summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/README-containers.md2
-rw-r--r--docker/firstboot/start_docker_agents.sh5
-rw-r--r--environments/docker-rdo.yaml2
-rw-r--r--environments/puppet-ceph-external.yaml9
-rw-r--r--network/config/bond-with-vlans/controller.yaml3
-rw-r--r--network/endpoints/endpoint.yaml55
-rw-r--r--network/endpoints/endpoint_map.yaml374
-rw-r--r--os-apply-config/ceph-cluster-config.yaml14
-rw-r--r--os-apply-config/controller.yaml1
-rw-r--r--overcloud-resource-registry-puppet.yaml4
-rw-r--r--overcloud-resource-registry.yaml4
-rw-r--r--overcloud-without-mergepy.yaml58
-rw-r--r--puppet/ceph-cluster-config.yaml37
-rw-r--r--puppet/ceph-storage.yaml9
-rw-r--r--puppet/cinder-storage.yaml31
-rw-r--r--puppet/compute.yaml54
-rw-r--r--puppet/controller.yaml334
-rw-r--r--puppet/extraconfig/ceph/ceph-external-config.yaml36
-rw-r--r--puppet/hieradata/ceph.yaml5
-rw-r--r--puppet/hieradata/compute.yaml3
-rw-r--r--puppet/hieradata/controller.yaml13
-rw-r--r--puppet/manifests/overcloud_compute.pp3
-rw-r--r--puppet/manifests/overcloud_controller.pp17
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp45
-rw-r--r--puppet/swift-storage.yaml9
25 files changed, 635 insertions, 492 deletions
diff --git a/docker/README-containers.md b/docker/README-containers.md
index 0e67c183..17990b54 100644
--- a/docker/README-containers.md
+++ b/docker/README-containers.md
@@ -12,7 +12,7 @@ Download the fedora atomic image into glance:
```
wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2
-glance image-create --name fedora-atomic --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare
+glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare
```
## Configuring TripleO
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index caf511bd..88759a5d 100644
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -52,9 +52,10 @@ echo nameserver 8.8.8.8 > /etc/resolv.conf
HOSTNAME=$(hostname)
echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
-# Another hack.. we need latest docker..
+# Another hack.. we need a different docker version
+# (should obviously be dropped once the atomic image contains docker 1.8.2)
/usr/bin/systemctl stop docker.service
-/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-latest
+/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-1.8.2
/bin/mount -o remount,rw /usr
/bin/rm /bin/docker
/bin/cp /tmp/docker /bin/docker
diff --git a/environments/docker-rdo.yaml b/environments/docker-rdo.yaml
index d5791369..8a6e1018 100644
--- a/environments/docker-rdo.yaml
+++ b/environments/docker-rdo.yaml
@@ -5,7 +5,7 @@ resource_registry:
OS::TripleO::Compute::Net::SoftwareConfig: ../net-config-bridge.yaml
parameters:
- NovaImage: fedora-atomic
+ NovaImage: atomic-image
parameter_defaults:
DockerComputeImage: rthallisey/centos-binary-nova-compute:liberty
diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml
index 3c7901cc..7f5b5080 100644
--- a/environments/puppet-ceph-external.yaml
+++ b/environments/puppet-ceph-external.yaml
@@ -3,7 +3,7 @@
resource_registry:
OS::TripleO::CephClusterConfig::SoftwareConfig: ../puppet/extraconfig/ceph/ceph-external-config.yaml
-parameters:
+parameter_defaults:
# NOTE: These example parameters are required when using Ceph External
#CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
#CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
@@ -13,6 +13,13 @@ parameters:
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
GlanceBackend: rbd
+ # If the Ceph pools which host VMs, Volumes and Images do not match these
+ # names OR the client keyring to use is not named 'openstack', edit the
+ # following as needed.
+ NovaRbdPoolName: vms
+ CinderRbdPoolName: volumes
+ GlanceRbdPoolName: images
+ CephClientUserName: openstack
# finally we disable the Cinder LVM backend
CinderEnableIscsiBackend: false
diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml
index 4290be20..eb4399ea 100644
--- a/network/config/bond-with-vlans/controller.yaml
+++ b/network/config/bond-with-vlans/controller.yaml
@@ -30,10 +30,9 @@ parameters:
description: IP address/subnet on the tenant network
type: string
BondInterfaceOvsOptions:
- default: 'bond_mode=balance-tcp lacp=active other-config:lacp-fallback-ab=true'
+ default: 'bond_mode=active-backup'
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
- Default wil attempt LACP, but will fall back to active-backup.
