summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--cinder-storage.yaml10
-rw-r--r--compute.yaml10
-rw-r--r--overcloud-without-mergepy.yaml7
-rw-r--r--puppet/cinder-storage-puppet.yaml14
-rw-r--r--puppet/compute-puppet.yaml42
-rw-r--r--puppet/controller-puppet.yaml27
-rw-r--r--puppet/manifests/overcloud_controller.pp31
7 files changed, 94 insertions, 47 deletions
diff --git a/cinder-storage.yaml b/cinder-storage.yaml
index 895b9d5c..7eab89a6 100644
--- a/cinder-storage.yaml
+++ b/cinder-storage.yaml
@@ -76,6 +76,16 @@ parameters:
RabbitUserName:
default: ''
type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
diff --git a/compute.yaml b/compute.yaml
index c776d9dd..1bc59e14 100644
--- a/compute.yaml
+++ b/compute.yaml
@@ -222,6 +222,16 @@ parameters:
default: guest
description: The username for RabbitMQ
type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index e3e3e936..7d484f83 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -183,6 +183,7 @@ parameters:
type: string
default: unset
description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
+ # FIXME: 'guest' is provisioned in RabbitMQ by default, we should create a user if these are changed
RabbitUserName:
default: guest
description: The username for RabbitMQ
@@ -571,8 +572,8 @@ resources:
NovaPassword: {get_param: NovaPassword}
NtpServer: {get_param: NtpServer}
PublicVirtualInterface: {get_param: PublicVirtualInterface}
- RabbitUserName: {get_param: RabbitUserName}
RabbitPassword: {get_param: RabbitPassword}
+ RabbitUserName: {get_param: RabbitUserName}
RabbitCookie: {get_attr: [RabbitCookie, value]}
RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
RabbitClientPort: {get_param: RabbitClientPort}
@@ -638,6 +639,8 @@ resources:
RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
RabbitPassword: {get_param: RabbitPassword}
RabbitUserName: {get_param: RabbitUserName}
+ RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
+ RabbitClientPort: {get_param: RabbitClientPort}
SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
@@ -658,6 +661,8 @@ resources:
Flavor: {get_param: OvercloudBlockStorageFlavor}
RabbitPassword: {get_param: RabbitPassword}
RabbitUserName: {get_param: RabbitUserName}
+ RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
+ RabbitClientPort: {get_param: RabbitClientPort}
NtpServer: {get_param: NtpServer}
ObjectStorage:
diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml
index 2f7a04c8..104130b3 100644
--- a/puppet/cinder-storage-puppet.yaml
+++ b/puppet/cinder-storage-puppet.yaml
@@ -76,6 +76,16 @@ parameters:
RabbitUserName:
default: ''
type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
@@ -128,6 +138,8 @@ resources:
host: {get_param: VirtualIP}
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
+ rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
+ rabbit_client_port: {get_param: RabbitClientPort}
ntp_servers:
str_replace:
template: '["server"]'
@@ -162,6 +174,8 @@ resources:
cinder::rabbit_hosts: {get_input: rabbit_hosts}
cinder::rabbit_userid: {get_input: rabbit_username}
cinder::rabbit_password: {get_input: rabbit_password}
+ cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ cinder::rabbit_port: {get_input: rabbit_client_port}
cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
ntp::servers: {get_input: ntp_servers}
enable_package_install: {get_input: enable_package_install}
diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml
index c98d1b0e..874afd75 100644
--- a/puppet/compute-puppet.yaml
+++ b/puppet/compute-puppet.yaml
@@ -222,6 +222,16 @@ parameters:
default: guest
description: The username for RabbitMQ
type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
@@ -287,6 +297,11 @@ resources:
nova::compute::vncserver_proxyclient_address: local-ipv4
mapped_data:
#nova::debug: {get_input: debug}
+ nova::rabbit_hosts: {get_input: rabbit_hosts}
+ nova::rabbit_userid: {get_input: rabbit_username}
+ nova::rabbit_password: {get_input: rabbit_password}
+ nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ nova::rabbit_port: {get_input: rabbit_client_port}
nova_compute_driver: {get_input: nova_compute_driver}
nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type}
nova_api_host: {get_input: nova_api_host}
@@ -294,6 +309,11 @@ resources:
nova_enable_rbd_backend: {get_input: nova_enable_rbd_backend}
nova_password: {get_input: nova_password}
#ceilometer::debug: {get_input: debug}
+ ceilometer::rabbit_hosts: {get_input: rabbit_hosts}
+ ceilometer::rabbit_userid: {get_input: rabbit_username}
+ ceilometer::rabbit_password: {get_input: rabbit_password}
+ ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ ceilometer::rabbit_port: {get_input: rabbit_client_port}
ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
@@ -302,6 +322,11 @@ resources:
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
nova::glance_api_servers: {get_input: glance_api_servers}
#neutron::debug: {get_input: debug}
+ neutron::rabbit_hosts: {get_input: rabbit_hosts}
+ neutron::rabbit_password: {get_input: rabbit_password}
+ neutron::rabbit_user: {get_input: rabbit_user}
+ neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ neutron::rabbit_port: {get_input: rabbit_client_port}
neutron_flat_networks: {get_input: neutron_flat_networks}
neutron_host: {get_input: neutron_host}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
@@ -323,15 +348,6 @@ resources:
neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
admin_password: {get_input: admin_password}
- nova::rabbit_host: {get_input: rabbit_host}
- neutron::rabbit_host: {get_input: rabbit_host}
- ceilometer::rabbit_host: {get_input: rabbit_host}
- nova::rabbit_userid: {get_input: rabbit_username}
- neutron::rabbit_user: {get_input: rabbit_username}
- ceilometer::rabbit_userid: {get_input: rabbit_username}
- nova::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_password: {get_input: rabbit_password}
- ceilometer::rabbit_password: {get_input: rabbit_password}
ntp::servers: {get_input: ntp_servers}
enable_package_install: {get_input: enable_package_install}
@@ -398,9 +414,15 @@ resources:
- {get_param: NeutronHost}
- ':35357/v2.0'
admin_password: {get_param: AdminPassword}
- rabbit_host: {get_param: RabbitHost}
+ rabbit_hosts:
+ str_replace:
+ template: '["host"]'
+ params:
+ host: {get_param: RabbitHost}
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
+ rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
+ rabbit_client_port: {get_param: RabbitClientPort}
ntp_servers:
str_replace:
template: '["server"]'
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index 0c623aaf..a2377db3 100644
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -561,6 +561,11 @@ resources:
- - 'mysql://nova:unset@'
- {get_param: VirtualIP}
- '/nova'
+ rabbit_hosts:
+ str_replace:
+ template: '["host"]'
+ params:
+ host: {get_param: VirtualIP}
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
rabbit_cookie: {get_param: RabbitCookie}
@@ -637,8 +642,11 @@ resources:
cinder::api::auth_uri: {get_input: keystone_auth_uri}
cinder::api::identity_uri: {get_input: keystone_identity_uri}
cinder::api::bind_host: {get_input: controller_host}
+ cinder::rabbit_hosts: {get_input: rabbit_hosts}
cinder::rabbit_userid: {get_input: rabbit_username}
cinder::rabbit_password: {get_input: rabbit_password}
+ cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ cinder::rabbit_port: {get_input: rabbit_client_port}
cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
#cinder::debug: {get_input: debug}
# Glance
@@ -669,9 +677,11 @@ resources:
heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
+ heat::rabbit_hosts: {get_input: rabbit_hosts}
heat::rabbit_userid: {get_input: rabbit_username}
heat::rabbit_password: {get_input: rabbit_password}
- heat::rabbit_host: {get_input: controller_virtual_ip}
+ heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ heat::rabbit_port: {get_input: rabbit_client_port}
heat::auth_uri: {get_input: keystone_auth_uri}
