summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Gemfile3
-rw-r--r--environments/network-management-v6.yaml25
-rw-r--r--environments/network-management.yaml3
-rw-r--r--network/management_v6.yaml69
-rw-r--r--network/ports/management_from_pool_v6.yaml52
-rw-r--r--overcloud-resource-registry-puppet.yaml1
-rw-r--r--overcloud.yaml15
-rw-r--r--puppet/ceph-cluster-config.yaml7
-rw-r--r--puppet/ceph-storage.yaml6
-rw-r--r--puppet/compute.yaml6
-rw-r--r--puppet/controller.yaml17
-rw-r--r--puppet/extraconfig/ceph/ceph-external-config.yaml7
-rw-r--r--puppet/hieradata/controller.yaml67
-rw-r--r--puppet/hieradata/database.yaml9
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp5
-rw-r--r--puppet/manifests/overcloud_compute.pp4
-rw-r--r--puppet/manifests/overcloud_controller.pp13
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp18
-rw-r--r--puppet/manifests/overcloud_object.pp3
-rw-r--r--puppet/services/heat-base.yaml6
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml2
-rw-r--r--puppet/services/pacemaker/neutron-plugin-ml2.yaml2
-rw-r--r--puppet/services/time/ntp.yaml27
-rw-r--r--puppet/swift-storage.yaml6
24 files changed, 274 insertions, 99 deletions
diff --git a/Gemfile b/Gemfile
index 302ef415..3a4f05fe 100644
--- a/Gemfile
+++ b/Gemfile
@@ -4,9 +4,10 @@ group :development, :test do
gem 'puppetlabs_spec_helper', :require => false
gem 'puppet-lint', '~> 1.1'
- gem 'puppet-lint-absolute_classname-check'
gem 'puppet-lint-absolute_template_path'
gem 'puppet-lint-trailing_newline-check'
+ # https://github.com/voxpupuli/puppet-lint-absolute_classname-check/issues/6
+ gem 'puppet-lint-absolute_classname-check', '0.1.3', :require => 'false'
# Puppet 4.x related lint checks
gem 'puppet-lint-unquoted_string-check'
diff --git a/environments/network-management-v6.yaml b/environments/network-management-v6.yaml
new file mode 100644
index 00000000..812e84f3
--- /dev/null
+++ b/environments/network-management-v6.yaml
@@ -0,0 +1,25 @@
+# Enable the creation of an IPv6 system management network. This
+# creates a Neutron network for isolated Overcloud
+# system management traffic and configures each role to
+# assign a port (related to that role) on that network.
+# Note that the basic sample NIC configuration templates
+# do not include the management network, see the
+# comments in the sample network config templates in
+# network/config/ for an example.
+resource_registry:
+ OS::TripleO::Network::Management: ../network/management_v6.yaml
+
+ # Port assignments for the controller role
+ OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_v6.yaml
+
+ # Port assignments for the compute role
+ OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management_v6.yaml
+
+ # Port assignments for the ceph storage role
+ OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml
+
+ # Port assignments for the swift storage role
+ OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml
+
+ # Port assignments for the block storage role
+ OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml
diff --git a/environments/network-management.yaml b/environments/network-management.yaml
index 2f0cff8b..041617be 100644
--- a/environments/network-management.yaml
+++ b/environments/network-management.yaml
@@ -4,7 +4,8 @@
# assign a port (related to that role) on that network.
# Note that the basic sample NIC configuration templates
# do not include the management network, see the
-# single-nic-vlans-mgmt templates for an example.
+# comments in the sample network config templates in
+# network/config/ for an example.
resource_registry:
OS::TripleO::Network::Management: ../network/management.yaml
diff --git a/network/management_v6.yaml b/network/management_v6.yaml
new file mode 100644
index 00000000..a5e70667
--- /dev/null
+++ b/network/management_v6.yaml
@@ -0,0 +1,69 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Management network. System administration, SSH, DNS, NTP, etc. This network
+ would usually be the default gateway for the non-controller nodes.
+
+parameters:
+ # the defaults here work for static IP assignment (IPAM) only
+ ManagementNetCidr:
+ default: 'fd00:fd00:fd00:6000::/64'
+ description: Cidr for the management network.
