diff options
59 files changed, 1391 insertions, 867 deletions
diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml index a2c7d787..3c4a9413 100644 --- a/docker/compute-post.yaml +++ b/docker/compute-post.yaml @@ -173,7 +173,7 @@ resources: NovaComputeContainersConfigOVS: type: OS::Heat::StructuredConfig properties: - group: docker-compose + group: docker-cmd config: ovsvswitchd: image: @@ -236,7 +236,7 @@ resources: LibvirtContainersConfig: type: OS::Heat::StructuredConfig properties: - group: docker-compose + group: docker-cmd config: computedata: image: @@ -281,7 +281,7 @@ resources: NovaComputeContainersConfig: type: OS::Heat::StructuredConfig properties: - group: docker-compose + group: docker-cmd config: neutronovsagent: image: diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index 027aed40..cb8b2a5d 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -23,7 +23,7 @@ Restart=on-failure ExecStartPre=-/usr/bin/docker kill heat-agents ExecStartPre=-/usr/bin/docker rm heat-agents ExecStartPre=/usr/bin/docker pull $agent_image -ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools --entrypoint=/usr/bin/os-collect-config $agent_image +ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image ExecStop=/usr/bin/docker stop heat-agents [Install] diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 3ac40be3..b4c3f08b 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -24,10 +24,14 @@ parameter_defaults: HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 631b7b81..679b79cb 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -12,6 +12,13 @@ resource_registry: OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml + OS::TripleO::Services::HeatApi: ../puppet/services/pacemaker/heat-api.yaml + OS::TripleO::Services::HeatApiCfn: ../puppet/services/pacemaker/heat-api-cfn.yaml + OS::TripleO::Services::HeatApiCloudwatch: ../puppet/services/pacemaker/heat-api-cloudwatch.yaml + OS::TripleO::Services::HeatEngine: ../puppet/services/pacemaker/heat-engine.yaml OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/pacemaker/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../puppet/services/pacemaker/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/pacemaker/neutron-metadata.yaml + OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::Loadbalancer: ../puppet/services/pacemaker/loadbalancer.yaml + OS::TripleO::Services::Memcached: ../puppet/services/pacemaker/memcached.yaml diff --git a/extraconfig/post_deploy/example_run_on_update.yaml b/extraconfig/post_deploy/example_run_on_update.yaml new file mode 100644 index 00000000..234488af --- /dev/null +++ b/extraconfig/post_deploy/example_run_on_update.yaml @@ -0,0 +1,39 @@ +heat_template_version: 2014-10-16 + +description: > + Example extra config for post-deployment, this re-runs every update + +# Note extra parameters can be defined, then passed data via the +# environment parameter_defaults, without modifying the parent template +parameters: + servers: + type: json + # This is provided via parameter_defaults from tripleoclient + # it changes to a new timestamp every update, so we can use it to + # trigger the deployment to run even though it and the config are + # otherwise unchanged + DeployIdentifier: + type: string + +resources: + + ExtraConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: deploy_identifier + config: | + #!/bin/sh + echo "extra_update $deploy_identifier" >> /root/extra_update + + ExtraDeployments: + type: OS::Heat::SoftwareDeployments + properties: + name: ExtraDeployments + servers: {get_param: servers} + config: {get_resource: ExtraConfig} + # Do this on CREATE/UPDATE (which is actually the default) + actions: ['CREATE', 'UPDATE'] + input_values: + deploy_identifier: {get_param: DeployIdentifier} diff --git a/net-config-static-bridge.yaml b/net-config-static-bridge.yaml index 52c8f895..a3d6d8b5 100644 --- a/net-config-static-bridge.yaml +++ b/net-config-static-bridge.yaml @@ -29,6 +29,10 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: + default: '' + description: IP address/subnet on the management network + type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. diff --git a/net-config-static.yaml b/net-config-static.yaml new file mode 100644 index 00000000..9de16cd8 --- /dev/null +++ b/net-config-static.yaml @@ -0,0 +1,82 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config for a simple bridge. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: + default: '' + description: IP address/subnet on the management network + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: interface + name: {get_input: interface_name} + use_dhcp: false + dns_servers: {get_param: DnsServers} + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 4dbe424c..c76e1360 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -61,8 +61,10 @@ GlanceRegistry: port: 9191 Mysql: - '': + Internal: vip_param: Mysql + protocol: mysql+pymysql + port: 3306 Heat: Internal: @@ -79,6 +81,21 @@ Heat: '': /v1/%(tenant_id)s port: 8004 +HeatCfn: + Internal: + vip_param: HeatApi + uri_suffixes: + '': /v1 + Public: + vip_param: Public + uri_suffixes: + '': /v1 + Admin: + vip_param: HeatApi + uri_suffixes: + '': /v1 + port: 8000 + Horizon: Public: vip_param: Public diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index d1c8fbe2..fbfa0a15 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -45,10 +45,14 @@ parameters: HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS} HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS} HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS} + HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS} + HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS} + HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS} HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS} KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} + MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS} @@ -916,6 +920,123 @@ outputs: IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - get_param: [EndpointMap, HeatPublic, port] + HeatCfnAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, HeatCfnAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: HeatApiVirtualIP} + port: + get_param: [EndpointMap, HeatCfnAdmin, port] + protocol: + get_param: [EndpointMap, HeatCfnAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, HeatCfnAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, HeatCfnAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: HeatApiVirtualIP} + - ':' + - get_param: [EndpointMap, HeatCfnAdmin, port] + - /v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, HeatCfnAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, HeatCfnAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: HeatApiVirtualIP} + - ':' + - get_param: [EndpointMap, HeatCfnAdmin, port] + HeatCfnInternal: + host: + str_replace: + template: + get_param: [EndpointMap, HeatCfnInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: HeatApiVirtualIP} + port: + get_param: [EndpointMap, HeatCfnInternal, port] + protocol: + get_param: [EndpointMap, HeatCfnInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, HeatCfnInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, HeatCfnInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: HeatApiVirtualIP} + - ':' + - get_param: [EndpointMap, HeatCfnInternal, port] + - /v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, HeatCfnInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, HeatCfnInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: HeatApiVirtualIP} + - ':' + - get_param: [EndpointMap, HeatCfnInternal, port] + HeatCfnPublic: + host: + str_replace: + template: + get_param: [EndpointMap, HeatCfnPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + port: + get_param: [EndpointMap, HeatCfnPublic, port] + protocol: + get_param: [EndpointMap, HeatCfnPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, HeatCfnPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, HeatCfnPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + - ':' + - get_param: [EndpointMap, HeatCfnPublic, port] + - /v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, HeatCfnPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, HeatCfnPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + - ':' + - get_param: [EndpointMap, HeatCfnPublic, port] HorizonPublic: host: str_replace: @@ -1228,6 +1349,44 @@ outputs: IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - get_param: [EndpointMap, KeystonePublic, port] + MysqlInternal: + host: + str_replace: + template: + get_param: [EndpointMap, MysqlInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: MysqlVirtualIP} + port: + get_param: [EndpointMap, MysqlInternal, port] + protocol: + get_param: [EndpointMap, MysqlInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, MysqlInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, MysqlInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: MysqlVirtualIP} + - ':' + - get_param: [EndpointMap, MysqlInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, MysqlInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, MysqlInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: MysqlVirtualIP} + - ':' + - get_param: [EndpointMap, MysqlInternal, port] NeutronAdmin: host: str_replace: diff --git a/network/ports/management_from_pool.yaml b/network/ports/management_from_pool.yaml index fc87e39a..451677b2 100644 --- a/network/ports/management_from_pool.yaml +++ b/network/ports/management_from_pool.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index 6bb4557b..78c7c32c 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -4,9 +4,16 @@ parameters: ControlPlaneIp: default: '' type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string ExternalIp: default: '' type: string + ExternalIpSubnet: + default: '' + type: string ExternalIpUri: default: '' type: string @@ -14,6 +21,9 @@ parameters: InternalApiIp: default: '' type: string + InternalApiIpSubnet: + default: '' + type: string InternalApiIpUri: default: '' type: string @@ -21,6 +31,9 @@ parameters: StorageIp: default: '' type: string + StorageIpSubnet: + default: '' + type: string StorageIpUri: default: '' type: string @@ -28,6 +41,9 @@ parameters: StorageMgmtIp: default: '' type: string + StorageMgmtIpSubnet: + default: '' + type: string StorageMgmtIpUri: default: '' type: string @@ -35,6 +51,9 @@ parameters: TenantIp: default: '' type: string + TenantIpSubnet: + default: '' + type: string TenantIpUri: default: '' type: string @@ -42,6 +61,9 @@ parameters: ManagementIp: default: '' type: string + ManagementIpSubnet: + default: '' + type: string ManagementIpUri: default: '' type: string @@ -60,9 +82,26 @@ outputs: storage_mgmt: {get_param: StorageMgmtIp} tenant: {get_param: TenantIp} management: {get_param: ManagementIp} + net_ip_subnet_map: + description: > + A Hash containing a mapping of network names to assigned IPs/CIDR + for a specific machine. + value: + ctlplane: + list_join: + - '' + - - {get_param: ControlPlaneIp} + - '/' + - {get_param: ControlPlaneSubnetCidr} + external: {get_param: ExternalIpSubnet} + internal_api: {get_param: InternalApiIpSubnet} + storage: {get_param: StorageIpSubnet} + storage_mgmt: {get_param: StorageMgmtIpSubnet} + tenant: {get_param: TenantIpSubnet} + management: {get_param: ManagementIpSubnet} net_ip_uri_map: description: > - A Hash containing a mapping of netowrk names to assigned IPs for a + A Hash containing a mapping of network names to assigned IPs for a specific machine with brackets around IPv6 addresses for use in URLs. value: ctlplane: {get_param: ControlPlaneIp} diff --git a/network/ports/net_ip_subnet_map.yaml b/network/ports/net_ip_subnet_map.yaml deleted file mode 100644 index 2f933eaa..00000000 --- a/network/ports/net_ip_subnet_map.yaml +++ /dev/null @@ -1,47 +0,0 @@ -heat_template_version: 2015-04-30 - -parameters: - ControlPlaneIp: - default: '' - type: string - ExternalIpSubnet: - default: '' - type: string - InternalApiIpSubnet: - default: '' - type: string - StorageIpSubnet: - default: '' - type: string - StorageMgmtIpSubnet: - default: '' - type: string - TenantIpSubnet: - default: '' - type: string - ManagementIpSubnet: - default: '' - type: string - ControlPlaneSubnetCidr: # Override this via parameter_defaults - default: '24' - description: The subnet CIDR of the control plane network. - type: string - -outputs: - net_ip_subnet_map: - description: > - A Hash containing a mapping of network names to assigned - IP/subnet mappings. - value: - ctlplane: - list_join: - - '' - - - {get_param: ControlPlaneIp} - - '/' - - {get_param: ControlPlaneSubnetCidr} - external: {get_param: ExternalIpSubnet} - internal_api: {get_param: InternalApiIpSubnet} - storage: {get_param: StorageIpSubnet} - storage_mgmt: {get_param: StorageMgmtIpSubnet} - tenant: {get_param: TenantIpSubnet} - management: {get_param: ManagementIpSubnet} diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 433cc728..b207a1fe 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -65,7 +65,6 @@ resource_registry: OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml - OS::TripleO::Network::Ports::NetIpSubnetMap: network/ports/net_ip_subnet_map.yaml OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml # Port assignments for the VIPs @@ -126,9 +125,16 @@ resource_registry: OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml + OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml + OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml + OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml + OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml + OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml + OS::TripleO::Services::Loadbalancer: puppet/services/loadbalancer.yaml + OS::TripleO::Services::Memcached: puppet/services/memcached.yaml parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.yaml b/overcloud.yaml index fb1e53d0..474fcffb 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -298,15 +298,6 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number - # We need to set this as string because 'unlimited' is a valid setting - RabbitFDLimit: - default: 16384 - description: Configures RabbitMQ FD limit - type: string - RabbitIPv6: - default: false - description: Enable IPv6 in RabbitMQ - type: boolean RedisPassword: description: The password for Redis type: string @@ -472,14 +463,6 @@ parameters: description: The password for the gnocchi service account. type: string hidden: true - HeatPassword: - description: The password for the Heat service account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_stack_domain_admin user. - type: string - hidden: true InstanceNameTemplate: default: 'instance-%08x' description: Template string to be used to generate instance names @@ -663,14 +646,28 @@ parameters: - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Loadbalancer + - OS::TripleO::Services::Memcached description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Controllers. type: comma_delimited_list + ComputeServices: + default: [] + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the Compute Nodes. + type: comma_delimited_list + # Block storage specific parameters BlockStorageCount: type: number @@ -743,7 +740,12 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} - + CephStorageServices: + default: [] + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the CephStorage nodes. + type: comma_delimited_list # Hostname format for each role # Note %index% is translated into the index of the node, e.g 0/1/2 etc @@ -862,10 +864,10 @@ resources: ControllerServiceChain: type: OS::TripleO::Services + depends_on: Networks properties: Services: {get_param: ControllerServices} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - MysqlVirtualIPUri: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} Controller: type: OS::Heat::ResourceGroup @@ -908,8 +910,6 @@ resources: GnocchiBackend: {get_param: GnocchiBackend} GnocchiIndexerBackend: {get_param: GnocchiIndexerBackend} HAProxySyslogAddress: {get_param: HAProxySyslogAddress} - HeatPassword: {get_param: HeatPassword} - HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword} HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} HorizonAllowedHosts: {get_param: HorizonAllowedHosts} HorizonSecret: {get_resource: HorizonSecret} @@ -958,8 +958,6 @@ resources: RabbitCookie: {get_attr: [RabbitCookie, value]} RabbitClientUseSSL: {get_param: RabbitClientUseSSL} RabbitClientPort: {get_param: RabbitClientPort} - RabbitFDLimit: {get_param: RabbitFDLimit} - RabbitIPv6: {get_param: RabbitIPv6} RedisPassword: {get_param: RedisPassword} SaharaPassword: {get_param: SaharaPassword} SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} @@ -986,7 +984,6 @@ resources: NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - MysqlVirtualIPUri: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} SaharaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} @@ -1001,6 +998,12 @@ resources: SchedulerHints: {get_param: ControllerSchedulerHints} ServiceConfigSettings: {get_attr: [ControllerServiceChain, config_settings]} + ComputeServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: ComputeServices} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + Compute: type: OS::Heat::ResourceGroup depends_on: Networks @@ -1081,6 +1084,8 @@ resources: ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: NovaComputeSchedulerHints} NodeIndex: '%index%' + ServiceConfigSettings: {get_attr: [ComputeServiceChain, config_settings]} + BlockStorage: type: OS::Heat::ResourceGroup @@ -1116,7 +1121,6 @@ resources: '%stackname%': {get_param: 'OS::stack_name'} ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - MysqlVirtualIPUri: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} ExtraConfig: {get_param: ExtraConfig} BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig} CloudDomain: {get_param: CloudDomain} @@ -1157,6 +1161,12 @@ resources: SchedulerHints: {get_param: ObjectStorageSchedulerHints} NodeIndex: '%index%' + CephStorageServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: CephStorageServices} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + CephStorage: type: OS::Heat::ResourceGroup depends_on: Networks @@ -1184,6 +1194,7 @@ resources: ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: CephStorageSchedulerHints} NodeIndex: '%index%' + ServiceConfigSettings: {get_attr: [CephStorageServiceChain, config_settings]} ControllerIpListMap: type: OS::TripleO::Network::Ports::NetIpListMap @@ -1419,29 +1430,6 @@ resources: ceph_mon_names: {get_attr: [Controller, hostname]} ceph_mon_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} - ControllerClusterConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - corosync: - nodes: {get_attr: [Controller, corosync_node]} - horizon: - caches: - memcached: - nodes: {get_attr: [Controller, hostname]} - mysql: - nodes: {get_attr: [Controller, corosync_node]} - haproxy: - nodes: {get_attr: [Controller, corosync_node]} - - ControllerClusterDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ControllerClusterDeployment - config: {get_resource: ControllerClusterConfig} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - ControllerAllNodesDeployment: type: OS::Heat::StructuredDeployments properties: @@ -1581,6 +1569,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} compute_config: {get_attr: [Compute, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} + StepConfig: {get_attr: [ComputeServiceChain, step_config]} ObjectStorageNodesPostDeployment: type: OS::TripleO::ObjectStoragePostDeployment @@ -1611,6 +1600,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} cephstorage_config: {get_attr: [CephStorage, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} + StepConfig: {get_attr: [CephStorageServiceChain, step_config]} outputs: KeystoneURL: diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index fd161886..f5873ddb 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -123,8 +123,10 @@ resources: gnocchi::storage::ceph::ceph_keyring: list_join: - '.' - - - 'client' + - - '/etc/ceph/ceph' + - 'client' - {get_param: CephClientUserName} + - 'keyring' ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml index e90710c7..2b9ae751 100644 --- a/puppet/ceph-storage-post.yaml +++ b/puppet/ceph-storage-post.yaml @@ -13,6 +13,10 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' resources: @@ -33,26 +37,44 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: - get_file: manifests/overcloud_cephstorage.pp + list_join: + - '' + - - get_file: manifests/overcloud_cephstorage.pp + - {get_param: StepConfig} - CephStorageDeployment_Step1: + CephStorageDeployment_Step2: type: OS::Heat::StructuredDeployments depends_on: CephStorageArtifactsDeploy properties: - name: CephStorageDeployment_Step1 + name: CephStorageDeployment_Step2 servers: {get_param: servers} config: {get_resource: CephStoragePuppetConfig} input_values: + step: 2 + update_identifier: {get_param: NodeConfigIdentifiers} + + CephStorageDeployment_Step3: + type: OS::Heat::StructuredDeployments + depends_on: CephStorageDeployment_Step2 + properties: + name: CephStorageDeployment_Step3 + servers: {get_param: servers} + config: {get_resource: CephStoragePuppetConfig} + input_values: + step: 3 update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. ExtraConfig: - depends_on: CephStorageDeployment_Step1 + depends_on: CephStorageDeployment_Step3 type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: servers} - diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index f0eb71e4..eedb35e4 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -96,6 +96,9 @@ parameters: NodeIndex: type: number default: 0 + ServiceConfigSettings: + type: json + default: {} resources: CephStorage: @@ -195,28 +198,23 @@ resources: properties: ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetIpSubnetMap: - type: OS::TripleO::Network::Ports::NetIpSubnetMap - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -238,8 +236,8 @@ resources: timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} CephStorageConfig: type: OS::Heat::StructuredConfig @@ -252,14 +250,23 @@ resources: - heat_config_%{::deploy_config_name} - ceph_extraconfig - extraconfig + - service_configs - ceph_cluster # provided by CephClusterConfig - ceph - '"%{::osfamily}"' - common + - network merge_behavior: deeper datafiles: + service_configs: + mapped_data: {get_param: ServiceConfigSettings} common: raw_data: {get_file: hieradata/common.yaml} + network: + mapped_data: + net_ip_map: {get_attr: [NetIpMap, net_ip_map]} + net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} + net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} ceph_extraconfig: mapped_data: {get_param: CephStorageExtraConfig} extraconfig: diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index c1a04e24..d760de5e 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -112,9 +112,6 @@ parameters: GlanceApiVirtualIP: type: string default: '' - MysqlVirtualIPUri: - type: string - default: '' NetworkDeploymentActions: type: comma_delimited_list description: > @@ -246,16 +243,22 @@ resources: properties: ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetworkDeployment: @@ -275,7 +278,15 @@ resources: config: {get_resource: BlockStorageConfig} input_values: debug: {get_param: Debug} - cinder_dsn: {list_join: ['', ['mysql+pymysql://cinder:', {get_param: CinderPassword}, '@', {get_param: MysqlVirtualIPUri} , '/cinder']]} + cinder_dsn: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://cinder:' + - {get_param: CinderPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/cinder' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} cinder_lvm_loop_device_size: @@ -316,10 +327,16 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + - network merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} + network: + mapped_data: + net_ip_map: {get_attr: [NetIpMap, net_ip_map]} + net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} + net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} volume_extraconfig: mapped_data: {get_param: BlockStorageExtraConfig} extraconfig: diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml index a122df0e..698cadba 100644 --- a/puppet/compute-post.yaml +++ b/puppet/compute-post.yaml @@ -13,7 +13,10 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied - + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' resources: @@ -34,25 +37,55 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: - get_file: manifests/overcloud_compute.pp + list_join: + - '' + - - get_file: manifests/overcloud_compute.pp + - {get_param: StepConfig} + + ComputeServicesBaseDeployment_Step2: + type: OS::Heat::StructuredDeployments + depends_on: [ComputeArtifactsDeploy] + properties: + name: ComputeServicesBaseDeployment_Step2 + servers: {get_param: servers} + config: {get_resource: ComputePuppetConfig} + input_values: + step: 2 + update_identifier: {get_param: NodeConfigIdentifiers} + + ComputeOvercloudServicesDeployment_Step3: + type: OS::Heat::StructuredDeployments + depends_on: ComputeServicesBaseDeployment_Step2 + properties: + name: ComputeOvercloudServicesDeployment_Step3 + servers: {get_param: servers} + config: {get_resource: ComputePuppetConfig} + input_values: + step: 3 + update_identifier: {get_param: NodeConfigIdentifiers} - ComputePuppetDeployment: + ComputeOvercloudServicesDeployment_Step4: type: OS::Heat::StructuredDeployments - depends_on: ComputeArtifactsDeploy + depends_on: ComputeOvercloudServicesDeployment_Step3 properties: - name: ComputePuppetDeployment + name: ComputeOvercloudServicesDeployment_Step4 servers: {get_param: servers} config: {get_resource: ComputePuppetConfig} input_values: + step: 4 update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. ExtraConfig: - depends_on: ComputePuppetDeployment + depends_on: ComputeOvercloudServicesDeployment_Step4 type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: servers} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 4c18067a..ee00a890 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -339,6 +339,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + ServiceConfigSettings: + type: json + default: {} resources: @@ -430,16 +433,22 @@ resources: properties: ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetworkConfig: @@ -475,12 +484,14 @@ resources: - heat_config_%{::deploy_config_name} - compute_extraconfig - extraconfig + - service_configs - compute - ceph_cluster # provided by CephClusterConfig - ceph - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + - network - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre - nova_nuage_data # Optionally provided by ComputeExtraConfigPre @@ -488,12 +499,19 @@ resources: - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre merge_behavior: deeper datafiles: + service_configs: + mapped_data: {get_param: ServiceConfigSettings} compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} common: raw_data: {get_file: hieradata/common.yaml} + network: + mapped_data: + net_ip_map: {get_attr: [NetIpMap, net_ip_map]} + net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} + net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} ceph: raw_data: {get_file: hieradata/ceph.yaml} compute: diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index 705e4b90..36f9b4f8 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -55,7 +55,6 @@ resources: input_values: step: 1 update_identifier: {get_param: NodeConfigIdentifiers} - actions: ['CREATE'] # no need for two passes on an UPDATE ControllerServicesBaseDeployment_Step2: type: OS::Heat::StructuredDeployments @@ -67,7 +66,6 @@ resources: input_values: step: 2 update_identifier: {get_param: NodeConfigIdentifiers} - actions: ['CREATE'] # no need for two passes on an UPDATE ControllerOvercloudServicesDeployment_Step3: type: OS::Heat::StructuredDeployments diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 9f183b9c..703ff265 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -220,14 +220,6 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string - HeatPassword: - description: The password for the Heat service and db account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_stack_domain_admin user. - type: string - hidden: true HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string @@ -236,15 +228,6 @@ parameters: default: '*' description: A list of IP/Hostname allowed to connect to horizon type: comma_delimited_list - HeatWorkers: - default: 0 - description: Number of workers for Heat service. - type: number - HeatEnableDBPurge: - type: boolean - default: true - description: | - Whether to create cron job for purging soft deleted rows in the Heat database. HorizonSecret: description: Secret key for Django type: string @@ -310,6 +293,9 @@ parameters: description: Configures MySQL max_connections config setting type: number default: 4096 + MysqlClustercheckPassword: + type: string + hidden: true MysqlRootPassword: type: string hidden: true @@ -534,14 +520,6 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number - RabbitFDLimit: - default: 16384 - description: Configures RabbitMQ FD limit - type: string - RabbitIPv6: - default: false - description: Enable IPv6 in RabbitMQ - type: boolean RedisPassword: type: string description: The password to access the Redis service @@ -618,9 +596,6 @@ parameters: MysqlVirtualIP: type: string default: '' - MysqlVirtualIPUri: - type: string - default: '' NeutronApiVirtualIP: type: string default: '' @@ -780,28 +755,23 @@ resources: properties: ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} - - NetIpSubnetMap: - type: OS::TripleO::Network::Ports::NetIpSubnetMap - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig @@ -852,7 +822,6 @@ resources: bootstack_nodeid: {get_attr: [Controller, name]} ceilometer_workers: {get_param: CeilometerWorkers} cinder_workers: {get_param: CinderWorkers} - heat_workers: {get_param: HeatWorkers} nova_workers: {get_param: NovaWorkers} neutron_workers: {get_param: NeutronWorkers} swift_workers: {get_param: SwiftWorkers} @@ -861,29 +830,7 @@ resources: haproxy_log_address: {get_param: HAProxySyslogAddress} haproxy_stats_password: {get_param: HAProxyStatsPassword} haproxy_stats_user: {get_param: HAProxyStatsUser} - heat.watch_server_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIPUri} - - ':8003' - heat.metadata_server_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIPUri} - - ':8000' - heat.waitcondition_server_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIPUri} - - ':8000/v1/waitcondition' - heat_public_url: {get_param: [EndpointMap, HeatPublic, uri]} - heat_internal_url: {get_param: [EndpointMap, HeatInternal, uri]} - heat_admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} - heat_enable_db_purge: {get_param: HeatEnableDBPurge} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} admin_password: {get_param: AdminPassword} @@ -906,10 +853,11 @@ resources: cinder_dsn: list_join: - '' - - - 'mysql+pymysql://cinder:' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://cinder:' - {get_param: CinderPassword} - '@' - - {get_param: MysqlVirtualIPUri} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/cinder' cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]} cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]} @@ -917,16 +865,6 @@ resources: cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} - heat_password: {get_param: HeatPassword} - heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} - heat_dsn: - list_join: - - '' - - - 'mysql+pymysql://heat:' - - {get_param: HeatPassword} - - '@' - - {get_param: MysqlVirtualIPUri} - - '/heat' keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } @@ -940,6 +878,7 @@ resources: mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} mysql_max_connections: {get_param: MysqlMaxConnections} mysql_root_password: {get_param: MysqlRootPassword} + mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} mysql_cluster_name: str_replace: template: tripleo-CLUSTER @@ -1021,10 +960,11 @@ resources: neutron_dsn: list_join: - '' - - - 'mysql+pymysql://neutron:' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://neutron:' - {get_param: NeutronPassword} - '@' - - {get_param: MysqlVirtualIPUri} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron?charset=utf8' neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } @@ -1054,18 +994,20 @@ resources: ceilometer_dsn: list_join: - '' - - - 'mysql+pymysql://ceilometer:' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://ceilometer:' - {get_param: CeilometerPassword} - '@' - - {get_param: MysqlVirtualIPUri} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/ceilometer' gnocchi_dsn: list_join: - '' - - - 'mysql+pymysql://gnocchi:' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://gnocchi:' - {get_param: GnocchiPassword} - '@' - - {get_param: MysqlVirtualIPUri} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } @@ -1083,18 +1025,20 @@ resources: nova_dsn: list_join: - '' - - - 'mysql+pymysql://nova:' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova:' - {get_param: NovaPassword} - '@' - - {get_param: MysqlVirtualIPUri} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' nova_api_dsn: list_join: - '' - - - 'mysql+pymysql://nova_api:' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova_api:' - {get_param: NovaPassword} - '@' - - {get_param: MysqlVirtualIPUri} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} instance_name_template: {get_param: InstanceNameTemplate} @@ -1108,8 +1052,6 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - rabbit_ipv6: {get_param: RabbitIPv6} - rabbit_fd_limit: {get_param: RabbitFDLimit} mongodb_no_journal: {get_param: MongoDbNoJournal} mongodb_ipv6: {get_param: MongoDbIPv6} ntp_servers: {get_param: NtpServer} @@ -1138,10 +1080,11 @@ resources: sahara_dsn: list_join: - '' - - - 'mysql://sahara:' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://sahara:' - {get_param: SaharaPassword} - '@' - - {get_param: MysqlVirtualIPUri} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} @@ -1171,7 +1114,7 @@ resources: str_replace: template: "['SUBNET']" params: - SUBNET: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} + SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_password: {get_param: RedisPassword} @@ -1180,8 +1123,8 @@ resources: memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} mysql_virtual_ip: {get_param: MysqlVirtualIP} - ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} # Map heat metadata into hiera datafiles @@ -1208,6 +1151,7 @@ resources: - vip_data # provided by vip-config - '"%{::osfamily}"' - common + - network - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre @@ -1231,6 +1175,11 @@ resources: mapped_data: {get_param: ExtraConfig} common: raw_data: {get_file: hieradata/common.yaml} + network: + mapped_data: + net_ip_map: {get_attr: [NetIpMap, net_ip_map]} + net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} + net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} ceph: raw_data: {get_file: hieradata/ceph.yaml} mapped_data: @@ -1313,36 +1262,10 @@ resources: glance::keystone::auth::region: {get_input: keystone_region} # Heat - heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} - heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} - heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url} - heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url} - heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} - heat::rabbit_userid: {get_input: rabbit_username} - heat::rabbit_password: {get_input: rabbit_password} - heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - heat::rabbit_port: {get_input: rabbit_client_port} - heat::auth_uri: {get_input: keystone_auth_uri} - heat::keystone_ec2_uri: {get_input: keystone_ec2_uri} - heat::identity_uri: {get_input: keystone_identity_uri} - heat::keystone_password: {get_input: heat_password} heat::api::bind_host: {get_input: heat_api_network} - heat::api::workers: {get_input: heat_workers} heat::api_cloudwatch::bind_host: {get_input: heat_api_network} - heat::api_cloudwatch::workers: {get_input: heat_workers} heat::api_cfn::bind_host: {get_input: heat_api_network} - heat::api_cfn::workers: {get_input: heat_workers} - heat::engine::num_engine_workers: {get_input: heat_workers} - heat::database_connection: {get_input: heat_dsn} - heat::debug: {get_input: debug} - heat::db::mysql::password: {get_input: heat_password} - heat_enable_db_purge: {get_input: heat_enable_db_purge} - heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} - heat::keystone::auth::public_url: {get_input: heat_public_url } - heat::keystone::auth::internal_url: {get_input: heat_internal_url } - heat::keystone::auth::admin_url: {get_input: heat_admin_url } - heat::keystone::auth::password: {get_input: heat_password } - heat::keystone::auth::region: {get_input: keystone_region} + heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} # Keystone keystone::admin_bind_host: {get_input: keystone_admin_api_network} @@ -1361,6 +1284,7 @@ resources: mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} mysql_max_connections: {get_input: mysql_max_connections} mysql::server::root_password: {get_input: mysql_root_password} + mysql_clustercheck_password: {get_input: mysql_clustercheck_password} mysql_cluster_name: {get_input: mysql_cluster_name} mysql_bind_host: {get_input: mysql_network} mysql_virtual_ip: {get_input: mysql_virtual_ip} @@ -1557,14 +1481,9 @@ resources: sahara::keystone::auth::admin_url: {get_input: sahara_admin_url } sahara::keystone::auth::password: {get_input: sahara_password } sahara::keystone::auth::region: {get_input: keystone_region} - - # Rabbit + # RabbitMQ rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} - rabbitmq::file_limit: {get_input: rabbit_fd_limit} - rabbitmq::default_user: {get_input: rabbit_username} - rabbitmq::default_pass: {get_input: rabbit_password} - rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} redis::requirepass: {get_input: redis_password} @@ -1645,13 +1564,6 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [Controller, name]} - corosync_node: - description: > - Node object in the format {ip: ..., name: ...} format that the corosync - element expects - value: - ip: {get_attr: [Controller, networks, ctlplane, 0]} - name: {get_attr: [Controller, name]} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 5942088c..308c609a 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -97,8 +97,10 @@ resources: gnocchi::storage::ceph::ceph_keyring: list_join: - '.' - - - 'client' + - - '/etc/ceph/ceph' + - 'client' - {get_param: CephClientUserName} + - 'keyring' ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 7a446b50..321ae804 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -128,6 +128,10 @@ cinder::cron::db_purge::destination: '/dev/null' cinder::host: hostgroup cinder_user_enabled_backends: [] +# TODO(jaosorior): Move to cinder profile once cinder is moved as a composable +# service. +cinder::api::enable_proxy_headers_parsing: true + # heat heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index fd7faff1..4add2f02 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -16,41 +16,46 @@ include ::tripleo::packages include ::tripleo::firewall -create_resources(kmod::load, hiera('kernel_modules'), {}) -create_resources(sysctl::value, hiera('sysctl_settings'), {}) -Exec <| tag == 'kmod::load' |> -> Sysctl <| |> +if hiera('step') >= 1 { -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} + create_resources(kmod::load, hiera('kernel_modules'), {}) + create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> -include ::timezone + include ::timezone -if str2bool(hiera('ceph_osd_selinux_permissive', true)) { - exec { 'set selinux to permissive on boot': - command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", - onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", - path => ['/usr/bin', '/usr/sbin'], + if count(hiera('ntp::servers')) > 0 { + include ::ntp } - - exec { 'set selinux to permissive': - command => 'setenforce 0', - onlyif => "which setenforce && getenforce | grep -i 'enforcing'", - path => ['/usr/bin', '/usr/sbin'], - } -> Class['ceph::profile::osd'] } -if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') -} else { - $mon_host = hiera('ceph_mon_host') -} -class { '::ceph::profile::params': - mon_host => $mon_host, -} -include ::ceph::conf -include ::ceph::profile::client -include ::ceph::profile::osd +if hiera('step') >= 3 { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ['/usr/bin', '/usr/sbin'], + } + + exec { 'set selinux to permissive': + command => 'setenforce 0', + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ['/usr/bin', '/usr/sbin'], + } -> Class['ceph::profile::osd'] + } -hiera_include('ceph_classes') -package_manifest{'/var/lib/tripleo/installed-packages/overcloud_ceph': ensure => present} + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } + include ::ceph::conf + include ::ceph::profile::client + include ::ceph::profile::osd + + hiera_include('ceph_classes') + package_manifest{'/var/lib/tripleo/installed-packages/overcloud_ceph': ensure => present} +} diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index cc58cb14..6ff74e12 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -16,8 +16,8 @@ include ::tripleo::packages include ::tripleo::firewall -create_resources(kmod::load, hiera('kernel_modules'), {}) -create_resources(sysctl::value, hiera('sysctl_settings'), {}) +create_resources(kmod::load, hiera('kernel_modules'), { }) +create_resources(sysctl::value, hiera('sysctl_settings'), { }) Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { @@ -26,191 +26,204 @@ if count(hiera('ntp::servers')) > 0 { include ::timezone -file { ['/etc/libvirt/qemu/networks/autostart/default.xml', - '/etc/libvirt/qemu/networks/default.xml']: - ensure => absent, - before => Service['libvirt'], -} -# in case libvirt has been already running before the Puppet run, make -# sure the default network is destroyed -exec { 'libvirt-default-net-destroy': - command => '/usr/bin/virsh net-destroy default', - onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"', - before => Service['libvirt'], -} - -# When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique -exec { 'reset-iscsi-initiator-name': - command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', - onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', -}-> +if hiera('step') >= 4 { -file { '/etc/iscsi/.initiator_reset': - ensure => present, -} + file { ['/etc/libvirt/qemu/networks/autostart/default.xml', + '/etc/libvirt/qemu/networks/default.xml']: + ensure => absent, + before => Service['libvirt'], + } + # in case libvirt has been already running before the Puppet run, make + # sure the default network is destroyed + exec { 'libvirt-default-net-destroy': + command => '/usr/bin/virsh net-destroy default', + onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"', + before => Service['libvirt'], + } -include ::nova -include ::nova::config -include ::nova::compute + # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique + exec { 'reset-iscsi-initiator-name': + command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', + onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', + }-> -$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) -$rbd_persistent_storage = hiera('rbd_persistent_storage', false) -if $rbd_ephemeral_storage or $rbd_persistent_storage { - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_host => $mon_host, + file { '/etc/iscsi/.initiator_reset': + ensure => present, } - include ::ceph::conf - include ::ceph::profile::client - $client_keys = hiera('ceph::profile::params::client_keys') - $client_user = join(['client.', hiera('ceph_client_user_name')]) - class { '::nova::compute::rbd': - libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], + include ::nova + include ::nova::config + include ::nova::compute + + $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) + $rbd_persistent_storage = hiera('rbd_persistent_storage', false) + if $rbd_ephemeral_storage or $rbd_persistent_storage { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } + include ::ceph::conf + include ::ceph::profile::client + + $client_keys = hiera('ceph::profile::params::client_keys') + $client_user = join(['client.', hiera('ceph_client_user_name')]) + class { '::nova::compute::rbd': + libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], + } } -} -if hiera('cinder_enable_nfs_backend', false) { - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] + if hiera('cinder_enable_nfs_backend', false) { + if str2bool($::selinux) { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } + + package { 'nfs-utils': } -> Service['nova-compute'] } - package {'nfs-utils': } -> Service['nova-compute'] -} + if str2bool(hiera('nova::use_ipv6', false)) { + $vncserver_listen = '::0' + } else { + $vncserver_listen = '0.0.0.0' + } -if str2bool(hiera('nova::use_ipv6', false)) { - $vncserver_listen = '::0' -} else { - $vncserver_listen = '0.0.0.0' -} -class { '::nova::compute::libvirt' : - vncserver_listen => $vncserver_listen, -} + if $rbd_ephemeral_storage { + class { '::nova::compute::libvirt': + libvirt_disk_cachemodes => ['network=writeback'], + libvirt_hw_disk_discard => 'unmap', + vncserver_listen => $vncserver_listen, + } + } else { + class { '::nova::compute::libvirt' : + vncserver_listen => $vncserver_listen, + } + } -nova_config { - 'DEFAULT/my_ip': value => $ipaddress; - 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; - 'DEFAULT/host': value => $fqdn; - # TUNNELLED mode provides a security enhancement when using shared storage but is not - # supported when not using shared storage. - # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 - # In future versions of QEMU (2.6, mostly), Dan's native encryption - # work will obsolete the need to use TUNNELLED transport mode. - 'libvirt/live_migration_tunnelled': value => $rbd_ephemeral_storage; -} + nova_config { + 'DEFAULT/my_ip': value => $ipaddress; + 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; + 'DEFAULT/host': value => $fqdn; + # TUNNELLED mode provides a security enhancement when using shared storage but is not + # supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), Dan's native encryption + # work will obsolete the need to use TUNNELLED transport mode. + 'libvirt/live_migration_tunnelled': value => $rbd_ephemeral_storage; + } -if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - file {'/etc/libvirt/qemu.conf': - ensure => present, - content => hiera('midonet_libvirt_qemu_data') + if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { + file { '/etc/libvirt/qemu.conf': + ensure => present, + content => hiera('midonet_libvirt_qemu_data') + } } -} -include ::nova::network::neutron -include ::neutron -include ::neutron::config - -# If the value of core plugin is set to 'nuage', -# include nuage agent, -# If the value of core plugin is set to 'midonet', -# include midonet agent, -# else use the default value of 'ml2' -if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { - include ::nuage::vrs - include ::nova::compute::neutron - - class { '::nuage::metadataagent': - nova_os_tenant_name => hiera('nova::api::admin_tenant_name'), - nova_os_password => hiera('nova_password'), - nova_metadata_ip => hiera('nova_metadata_node_ips'), - nova_auth_ip => hiera('keystone_public_api_virtual_ip'), + include ::nova::network::neutron + include ::neutron + include ::neutron::config + + # If the value of core plugin is set to 'nuage', + # include nuage agent, + # If the value of core plugin is set to 'midonet', + # include midonet agent, + # else use the default value of 'ml2' + if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { + include ::nuage::vrs + include ::nova::compute::neutron + + class { '::nuage::metadataagent': + nova_os_tenant_name => hiera('nova::api::admin_tenant_name'), + nova_os_password => hiera('nova_password'), + nova_metadata_ip => hiera('nova_metadata_node_ips'), + nova_auth_ip => hiera('keystone_public_api_virtual_ip'), + } } -} -elsif hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { + elsif hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - # TODO(devvesa) provide non-controller ips for these services - $zookeeper_node_ips = hiera('neutron_api_node_ips') - $cassandra_node_ips = hiera('neutron_api_node_ips') + # TODO(devvesa) provide non-controller ips for these services + $zookeeper_node_ips = hiera('neutron_api_node_ips') + $cassandra_node_ips = hiera('neutron_api_node_ips') - class {'::tripleo::network::midonet::agent': - zookeeper_servers => $zookeeper_node_ips, - cassandra_seeds => $cassandra_node_ips + class { '::tripleo::network::midonet::agent': + zookeeper_servers => $zookeeper_node_ips, + cassandra_seeds => $cassandra_node_ips + } } -} -elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { - - include ::contrail::vrouter - # NOTE: it's not possible to use this class without a functional - # contrail controller up and running - #class {'::contrail::vrouter::provision_vrouter': - # require => Class['contrail::vrouter'], - #} -} -elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { - # forward all ipv4 traffic - # this is required for the vms to pass through the gateways public interface - sysctl::value { 'net.ipv4.ip_forward': value => '1' } - - # ifc_ctl_pp needs to be invoked by root as part of the vif.py when a VM is powered on - file { '/etc/sudoers.d/ifc_ctl_sudoers': - ensure => file, - owner => root, - group => root, - mode => '0440', - content => "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *\n", + elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { + + include ::contrail::vrouter + # NOTE: it's not possible to use this class without a functional + # contrail controller up and running + #class {'::contrail::vrouter::provision_vrouter': + # require => Class['contrail::vrouter'], + #} } -} -else { - - # NOTE: this code won't live in puppet-neutron until Neutron OVS agent - # can be gracefully restarted. See https://review.openstack.org/#/c/297211 - # In the meantime, it's safe to restart the agent on each change in neutron.conf, - # because Puppet changes are supposed to be done during bootstrap and upgrades. - # Some resource managed by Neutron_config (like messaging and logging options) require - # a restart of OVS agent. This code does it. - # In Newton, OVS agent will be able to be restarted gracefully so we'll drop the code - # from here and fix it in puppet-neutron. - Neutron_config<||> ~> Service['neutron-ovs-agent-service'] - - include ::neutron::plugins::ml2 - include ::neutron::agents::ml2::ovs - - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), + elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { + # forward all ipv4 traffic + # this is required for the vms to pass through the gateways public interface + sysctl::value { 'net.ipv4.ip_forward': value => '1' } + + # ifc_ctl_pp needs to be invoked by root as part of the vif.py when a VM is powered on + file { '/etc/sudoers.d/ifc_ctl_sudoers': + ensure => file, + owner => root, + group => root, + mode => '0440', + content => "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *\n", } } + else { + + # NOTE: this code won't live in puppet-neutron until Neutron OVS agent + # can be gracefully restarted. See https://review.openstack.org/#/c/297211 + # In the meantime, it's safe to restart the agent on each change in neutron.conf, + # because Puppet changes are supposed to be done during bootstrap and upgrades. + # Some resource managed by Neutron_config (like messaging and logging options) require + # a restart of OVS agent. This code does it. + # In Newton, OVS agent will be able to be restarted gracefully so we'll drop the code + # from here and fix it in puppet-neutron. + Neutron_config<||> ~> Service['neutron-ovs-agent-service'] + + include ::neutron::plugins::ml2 + include ::neutron::agents::ml2::ovs + + if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { + class { '::neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } + } - if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::agents::bigswitch + if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { + include ::neutron::agents::bigswitch + } } -} -neutron_config { - 'DEFAULT/host': value => $fqdn; -} + neutron_config { + 'DEFAULT/host': value => $fqdn; + } -include ::ceilometer -include ::ceilometer::config -include ::ceilometer::agent::compute -include ::ceilometer::agent::auth + include ::ceilometer + include ::ceilometer::config + include ::ceilometer::agent::compute + include ::ceilometer::agent::auth -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], -} + $snmpd_user = hiera('snmpd_readonly_user_name') + snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), + } + class { '::snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + } -hiera_include('compute_classes') -package_manifest{'/var/lib/tripleo/installed-packages/overcloud_compute': ensure => present} + hiera_include('compute_classes') + package_manifest{ '/var/lib/tripleo/installed-packages/overcloud_compute': ensure => present } + +} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 7ea92143..536c680f 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -24,15 +24,6 @@ if hiera('step') >= 1 { create_resources(sysctl::value, hiera('sysctl_settings'), {}) Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - $controller_node_ips = split(hiera('controller_node_ips'), ',') - - if $enable_load_balancer { - class { '::tripleo::loadbalancer' : - controller_hosts => $controller_node_ips, - manage_vip => true, - } - } - } if hiera('step') >= 2 { @@ -117,7 +108,6 @@ if hiera('step') >= 2 { include ::nova::db::mysql_api include ::neutron::db::mysql include ::cinder::db::mysql - include ::heat::db::mysql include ::sahara::db::mysql if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { include ::gnocchi::db::mysql @@ -127,36 +117,6 @@ if hiera('step') >= 2 { include ::aodh::db::mysql } - $rabbit_nodes = hiera('rabbit_node_ips') - if count($rabbit_nodes) > 1 { - - $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) - if $rabbit_ipv6 { - $rabbit_env = merge(hiera('rabbitmq_environment'), { - 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' - }) - } else { - $rabbit_env = hiera('rabbitmq_environment') - } - - class { '::rabbitmq': - config_cluster => true, - cluster_nodes => $rabbit_nodes, - tcp_keepalive => false, - config_kernel_variables => hiera('rabbitmq_kernel_variables'), - config_variables => hiera('rabbitmq_config_variables'), - environment_variables => $rabbit_env, - } - rabbitmq_policy { 'ha-all@/': - pattern => '^(?!amq\.).*', - definition => { - 'ha-mode' => 'all', - }, - } - } else { - include ::rabbitmq - } - # pre-install swift here so we can build rings include ::swift @@ -355,7 +315,6 @@ if hiera('step') >= 4 { include ::cinder include ::cinder::config - include ::tripleo::ssl::cinder_config include ::cinder::api include ::cinder::glance include ::cinder::scheduler @@ -491,7 +450,6 @@ if hiera('step') >= 4 { } # swift proxy - include ::memcached include ::swift::proxy include ::swift::proxy::proxy_logging include ::swift::proxy::healthcheck @@ -562,16 +520,6 @@ if hiera('step') >= 4 { include ::aodh::listener include ::aodh::client - # Heat - class { '::heat' : - notification_driver => 'messaging', - } - include ::heat::config - include ::heat::api - include ::heat::api_cfn - include ::heat::api_cloudwatch - include ::heat::engine - # Sahara include ::sahara include ::sahara::service::api @@ -635,7 +583,6 @@ if hiera('step') >= 4 { if hiera('step') >= 5 { $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) - $heat_enable_db_purge = hiera('heat_enable_db_purge', true) if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows @@ -643,25 +590,6 @@ if hiera('step') >= 5 { if $cinder_enable_db_purge { include ::cinder::cron::db_purge } - if $heat_enable_db_purge { - include ::heat::cron::purge_deleted - } - - if downcase(hiera('bootstrap_nodeid')) == $::hostname { - # Class ::heat::keystone::domain has to run on bootstrap node - # because it creates DB entities via API calls. - include ::heat::keystone::domain - - Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] - } else { - # On non-bootstrap node we don't need to create Keystone resources again - class { '::heat::keystone::domain': - manage_domain => false, - manage_user => false, - manage_role => false, - } - } - } #END STEP 5 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 4e0d1c37..30345694 