type: string
ExternalNetworkVlanID:
default: 10
diff --git a/network/endpoints/endpoint.yaml b/network/endpoints/endpoint.yaml
new file mode 100644
index 00000000..8ffd6c4b
--- /dev/null
+++ b/network/endpoints/endpoint.yaml
@@ -0,0 +1,55 @@
+heat_template_version: 2015-04-30
+
+description: >
+ OpenStack Endpoint
+
+parameters:
+ EndpointName:
+ type: string
+ description: The name of the Endpoint being evaluated
+ EndpointMap:
+ type: json
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ IP:
+ type: string
+ description: The IP address of the Neutron Port that the endpoint is attached to
+ UriSuffix:
+ type: string
+ default: ''
+ description: A suffix attached to the URL
+
+outputs:
+ endpoint:
+ description: >
+ A Hash containing a mapping of service endpoints to ports, protocols, uris
+ assigned IPs, and hostnames for a specific endpoint
+ value:
+ port: {get_param: [EndpointMap, {get_param: EndpointName }, port] }
+ protocol: {get_param: [EndpointMap, {get_param: EndpointName }, protocol] }
+ host:
+ str_replace:
+ template: {get_param: [EndpointMap, {get_param: EndpointName }, host]}
+ params: {IP_ADDRESS: {get_param: IP} }
+ uri:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, {get_param: EndpointName }, protocol] }
+ - '://'
+ - str_replace:
+ template: {get_param: [EndpointMap, {get_param: EndpointName }, host]}
+ params: {IP_ADDRESS: {get_param: IP} }
+ - ':'
+ - {get_param: [EndpointMap, {get_param: EndpointName }, port] }
+ - {get_param: UriSuffix }
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, {get_param: EndpointName }, protocol] }
+ - '://'
+ - str_replace:
+ template: {get_param: [EndpointMap, {get_param: EndpointName }, host]}
+ params: {IP_ADDRESS: {get_param: IP} }
+ - ':'
+ - {get_param: [EndpointMap, {get_param: EndpointName }, port] }
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
new file mode 100644
index 00000000..9c000c38
--- /dev/null
+++ b/network/endpoints/endpoint_map.yaml
@@ -0,0 +1,374 @@
+heat_template_version: 2015-04-30
+
+description: >
+ A Map of OpenStack Endpoints
+
+parameters:
+ CeilometerApiVirtualIP:
+ type: string
+ default: ''
+ CinderApiVirtualIP:
+ type: string
+ default: ''
+ GlanceApiVirtualIP:
+ type: string
+ default: ''
+ GlanceRegistryVirtualIP:
+ type: string
+ default: ''
+ HeatApiVirtualIP:
+ type: string
+ default: ''
+ KeystoneAdminApiVirtualIP:
+ type: string
+ default: ''
+ KeystonePublicApiVirtualIP:
+ type: string
+ default: ''
+ MysqlVirtualIP:
+ type: string
+ default: ''
+ NeutronApiVirtualIP:
+ type: string
+ default: ''
+ NovaApiVirtualIP:
+ type: string
+ default: ''
+ PublicVirtualIP:
+ type: string
+ default: ''
+ SwiftProxyVirtualIP:
+ type: string
+ default: ''
+ EndpointMap:
+ type: json
+ default:
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaEC2Admin: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'}
+ NovaEC2Internal: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'}
+ NovaEC2Public: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+resources:
+
+ CeilometerInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CeilometerInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: CeilometerApiVirtualIP}
+ CeilometerPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CeilometerPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ CeilometerAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CeilometerAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: CeilometerApiVirtualIP}
+
+ CinderInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: CinderApiVirtualIP}
+ UriSuffix: '/v1/%(tenant_id)s'
+ CinderPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ UriSuffix: '/v1/%(tenant_id)s'
+ CinderAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: CinderApiVirtualIP}
+ UriSuffix: '/v1/%(tenant_id)s'
+
+ CinderV2Internal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: CinderApiVirtualIP}
+ UriSuffix: '/v2/%(tenant_id)s'
+ CinderV2Public:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ UriSuffix: '/v2/%(tenant_id)s'
+ CinderV2Admin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: CinderApiVirtualIP}
+ UriSuffix: '/v2/%(tenant_id)s'
+
+ GlanceInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: GlanceInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: GlanceApiVirtualIP}
+ GlancePublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: GlancePublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ GlanceAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: GlanceAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: GlanceApiVirtualIP}
+
+ HeatInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: HeatInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: HeatApiVirtualIP}
+ UriSuffix: '/v1/%(tenant_id)s'
+ HeatPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: HeatPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ UriSuffix: '/v1/%(tenant_id)s'
+ HeatAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: HeatAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: HeatApiVirtualIP}
+ UriSuffix: '/v1/%(tenant_id)s'
+
+ KeystoneInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: KeystoneInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: KeystonePublicApiVirtualIP}
+ UriSuffix: '/v2.0'
+ KeystonePublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: KeystonePublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ UriSuffix: '/v2.0'
+ KeystoneAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: KeystoneAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: KeystoneAdminApiVirtualIP}
+ UriSuffix: '/v2.0'
+ KeystoneEC2:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: KeystoneInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: KeystonePublicApiVirtualIP}
+ UriSuffix: '/v2.0/ec2tokens'
+
+ NeutronInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NeutronInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NeutronApiVirtualIP}
+ NeutronPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NeutronPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ NeutronAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NeutronAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NeutronApiVirtualIP}
+
+ NovaInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ UriSuffix: '/v2/%(tenant_id)s'
+ NovaPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ UriSuffix: '/v2/%(tenant_id)s'
+ NovaAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ UriSuffix: '/v2/%(tenant_id)s'
+ NovaV3Internal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ UriSuffix: '/v3'
+ NovaV3Public:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ UriSuffix: '/v3'
+ NovaV3Admin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ UriSuffix: '/v3'
+
+ NovaEC2Internal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaEC2Internal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ UriSuffix: '/services/Cloud'
+ NovaEC2Public:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaEC2Public
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ UriSuffix: '/services/Cloud'
+ NovaEC2Admin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaEC2Admin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ UriSuffix: '/services/Admin'
+
+ SwiftInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: SwiftProxyVirtualIP}
+ UriSuffix: '/v1/AUTH_%(tenant_id)s'
+ SwiftPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ UriSuffix: '/v1/AUTH_%(tenant_id)s'
+ SwiftAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: SwiftProxyVirtualIP}
+ # No Suffix for the Admin interface
+ SwiftS3Internal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: SwiftProxyVirtualIP}
+ SwiftS3Public:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ SwiftS3Admin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: SwiftProxyVirtualIP}
+
+outputs:
+ endpoint_map:
+ value:
+ CeilometerInternal: {get_attr: [ CeilometerInternal, endpoint] }
+ CeilometerPublic: {get_attr: [ CeilometerPublic, endpoint] }
+ CeilometerAdmin: {get_attr: [ CeilometerAdmin, endpoint] }
+ CinderInternal: {get_attr: [ CinderInternal, endpoint] }
+ CinderPublic: {get_attr: [ CinderPublic, endpoint] }
+ CinderAdmin: {get_attr: [ CinderAdmin, endpoint] }
+ CinderV2Internal: {get_attr: [ CinderV2Internal, endpoint] }
+ CinderV2Public: {get_attr: [ CinderV2Public, endpoint] }
+ CinderV2Admin: {get_attr: [ CinderV2Admin, endpoint] }
+ GlanceInternal: {get_attr: [ GlanceInternal, endpoint] }
+ GlancePublic: {get_attr: [ GlancePublic, endpoint] }
+ GlanceAdmin: {get_attr: [ GlanceAdmin, endpoint] }
+ HeatInternal: {get_attr: [ HeatInternal, endpoint] }
+ HeatPublic: {get_attr: [ HeatPublic, endpoint] }
+ HeatAdmin: {get_attr: [ HeatAdmin, endpoint] }
+ KeystoneInternal: {get_attr: [ KeystoneInternal, endpoint] }
+ KeystonePublic: {get_attr: [ KeystonePublic, endpoint] }
+ KeystoneAdmin: {get_attr: [ KeystoneAdmin, endpoint] }
+ KeystoneEC2: {get_attr: [ KeystoneEC2, endpoint] }
+ NeutronInternal: {get_attr: [ NeutronInternal, endpoint] }
+ NeutronPublic: {get_attr: [ NeutronPublic, endpoint] }
+ NeutronAdmin: {get_attr: [ NeutronAdmin, endpoint] }
+ NovaInternal: {get_attr: [ NovaInternal, endpoint] }
+ NovaPublic: {get_attr: [ NovaPublic, endpoint] }
+ NovaAdmin: {get_attr: [ NovaAdmin, endpoint] }
+ NovaV3Internal: {get_attr: [ NovaV3Internal, endpoint] }
+ NovaV3Public: {get_attr: [ NovaV3Public, endpoint] }
+ NovaV3Admin: {get_attr: [ NovaV3Admin, endpoint] }
+ NovaEC2Internal: {get_attr: [ NovaEC2Internal, endpoint] }
+ NovaEC2Public: {get_attr: [ NovaEC2Public, endpoint] }
+ NovaEC2Admin: {get_attr: [ NovaEC2Admin, endpoint] }
+ SwiftInternal: {get_attr: [ SwiftInternal, endpoint] }
+ SwiftPublic: {get_attr: [ SwiftPublic, endpoint] }
+ SwiftAdmin: {get_attr: [ SwiftAdmin, endpoint] }
+ SwiftS3Internal: {get_attr: [ SwiftS3Internal, endpoint] }
+ SwiftS3Public: {get_attr: [ SwiftS3Public, endpoint] }
+ SwiftS3Admin: {get_attr: [ SwiftS3Admin, endpoint] }
diff --git a/os-apply-config/ceph-cluster-config.yaml b/os-apply-config/ceph-cluster-config.yaml
index c3cf8e8a..115de085 100644
--- a/os-apply-config/ceph-cluster-config.yaml
+++ b/os-apply-config/ceph-cluster-config.yaml
@@ -13,7 +13,7 @@ parameters:
ceph_client_key:
default: ''
type: string
- description: Ceph key used to create the 'openstack' user keyring.
+ description: Ceph key used to create the client user keyring.
ceph_fsid:
default: ''
type: string
@@ -27,6 +27,18 @@ parameters:
type: comma_delimited_list
ceph_mon_ips:
type: comma_delimited_list
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
resources:
CephClusterConfigImpl:
diff --git a/os-apply-config/controller.yaml b/os-apply-config/controller.yaml
index f289d9b5..09ea49b8 100644
--- a/os-apply-config/controller.yaml
+++ b/os-apply-config/controller.yaml
@@ -673,6 +673,7 @@ resources:
debug: {get_input: debug}
host: {get_input: controller_virtual_ip}
port: {get_input: glance_port}
+ uri: {get_input: glance_uri}
protocol: {get_input: glance_protocol}
service-password: {get_input: glance_password}
swift-store-user: service:glance
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 7e65d4b1..4cfed6b4 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -89,6 +89,10 @@ resource_registry:
# Port assignments for service virtual IPs for the controller role
OS::TripleO::Controller::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml
+ # Service Endpoint Mappings
+ OS::TripleO::Endpoint: network/endpoints/endpoint.yaml
+ OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml
+
# validation resources
OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml
diff --git a/overcloud-resource-registry.yaml b/overcloud-resource-registry.yaml
index d6eb97f9..ed02551b 100644
--- a/overcloud-resource-registry.yaml
+++ b/overcloud-resource-registry.yaml
@@ -72,5 +72,9 @@ resource_registry:
# Port assignments for service virtual IPs for the controller role
OS::TripleO::Controller::Ports::RedisVipPort: network/ports/noop.yaml
+ # Service Endpoint Mappings
+ OS::TripleO::Endpoint: network/endpoints/endpoint.yaml
+ OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml
+
# validation resources
OS::TripleO::AllNodes::Validation: os-apply-config/all-nodes-validation.yaml
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index 9c915c4a..50589b7b 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -79,14 +79,6 @@ parameters:
default: ''
description: Set to True to enable debugging on all services.