+ type: string
+ ManagementNetValueSpecs:
+ default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'}
+ description: Value specs for the management network.
+ type: json
+ ManagementNetAdminStateUp:
+ default: false
+ description: This admin state of of the network.
+ type: boolean
+ ManagementNetShared:
+ default: false
+ description: Whether this network is shared across all tenants.
+ type: boolean
+ ManagementNetName:
+ default: management
+ description: The name of the management network.
+ type: string
+ ManagementSubnetName:
+ default: management_subnet
+ description: The name of the management subnet in Neutron.
+ type: string
+ ManagementAllocationPools:
+ default: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}]
+ description: Ip allocation pool range for the management network.
+ type: json
+ IPv6AddressMode:
+ default: dhcpv6-stateful
+ description: Neutron subnet IPv6 address mode
+ type: string
+ IPv6RAMode:
+ default: dhcpv6-stateful
+ description: Neutron subnet IPv6 router advertisement mode
+ type: string
+
+resources:
+ ManagementNetwork:
+ type: OS::Neutron::Net
+ properties:
+ admin_state_up: {get_param: ManagementNetAdminStateUp}
+ name: {get_param: ManagementNetName}
+ shared: {get_param: ManagementNetShared}
+ value_specs: {get_param: ManagementNetValueSpecs}
+
+ ManagementSubnet:
+ type: OS::Neutron::Subnet
+ properties:
+ ip_version: 6
+ ipv6_address_mode: {get_param: IPv6AddressMode}
+ ipv6_ra_mode: {get_param: IPv6RAMode}
+ cidr: {get_param: ManagementNetCidr}
+ name: {get_param: ManagementSubnetName}
+ network: {get_resource: ManagementNetwork}
+ allocation_pools: {get_param: ManagementAllocationPools}
+
+outputs:
+ OS::stack_id:
+ description: Neutron management network
+ value: {get_resource: ManagementNetwork}
diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml
new file mode 100644
index 00000000..d9ac6046
--- /dev/null
+++ b/network/ports/management_from_pool_v6.yaml
@@ -0,0 +1,52 @@
+heat_template_version: 2015-10-15
+
+description: >
+ Returns an IP from a network mapped list of IPs. This version is for IPv6
+ addresses. The ip_address_uri output will have brackets for use in URLs.
+
+parameters:
+ ManagementNetName:
+ description: Name of the management network
+ default: management
+ type: string
+ PortName:
+ description: Name of the port
+ default: ''
+ type: string
+ ControlPlaneIP: # Here for compatability with noop.yaml
+ description: IP address on the control plane
+ default: ''
+ type: string
+ IPPool:
+ default: {}
+ description: A network mapped list of IPs
+ type: json
+ NodeIndex:
+ default: 0
+ description: Index of the IP to get from Pool
+ type: number
+ ManagementNetCidr:
+ default: 'fd00:fd00:fd00:6000::/64'
+ description: Cidr for the management network.
+ type: string
+
+outputs:
+ ip_address:
+ description: management network IP
+ value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]}
+ ip_address_uri:
+ description: management network IP (for compatibility with management_v6.yaml)
+ value:
+ list_join:
+ - ''
+ - - '['
+ - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]}
+ - ']'
+ ip_subnet:
+ description: IP/Subnet CIDR for the management network IP
+ value:
+ list_join:
+ - ''
+ - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]}
+ - '/'
+ - {str_split: ['/', {get_attr: [ManagementPort, subnets, 0, cidr]}, 1]}
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 594a77a0..582b0931 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -156,6 +156,7 @@ resource_registry:
OS::TripleO::Services::NovaConsoleauth: puppet/services/nova-consoleauth.yaml
OS::TripleO::Services::NovaVncproxy: puppet/services/nova-vncproxy.yaml
OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml
+ OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml
parameter_defaults:
EnablePackageInstall: false
diff --git a/overcloud.yaml b/overcloud.yaml
index d8955b9e..0af6ee48 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -221,6 +221,7 @@ parameters:
description: The password for the nova service account, used by nova-api.
type: string
hidden: true
+ #TODO(ccamacho): Remove after landing Ntp in all roles
NtpServer:
default: ''
description: Comma-separated list of ntp servers
@@ -411,7 +412,7 @@ parameters:
description: Template string to be used to generate instance names
type: string
ManageFirewall:
- default: false
+ default: true
description: Whether to manage IPtables rules.
type: boolean
PurgeFirewallRules:
@@ -594,6 +595,7 @@ parameters:
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaVncproxy
+ - OS::TripleO::Services::Ntp
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Controllers.