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -24,7 +24,6 @@ Service <| tag == 'cinder-service' or tag == 'ceilometer-service' or tag == 'gnocchi-service' or - tag == 'heat-service' or tag == 'neutron-service' or tag == 'nova-service' or tag == 'sahara-service' @@ -66,18 +65,6 @@ if hiera('step') >= 1 { include ::ntp } - $controller_node_ips = split(hiera('controller_node_ips'), ',') - $controller_node_names = split(downcase(hiera('controller_node_names')), ',') - if $enable_load_balancer { - class { '::tripleo::loadbalancer' : - controller_hosts => $controller_node_ips, - controller_hosts_names => $controller_node_names, - manage_vip => false, - mysql_clustercheck => true, - haproxy_service_manage => false, - } - } - $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) if $corosync_ipv6 { @@ -114,35 +101,6 @@ if hiera('step') >= 1 { op_params => 'start timeout=200s stop timeout=200s', } - # Only configure RabbitMQ in this step, don't start it yet to - # avoid races where non-master nodes attempt to start without - # config (eg. binding on 0.0.0.0) - # The module ignores erlang_cookie if cluster_config is false - $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) - if $rabbit_ipv6 { - $rabbit_env = merge(hiera('rabbitmq_environment'), { - 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' - }) - } else { - $rabbit_env = hiera('rabbitmq_environment') - } - - class { '::rabbitmq': - service_manage => false, - tcp_keepalive => false, - config_kernel_variables => hiera('rabbitmq_kernel_variables'), - config_variables => hiera('rabbitmq_config_variables'), - environment_variables => $rabbit_env, - } -> - file { '/var/lib/rabbitmq/.erlang.cookie': - ensure => file, - owner => 'rabbitmq', - group => 'rabbitmq', - mode => '0400', - content => hiera('rabbitmq::erlang_cookie'), - replace => true, - } - if downcase(hiera('ceilometer_backend')) == 'mongodb' { include ::mongodb::globals include ::mongodb::client @@ -151,11 +109,6 @@ if hiera('step') >= 1 { } } - # Memcached - class {'::memcached' : - service_manage => false, - } - # Redis class { '::redis' : service_manage => false, @@ -239,77 +192,12 @@ if hiera('step') >= 2 { if $pacemaker_master { - if $enable_load_balancer { - - include ::pacemaker::resource_defaults - - # Create an openstack-core dummy resource. See RHBZ 1290121 - pacemaker::resource::ocf { 'openstack-core': - ocf_agent_name => 'heartbeat:Dummy', - clone_params => true, - } - # FIXME: we should not have to access tripleo::loadbalancer class - # parameters here to configure pacemaker VIPs. The configuration - # of pacemaker VIPs could move into puppet-tripleo or we should - # make use of less specific hiera parameters here for the settings. - pacemaker::resource::service { 'haproxy': - clone_params => true, - } - - $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip') - tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip': - vip_name => 'control', - ip_address => $control_vip, - } - - $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip') - tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip': - ensure => $public_vip and $public_vip != $control_vip, - vip_name => 'public', - ip_address => $public_vip, - } - - $redis_vip = hiera('redis_vip') - tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip': - ensure => $redis_vip and $redis_vip != $control_vip, - vip_name => 'redis', - ip_address => $redis_vip, - } - - - $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip') - tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip': - ensure => $internal_api_vip and $internal_api_vip != $control_vip, - vip_name => 'internal_api', - ip_address => $internal_api_vip, - } + include ::pacemaker::resource_defaults - $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip') - tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip': - ensure => $storage_vip and $storage_vip != $control_vip, - vip_name => 'storage', - ip_address => $storage_vip, - } - - $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip') - tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip': - ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip, - vip_name => 'storage_mgmt', - ip_address => $storage_mgmt_vip, - } - } - - pacemaker::resource::service { $::memcached::params::service_name : - clone_params => 'interleave=true', - require => Class['::memcached'], - } - - pacemaker::resource::ocf { 'rabbitmq': - ocf_agent_name => 'heartbeat:rabbitmq-cluster', - resource_params => 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'', - clone_params => 'ordered=true interleave=true', - meta_params => 'notify=true', - require => Class['::rabbitmq'], + # Create an openstack-core dummy resource. See RHBZ 1290121 + pacemaker::resource::ocf { 'openstack-core': + ocf_agent_name => 'heartbeat:Dummy', + clone_params => true, } if downcase(hiera('ceilometer_backend')) == 'mongodb' { @@ -349,6 +237,16 @@ if hiera('step') >= 2 { } } + $mysql_root_password = hiera('mysql::server::root_password') + $mysql_clustercheck_password = hiera('mysql_clustercheck_password') + # This step is to create a sysconfig clustercheck file with the root user and empty password + # on the first install only (because later on the clustercheck db user will be used) + # We are using exec and not file in order to not have duplicate definition errors in puppet + # when we later set the the file to contain the clustercheck data + exec { 'create-root-sysconfig-clustercheck': + command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck", + unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck', + } exec { 'galera-ready' : command => '/usr/bin/clustercheck >/dev/null', @@ -356,14 +254,7 @@ if hiera('step') >= 2 { tries => 180, try_sleep => 10, environment => ['AVAILABLE_WHEN_READONLY=0'], - require => File['/etc/sysconfig/clustercheck'], - } - - file { '/etc/sysconfig/clustercheck' : - ensure => file, - content => "MYSQL_USERNAME=root\n -MYSQL_PASSWORD=''\n -MYSQL_HOST=localhost\n", + require => Exec['create-root-sysconfig-clustercheck'], } xinetd::service { 'galera-monitor' : @@ -376,7 +267,24 @@ MYSQL_HOST=localhost\n", service_type => 'UNLISTED', user => 'root', group => 'root', - require => File['/etc/sysconfig/clustercheck'], + require => Exec['create-root-sysconfig-clustercheck'], + } + # We add a clustercheck db user and we will switch /etc/sysconfig/clustercheck + # to it in a later step. We do this only on one node as it will replicate on + # the other members. We also make sure that the permissions are the minimum necessary + if $pacemaker_master { + mysql_user { 'clustercheck@localhost': + ensure => 'present', + password_hash => mysql_password($mysql_clustercheck_password), + require => Exec['galera-ready'], + } + mysql_grant { 'clustercheck@localhost/*.*': + ensure => 'present', + options => ['GRANT'], + privileges => ['PROCESS'], + table => '*.*', + user => 'clustercheck@localhost', + } } # Create all the database schemas @@ -393,9 +301,6 @@ MYSQL_HOST=localhost\n", class { '::cinder::db::mysql': require => Exec['galera-ready'], } - class { '::heat::db::mysql': - require => Exec['galera-ready'], - } if downcase(hiera('ceilometer_backend')) == 'mysql' { class { '::ceilometer::db::mysql': @@ -470,6 +375,17 @@ MYSQL_HOST=localhost\n", } #END STEP 2 if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { + # At this stage we are guaranteed that the clustercheck db user exists + # so we switch the resource agent to use it. + file { '/etc/sysconfig/clustercheck' : + ensure => file, + mode => '0600', + owner => 'root', + group => 'root', + content => "MYSQL_USERNAME=clustercheck\n +MYSQL_PASSWORD='${mysql_clustercheck_password}'\n +MYSQL_HOST=localhost\n", + } $nova_ipv6 = hiera('nova::use_ipv6', false) if $nova_ipv6 { @@ -626,7 +542,6 @@ if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { include ::cinder include ::cinder::config - include ::tripleo::ssl::cinder_config class { '::cinder::api': sync_db => $sync_db, manage_service => false, @@ -867,29 +782,6 @@ if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } - # Heat - include ::heat::config - class { '::heat' : - sync_db => $sync_db, - notification_driver => 'messaging', - } - class { '::heat::api' : - manage_service => false, - enabled => false, - } - class { '::heat::api_cfn' : - manage_service => false, - enabled => false, - } - class { '::heat::api_cloudwatch' : - manage_service => false, - enabled => false, - } - class { '::heat::engine' : - manage_service => false, - enabled => false, - } - # httpd/apache and horizon # NOTE(gfidente): server-status can be consumed by the pacemaker resource agent class { '::apache' : @@ -992,9 +884,31 @@ if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { } #END STEP 4 if hiera('step') >= 5 { + # We now make sure that the root db password is set to a random one + # At first installation /root/.my.cnf will be empty and we connect without a root + # password. On second runs or updates /root/.my.cnf will already be populated + # with proper credentials. This step happens on every node because this sql + # statement does not automatically replicate across nodes. + exec { 'galera-set-root-password': + command => "/bin/touch /root/.my.cnf && /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; flush privileges;\" | /bin/mysql --defaults-extra-file=/root/.my.cnf -u root", + } + file { '/root/.my.cnf' : + ensure => file, + mode => '0600', + owner => 'root', + group => 'root', + content => "[client] +user=root +password=\"${mysql_root_password}\" + +[mysql] +user=root +password=\"${mysql_root_password}\"", + require => Exec['galera-set-root-password'], + } + $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) - $heat_enable_db_purge = hiera('heat_enable_db_purge', true) if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows @@ -1002,9 +916,6 @@ if hiera('step') >= 5 { if $cinder_enable_db_purge { include ::cinder::cron::db_purge } - if $heat_enable_db_purge { - include ::heat::cron::purge_deleted - } if $pacemaker_master { @@ -1017,15 +928,6 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::apache::params::service_name], Pacemaker::Resource::Ocf['openstack-core']], } - pacemaker::constraint::base { 'memcached-then-openstack-core-constraint': - constraint_type => 'order', - first_resource => 'memcached-clone', - second_resource => 'openstack-core-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service['memcached'], - Pacemaker::Resource::Ocf['openstack-core']], - } pacemaker::constraint::base { 'galera-then-openstack-core-constraint': constraint_type => 'order', first_resource => 'galera-master', @@ -1324,11 +1226,6 @@ if hiera('step') >= 5 { pacemaker::resource::service { $::ceilometer::params::agent_notification_service_name : clone_params => 'interleave=true', } - pacemaker::resource::ocf { 'delay' : - ocf_agent_name => 'heartbeat:Delay', - clone_params => 'interleave=true', - resource_params => 'startdelay=10', - } # Fedora doesn't know `require-all` parameter for constraints yet if $::operatingsystem == 'Fedora' { $redis_ceilometer_constraint_params = undef @@ -1400,22 +1297,6 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], } - pacemaker::constraint::base { 'ceilometer-api-then-ceilometer-delay-constraint': - constraint_type => 'order', - first_resource => "${::ceilometer::params::api_service_name}-clone", - second_resource => 'delay-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], - Pacemaker::Resource::Ocf['delay']], - } - pacemaker::constraint::colocation { 'ceilometer-delay-with-ceilometer-api-colocation': - source => 'delay-clone', - target => "${::ceilometer::params::api_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], - Pacemaker::Resource::Ocf['delay']], - } # Aodh pacemaker::resource::service { $::aodh::params::evaluator_service_name : clone_params => 'interleave=true', @@ -1426,22 +1307,6 @@ if hiera('step') >= 5 { pacemaker::resource::service { $::aodh::params::listener_service_name : clone_params => 'interleave=true', } - pacemaker::constraint::base { 'aodh-delay-then-aodh-evaluator-constraint': - constraint_type => 'order', - first_resource => 'delay-clone', - second_resource => "${::aodh::params::evaluator_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Ocf['delay']], - } - pacemaker::constraint::colocation { 'aodh-evaluator-with-aodh-delay-colocation': - source => "${::aodh::params::evaluator_service_name}-clone", - target => 'delay-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Ocf['delay']], - } pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint': constraint_type => 'order', first_resource => "${::aodh::params::evaluator_service_name}-clone", @@ -1510,77 +1375,6 @@ if hiera('step') >= 5 { Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], } - # Heat - pacemaker::resource::service { $::heat::params::api_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::heat::params::api_cloudwatch_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::heat::params::api_cfn_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::heat::params::engine_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint': - constraint_type => 'order', - first_resource => "${::heat::params::api_service_name}-clone", - second_resource => "${::heat::params::api_cfn_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]], - } - pacemaker::constraint::colocation { 'heat-api-cfn-with-heat-api-colocation': - source => "${::heat::params::api_cfn_service_name}-clone", - target => "${::heat::params::api_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name], - Pacemaker::Resource::Service[$::heat::params::api_service_name]], - } - pacemaker::constraint::base { 'heat-api-cfn-then-heat-api-cloudwatch-constraint': - constraint_type => 'order', - first_resource => "${::heat::params::api_cfn_service_name}-clone", - second_resource => "${::heat::params::api_cloudwatch_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name], - Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]], - } - pacemaker::constraint::colocation { 'heat-api-cloudwatch-with-heat-api-cfn-colocation': - source => "${::heat::params::api_cloudwatch_service_name}-clone", - target => "${::heat::params::api_cfn_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name], - Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name]], - } - pacemaker::constraint::base { 'heat-api-cloudwatch-then-heat-engine-constraint': - constraint_type => 'order', - first_resource => "${::heat::params::api_cloudwatch_service_name}-clone", - second_resource => "${::heat::params::engine_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name], - Pacemaker::Resource::Service[$::heat::params::engine_service_name]], - } - pacemaker::constraint::colocation { 'heat-engine-with-heat-api-cloudwatch-colocation': - source => "${::heat::params::engine_service_name}-clone", - target => "${::heat::params::api_cloudwatch_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name], - Pacemaker::Resource::Service[$::heat::params::engine_service_name]], - } - pacemaker::constraint::base { 'ceilometer-notification-then-heat-api-constraint': - constraint_type => 'order', - first_resource => "${::ceilometer::params::agent_notification_service_name}-clone", - second_resource => "${::heat::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::agent_notification_service_name]], - } - # Horizon and Keystone pacemaker::resource::service { $::apache::params::service_name: clone_params => 'interleave=true', diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index ca50d91d..89e6ee0f 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' Debug: default: '' description: Set to True to enable debugging on all services. @@ -63,13 +60,14 @@ outputs: description: Role data for the Glance API role. value: config_settings: - glance_dsn: &glance_dsn + glance::api::database_connection: list_join: - '' - - - 'mysql+pymysql://glance:' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://glance:' - {get_param: GlancePassword} - '@' - - {get_param: MysqlVirtualIPUri} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } @@ -84,7 +82,6 @@ outputs: glance::api::workers: {get_param: GlanceWorkers} glance_notifier_strategy: {get_param: GlanceNotifierStrategy} glance_log_file: {get_param: GlanceLogFile} - glance::api::database_connection: *glance_dsn glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_param: GlancePassword} diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 1a1a515a..6f2f0372 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' Debug: default: '' description: Set to True to enable debugging on all services. @@ -30,16 +27,16 @@ outputs: description: Role data for the Glance Registry role. value: config_settings: - glance_dsn: &glance_dsn + glance::registry::database_connection: list_join: - '' - - - 'mysql+pymysql://glance:' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://glance:' - {get_param: GlancePassword} - '@' - - {get_param: MysqlVirtualIPUri} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' glance::registry::keystone_password: {get_param: GlancePassword} - glance::registry::database_connection: *glance_dsn glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } glance::registry::debug: {get_param: Debug} diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml new file mode 100644 index 00000000..c1f26c15 --- /dev/null +++ b/puppet/services/heat-api-cfn.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat CloudFormation API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + HeatBase: + type: ./heat-base.yaml + +outputs: + role_data: + description: Role data for the Heat CloudFormation API role. + value: + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - heat::api_cfn::workers: {get_param: HeatWorkers} + heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} + heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} + heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} + heat::keystone::auth_cfn::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} + step_config: | + include ::tripleo::profile::base::heat::api_cfn diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml new file mode 100644 index 00000000..2c56951b --- /dev/null +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat CloudWatch API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + +resources: + HeatBase: + type: ./heat-base.yaml + +outputs: + role_data: + description: Role data for the Heat Cloudwatch API role. + value: + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - heat::api_cloudwatch::workers: {get_param: HeatWorkers} + step_config: | + include ::tripleo::profile::base::heat::api_cloudwatch diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml new file mode 100644 index 00000000..d3461e63 --- /dev/null +++ b/puppet/services/heat-api.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + HeatBase: + type: ./heat-base.yaml + +outputs: + role_data: + description: Role data for the Heat API role. + value: + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - heat::api::workers: {get_param: HeatWorkers} + heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} + heat::keystone::auth::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} + step_config: | + include ::tripleo::profile::base::heat::api diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml new file mode 100644 index 00000000..8617df27 --- /dev/null +++ b/puppet/services/heat-base.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat base service. Shared for all Heat services. + +parameters: + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Shared role data for the Heat services. + value: + config_settings: + heat::rabbit_userid: {get_param: RabbitUserName} + heat::rabbit_password: {get_param: RabbitPassword} + heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + heat::rabbit_port: {get_param: RabbitClientPort} + heat::debug: {get_param: Debug} + heat::enable_proxy_headers_parsing: true diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml new file mode 100644 index 00000000..51807f92 --- /dev/null +++ b/puppet/services/heat-engine.yaml @@ -0,0 +1,59 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat Engine service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + HeatEnableDBPurge: + type: boolean + default: true + description: | + Whether to create cron job for purging soft deleted rows in the Heat database. + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + HeatStackDomainAdminPassword: + description: Password for heat_stack_domain_admin user. + type: string + hidden: true + +resources: + HeatBase: + type: ./heat-base.yaml + +outputs: + role_data: + description: Role data for the Heat Engine role. + value: + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - heat::engine::num_engine_workers: {get_param: HeatWorkers} + tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge} + heat::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://heat:' + - {get_param: HeatPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/heat' + heat::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} + heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + heat::keystone_password: {get_param: HeatPassword} + heat::db::mysql::password: {get_param: HeatPassword} + heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} + step_config: | + include ::tripleo::profile::base::heat::engine diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 1654f0e7..25d92d4a 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -54,9 +54,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' Debug: type: string default: '' @@ -97,15 +94,15 @@ outputs: description: Role data for the Keystone role. value: config_settings: - keystone_dsn: &keystone_dsn + keystone::database_connection: list_join: - '' - - - 'mysql+pymysql://keystone:' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://keystone:' - {get_param: AdminToken} - '@' - - {get_param: MysqlVirtualIPUri} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/keystone' - keystone::database_connection: *keystone_dsn keystone::admin_token: {get_param: AdminToken} keystone::roles::admin::password: {get_param: AdminPassword} keystone_ca_certificate: {get_param: KeystoneCACertificate} diff --git a/puppet/services/loadbalancer.yaml b/puppet/services/loadbalancer.yaml new file mode 100644 index 00000000..1b9654fc --- /dev/null +++ b/puppet/services/loadbalancer.yaml @@ -0,0 +1,18 @@ +heat_template_version: 2016-04-08 + +description: > + Loadbalancer service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Loadbalancer role. + value: + step_config: | + include ::tripleo::profile::base::loadbalancer diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml new file mode 100644 index 00000000..fcd0adca --- /dev/null +++ b/puppet/services/memcached.yaml @@ -0,0 +1,19 @@ +heat_template_version: 2016-04-08 + +description: > + Memcached service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Memcached role. + value: + config_settings: + step_config: | + include ::tripleo::profile::base::memcached diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 548b4ba0..80ccf1c2 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' NeutronEnableIsolatedMetadata: default: 'False' description: If True, DHCP provide metadata route to VM. diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 2ea1b19d..20c82dc1 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' Debug: type: string default: '' diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 1fe139f3..e221b3a1 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' NeutronMetadataProxySharedSecret: description: Shared secret to prevent spoofing type: string diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml index ad964216..5a581dca 100644 --- a/puppet/services/pacemaker/glance-api.yaml +++ b/puppet/services/pacemaker/glance-api.