { $redis_ceilometer_constraint_params = undef @@ -1334,22 +1297,6 @@ password=\"${mysql_root_password}\"", require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], } - pacemaker::constraint::base { 'ceilometer-api-then-ceilometer-delay-constraint': - constraint_type => 'order', - first_resource => "${::ceilometer::params::api_service_name}-clone", - second_resource => 'delay-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], - Pacemaker::Resource::Ocf['delay']], - } - pacemaker::constraint::colocation { 'ceilometer-delay-with-ceilometer-api-colocation': - source => 'delay-clone', - target => "${::ceilometer::params::api_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], - Pacemaker::Resource::Ocf['delay']], - } # Aodh pacemaker::resource::service { $::aodh::params::evaluator_service_name : clone_params => 'interleave=true', @@ -1360,22 +1307,6 @@ password=\"${mysql_root_password}\"", pacemaker::resource::service { $::aodh::params::listener_service_name : clone_params => 'interleave=true', } - pacemaker::constraint::base { 'aodh-delay-then-aodh-evaluator-constraint': - constraint_type => 'order', - first_resource => 'delay-clone', - second_resource => "${::aodh::params::evaluator_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Ocf['delay']], - } - pacemaker::constraint::colocation { 'aodh-evaluator-with-aodh-delay-colocation': - source => "${::aodh::params::evaluator_service_name}-clone", - target => 'delay-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Ocf['delay']], - } pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint': constraint_type => 'order', first_resource => "${::aodh::params::evaluator_service_name}-clone", @@ -1444,77 +1375,6 @@ password=\"${mysql_root_password}\"", Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], } - # Heat - pacemaker::resource::service { $::heat::params::api_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::heat::params::api_cloudwatch_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::heat::params::api_cfn_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::heat::params::engine_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint': - constraint_type => 'order', - first_resource => "${::heat::params::api_service_name}-clone", - second_resource => "${::heat::params::api_cfn_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]], - } - pacemaker::constraint::colocation { 'heat-api-cfn-with-heat-api-colocation': - source => "${::heat::params::api_cfn_service_name}-clone", - target => "${::heat::params::api_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name], - Pacemaker::Resource::Service[$::heat::params::api_service_name]], - } - pacemaker::constraint::base { 'heat-api-cfn-then-heat-api-cloudwatch-constraint': - constraint_type => 'order', - first_resource => "${::heat::params::api_cfn_service_name}-clone", - second_resource => "${::heat::params::api_cloudwatch_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name], - Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]], - } - pacemaker::constraint::colocation { 'heat-api-cloudwatch-with-heat-api-cfn-colocation': - source => "${::heat::params::api_cloudwatch_service_name}-clone", - target => "${::heat::params::api_cfn_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name], - Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name]], - } - pacemaker::constraint::base { 'heat-api-cloudwatch-then-heat-engine-constraint': - constraint_type => 'order', - first_resource => "${::heat::params::api_cloudwatch_service_name}-clone", - second_resource => "${::heat::params::engine_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name], - Pacemaker::Resource::Service[$::heat::params::engine_service_name]], - } - pacemaker::constraint::colocation { 'heat-engine-with-heat-api-cloudwatch-colocation': - source => "${::heat::params::engine_service_name}-clone", - target => "${::heat::params::api_cloudwatch_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name], - Pacemaker::Resource::Service[$::heat::params::engine_service_name]], - } - pacemaker::constraint::base { 'ceilometer-notification-then-heat-api-constraint': - constraint_type => 'order', - first_resource => "${::ceilometer::params::agent_notification_service_name}-clone", - second_resource => "${::heat::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::agent_notification_service_name]], - } - # Horizon and Keystone pacemaker::resource::service { $::apache::params::service_name: clone_params => 'interleave=true', diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml new file mode 100644 index 00000000..99eb1074 --- /dev/null +++ b/puppet/services/heat-api-cfn.yaml @@ -0,0 +1,46 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat CloudFormation API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + HeatBase: + type: ./heat-base.yaml + +outputs: + role_data: + description: Role data for the Heat CloudFormation API role. + value: + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - heat::api_cfn::workers: {get_param: HeatWorkers} + heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} + heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} + heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} + heat::keystone::auth_cfn::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} + step_config: | + include ::tripleo::profile::base::heat::api_cfn diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml new file mode 100644 index 00000000..f3d68042 --- /dev/null +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat CloudWatch API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + +resources: + HeatBase: + type: ./heat-base.yaml + +outputs: + role_data: + description: Role data for the Heat Cloudwatch API role. + value: + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - heat::api_cloudwatch::workers: {get_param: HeatWorkers} + step_config: | + include ::tripleo::profile::base::heat::api_cloudwatch diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml new file mode 100644 index 00000000..4fc259ac --- /dev/null +++ b/puppet/services/heat-api.yaml @@ -0,0 +1,46 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + HeatBase: + type: ./heat-base.yaml + +outputs: + role_data: + description: Role data for the Heat API role. + value: + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - heat::api::workers: {get_param: HeatWorkers} + heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} + heat::keystone::auth::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} + step_config: | + include ::tripleo::profile::base::heat::api diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml new file mode 100644 index 00000000..8617df27 --- /dev/null +++ b/puppet/services/heat-base.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat base service. Shared for all Heat services. + +parameters: + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Shared role data for the Heat services. + value: + config_settings: + heat::rabbit_userid: {get_param: RabbitUserName} + heat::rabbit_password: {get_param: RabbitPassword} + heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + heat::rabbit_port: {get_param: RabbitClientPort} + heat::debug: {get_param: Debug} + heat::enable_proxy_headers_parsing: true diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml new file mode 100644 index 00000000..143d24bb --- /dev/null +++ b/puppet/services/heat-engine.yaml @@ -0,0 +1,62 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat Engine service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + HeatEnableDBPurge: + type: boolean + default: true + description: | + Whether to create cron job for purging soft deleted rows in the Heat database. + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + HeatStackDomainAdminPassword: + description: Password for heat_stack_domain_admin user. + type: string + hidden: true + +resources: + HeatBase: + type: ./heat-base.yaml + +outputs: + role_data: + description: Role data for the Heat Engine role. + value: + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - heat::engine::num_engine_workers: {get_param: HeatWorkers} + tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge} + heat_dsn: &heat_dsn + list_join: + - '' + - - 'mysql+pymysql://heat:' + - {get_param: HeatPassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/heat' + heat::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} + heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + heat::keystone_password: {get_param: HeatPassword} + heat::database_connection: *heat_dsn + heat::db::mysql::password: {get_param: HeatPassword} + heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} + step_config: | + include ::tripleo::profile::base::heat::engine diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml new file mode 100644 index 00000000..ba620f89 --- /dev/null +++ b/puppet/services/pacemaker/heat-api-cfn.yaml @@ -0,0 +1,35 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat CloudFormation API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + HeatApiCfnBase: + type: ../heat-api-cfn.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Heat CloudFormation API role. + value: + config_settings: + map_merge: + - get_attr: [HeatApiCfnBase, role_data, config_settings] + - heat::api_cfn::manage_service: false + heat::api_cfn::enabled: false + step_config: + # No puppet manifests since heat-api-cfn is included in + # ::tripleo::profile::pacemaker::heat which is maintained alongside of + # pacemaker/heat-api.yaml. diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml new file mode 100644 index 00000000..db71891c --- /dev/null +++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml @@ -0,0 +1,35 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat CloudWatch API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + HeatApiCloudwatchBase: + type: ../heat-api-cloudwatch.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Heat Cloudwatch API role. + value: + config_settings: + map_merge: + - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] + - heat::api_cloudwatch::manage_service: false + heat::api_cloudwatch::enabled: false + step_config: + # No puppet manifests since heat-api-cloudwatch is included in + # ::tripleo::profile::pacemaker::heat which is maintained alongside of + # pacemaker/heat-api.yaml. diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml new file mode 100644 index 00000000..b1c37d41 --- /dev/null +++ b/puppet/services/pacemaker/heat-api.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + HeatApiBase: + type: ../heat-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Heat API role. + value: + config_settings: + map_merge: + - get_attr: [HeatApiBase, role_data, config_settings] + - heat::api::manage_service: false + heat::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::heat diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml new file mode 100644 index 00000000..1e39b363 --- /dev/null +++ b/puppet/services/pacemaker/heat-engine.yaml @@ -0,0 +1,36 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat Engine service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + HeatEngineBase: + type: ../heat-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + + +outputs: + role_data: + description: Role data for the Heat engine role. + value: + config_settings: + map_merge: + - get_attr: [HeatEngineBase, role_data, config_settings] + - heat::engine::manage_service: false + heat::engine::enabled: false + step_config: + # No puppet manifests since heat-engine is included in + # ::tripleo::profile::pacemaker::heat which is maintained alongside of + # pacemaker/heat-api.yaml. |