heat::identity_uri: {get_input: keystone_identity_uri}
heat::keystone_password: {get_input: heat_password}
@@ -699,8 +709,11 @@ resources:
mysql_cluster_name: {get_input: mysql_cluster_name}
# Neutron
neutron::bind_host: {get_input: controller_host}
+ neutron::rabbit_hosts: {get_input: rabbit_hosts}
neutron::rabbit_password: {get_input: rabbit_password}
neutron::rabbit_user: {get_input: rabbit_user}
+ neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ neutron::rabbit_port: {get_input: rabbit_client_port}
#neutron::debug: {get_input: debug}
neutron::server::auth_uri: {get_input: keystone_auth_uri}
neutron::server::identity_uri: {get_input: keystone_identity_uri}
@@ -728,9 +741,11 @@ resources:
neutron_dsn: {get_input: neutron_dsn}
# Ceilometer
ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
+ ceilometer::rabbit_hosts: {get_input: rabbit_hosts}
ceilometer::rabbit_userid: {get_input: rabbit_username}
ceilometer::rabbit_password: {get_input: rabbit_password}
- ceilometer::rabbit_host: {get_input: controller_virtual_ip}
+ ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ ceilometer::rabbit_port: {get_input: rabbit_client_port}
ceilometer::api::host: {get_input: controller_host}
ceilometer::api::keystone_password: {get_input: ceilometer_password}
ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
@@ -740,8 +755,11 @@ resources:
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
# Nova
+ nova::rabbit_hosts: {get_input: rabbit_hosts}
nova::rabbit_userid: {get_input: rabbit_username}
nova::rabbit_password: {get_input: rabbit_password}
+ nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ nova::rabbit_port: {get_input: rabbit_client_port}
nova::api::auth_uri: {get_input: keystone_auth_uri}
nova::api::identity_uri: {get_input: keystone_identity_uri}
nova::api::api_bind_address: {get_input: controller_host}
@@ -752,12 +770,7 @@ resources:
nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
nova::network::neutron::neutron_url: {get_input: neutron_url}
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
-
# Rabbit
- rabbit_username: {get_input: rabbit_username}
- rabbit_password: {get_input: rabbit_password}
- rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
- rabbit_client_port: {get_input: rabbit_client_port}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
# Misc
neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 41363039..577f5052 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -129,29 +129,9 @@ if hiera('step') >= 2 {
cluster_nodes => $rabbit_nodes,
node_ip_address => hiera('controller_host'),
}
-
rabbitmq_vhost { '/':
provider => 'rabbitmqctl',
}
- rabbitmq_user { ['nova','glance','neutron','cinder','ceilometer','heat']:
- admin => true,
- password => hiera('rabbit_password'),
- provider => 'rabbitmqctl',
- }
-
- rabbitmq_user_permissions {[
- 'nova@/',
- 'glance@/',
- 'neutron@/',
- 'cinder@/',
- 'ceilometer@/',
- 'heat@/',
- ]:
- configure_permission => '.*',
- write_permission => '.*',
- read_permission => '.*',
- provider => 'rabbitmqctl',
- }
# pre-install swift here so we can build rings
include ::swift
@@ -220,7 +200,6 @@ if hiera('step') >= 3 {
include ::glance::backend::swift
class { 'nova':
- rabbit_hosts => [hiera('controller_virtual_ip')],
glance_api_servers => join([hiera('glance_protocol'), '://', hiera('controller_virtual_ip'), ':', hiera('glance_port')]),
}
@@ -232,10 +211,7 @@ if hiera('step') >= 3 {
include ::nova::vncproxy
include ::nova::scheduler
- class {'neutron':
- rabbit_hosts => [hiera('controller_virtual_ip')],
- }
-
+ include ::neutron
include ::neutron::server
include ::neutron::agents::dhcp
include ::neutron::agents::l3
@@ -268,10 +244,7 @@ if hiera('step') >= 3 {
Service['neutron-server'] -> Service['neutron-ovs-agent-service']
Service['neutron-server'] -> Service['neutron-metadata']
- class {'cinder':
- rabbit_hosts => [hiera('controller_virtual_ip')],
- }
-
+ include ::cinder
include ::cinder::api
include ::cinder::glance
include ::cinder::scheduler