diff options
23 files changed, 197 insertions, 161 deletions
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 290d2011..a3f39ebe 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -1,58 +1,9 @@ +# Use this environment to pass in certificates for SSL deployments. +# For these values to take effect, one of the tls-endpoints-*.yaml environments +# must also be used. parameter_defaults: SSLCertificate: | The contents of your certificate go here SSLIntermediateCertificate: '' SSLKey: | The contents of the private key go here - EndpointMap: - AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} - AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} - AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} - CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} - CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} - CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} - CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} - CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} - CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} - GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} - GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} - GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} - GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} - GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} - GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} - GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} - HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} - HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} - HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} - HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} - HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} - HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} - HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} - IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} - IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} - IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} - KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} - KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} - KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} - ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} - ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} - ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} - MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} - NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} - NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} - NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} - NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} - NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} - NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} - NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} - NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} - NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} - SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} - SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} - SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} - SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} - -resource_registry: - OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 54f37a48..fbba1872 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -7,9 +7,8 @@ resource_registry: OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml # custom pacemaker services - # NOTE: For now we will need to specify overrides to all services - # which use pacemaker. In the future (with upcoming HA light work) this - # list will hopefully be much smaller however. + # NOTE: Please before adding any pacemaker-managed services, get in touch + # with bandini, Ng or beekhof OS::TripleO::Services::CinderBackup: ../puppet/services/pacemaker/cinder-backup.yaml OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml @@ -19,5 +18,3 @@ resource_registry: OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml # Services that are disabled by default (use relevant environment files): OS::Tripleo::Services::ManilaShare: OS::Heat::None - OS::TripleO::Services::SaharaApi: ../puppet/services/pacemaker/sahara-api.yaml - OS::TripleO::Services::SaharaEngine: ../puppet/services/pacemaker/sahara-engine.yaml diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml new file mode 100644 index 00000000..3629672a --- /dev/null +++ b/environments/tls-endpoints-public-dns.yaml @@ -0,0 +1,55 @@ +# Use this environment when deploying an SSL-enabled overcloud where the public +# endpoint is a DNS name. +parameter_defaults: + EndpointMap: + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + +resource_registry: + OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml new file mode 100644 index 00000000..d3f07cda --- /dev/null +++ b/environments/tls-endpoints-public-ip.yaml @@ -0,0 +1,55 @@ +# Use this environment when deploying an SSL-enabled overcloud where the public +# endpoint is an IP address. +parameter_defaults: + EndpointMap: + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} + GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'} + HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + +resource_registry: + OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 14db6494..4d31b69c 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -150,7 +150,10 @@ resource_registry: OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml - OS::TripleO::Services::NeutronServer: puppet/services/neutron-server.yaml + # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated + # the multinode job ControllerServices after this patch merges + OS::TripleO::Services::NeutronServer: puppet/services/neutron-api.yaml + OS::TripleO::Services::NeutronApi: puppet/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: puppet/services/neutron-plugin-ml2.yaml # can be the same as NeutronCorePlugin but some vendors install different # things where VMs run @@ -211,6 +214,8 @@ resource_registry: OS::TripleO::Services::IronicApi: OS::Heat::None OS::TripleO::Services::IronicConductor: OS::Heat::None OS::TripleO::Services::NovaIronic: OS::Heat::None + OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml + OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.yaml b/overcloud.yaml index 4e79349e..89f32cff 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -128,7 +128,7 @@ parameters: - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent - - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronOvsAgent - OS::TripleO::Services::RabbitMQ @@ -170,6 +170,8 @@ parameters: - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Controllers. @@ -190,6 +192,8 @@ parameters: - OS::TripleO::Services::ComputeCeilometerAgent - OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Compute Nodes. @@ -212,6 +216,8 @@ parameters: - OS::TripleO::Services::Ntp - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the BlockStorage nodes. @@ -235,6 +241,8 @@ parameters: - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the ObjectStorage nodes. @@ -258,6 +266,8 @@ parameters: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the CephStorage nodes. diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 6f13b74e..f1ce42b1 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -104,14 +104,6 @@ resources: list_join: - ',' - {get_param: controller_names} - rabbit_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: rabbit_node_ips} rabbitmq_node_ips: &rabbit_nodes_array str_replace: template: "['SERVERS_LIST']" @@ -128,14 +120,6 @@ resources: list_join: - "','" - {get_param: mongo_node_ips} - mongo_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: mongo_node_ips} redis_node_ips: str_replace: template: "['SERVERS_LIST']" @@ -160,22 +144,6 @@ resources: list_join: - "]','inet6:[" - {get_param: memcache_node_ips} - memcache_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: memcache_node_ips} - memcache_node_ips_v6: - str_replace: - template: "['inet6:[SERVERS_LIST]']" - params: - SERVERS_LIST: - list_join: - - "]','inet6:[" - - {get_param: memcache_node_ips} mysql_node_ips: str_replace: template: "['SERVERS_LIST']" diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 659f2a67..de5a9c39 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -22,10 +22,6 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -234,7 +230,6 @@ resources: config: {get_resource: CephStorageConfig} server: {get_resource: CephStorage} input_values: - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} ceph_cluster_network: get_attr: @@ -286,7 +281,6 @@ resources: mapped_data: {get_param: ExtraConfig} ceph: mapped_data: - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 30609f3d..9bf00761 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -38,10 +38,6 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean UpdateIdentifier: default: '' type: string @@ -250,7 +246,6 @@ resources: template: "NETWORK_uri" params: NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]} - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Map heat metadata into hiera datafiles @@ -288,7 +283,6 @@ resources: mapped_data: # Cinder tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index bd2eee18..c6dc94d6 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -57,10 +57,6 @@ parameters: NovaPublicIP: type: string default: '' # Has to be here because of the ignored empty value bug - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -297,7 +293,6 @@ resources: nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} NovaComputeDeployment: @@ -312,7 +307,6 @@ resources: nova_api_host: {get_param: NovaApiHost} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Resource for site-specific injection of root certificate diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 801b99ba..c38057d9 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -254,10 +254,6 @@ parameters: MysqlVirtualIP: type: string default: '' - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -537,7 +533,6 @@ resources: control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} @@ -782,7 +777,6 @@ resources: tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user} tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password} tripleo::haproxy::redis_password: {get_input: redis_password} - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} # Hook for site-specific additional pre-deployment config, e.g extra hieradata diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index df83496f..2653badf 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -13,9 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('ceph_classes', []) } diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 19ec575a..f96c193c 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -13,9 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('compute_classes', []) } diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 30e7c8d9..25bdbfb2 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -13,9 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('controller_classes', []) } diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index a782207e..d329d5fc 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -13,9 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('controller_classes', []) } diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 18e90d1f..414a06ba 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -13,9 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('object_classes', []) } diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index f6787719..e1cdadd5 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -13,9 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('volume_classes', []) } diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 265cb9f0..19c77612 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -13,6 +13,13 @@ parameters: description: The password for the gnocchi service and db account. type: string hidden: true + GnocchiBackend: + default: file + description: The short name of the Gnocchi backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] KeystoneRegion: type: string default: 'regionOne' @@ -37,12 +44,20 @@ outputs: dport: - 8041 - 13041 - gnocchi::api::keystone_tenant: 'service' - gnocchi::keystone::auth::tenant: 'service' - gnocchi::keystone::auth::region: {get_param: KeystoneRegion} + gnocchi::api::enabled: true + gnocchi::api::manage_service: false + gnocchi::api::service_name: 'httpd' + gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} gnocchi::keystone::auth::password: {get_param: GnocchiPassword} gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } - gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} - gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} + gnocchi::keystone::auth::tenant: 'service' + gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword} + gnocchi::keystone::authtoken::project_name: 'service' + gnocchi::wsgi::apache::ssl: false + tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} step_config: | include ::tripleo::profile::base::gnocchi::api diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index a072e8ef..844d1469 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -9,13 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - GnocchiBackend: - default: file - description: The short name of the Gnocchi backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] GnocchiIndexerBackend: default: 'mysql' description: The short name of the Gnocchi indexer backend to use. @@ -62,13 +55,6 @@ outputs: - '/gnocchi' gnocchi::db::mysql::password: {get_param: GnocchiPassword} gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' - #Gnocchi API - tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} - gnocchi::api::manage_service: false - gnocchi::api::enabled: true - gnocchi::api::service_name: 'httpd' - gnocchi::api::keystone_password: {get_param: GnocchiPassword} - gnocchi::wsgi::apache::ssl: false gnocchi::storage::coordination_url: list_join: - '' @@ -102,5 +88,3 @@ outputs: gnocchi::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" - gnocchi::auth::auth_region: {get_param: KeystoneRegion} - gnocchi::auth::auth_tenant_name: 'service' diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-api.yaml index c40b37b0..c0c8122c 100644 --- a/puppet/services/neutron-server.yaml +++ b/puppet/services/neutron-api.yaml @@ -47,7 +47,7 @@ outputs: role_data: description: Role data for the Neutron Server agent service. value: - service_name: neutron_server + service_name: neutron_api config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml new file mode 100644 index 00000000..bd87eee8 --- /dev/null +++ b/puppet/services/tripleo-firewall.yaml @@ -0,0 +1,19 @@ +heat_template_version: 2016-04-08 + +description: > + TripleO Firewall settings + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the TripleO firewall settings + value: + service_name: tripleo_firewall + step_config: | + include ::tripleo::firewall diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml new file mode 100644 index 00000000..b02a0a8e --- /dev/null +++ b/puppet/services/tripleo-packages.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2016-04-08 + +description: > + TripleO Package installation settings + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +outputs: + role_data: + description: Role data for the TripleO package settings + value: + service_name: tripleo_packages + config_settings: + tripleo::packages::enable_install: {get_param: EnablePackageInstall} + step_config: | + include ::tripleo::packages diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index e55199c2..dc28ee76 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -29,10 +29,6 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean UpdateIdentifier: default: '' type: string @@ -270,7 +266,6 @@ resources: swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -286,7 +281,6 @@ resources: snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} swift_hash_suffix: {get_param: HashSuffix} - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} |