@@ -602,6 +604,7 @@ parameters:
ComputeServices:
default:
- OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::Ntp
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Compute Nodes.
@@ -656,7 +659,8 @@ parameters:
description: Optional scheduler hints to pass to nova
default: {}
ObjectStorageServices:
- default: []
+ default:
+ - OS::TripleO::Services::Ntp
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the ObjectStorage nodes.
@@ -688,7 +692,8 @@ parameters:
description: Optional scheduler hints to pass to nova
default: {}
CephStorageServices:
- default: []
+ default:
+ - OS::TripleO::Services::Ntp
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the CephStorage nodes.
@@ -867,7 +872,6 @@ resources:
NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret}
NovaIPv6: {get_param: NovaIPv6}
NovaPassword: {get_param: NovaPassword}
- NtpServer: {get_param: NtpServer}
PcsdPassword: {get_resource: PcsdPassword}
PublicVirtualInterface: {get_param: PublicVirtualInterface}
RabbitPassword: {get_param: RabbitPassword}
@@ -975,7 +979,6 @@ resources:
NovaPassword: {get_param: NovaPassword}
NovaOVSBridge: {get_param: NovaOVSBridge}
NovaSecurityGroupAPI: {get_param: NovaSecurityGroupAPI}
- NtpServer: {get_param: NtpServer}
RabbitHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
RabbitPassword: {get_param: RabbitPassword}
RabbitUserName: {get_param: RabbitUserName}
@@ -1064,7 +1067,6 @@ resources:
Image: {get_param: SwiftStorageImage}
Replicas: { get_param: SwiftReplicas}
TimeZone: {get_param: TimeZone}
- NtpServer: {get_param: NtpServer}
UpdateIdentifier: {get_param: UpdateIdentifier}
ServiceNetMap: {get_param: ServiceNetMap}
Hostname:
@@ -1098,7 +1100,6 @@ resources:
Image: {get_param: CephStorageImage}
KeyName: {get_param: KeyName}
Flavor: {get_param: OvercloudCephStorageFlavor}
- NtpServer: {get_param: NtpServer}
ServiceNetMap: {get_param: ServiceNetMap}
TimeZone: {get_param: TimeZone}
UpdateIdentifier: {get_param: UpdateIdentifier}
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index 245710f2..6beb751f 100644
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -33,6 +33,9 @@ parameters:
CinderRbdPoolName:
default: volumes
type: string
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
GlanceRbdPoolName:
default: images
type: string
@@ -97,7 +100,7 @@ resources:
secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
}
}"
params:
@@ -106,6 +109,7 @@ resources:
ADMIN_KEY: {get_param: ceph_admin_key}
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
+ CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
@@ -130,6 +134,7 @@ resources:
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName}
ceph_pools:
- {get_param: CinderRbdPoolName}
+ - {get_param: CinderBackupRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
- {get_param: GnocchiRbdPoolName}
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index eedb35e4..7a71ea80 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -21,10 +21,6 @@ parameters:
default: default
constraints:
- custom_constraint: nova.keypair
- NtpServer:
- default: ''
- description: Comma-separated list of ntp servers
- type: comma_delimited_list
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -232,7 +228,6 @@ resources:
config: {get_resource: CephStorageConfig}
server: {get_resource: CephStorage}
input_values:
- ntp_servers: {get_param: NtpServer}
timezone: {get_param: TimeZone}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
@@ -274,7 +269,6 @@ resources:
ceph:
raw_data: {get_file: hieradata/ceph.yaml}
mapped_data:
- ntp::servers: {get_input: ntp_servers}
timezone::timezone: {get_input: timezone}
tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index d3b17784..7a863252 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -233,10 +233,6 @@ parameters:
default: 'neutron'
description: The full class name of the security API class
type: string
- NtpServer:
- default: ''
- description: Comma-separated list of ntp servers
- type: comma_delimited_list
RabbitHost:
type: string
default: '' # Has to be here because of the ignored empty value bug
@@ -579,7 +575,6 @@ resources:
neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers}
