summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--environments/storage-environment.yaml2
-rw-r--r--puppet/controller.yaml314
-rw-r--r--puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml10
-rw-r--r--puppet/hieradata/controller.yaml15
-rw-r--r--puppet/manifests/overcloud_controller.pp11
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp80
6 files changed, 413 insertions, 19 deletions
diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml
index 535ec6fe..5ccfa58e 100644
--- a/environments/storage-environment.yaml
+++ b/environments/storage-environment.yaml
@@ -1,7 +1,7 @@
## A Heat environment file which can be used to set up storage
## backends. Defaults to Ceph used as a backend for Cinder, Glance and
## Nova ephemeral storage.
-parameters:
+parameter_defaults:
#### BACKEND SELECTION ####
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index dc6c338d..009199d4 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -4,6 +4,11 @@ description: >
OpenStack controller node configured by Puppet.
parameters:
+ AdminEmail:
+ default: 'admin@example.com'
+ description: The email for the keystone admin account.
+ type: string
+ hidden: true
AdminPassword:
default: unset
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
@@ -180,6 +185,30 @@ parameters:
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
+ GlanceFilePcmkDevice:
+ default: ''
+ description: >
+ An exported storage device that should be mounted by Pacemaker
+ as Glance storage. Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkFstype:
+ default: 'nfs'
+ description: >
+ Filesystem type for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkManage:
+ default: false
+ description: >
+ Whether to make Glance file backend a mount managed by Pacemaker.
+ Effective when GlanceBackend is 'file'.
+ type: boolean
+ GlanceFilePcmkOptions:
+ default: ''
+ description: >
+ Mount options for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
@@ -253,6 +282,10 @@ parameters:
type: string
constraints:
- allowed_values: [ 'basic', 'cadf' ]
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
@@ -437,7 +470,7 @@ parameters:
Specifies the interface where the public-facing virtual ip will be assigned.
This should be int_public when a VLAN is being used.
type: string
- PublicVirtualIP: # DEPRECATED: use per service settings instead
+ PublicVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
RabbitCookie:
@@ -694,9 +727,28 @@ resources:
- - 'http://'
- {get_param: HeatApiVirtualIP}
- ':8000/v1/waitcondition'
+ heat_public_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':8004/v1/%(tenant_id)s'
+ heat_internal_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: HeatApiVirtualIP}
+ - ':8004/v1/%(tenant_id)s'
+ heat_admin_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: HeatApiVirtualIP}
+ - ':8004/v1/%(tenant_id)s'
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
+ admin_email: {get_param: AdminEmail}
admin_password: {get_param: AdminPassword}
admin_token: {get_param: AdminToken}
neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
@@ -725,9 +777,49 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/cinder'
+ cinder_public_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':8776/v1/%(tenant_id)s'
+ cinder_internal_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: CinderApiVirtualIP}
+ - ':8776/v1/%(tenant_id)s'
+ cinder_admin_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: CinderApiVirtualIP}
+ - ':8776/v1/%(tenant_id)s'
+ cinder_public_url_v2:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':8776/v2/%(tenant_id)s'
+ cinder_internal_url_v2:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: CinderApiVirtualIP}
+ - ':8776/v2/%(tenant_id)s'
+ cinder_admin_url_v2:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: CinderApiVirtualIP}
+ - ':8776/v2/%(tenant_id)s'
glance_port: {get_param: GlancePort}
glance_password: {get_param: GlancePassword}
glance_backend: {get_param: GlanceBackend}
+ glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
+ glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
+ glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
+ glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
glance_log_file: {get_param: GlanceLogFile}
glance_dsn:
@@ -769,13 +861,25 @@ resources:
- ''
- - 'http://'
- {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/'
+ - ':35357'
keystone_auth_uri:
list_join:
- ''
- - 'http://'
- {get_param: KeystonePublicApiVirtualIP}
- ':5000/v2.0/'
+ keystone_public_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':5000'
+ keystone_internal_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: KeystonePublicApiVirtualIP}
+ - ':5000'
keystone_ec2_uri:
list_join:
- ''
@@ -861,7 +965,19 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/ovs_neutron?charset=utf8'
- neutron_url:
+ neutron_internal_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: NeutronApiVirtualIP}
+ - ':9696'
+ neutron_public_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':9696'
+ neutron_admin_url:
list_join:
- ''
- - 'http://'
@@ -890,6 +1006,24 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/ceilometer'
+ ceilometer_public_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':8777'
+ ceilometer_internal_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: CeilometerApiVirtualIP}
+ - ':8777'
+ ceilometer_admin_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: CeilometerApiVirtualIP}
+ - ':8777'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
nova_password: {get_param: NovaPassword}
@@ -901,6 +1035,60 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/nova'
+ nova_public_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':8774/v2/%(tenant_id)s'
+ nova_internal_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: NovaApiVirtualIP}
+ - ':8774/v2/%(tenant_id)s'
+ nova_admin_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: NovaApiVirtualIP}
+ - ':8774/v2/%(tenant_id)s'
+ nova_v3_public_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':8774/v3'
+ nova_v3_internal_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: NovaApiVirtualIP}
+ - ':8774/v3'
+ nova_v3_admin_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: NovaApiVirtualIP}
+ - ':8774/v3'
+ nova_ec2_public_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':8773/services/Cloud'
+ nova_ec2_internal_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: NovaApiVirtualIP}
+ - ':8773/services/Cloud'
+ nova_ec2_admin_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: NovaApiVirtualIP}
+ - ':8773/services/Admin'
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
rabbit_username: {get_param: RabbitUserName}
@@ -930,6 +1118,42 @@ resources:
swift_replicas: {get_param: SwiftReplicas}
swift_min_part_hours: {get_param: SwiftMinPartHours}
swift_mount_check: {get_param: SwiftMountCheck}
+ swift_public_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':8080/v1/AUTH_%(tenant_id)s'
+ swift_internal_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: SwiftProxyVirtualIP}
+ - ':8080/v1/AUTH_%(tenant_id)s'
+ swift_admin_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: SwiftProxyVirtualIP}
+ - ':8080'
+ swift_public_url_s3:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: PublicVirtualIP}
+ - ':8080'
+ swift_internal_url_s3:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: SwiftProxyVirtualIP}
+ - ':8080'
+ swift_admin_url_s3:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: SwiftProxyVirtualIP}
+ - ':8080'
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
@@ -947,9 +1171,34 @@ resources:
- ':'
- {get_param: GlancePort}
glance_registry_host: {get_param: GlanceRegistryVirtualIP}
+ glance_public_url:
+ list_join:
+ - ''
+ - - {get_param: GlanceProtocol}
+ - '://'
+ - {get_param: PublicVirtualIP}
+ - ':'
+ - {get_param: GlancePort}
+ glance_internal_url:
+ list_join:
+ - ''
+ - - {get_param: GlanceProtocol}
+ - '://'
+ - {get_param: GlanceApiVirtualIP}
+ - ':'
+ - {get_param: GlancePort}
+ glance_admin_url:
+ list_join:
+ - ''
+ - - {get_param: GlanceProtocol}
+ - '://'
+ - {get_param: GlanceApiVirtualIP}
+ - ':'
+ - {get_param: GlancePort}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
+ keystone_region: {get_param: KeystoneRegion}
mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
@@ -1032,6 +1281,14 @@ resources:
tripleo::ringbuilder::replicas: {get_input: swift_replicas}
tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
swift_mount_check: {get_input: swift_mount_check}
+ swift::keystone::auth::public_url: {get_input: swift_public_url }
+ swift::keystone::auth::internal_url: {get_input: swift_internal_url }
+ swift::keystone::auth::admin_url: {get_input: swift_admin_url }
+ swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 }
+ swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 }
+ swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 }
+ swift::keystone::auth::password: {get_input: swift_password }
+ swift::keystone::auth::region: {get_input: keystone_region}
# NOTE(dprince): build_ring support is currently not wired in.
# See: https://review.openstack.org/#/c/109225/
@@ -1059,6 +1316,14 @@ resources:
cinder::glance::glance_api_servers: {get_input: glance_api_servers}
cinder_backend_config: {get_input: CinderBackendConfig}
cinder::db::mysql::password: {get_input: cinder_password}
+ cinder::keystone::auth::public_url: {get_input: cinder_public_url }
+ cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
+ cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
+ cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
+ cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
+ cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
+ cinder::keystone::auth::password: {get_input: cinder_password }
+ cinder::keystone::auth::region: {get_input: keystone_region}
# Glance
glance::api::bind_port: {get_input: glance_port}
@@ -1083,6 +1348,15 @@ resources:
glance::backend::swift::swift_store_key: {get_input: glance_password}
glance_backend: {get_input: glance_backend}
glance::db::mysql::password: {get_input: glance_password}
+ glance::keystone::auth::public_url: {get_input: glance_public_url }
+ glance::keystone::auth::internal_url: {get_input: glance_internal_url }
+ glance::keystone::auth::admin_url: {get_input: glance_admin_url }
+ glance::keystone::auth::password: {get_input: glance_password }
+ glance::keystone::auth::region: {get_input: keystone_region}
+ glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
+ glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
+ glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
+ glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
# Heat
heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
@@ -1104,6 +1378,11 @@ resources:
heat::database_connection: {get_input: heat_dsn}
heat::debug: {get_input: debug}
heat::db::mysql::password: {get_input: heat_password}
+ heat::keystone::auth::public_url: {get_input: heat_public_url }
+ heat::keystone::auth::internal_url: {get_input: heat_internal_url }
+ heat::keystone::auth::admin_url: {get_input: heat_admin_url }
+ heat::keystone::auth::password: {get_input: heat_password }
+ heat::keystone::auth::region: {get_input: keystone_region}
# Keystone
keystone::admin_token: {get_input: admin_token}
@@ -1123,6 +1402,12 @@ resources:
keystone::rabbit_port: {get_input: rabbit_client_port}
keystone::notification_driver: {get_input: keystone_notification_driver}
keystone::notification_format: {get_input: keystone_notification_format}
+ keystone::roles::admin::email: {get_input: admin_email}
+ keystone::roles::admin::password: {get_input: admin_password}
+ keystone::endpoint::public_url: {get_input: keystone_public_url}
+ keystone::endpoint::internal_url: {get_input: keystone_internal_url}
+ keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
+ keystone::endpoint::region: {get_input: keystone_region}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
mongodb::server::nojournal: {get_input: mongodb_no_journal}
@@ -1179,6 +1464,11 @@ resources:
neutron_dsn: {get_input: neutron_dsn}
neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
neutron::db::mysql::password: {get_input: neutron_password}
+ neutron::keystone::auth::public_url: {get_input: neutron_public_url }
+ neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
+ neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
+ neutron::keystone::auth::password: {get_input: neutron_password }
+ neutron::keystone::auth::region: {get_input: keystone_region}
# Ceilometer
ceilometer_backend: {get_input: ceilometer_backend}
@@ -1197,6 +1487,11 @@ resources:
ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
+ ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
+ ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
+ ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
+ ceilometer::keystone::auth::password: {get_input: ceilometer_password }
+ ceilometer::keystone::auth::region: {get_input: keystone_region}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
@@ -1215,10 +1510,21 @@ resources:
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_url}
+ nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
+ nova::keystone::auth::public_url: {get_input: nova_public_url}
+ nova::keystone::auth::internal_url: {get_input: nova_internal_url}
+ nova::keystone::auth::admin_url: {get_input: nova_admin_url}
+ nova::keystone::auth::public_url_v3: {get_input: nova_v3_public_url}
+ nova::keystone::auth::internal_url_v3: {get_input: nova_v3_internal_url}
+ nova::keystone::auth::admin_url_v3: {get_input: nova_v3_admin_url}
+ nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url}
+ nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url}
+ nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url}
+ nova::keystone::auth::password: {get_input: nova_password }
+ nova::keystone::auth::region: {get_input: keystone_region}
# Horizon
apache::ip: {get_input: horizon_network}
diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
index d08a1692..2413f5a4 100644
--- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
+++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
@@ -265,10 +265,14 @@ resources:
for (mac,swport) in nexus[nexus_switch]['servers'].iteritems():
lmac=mac.lower()
if lmac in mac2host:
- if mac2host[lmac] in nexus_cp[nexus_switch]['servers']:
- nexus_cp[nexus_switch]['servers'][mac2host[lmac]]['ports'] += ',' + swport['ports']
+ hostname = mac2host[lmac]
+ # for puppet we need a unique title even at the 2nd key level
+ serv_key = nexus_switch + "::" + hostname
+ if serv_key in nexus_cp[nexus_switch]['servers']:
+ nexus_cp[nexus_switch]['servers'][serv_key]['ports'] += ',' + swport['ports']
else:
- nexus_cp[nexus_switch]['servers'][mac2host[lmac]] = swport
+ nexus_cp[nexus_switch]['servers'][serv_key] = swport
+ nexus_cp[nexus_switch]['servers'][serv_key]['hostname'] = hostname
del nexus_cp[nexus_switch]['servers'][mac]
# Note this echo means you can view the data via heat deployment-show
print json.dumps(nexus_cp)
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 7b46e853..07bfe543 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -39,9 +39,18 @@ cinder::api::keystone_tenant: 'service'
swift::proxy::authtoken::admin_tenant_name: 'service'
ceilometer::api::keystone_tenant: 'service'
heat::keystone_tenant: 'service'
+glance::keystone::auth::tenant: 'service'
+nova::keystone::auth::tenant: 'service'
+neutron::keystone::auth::tenant: 'service'
+cinder::keystone::auth::tenant: 'service'
+swift::keystone::auth::tenant: 'service'
+ceilometer::keystone::auth::tenant: 'service'
+heat::keystone::auth::tenant: 'service'
# keystone
keystone::cron::token_flush::maxdelay: 3600
+keystone::roles::admin::service_tenant: 'service'
+keystone::roles::admin::admin_tenant: 'admin'
#swift
swift::proxy::pipeline:
@@ -58,12 +67,17 @@ swift::proxy::pipeline:
- 'proxy-server'
swift::proxy::account_autocreate: true
+swift::keystone::auth::configure_s3_endpoint: false
+swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
# glance
glance::api::pipeline: 'keystone'
glance::registry::pipeline: 'keystone'
glance::backend::swift::swift_store_create_container_on_put: true
glance::backend::rbd::rbd_store_user: 'openstack'
+glance_file_pcmk_directory: '/var/lib/glance/images'
# neutron
neutron::server::sync_db: true
@@ -74,6 +88,7 @@ nova::notify_on_state_change: 'vm_and_task_state'
nova::api::default_floating_pool: 'public'
nova::api::osapi_v3: true
nova::scheduler::filter::ram_allocation_ratio: '1.0'
+nova::keystone::auth::configure_ec2_endpoint: false
# ceilometer
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 777af228..96302f2e 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -159,6 +159,8 @@ if hiera('step') >= 2 {
if hiera('step') >= 3 {
include ::keystone
+ include ::keystone::roles::admin
+ include ::keystone::endpoint
#TODO: need a cleanup-keystone-tokens.sh solution here
keystone_config {
@@ -482,6 +484,15 @@ if hiera('step') >= 3 {
if hiera('step') >= 4 {
include ::keystone::cron::token_flush
+
+ include ::ceilometer::keystone::auth
+ include ::cinder::keystone::auth
+ include ::glance::keystone::auth
+ include ::heat::keystone::auth
+ include ::neutron::keystone::auth
+ include ::nova::keystone::auth
+ include ::swift::keystone::auth
+
} #END STEP 4
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 645ad6ed..f8ef7212 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -331,7 +331,7 @@ if hiera('step') >= 2 {
}
pacemaker::resource::service { $::memcached::params::service_name :
- clone_params => true,
+ clone_params => "interleave=true",
require => Class['::memcached'],
}
@@ -525,6 +525,16 @@ if hiera('step') >= 3 {
$http_store = ['glance.store.http.Store']
$glance_store = concat($http_store, $backend_store)
+ if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) {
+ pacemaker::resource::filesystem { "glance-fs":