type: string
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
@@ -214,7 +206,7 @@ parameters:
values, use a comma separated string, like so: 'openvswitch,l2_population'
type: string
NeutronAllowL3AgentFailover:
- default: 'True'
+ default: 'False'
description: Allow automatic l3-agent failover
type: string
NeutronL3HA:
@@ -223,7 +215,7 @@ parameters:
type: string
NeutronDhcpAgentsPerNetwork:
type: number
- default: 3
+ default: 1
description: The number of neutron dhcp agents to schedule per network
NovaPassword:
default: unset
@@ -231,8 +223,9 @@ parameters:
type: string
hidden: true
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
MongoDbNoJournal:
default: false
description: Should MongoDb journaling be disabled
@@ -708,6 +701,12 @@ parameters:
description: >
Setting to a previously unused value during stack-update will trigger
package update on all nodes
+ DeployIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting this to a unique value will re-run any deployment tasks which
+ perform configuration on a Heat stack-update.
# If you want to remove a specific node from a resource group, you can pass
# the node name or id as a <Group>RemovalPolicies parameter, for example:
@@ -759,6 +758,22 @@ resources:
properties:
length: 10
+ EndpointMap:
+ type: OS::TripleO::EndpointMap
+ properties:
+ CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
+ CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
+ GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
+ GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
+ HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
+ KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
+ KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+ MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
+ NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
+ NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
+ SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
+ PublicVirtualIP: {get_attr: [VipMap, net_ip_map, external]}
+
Controller:
type: OS::Heat::ResourceGroup
depends_on: Networks
@@ -792,8 +807,6 @@ resources:
ExtraConfig: {get_param: ExtraConfig}
FencingConfig: {get_param: FencingConfig}
Flavor: {get_param: OvercloudControlFlavor}
- GlancePort: {get_param: GlancePort}
- GlanceProtocol: {get_param: GlanceProtocol}
GlancePassword: {get_param: GlancePassword}
GlanceBackend: {get_param: GlanceBackend}
GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy}
@@ -867,6 +880,7 @@ resources:
VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} # deprecated. Use per service VIP settings instead now.
PublicVirtualIP: {get_attr: [PublicVirtualIP, ip_address]}
ServiceNetMap: {get_param: ServiceNetMap}
+ EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
@@ -904,8 +918,6 @@ resources:
ExtraConfig: {get_param: ExtraConfig}
Flavor: {get_param: OvercloudComputeFlavor}
GlanceHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- GlancePort: {get_param: GlancePort}
- GlanceProtocol: {get_param: GlanceProtocol}
Image: {get_param: NovaImage}
ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
KeyName: {get_param: KeyName}
@@ -948,6 +960,7 @@ resources:
SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
ServiceNetMap: {get_param: ServiceNetMap}
+ EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
UpdateIdentifier: {get_param: UpdateIdentifier}
Hostname:
str_replace:
@@ -974,8 +987,6 @@ resources:
KeyName: {get_param: KeyName}
Flavor: {get_param: OvercloudBlockStorageFlavor}
VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- GlancePort: {get_param: GlancePort}
- GlanceProtocol: {get_param: GlanceProtocol}
GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
RabbitPassword: {get_param: RabbitPassword}
RabbitUserName: {get_param: RabbitUserName}
@@ -989,6 +1000,7 @@ resources:
params:
'%stackname%': {get_param: 'OS::stack_name'}
ServiceNetMap: {get_param: ServiceNetMap}
+ EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
ExtraConfig: {get_param: ExtraConfig}
BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig}
@@ -1374,6 +1386,7 @@ resources:
NodeConfigIdentifiers:
allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
controller_config: {get_attr: [Controller, attributes, config_identifier]}
+ deployment_identifier: {get_param: DeployIdentifier}
ComputeNodesPostDeployment:
type: OS::TripleO::ComputePostDeployment
@@ -1383,6 +1396,7 @@ resources:
NodeConfigIdentifiers:
allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
compute_config: {get_attr: [Compute, attributes, config_identifier]}
+ deployment_identifier: {get_param: DeployIdentifier}
ObjectStorageNodesPostDeployment:
type: OS::TripleO::ObjectStoragePostDeployment
@@ -1392,6 +1406,7 @@ resources:
NodeConfigIdentifiers:
allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
objectstorage_config: {get_attr: [ObjectStorage, attributes, config_identifier]}
+ deployment_identifier: {get_param: DeployIdentifier}
BlockStorageNodesPostDeployment:
type: OS::TripleO::BlockStoragePostDeployment
@@ -1401,6 +1416,7 @@ resources:
NodeConfigIdentifiers:
allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
blockstorage_config: {get_attr: [BlockStorage, attributes, config_identifier]}
+ deployment_identifier: {get_param: DeployIdentifier}
CephStorageNodesPostDeployment:
type: OS::TripleO::CephStoragePostDeployment
@@ -1410,16 +1426,12 @@ resources:
NodeConfigIdentifiers:
allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
cephstorage_config: {get_attr: [CephStorage, attributes, config_identifier]}
+ deployment_identifier: {get_param: DeployIdentifier}
outputs:
KeystoneURL:
description: URL for the Overcloud Keystone service
- value:
- list_join:
- - ''
- - - http://
- - {get_attr: [PublicVirtualIP, ip_address]}
- - :5000/v2.0/
+ value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]}
KeystoneAdminVip:
description: Keystone Admin VIP endpoint
value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index 99265493..96198c3f 100644
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -13,7 +13,7 @@ parameters:
ceph_client_key:
default: ''
type: string
- description: Ceph key used to create the 'openstack' user keyring.