keystone_public_api_virtual_ip: {get_input: keystone_vip}
admin_password: {get_input: admin_password}
- ntp::servers: {get_input: ntp_servers}
timezone::timezone: {get_input: timezone}
tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -697,7 +692,6 @@ resources:
rabbit_password: {get_param: RabbitPassword}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
- ntp_servers: {get_param: NtpServer}
timezone: {get_param: TimeZone}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 57d43869..6bd3be89 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -284,10 +284,6 @@ parameters:
description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
- NtpServer:
- default: ''
- description: Comma-separated list of ntp servers
- type: comma_delimited_list
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
@@ -694,6 +690,15 @@ resources:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/gnocchi'
+ aodh_dsn:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://aodh:'
+ - {get_param: AodhPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/aodh'
gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
@@ -737,7 +742,6 @@ resources:
rabbit_cookie: {get_param: RabbitCookie}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
- ntp_servers: {get_param: NtpServer}
timezone: {get_param: TimeZone}
control_virtual_interface: {get_param: ControlVirtualInterface}
public_virtual_interface: {get_param: PublicVirtualInterface}
@@ -961,6 +965,7 @@ resources:
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
# Aodh
+ aodh_mysql_conn_string: {get_input: aodh_dsn}
aodh::rabbit_userid: {get_input: rabbit_username}
aodh::rabbit_password: {get_input: rabbit_password}
aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
@@ -973,6 +978,7 @@ resources:
aodh::api::keystone_password: {get_input: aodh_password}
aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
+ aodh::auth::auth_url: {get_input: keystone_auth_uri}
aodh::auth::auth_password: {get_input: aodh_password}
aodh::db::mysql::password: {get_input: aodh_password}
# for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
@@ -1052,7 +1058,6 @@ resources:
# Misc
memcached_ipv6: {get_input: memcached_ipv6}
memcached::listen_ip: {get_input: memcached_network}
- ntp::servers: {get_input: ntp_servers}
timezone::timezone: {get_input: timezone}
control_virtual_interface: {get_input: control_virtual_interface}
public_virtual_interface: {get_input: public_virtual_interface}
diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
index 7d4dc15b..7c05a5b9 100644
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ b/puppet/extraconfig/ceph/ceph-external-config.yaml
@@ -35,6 +35,9 @@ parameters:
CinderRbdPoolName:
default: volumes
type: string
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
GlanceRbdPoolName:
default: images
type: string
@@ -71,7 +74,7 @@ resources:
secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
}
}"
params:
@@ -79,6 +82,7 @@ resources:
CLIENT_KEY: {get_param: ceph_client_key}
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
+ CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
@@ -104,6 +108,7 @@ resources:
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName}
ceph_pools:
- {get_param: CinderRbdPoolName}
+ - {get_param: CinderBackupRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
- {get_param: GnocchiRbdPoolName}
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index e69656cf..7db2b5de 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -186,13 +186,13 @@ controller_classes: []
# firewall
tripleo::firewall::firewall_rules:
'101 mongodb_config':
- port: 27019
+ dport: 27019
'102 mongodb_sharding':
- port: 27018
+ dport: 27018
'103 mongod':
- port: 27017
+ dport: 27017
'104 mysql galera':
- port:
+ dport:
- 873
- 3306
- 4444
@@ -200,37 +200,37 @@ tripleo::firewall::firewall_rules:
- 4568
- 9200
'105 ntp':
- port: 123
+ dport: 123
proto: udp
'106 vrrp':
proto: vrrp
'107 haproxy stats':
- port: 1993
+ dport: 1993
'108 redis':
- port:
+ dport:
- 6379
- 26379
'109 rabbitmq':
- port:
+ dport:
- 5672
- 35672
'110 ceph':
- port:
+ dport:
- 6789
- '6800-6810'
'111 keystone':
- port:
+ dport:
- 5000
- 13000
- 35357
- 13357
'112 glance':
- port:
+ dport:
- 9292