+ device => hiera('glance_file_pcmk_device'),
+ directory => hiera('glance_file_pcmk_directory'),
+ fstype => hiera('glance_file_pcmk_fstype'),
+ fsoptions => hiera('glance_file_pcmk_options', ''),
+ clone_params => '',
+ }
+ }
+
# TODO: notifications, scrubber, etc.
include ::glance
class { 'glance::api':
@@ -804,12 +814,11 @@ if hiera('step') >= 3 {
}
# Ceilometer
- $ceilometer_backend = downcase(hiera('ceilometer_backend'))
- case $ceilometer_backend {
- /mysql/ : {
+ case downcase(hiera('ceilometer_backend')) {
+ /mysql/: {
$ceilometer_database_connection = hiera('ceilometer_mysql_conn_string')
}
- default : {
+ default: {
$mongo_node_string = join($mongo_node_ips_with_port, ',')
$ceilometer_database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}"
}
@@ -909,7 +918,11 @@ if hiera('step') >= 4 {
# Keystone
pacemaker::resource::service { $::keystone::params::service_name :
- clone_params => "interleave=true",
+ clone_params => "interleave=true",
+ verify_on_create => true,
+ require => [File['/etc/keystone/ssl/certs/ca.pem'],
+ File['/etc/keystone/ssl/private/signing_key.pem'],
+ File['/etc/keystone/ssl/certs/signing_cert.pem']],
}
pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
@@ -1043,7 +1056,6 @@ if hiera('step') >= 4 {
# https://bugzilla.redhat.com/show_bug.cgi?id=1233061
exec { '/usr/bin/systemctl start neutron-server && /usr/bin/sleep 5' : } ->
pacemaker::resource::service { $::neutron::params::server_service:
- op_params => "start timeout=90",
clone_params => "interleave=true",
require => Pacemaker::Resource::Service[$::keystone::params::service_name]
}
@@ -1269,10 +1281,20 @@ if hiera('step') >= 4 {
}
# Ceilometer
- pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
- clone_params => 'interleave=true',
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
- Pacemaker::Resource::Service[$::mongodb::params::service_name]],
+ case downcase(hiera('ceilometer_backend')) {
+ /mysql/: {
+ pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
+ clone_params => 'interleave=true',
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ }
+ }
+ default: {
+ pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
+ clone_params => 'interleave=true',
+ require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
+ Pacemaker::Resource::Service[$::mongodb::params::service_name]],
+ }
+ }
}
pacemaker::resource::service { $::ceilometer::params::collector_service_name :
clone_params => 'interleave=true',
@@ -1534,5 +1556,41 @@ if hiera('step') >= 4 {
} #END STEP 4
+if hiera('step') >= 5 {
+
+ if $pacemaker_master {
+
+ class {'::keystone::roles::admin' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ } ->
+ class {'::keystone::endpoint' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ } ->
+ class { '::ceilometer::keystone::auth' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ } ->
+ class { '::cinder::keystone::auth' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ } ->
+ class { '::glance::keystone::auth' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ } ->
+ class { '::heat::keystone::auth' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ } ->
+ class { '::neutron::keystone::auth' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ } ->
+ class { '::nova::keystone::auth' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ } ->
+ class { '::swift::keystone::auth' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ }
+
+ }
+
+} #END STEP 5
+
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')])
package_manifest{$package_manifest_name: ensure => present}