+ description: Ceph key used to create the client user keyring.
ceph_fsid:
default: ''
type: string
@@ -27,6 +27,18 @@ parameters:
type: comma_delimited_list
ceph_mon_ips:
type: comma_delimited_list
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
resources:
CephClusterConfigImpl:
@@ -65,15 +77,34 @@ resources:
keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
cap_mon: 'allow profile bootstrap-osd'
},
- client.openstack: {
+ client.CLIENT_USER: {
secret: 'ADMIN_KEY',
mode: '0644',
cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images'
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL'
}
}"
params:
+ CLIENT_USER: {get_param: CephClientUserName}
ADMIN_KEY: {get_param: ceph_admin_key}
+ NOVA_POOL: {get_param: NovaRbdPoolName}
+ CINDER_POOL: {get_param: CinderRbdPoolName}
+ GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
+ cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
+ glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
+ ceph_client_user_name: {get_param: CephClientUserName}
+ ceph_pools:
+ - {get_param: CinderRbdPoolName}
+ - {get_param: NovaRbdPoolName}
+ - {get_param: GlanceRbdPoolName}
outputs:
config_id:
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index 75294599..0d968504 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -22,8 +22,9 @@ parameters:
constraints:
- custom_constraint: nova.keypair
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -133,11 +134,7 @@ resources:
config: {get_resource: CephStorageConfig}
server: {get_resource: CephStorage}
input_values:
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index 6a869219..b536418d 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -44,14 +44,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
KeyName:
default: default
description: Name of an existing EC2 KeyPair to enable SSH access to the instances
@@ -83,8 +75,9 @@ parameters:
type: string
hidden: true
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -103,6 +96,11 @@ parameters:
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
GlanceApiVirtualIP:
type: string
default: ''
@@ -200,23 +198,12 @@ resources:
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
cinder_iscsi_helper: {get_param: CinderISCSIHelper}
cinder_iscsi_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
- glance_api_servers:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
+ glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index 5df4cb37..18547732 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -51,14 +51,6 @@ parameters:
GlanceHost:
type: string
default: '' # Has to be here because of the ignored empty value bug
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
Image:
type: string
default: overcloud-compute
@@ -219,8 +211,9 @@ parameters:
type: string
default: '' # Has to be here because of the ignored empty value bug
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
RabbitHost:
type: string
default: '' # Has to be here because of the ignored empty value bug
@@ -261,6 +254,11 @@ parameters:
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
UpdateIdentifier:
default: ''
type: string
@@ -423,7 +421,7 @@ resources:
neutron_physical_bridge: {get_input: neutron_physical_bridge}
neutron_public_interface: {get_input: neutron_public_interface}
nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_url}
+ nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
neutron_router_distributed: {get_input: neutron_router_distributed}
neutron_agent_mode: {get_input: neutron_agent_mode}
@@ -458,22 +456,10 @@ resources:
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_compute_agent: {get_param: CeilometerComputeAgent}
- ceilometer_agent_auth_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0'
+ ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- glance_api_servers:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceHost}
- - ':'
- - {get_param: GlancePort}
+ glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
neutron_flat_networks: {get_param: NeutronFlatNetworks}
neutron_host: {get_param: NeutronHost}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
@@ -530,28 +516,14 @@ resources:
- {get_param: NeutronTypeDrivers}
neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
- neutron_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronHost}
- - ':9696'
- neutron_admin_auth_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/v2.0'
+ neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ neutron_admin_auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri]}
admin_password: {get_param: AdminPassword}
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 69690f60..ae2b66e3 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -170,14 +170,6 @@ parameters:
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
@@ -458,8 +450,9 @@ parameters:
description: Should MongoDb journaling be disabled
type: boolean
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
@@ -590,6 +583,11 @@ parameters:
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
UpdateIdentifier:
default: ''
type: string
@@ -727,24 +725,6 @@ resources:
- - 'http://'
- {get_param: HeatApiVirtualIP}
- ':8000/v1/waitcondition'
- heat_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8004/v1/%(tenant_id)s'
- heat_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: HeatApiVirtualIP}
- - ':8004/v1/%(tenant_id)s'
- heat_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: HeatApiVirtualIP}
- - ':8004/v1/%(tenant_id)s'
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
@@ -777,43 +757,7 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/cinder'
- cinder_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8776/v1/%(tenant_id)s'
- cinder_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v1/%(tenant_id)s'
- cinder_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v1/%(tenant_id)s'
- cinder_public_url_v2:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8776/v2/%(tenant_id)s'
- cinder_internal_url_v2:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v2/%(tenant_id)s'
- cinder_admin_url_v2:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v2/%(tenant_id)s'
- glance_port: {get_param: GlancePort}
+ glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance_password: {get_param: GlancePassword}
glance_backend: {get_param: GlanceBackend}
glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
@@ -840,7 +784,6 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/heat'
- keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
keystone_ca_certificate: {get_param: KeystoneCACertificate}
keystone_signing_key: {get_param: KeystoneSigningKey}
keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
@@ -856,36 +799,11 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/keystone'
- keystone_identity_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357'
- keystone_auth_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/'
- keystone_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':5000'
- keystone_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000'
- keystone_ec2_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/ec2tokens'
+ keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
+ keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_galera: {get_param: EnableGalera}
enable_ceph_storage: {get_param: EnableCephStorage}
@@ -965,30 +883,10 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/ovs_neutron?charset=utf8'
- neutron_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronApiVirtualIP}
- - ':9696'
- neutron_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':9696'
- neutron_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronApiVirtualIP}
- - ':9696'
- neutron_admin_auth_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/v2.0'
+ neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+ neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
+ neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+ neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] }
ceilometer_backend: {get_param: CeilometerBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
@@ -1006,24 +904,6 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/ceilometer'
- ceilometer_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8777'
- ceilometer_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CeilometerApiVirtualIP}
- - ':8777'
- ceilometer_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CeilometerApiVirtualIP}
- - ':8777'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
nova_password: {get_param: NovaPassword}
@@ -1035,60 +915,6 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/nova'
- nova_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8774/v2/%(tenant_id)s'
- nova_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v2/%(tenant_id)s'
- nova_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v2/%(tenant_id)s'
- nova_v3_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8774/v3'
- nova_v3_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v3'
- nova_v3_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v3'
- nova_ec2_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8773/services/Cloud'
- nova_ec2_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8773/services/Cloud'
- nova_ec2_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8773/services/Admin'
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
rabbit_username: {get_param: RabbitUserName}
@@ -1105,11 +931,7 @@ resources:
template: "'LIMIT'"
params:
LIMIT: {get_param: RabbitFDLimit}
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
control_virtual_interface: {get_param: ControlVirtualInterface}
public_virtual_interface: {get_param: PublicVirtualInterface}
swift_hash_suffix: {get_param: SwiftHashSuffix}
@@ -1118,42 +940,6 @@ resources:
swift_replicas: {get_param: SwiftReplicas}
swift_min_part_hours: {get_param: SwiftMinPartHours}
swift_mount_check: {get_param: SwiftMountCheck}
- swift_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8080/v1/AUTH_%(tenant_id)s'
- swift_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080/v1/AUTH_%(tenant_id)s'
- swift_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080'
- swift_public_url_s3:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8080'
- swift_internal_url_s3:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080'
- swift_admin_url_s3:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080'
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
@@ -1162,39 +948,8 @@ resources:
cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- glance_api_servers:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
+ glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
glance_registry_host: {get_param: GlanceRegistryVirtualIP}
- glance_public_url:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: PublicVirtualIP}
- - ':'
- - {get_param: GlancePort}
- glance_internal_url:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
- glance_admin_url:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
@@ -1281,14 +1036,6 @@ resources:
tripleo::ringbuilder::replicas: {get_input: swift_replicas}
tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
swift_mount_check: {get_input: swift_mount_check}
- swift::keystone::auth::public_url: {get_input: swift_public_url }
- swift::keystone::auth::internal_url: {get_input: swift_internal_url }
- swift::keystone::auth::admin_url: {get_input: swift_admin_url }
- swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 }
- swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 }
- swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 }
- swift::keystone::auth::password: {get_input: swift_password }
- swift::keystone::auth::region: {get_input: keystone_region}
# NOTE(dprince): build_ring support is currently not wired in.
# See: https://review.openstack.org/#/c/109225/
@@ -1316,14 +1063,6 @@ resources:
cinder::glance::glance_api_servers: {get_input: glance_api_servers}
cinder_backend_config: {get_input: CinderBackendConfig}
cinder::db::mysql::password: {get_input: cinder_password}
- cinder::keystone::auth::public_url: {get_input: cinder_public_url }
- cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
- cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
- cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
- cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
- cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
- cinder::keystone::auth::password: {get_input: cinder_password }
- cinder::keystone::auth::region: {get_input: keystone_region}
# Glance
glance::api::bind_port: {get_input: glance_port}
@@ -1343,16 +1082,11 @@ resources:
glance::registry::auth_uri: {get_input: keystone_auth_uri}
glance::registry::identity_uri: {get_input: keystone_identity_uri}
glance::registry::debug: {get_input: debug}
- glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
+ glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_input: glance_password}