- 9191
- 13292
'113 nova':
- port:
+ dport:
- 6080
- 13080
- 8773
@@ -239,43 +239,43 @@ tripleo::firewall::firewall_rules:
- 13774
- 8775
'114 neutron server':
- port:
+ dport:
- 9696
- 13696
'115 neutron dhcp input':
proto: 'udp'
- port: 67
+ dport: 67
'116 neutron dhcp output':
proto: 'udp'
chain: 'OUTPUT'
- port: 68
+ dport: 68
'118 neutron vxlan networks':
proto: 'udp'
- port: 4789
+ dport: 4789
'119 cinder':
- port:
+ dport:
- 8776
- 13776
'120 iscsi initiator':
- port: 3260
+ dport: 3260
'121 memcached':
- port: 11211
+ dport: 11211
'122 swift proxy':
- port:
+ dport:
- 8080
- 13808
'123 swift storage':
- port:
+ dport:
- 873
- 6000
- 6001
- 6002
'124 ceilometer':
- port:
+ dport:
- 8777
- 13777
'125 heat':
- port:
+ dport:
- 8000
- 13800
- 8003
@@ -283,17 +283,30 @@ tripleo::firewall::firewall_rules:
- 8004
- 13004
'126 horizon':
- port:
+ dport:
- 80
- 443
'127 snmp':
- port: 161
+ dport: 161
proto: 'udp'
'128 aodh':
- port:
+ dport:
- 8042
- 13042
'129 gnocchi-api':
- port:
+ dport:
- 8041
- 13041
+ '130 pacemaker tcp':
+ proto: 'tcp'
+ dport:
+ - 2224
+ - 3121
+ - 21064
+ '131 pacemaker udp':
+ proto: 'udp'
+ dport: 5405
+ '132 sahara':
+ dport:
+ - 8386
+ - 13386
diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml
index 4eb199c8..f2c95de6 100644
--- a/puppet/hieradata/database.yaml
+++ b/puppet/hieradata/database.yaml
@@ -69,6 +69,15 @@ gnocchi::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+# Aodh
+aodh::db::mysql::user: aodh
+aodh::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
+aodh::db::mysql::dbname: aodh
+aodh::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+
+
sahara::db::mysql::user: sahara
sahara::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
sahara::db::mysql::dbname: sahara
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index 4add2f02..e69353b0 100644
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -23,10 +23,7 @@ if hiera('step') >= 1 {
Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
include ::timezone
-
- if count(hiera('ntp::servers')) > 0 {
- include ::ntp
- }
+
}
if hiera('step') >= 3 {
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 30672f20..da84927e 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -20,10 +20,6 @@ create_resources(kmod::load, hiera('kernel_modules'), { })
create_resources(sysctl::value, hiera('sysctl_settings'), { })
Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
-if count(hiera('ntp::servers')) > 0 {
- include ::ntp
-}
-
include ::timezone
if hiera('step') >= 4 {
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index e22bf449..c07383c8 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -28,10 +28,6 @@ if hiera('step') >= 1 {
if hiera('step') >= 2 {
- if count(hiera('ntp::servers')) > 0 {
- include ::ntp
- }
-
include ::timezone
# MongoDB
@@ -77,15 +73,13 @@ if hiera('step') >= 2 {
# FIXME: this should only occur on the bootstrap host (ditto for db syncs)
# Create all the database schemas
- include ::nova::db::mysql
- include ::nova::db::mysql_api
if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' {
include ::gnocchi::db::mysql
}
if downcase(hiera('ceilometer_backend')) == 'mysql' {
include ::ceilometer::db::mysql
- include ::aodh::db::mysql
}
+ include ::aodh::db::mysql
$enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
@@ -151,7 +145,6 @@ if hiera('step') >= 4 {
memcached_servers => $memcached_servers
}
include ::nova::config
- include ::nova::network::neutron
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
@@ -278,11 +271,9 @@ if hiera('step') >= 4 {
# Aodh
class { '::aodh' :
- database_connection => $ceilometer_database_connection,
+ database_connection => hiera('aodh_mysql_conn_string'),
}
include ::aodh::db::sync
- # To manage the upgrade:
- Exec['ceilometer-dbsync'] -> Exec['aodh-db-sync']
include ::aodh::auth
include ::aodh::api
include ::aodh::wsgi::apache
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 27834cf8..0bee6b00 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -59,10 +59,6 @@ if hiera('step') >= 1 {
include ::timezone
- if count(hiera('ntp::servers')) > 0 {
- include ::ntp
- }
-
$pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G'))