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' GlanceFilePcmkDevice: default: '' description: > @@ -43,7 +40,6 @@ resources: type: ../glance-api.yaml properties: EndpointMap: {get_param: EndpointMap} - MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} outputs: role_data: diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml index 393fbaaf..8b88cb93 100644 --- a/puppet/services/pacemaker/glance-registry.yaml +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' resources: @@ -19,7 +16,6 @@ resources: type: ../glance-registry.yaml properties: EndpointMap: {get_param: EndpointMap} - MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} outputs: role_data: diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml new file mode 100644 index 00000000..5833c42d --- /dev/null +++ b/puppet/services/pacemaker/heat-api-cfn.yaml @@ -0,0 +1,31 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat CloudFormation API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + HeatApiCfnBase: + type: ../heat-api-cfn.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Heat CloudFormation API role. + value: + config_settings: + map_merge: + - get_attr: [HeatApiCfnBase, role_data, config_settings] + - heat::api_cfn::manage_service: false + heat::api_cfn::enabled: false + step_config: + # No puppet manifests since heat-api-cfn is included in + # ::tripleo::profile::pacemaker::heat which is maintained alongside of + # pacemaker/heat-api.yaml. diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml new file mode 100644 index 00000000..8b67702c --- /dev/null +++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml @@ -0,0 +1,31 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat CloudWatch API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + HeatApiCloudwatchBase: + type: ../heat-api-cloudwatch.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Heat Cloudwatch API role. + value: + config_settings: + map_merge: + - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] + - heat::api_cloudwatch::manage_service: false + heat::api_cloudwatch::enabled: false + step_config: + # No puppet manifests since heat-api-cloudwatch is included in + # ::tripleo::profile::pacemaker::heat which is maintained alongside of + # pacemaker/heat-api.yaml. diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml new file mode 100644 index 00000000..6628e8dd --- /dev/null +++ b/puppet/services/pacemaker/heat-api.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + HeatApiBase: + type: ../heat-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Heat API role. + value: + config_settings: + map_merge: + - get_attr: [HeatApiBase, role_data, config_settings] + - heat::api::manage_service: false + heat::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::heat diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml new file mode 100644 index 00000000..e1195780 --- /dev/null +++ b/puppet/services/pacemaker/heat-engine.yaml @@ -0,0 +1,32 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Heat Engine service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + HeatEngineBase: + type: ../heat-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + + +outputs: + role_data: + description: Role data for the Heat engine role. + value: + config_settings: + map_merge: + - get_attr: [HeatEngineBase, role_data, config_settings] + - heat::engine::manage_service: false + heat::engine::enabled: false + step_config: + # No puppet manifests since heat-engine is included in + # ::tripleo::profile::pacemaker::heat which is maintained alongside of + # pacemaker/heat-api.yaml. diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml index db52cae7..04e90368 100644 --- a/puppet/services/pacemaker/keystone.yaml +++ b/puppet/services/pacemaker/keystone.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' resources: @@ -19,7 +16,6 @@ resources: type: ../keystone.yaml properties: EndpointMap: {get_param: EndpointMap} - MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} outputs: role_data: diff --git a/puppet/services/pacemaker/loadbalancer.yaml b/puppet/services/pacemaker/loadbalancer.yaml new file mode 100644 index 00000000..be6825f6 --- /dev/null +++ b/puppet/services/pacemaker/loadbalancer.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + Loadbalancer service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + LoadbalancerServiceBase: + type: ../loadbalancer.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Loadbalancer pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [LoadbalancerServiceBase, role_data, config_settings] + - tripleo::loadbalancer::haproxy_service_manage: false + tripleo::loadbalancer::mysql_clustercheck: true + tripleo::loadbalancer::manage_vip: false + step_config: | + include ::tripleo::profile::pacemaker::loadbalancer diff --git a/puppet/services/pacemaker/memcached.yaml b/puppet/services/pacemaker/memcached.yaml new file mode 100644 index 00000000..9a11855e --- /dev/null +++ b/puppet/services/pacemaker/memcached.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + Mecached service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + MemcachedServiceBase: + type: ../memcached.yaml + +outputs: + role_data: + description: Role data for the Memcached pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [MemcachedServiceBase, role_data, config_settings] + - memcached::service_manage: false + step_config: | + include ::tripleo::profile::pacemaker::memcached diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml index 0e972b28..6f514379 100644 --- a/puppet/services/pacemaker/neutron-dhcp.yaml +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' resources: @@ -19,7 +16,6 @@ resources: type: ../neutron-dhcp.yaml properties: EndpointMap: {get_param: EndpointMap} - MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} outputs: role_data: diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml index cbe2ddbe..cb9c32d9 100644 --- a/puppet/services/pacemaker/neutron-l3.yaml +++ b/puppet/services/pacemaker/neutron-l3.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' resources: @@ -19,7 +16,6 @@ resources: type: ../neutron-l3.yaml properties: EndpointMap: {get_param: EndpointMap} - MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} outputs: role_data: diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml index 79baf1ea..1c74b26f 100644 --- a/puppet/services/pacemaker/neutron-metadata.yaml +++ b/puppet/services/pacemaker/neutron-metadata.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - type: string - default: '' resources: @@ -19,7 +16,6 @@ resources: type: ../neutron-metadata.yaml properties: EndpointMap: {get_param: EndpointMap} - MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} outputs: role_data: diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml new file mode 100644 index 00000000..20fb2e40 --- /dev/null +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + RabbitMQ service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + RabbitMQServiceBase: + type: ../rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the RabbitMQ pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [RabbitMQServiceBase, role_data, config_settings] + - rabbitmq::service_manage: false + step_config: | + include ::tripleo::profile::pacemaker::rabbitmq diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml new file mode 100644 index 00000000..581b4ba4 --- /dev/null +++ b/puppet/services/rabbitmq.yaml @@ -0,0 +1,39 @@ +heat_template_version: 2016-04-08 + +description: > + RabbitMQ service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitFDLimit: + default: 16384 + description: Configures RabbitMQ FD limit + type: string + RabbitIPv6: + default: false + description: Enable IPv6 in RabbitMQ + type: boolean + +outputs: + role_data: + description: Role data for the RabbitMQ role. + value: + config_settings: + rabbitmq::file_limit: {get_param: RabbitFDLimit} + rabbitmq::default_user: {get_param: RabbitUserName} + rabbitmq::default_pass: {get_param: RabbitPassword} + rabbit_ipv6: {get_param: RabbitIPv6} + step_config: | + include ::tripleo::profile::base::rabbitmq diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index f9681634..7ed880fc 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -15,10 +15,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MysqlVirtualIPUri: - default: '' - type: string - description: The URI virtual IP for the MySQL service. resources: @@ -29,7 +25,6 @@ resources: concurrent: true resource_properties: EndpointMap: {get_param: EndpointMap} - MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} outputs: config_settings: diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index eb06b241..b262f947 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -52,6 +52,10 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: @@ -65,6 +69,7 @@ resources: servers: {get_param: servers} config: {get_resource: StorageRingbuilderPuppetConfig} input_values: + step: 3 # Note ringbuilder.pp expects >=3 update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 296428db..3f6f4733 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -220,16 +220,22 @@ resources: properties: ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetworkDeployment: @@ -256,10 +262,16 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + - network merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} + network: + mapped_data: + net_ip_map: {get_attr: [NetIpMap, net_ip_map]} + net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} + net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} object_extraconfig: mapped_data: {get_param: ObjectStorageExtraConfig} extraconfig: diff --git a/validation-scripts/all-nodes.sh b/validation-scripts/all-nodes.sh index 1c834e76..0b8b3523 100644 --- a/validation-scripts/all-nodes.sh +++ b/validation-scripts/all-nodes.sh @@ -10,7 +10,7 @@ function ping_retry() { PING_CMD=ping6 fi until [ $COUNT -ge $TIMES ]; do - if $PING_CMD -W 300 -c 1 $IP_ADDR &> /dev/null; then + if $PING_CMD -w 300 -c 1 $IP_ADDR &> /dev/null; then echo "Ping to $IP_ADDR succeeded." return 0 fi |