glance_backend: {get_input: glance_backend}
glance::db::mysql::password: {get_input: glance_password}
- glance::keystone::auth::public_url: {get_input: glance_public_url }
- glance::keystone::auth::internal_url: {get_input: glance_internal_url }
- glance::keystone::auth::admin_url: {get_input: glance_admin_url }
- glance::keystone::auth::password: {get_input: glance_password }
- glance::keystone::auth::region: {get_input: keystone_region}
glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
@@ -1378,11 +1112,6 @@ resources:
heat::database_connection: {get_input: heat_dsn}
heat::debug: {get_input: debug}
heat::db::mysql::password: {get_input: heat_password}
- heat::keystone::auth::public_url: {get_input: heat_public_url }
- heat::keystone::auth::internal_url: {get_input: heat_internal_url }
- heat::keystone::auth::admin_url: {get_input: heat_admin_url }
- heat::keystone::auth::password: {get_input: heat_password }
- heat::keystone::auth::region: {get_input: keystone_region}
# Keystone
keystone::admin_token: {get_input: admin_token}
@@ -1464,11 +1193,6 @@ resources:
neutron_dsn: {get_input: neutron_dsn}
neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
neutron::db::mysql::password: {get_input: neutron_password}
- neutron::keystone::auth::public_url: {get_input: neutron_public_url }
- neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
- neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
- neutron::keystone::auth::password: {get_input: neutron_password }
- neutron::keystone::auth::region: {get_input: keystone_region}
# Ceilometer
ceilometer_backend: {get_input: ceilometer_backend}
@@ -1484,14 +1208,9 @@ resources:
ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
+ ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
- ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
- ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
- ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
- ceilometer::keystone::auth::password: {get_input: ceilometer_password }
- ceilometer::keystone::auth::region: {get_input: keystone_region}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
@@ -1514,17 +1233,6 @@ resources:
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
- nova::keystone::auth::public_url: {get_input: nova_public_url}
- nova::keystone::auth::internal_url: {get_input: nova_internal_url}
- nova::keystone::auth::admin_url: {get_input: nova_admin_url}
- nova::keystone::auth::public_url_v3: {get_input: nova_v3_public_url}
- nova::keystone::auth::internal_url_v3: {get_input: nova_v3_internal_url}
- nova::keystone::auth::admin_url_v3: {get_input: nova_v3_admin_url}
- nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url}
- nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url}
- nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url}
- nova::keystone::auth::password: {get_input: nova_password }
- nova::keystone::auth::region: {get_input: keystone_region}
# Horizon
apache::ip: {get_input: horizon_network}
diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
index 62907104..7cefc24b 100644
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ b/puppet/extraconfig/ceph/ceph-external-config.yaml
@@ -29,6 +29,18 @@ parameters:
type: comma_delimited_list
ceph_mon_ips:
type: comma_delimited_list
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
resources:
CephClusterConfigImpl:
@@ -47,16 +59,34 @@ resources:
ceph::profile::params::client_keys:
str_replace:
template: "{
- client.openstack: {
+ client.CLIENT_USER: {
secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images'
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL'
}
}"
params:
+ CLIENT_USER: {get_param: CephClientUserName}
CLIENT_KEY: {get_param: ceph_client_key}
-
+ NOVA_POOL: {get_param: NovaRbdPoolName}
+ CINDER_POOL: {get_param: CinderRbdPoolName}
+ GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
+ cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
+ glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
+ ceph_client_user_name: {get_param: CephClientUserName}
+ ceph_pools:
+ - {get_param: CinderRbdPoolName}
+ - {get_param: NovaRbdPoolName}
+ - {get_param: GlanceRbdPoolName}
outputs:
config_id:
diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml
index 18a48622..ca6d3954 100644
--- a/puppet/hieradata/ceph.yaml
+++ b/puppet/hieradata/ceph.yaml
@@ -7,11 +7,6 @@ ceph::profile::params::osds: {/srv/data: {}}
ceph::profile::params::manage_repo: false
ceph::profile::params::authentication_type: cephx
-ceph_pools:
- - volumes
- - vms
- - images
-
ceph_classes: []
ceph_osd_selinux_permissive: true
diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
index 16aeb98c..173020f8 100644
--- a/puppet/hieradata/compute.yaml
+++ b/puppet/hieradata/compute.yaml
@@ -10,9 +10,6 @@ nova::compute::vnc_enabled: true
nova::compute::libvirt::vncserver_listen: '0.0.0.0'
nova::compute::libvirt::migration_support: true
-nova::compute::rbd::libvirt_rbd_user: 'openstack'
-nova::compute::rbd::rbd_keyring: 'client.openstack'
-nova::compute::rbd::libvirt_images_rbd_pool: 'vms'
nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
ceilometer::agent::auth::auth_tenant_name: 'service'
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 07bfe543..a4914c0e 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -39,13 +39,6 @@ cinder::api::keystone_tenant: 'service'
swift::proxy::authtoken::admin_tenant_name: 'service'
ceilometer::api::keystone_tenant: 'service'
heat::keystone_tenant: 'service'
-glance::keystone::auth::tenant: 'service'
-nova::keystone::auth::tenant: 'service'
-neutron::keystone::auth::tenant: 'service'
-cinder::keystone::auth::tenant: 'service'
-swift::keystone::auth::tenant: 'service'
-ceilometer::keystone::auth::tenant: 'service'
-heat::keystone::auth::tenant: 'service'
# keystone
keystone::cron::token_flush::maxdelay: 3600
@@ -67,13 +60,10 @@ swift::proxy::pipeline:
- 'proxy-server'
swift::proxy::account_autocreate: true
-swift::keystone::auth::configure_s3_endpoint: false
-swift::keystone::auth::operator_roles:
- - admin
- - swiftoperator
# glance
glance::api::pipeline: 'keystone'
+glance::api::show_image_direct_url: true
glance::registry::pipeline: 'keystone'
glance::backend::swift::swift_store_create_container_on_put: true
glance::backend::rbd::rbd_store_user: 'openstack'
@@ -88,7 +78,6 @@ nova::notify_on_state_change: 'vm_and_task_state'
nova::api::default_floating_pool: 'public'
nova::api::osapi_v3: true
nova::scheduler::filter::ram_allocation_ratio: '1.0'