$corosync_ipv6 = str2bool(hiera('corosync_ipv6', false))
if $corosync_ipv6 {
@@ -251,13 +247,6 @@ if hiera('step') >= 2 {
# Create all the database schemas
if $sync_db {
- class { '::nova::db::mysql':
- require => Exec['galera-ready'],
- }
- class { '::nova::db::mysql_api':
- require => Exec['galera-ready'],
- }
-
if downcase(hiera('ceilometer_backend')) == 'mysql' {
class { '::ceilometer::db::mysql':
require => Exec['galera-ready'],
@@ -269,6 +258,10 @@ if hiera('step') >= 2 {
require => Exec['galera-ready'],
}
}
+
+ class { '::aodh::db::mysql':
+ require => Exec['galera-ready'],
+ }
}
# Ceph
@@ -349,7 +342,6 @@ MYSQL_HOST=localhost\n",
}
include ::nova::config
- include ::nova::network::neutron
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
@@ -517,7 +509,7 @@ MYSQL_HOST=localhost\n",
# Aodh
class { '::aodh' :
- database_connection => $ceilometer_database_connection,
+ database_connection => hiera('aodh_mysql_conn_string'),
}
include ::aodh::config
include ::aodh::auth
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
index 3585c993..4fca8f5f 100644
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -23,9 +23,6 @@ if hiera('step') >= 1 {
include ::timezone
- if count(hiera('ntp::servers')) > 0 {
- include ::ntp
- }
}
if hiera('step') >= 4 {
diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml
index 8617df27..88e27945 100644
--- a/puppet/services/heat-base.yaml
+++ b/puppet/services/heat-base.yaml
@@ -38,3 +38,9 @@ outputs:
heat::rabbit_port: {get_param: RabbitClientPort}
heat::debug: {get_param: Debug}
heat::enable_proxy_headers_parsing: true
+ # We need this because the default heat policy.json no longer works on TripleO
+ # https://git.openstack.org/cgit/openstack/heat/commit/?id=ac86702172ddf01f5bdc3f3cd99d2e32ad9b7024
+ heat::policy::policies:
+ context_is_admin:
+ key: 'context_is_admin'
+ value: 'role:admin'
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index 435a6de0..ff13d5d8 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -106,4 +106,4 @@ outputs:
TYPES: {get_param: NeutronNetworkType}
step_config: |
- include ::tripleo::profile::base::neutron::ml2
+ include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml
index ac9d2402..9091b5b9 100644
--- a/puppet/services/pacemaker/neutron-plugin-ml2.yaml
+++ b/puppet/services/pacemaker/neutron-plugin-ml2.yaml
@@ -25,4 +25,4 @@ outputs:
- neutron::agents::ml2::ovs::enabled: false
neutron::agents::ml2::ovs::manage_service: false
step_config: |
- include ::tripleo::profile::pacemaker::neutron::ml2
+ include ::tripleo::profile::pacemaker::neutron::plugins::ml2
diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml
new file mode 100644
index 00000000..dbef6f91
--- /dev/null
+++ b/puppet/services/time/ntp.yaml
@@ -0,0 +1,27 @@
+heat_template_version: 2016-04-08
+
+description: >
+ NTP service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configure NTP.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NtpServers:
+ default: []
+ description: NTP servers
+ type: comma_delimited_list
+
+outputs:
+ role_data:
+ description: Role ntp using composable services.
+ value:
+ config_settings:
+ ntp::ntpservers: {get_param: NtpServers}
+ step_config: |
+ include ::ntp \ No newline at end of file
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index ed52f928..30f7657b 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -46,10 +46,6 @@ parameters:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
- NtpServer:
- default: ''
- description: Comma-separated list of ntp servers
- type: comma_delimited_list
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -292,7 +288,6 @@ resources:
swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
swift_mount_check: {get_input: swift_mount_check }
tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours }
- ntp::servers: {get_input: ntp_servers}
timezone::timezone: {get_input: timezone}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
@@ -317,7 +312,6 @@ resources:
swift_ring_build: {get_param: RingBuild}
swift_part_power: {get_param: PartPower}
swift_replicas: { get_param: Replicas}
- ntp_servers: {get_param: NtpServer}
timezone: {get_param: TimeZone}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}