-nova::keystone::auth::configure_ec2_endpoint: false
# ceilometer
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 4c927569..cd41cc79 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -49,8 +49,9 @@ if $rbd_ephemeral_storage or $rbd_persistent_storage {
include ::ceph::profile::client
$client_keys = hiera('ceph::profile::params::client_keys')
+ $client_user = join(['client.', hiera('ceph_client_user_name')])
class { '::nova::compute::rbd':
- libvirt_rbd_secret_key => $client_keys['client.openstack']['secret'],
+ libvirt_rbd_secret_key => $client_keys[$client_user]['secret'],
}
}
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 14044789..34be39f3 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -316,7 +316,7 @@ if hiera('step') >= 3 {
$ceph_pools = hiera('ceph_pools')
ceph::pool { $ceph_pools : }
- $cinder_pool_requires = [Ceph::Pool['volumes']]
+ $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]]
} else {
$cinder_pool_requires = []
@@ -326,8 +326,8 @@ if hiera('step') >= 3 {
$cinder_rbd_backend = 'tripleo_ceph'
cinder::backend::rbd { $cinder_rbd_backend :
- rbd_pool => 'volumes',
- rbd_user => 'openstack',
+ rbd_pool => hiera('cinder_rbd_pool_name'),
+ rbd_user => hiera('ceph_client_user_name'),
rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
require => $cinder_pool_requires,
}
@@ -381,7 +381,7 @@ if hiera('step') >= 3 {
package {'nfs-utils': } ->
cinder::backend::nfs { $cinder_nfs_backend :
nfs_servers => hiera('cinder_nfs_servers'),
- nfs_mount_options => hiera('cinder_nfs_mount_options'),
+ nfs_mount_options => hiera('cinder_nfs_mount_options',''),
nfs_shares_config => '/etc/cinder/shares-nfs.conf',
}
}
@@ -485,15 +485,6 @@ if hiera('step') >= 3 {
if hiera('step') >= 4 {
include ::keystone::cron::token_flush
-
- include ::ceilometer::keystone::auth
- include ::cinder::keystone::auth
- include ::glance::keystone::auth
- include ::heat::keystone::auth
- include ::neutron::keystone::auth
- include ::nova::keystone::auth
- include ::swift::keystone::auth
-
} #END STEP 4
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index adb52188..6cfa13ec 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -74,11 +74,11 @@ if hiera('step') >= 1 {
Class['tripleo::fencing'] -> Class['pacemaker::stonith']
}
- # FIXME(gfidente): sets 90secs as default start timeout op
+ # FIXME(gfidente): sets 95secs as default start timeout op
# param; until we can use pcmk global defaults we'll still
# need to add it to every resource which redefines op params
Pacemaker::Resource::Service {
- op_params => 'start timeout=90s',
+ op_params => 'start timeout=95s stop timeout=95s',
}
# Only configure RabbitMQ in this step, don't start it yet to
@@ -344,7 +344,7 @@ if hiera('step') >= 2 {
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
pacemaker::resource::service { $::mongodb::params::service_name :
- op_params => 'start timeout=120s',
+ op_params => 'start timeout=120s stop timeout=95s',
clone_params => true,
require => Class['::mongodb::server'],
}
@@ -692,7 +692,7 @@ if hiera('step') >= 3 {
$ceph_pools = hiera('ceph_pools')
ceph::pool { $ceph_pools : }
- $cinder_pool_requires = [Ceph::Pool['volumes']]
+ $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]]
} else {
$cinder_pool_requires = []
@@ -702,8 +702,8 @@ if hiera('step') >= 3 {
$cinder_rbd_backend = 'tripleo_ceph'
cinder::backend::rbd { $cinder_rbd_backend :
- rbd_pool => 'volumes',
- rbd_user => 'openstack',
+ rbd_pool => hiera('cinder_rbd_pool_name'),
+ rbd_user => hiera('ceph_client_user_name'),
rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
require => $cinder_pool_requires,
}
@@ -757,7 +757,7 @@ if hiera('step') >= 3 {
package { 'nfs-utils': } ->
cinder::backend::nfs { $cinder_nfs_backend:
nfs_servers => hiera('cinder_nfs_servers'),
- nfs_mount_options => hiera('cinder_nfs_mount_options'),
+ nfs_mount_options => hiera('cinder_nfs_mount_options',''),
nfs_shares_config => '/etc/cinder/shares-nfs.conf',
}
}
@@ -1186,24 +1186,24 @@ if hiera('step') >= 4 {
# Nova
pacemaker::resource::service { $::nova::params::api_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=90s monitor start-delay=10s',
+ op_params => 'start timeout=95s stop timeout=95s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::conductor_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=90s monitor start-delay=10s',
+ op_params => 'start timeout=95s stop timeout=95s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::consoleauth_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=90s monitor start-delay=10s',
+ op_params => 'start timeout=95s stop timeout=95s monitor start-delay=10s',
require => Pacemaker::Resource::Service[$::keystone::params::service_name],
}
pacemaker::resource::service { $::nova::params::vncproxy_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=90s monitor start-delay=10s',
+ op_params => 'start timeout=95s stop timeout=95s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::scheduler_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=90s monitor start-delay=10s',
+ op_params => 'start timeout=95s stop timeout=95s monitor start-delay=10s',
}
pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint':
@@ -1565,27 +1565,6 @@ if hiera('step') >= 5 {
} ->
class {'::keystone::endpoint' :
require => Pacemaker::Resource::Service[$::keystone::params::service_name],
- } ->
- class { '::ceilometer::keystone::auth' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
- } ->
- class { '::cinder::keystone::auth' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
- } ->
- class { '::glance::keystone::auth' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
- } ->
- class { '::heat::keystone::auth' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
- } ->
- class { '::neutron::keystone::auth' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
- } ->
- class { '::nova::keystone::auth' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
- } ->
- class { '::swift::keystone::auth' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
}
}
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index 22ec6096..3d9b9018 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -45,8 +45,9 @@ parameters:
type: string
hidden: true
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -207,11 +208,7 @@ resources:
swift_min_part_hours: {get_param: MinPartHours}
swift_part_power: {get_param: PartPower}
swift_replicas: { get_param: Replicas}
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}