diff options
86 files changed, 2152 insertions, 3395 deletions
diff --git a/Makefile b/Makefile deleted file mode 100644 index 131e1b9e..00000000 --- a/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -generated_templates = \ - overcloud.yaml \ - overcloud-with-block-storage-nfs.yaml \ - undercloud-vm.yaml \ - undercloud-bm.yaml \ - undercloud-vm-ironic.yaml \ - undercloud-vm-ironic-vlan.yaml - -# Files included in deprecated/overcloud-source.yaml via FileInclude -overcloud_source_deps = deprecated/nova-compute-instance.yaml - -all: $(generated_templates) -VALIDATE := $(patsubst %,validate-%,$(generated_templates)) -validate-all: $(VALIDATE) -$(VALIDATE): - heat template-validate -f $(subst validate-,,$@) - -# You can define in CONTROLEXTRA one or more additional YAML files to further extend the template, some additions could be: -# - overcloud-vlan-port.yaml to activate the VLAN auto-assignment from Neutron -# - nfs-source.yaml to configure Cinder with NFS -overcloud.yaml: deprecated/overcloud-source.yaml deprecated/block-storage.yaml deprecated/swift-deploy.yaml deprecated/swift-source.yaml deprecated/swift-storage-source.yaml deprecated/ssl-source.yaml deprecated/nova-compute-config.yaml $(overcloud_source_deps) - python ./tripleo_heat_merge/merge.py --hot --scale NovaCompute=$${COMPUTESCALE:-'1'} --scale controller=$${CONTROLSCALE:-'1'} --scale SwiftStorage=$${SWIFTSTORAGESCALE:-'0'} --scale BlockStorage=$${BLOCKSTORAGESCALE:-'0'} --scale CephStorage=$${CEPHSTORAGESCALE:-'0'} deprecated/overcloud-source.yaml deprecated/block-storage.yaml deprecated/swift-source.yaml deprecated/swift-storage-source.yaml deprecated/ssl-source.yaml deprecated/swift-deploy.yaml deprecated/nova-compute-config.yaml ${CONTROLEXTRA} > $@.tmp - mv $@.tmp $@ - -undercloud-vm.yaml: deprecated/undercloud-source.yaml deprecated/undercloud-vm-nova-config.yaml deprecated/undercloud-vm-nova-deploy.yaml - python ./tripleo_heat_merge/merge.py --hot $^ > $@.tmp - mv $@.tmp $@ - -undercloud-bm.yaml: deprecated/undercloud-source.yaml deprecated/undercloud-bm-nova-config.yaml deprecated/undercloud-bm-nova-deploy.yaml - python ./tripleo_heat_merge/merge.py --hot $^ > $@.tmp - mv $@.tmp $@ - -undercloud-vm-ironic.yaml: deprecated/undercloud-source.yaml deprecated/undercloud-vm-ironic-config.yaml deprecated/undercloud-vm-ironic-deploy.yaml - python ./tripleo_heat_merge/merge.py --hot $^ > $@.tmp - mv $@.tmp $@ - -undercloud-vm-ironic-vlan.yaml: deprecated/undercloud-source.yaml deprecated/undercloud-vm-ironic-config.yaml deprecated/undercloud-vm-ironic-deploy.yaml deprecated/undercloud-vlan-port.yaml - python ./tripleo_heat_merge/merge.py --hot $^ > $@.tmp - mv $@.tmp $@ - -check: test - -test: - @bash test_merge.bash - -clean: - rm -f $(generated_templates) - -.PHONY: clean overcloud.yaml check @@ -29,8 +29,6 @@ Directories A description of the directory layout in TripleO Heat Templates. - * deprecated: contains templates that have been deprecated - * environments: contains heat environment files that can be used with -e on the command like to enable features, etc. diff --git a/deprecated/block-storage.yaml b/deprecated/block-storage.yaml deleted file mode 100644 index c288044a..00000000 --- a/deprecated/block-storage.yaml +++ /dev/null @@ -1,92 +0,0 @@ -heat_template_version: 2013-05-23 -description: 'Common Block Storage Configuration' -parameters: - BlockStorageImage: - type: string - default: overcloud-cinder-volume - OvercloudBlockStorageFlavor: - description: Flavor for block storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - BlockStorageExtraConfig: - default: {} - description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json -resources: - BlockStorage0: - type: OS::Nova::Server - properties: - image: - {get_param: BlockStorageImage} - flavor: {get_param: OvercloudBlockStorageFlavor} - key_name: {get_param: KeyName} - user_data_format: SOFTWARE_CONFIG - BlockStorage0AllNodesDeployment: - depends_on: [BlockStorage0Deployment,BlockStorage0PassthroughSpecific] - type: OS::Heat::StructuredDeployment - properties: - signal_transport: {get_param: DefaultSignalTransport} - config: {get_resource: allNodesConfig} - server: {get_resource: BlockStorage0} - BlockStorage0Deployment: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: BlockStorage0} - config: {get_resource: BlockStorageConfig} - input_values: - controller_virtual_ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - cinder_dsn: {"Fn::Join": ['', ['mysql://cinder:unset@', {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} , '/cinder']]} - signal_transport: NO_SIGNAL - BlockStorage0Passthrough: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: BlockStoragePassthrough} - server: {get_resource: BlockStorage0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config: {get_param: ExtraConfig} - BlockStorage0PassthroughSpecific: - depends_on: [BlockStorage0Passthrough] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: BlockStoragePassthroughSpecific} - server: {get_resource: BlockStorage0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config_specific: {get_param: BlockStorageExtraConfig} - BlockStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - admin-password: {get_param: AdminPassword} - keystone: - host: {get_input: controller_virtual_ip} - cinder: - db: {get_input: cinder_dsn} - volume_size_mb: - get_param: CinderLVMLoopDeviceSize - service-password: - get_param: CinderPassword - iscsi-helper: - get_param: CinderISCSIHelper - rabbit: - host: {get_input: controller_virtual_ip} - username: {get_param: RabbitUserName} - password: {get_param: RabbitPassword} - glance: - host: {get_input: controller_virtual_ip} - port: {get_param: GlancePort} - BlockStoragePassthrough: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config} - BlockStoragePassthroughSpecific: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config_specific} diff --git a/deprecated/nfs-source.yaml b/deprecated/nfs-source.yaml deleted file mode 100644 index 5d865ea7..00000000 --- a/deprecated/nfs-source.yaml +++ /dev/null @@ -1,36 +0,0 @@ -resources: - controllerNfsServerConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - nfs_server: - shares: - - name: cinder - clients: - - machine: 192.0.2.0/24 - options: rw,async,all_squash,anonuid=0,anongid=0 - controllerCinderNfsConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - cinder: - include_nfs_backend: true - nfs_shares: - Fn::Join: - - ':' - - - {get_attr: [controller0, networks, ctlplane, 0]} - - /mnt/state/var/lib/nfs/cinder - controllerNfsServerDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: controllerNfsServerConfig} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - controller0CinderNfsDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: controllerCinderNfsConfig} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL diff --git a/deprecated/nova-compute-config.yaml b/deprecated/nova-compute-config.yaml deleted file mode 100644 index 1fe787e3..00000000 --- a/deprecated/nova-compute-config.yaml +++ /dev/null @@ -1,69 +0,0 @@ -resources: - NovaComputeConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - nova: - compute_driver: { get_input: nova_compute_driver } - compute_libvirt_type: { get_input: nova_compute_libvirt_type } - debug: {get_param: Debug} - host: {get_input: nova_api_host} - public_ip: {get_input: nova_public_ip} - service-password: {get_input: nova_password} - ceilometer: - debug: {get_param: Debug} - metering_secret: {get_input: ceilometer_metering_secret} - service-password: {get_input: ceilometer_password} - compute_agent: {get_input: ceilometer_compute_agent} - snmpd: - export_MIB: UCD-SNMP-MIB - readonly_user_name: {get_input: snmpd_readonly_user_name} - readonly_user_password: {get_input: snmpd_readonly_user_password} - glance: - debug: {get_param: Debug} - host: {get_input: glance_host} - port: {get_input: glance_port} - protocol: {get_input: glance_protocol} - keystone: - debug: {get_param: Debug} - host: {get_input: keystone_host} - neutron: - debug: {get_param: Debug} - flat-networks: {get_input: neutron_flat_networks} - host: {get_input: neutron_host} - router_distributed: {get_input: neutron_router_distributed} - agent_mode: {get_input: neutron_agent_mode} - metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - mechanism_drivers: {get_input: neutron_mechanism_drivers} - allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} - l3_ha: {get_input: neutron_l3_ha} - ovs: - local_ip: {get_input: neutron_local_ip} - tenant_network_type: {get_input: neutron_tenant_network_type} - tunnel_types: {get_input: neutron_tunnel_types} - network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - bridge_mappings: {get_input: neutron_bridge_mappings} - enable_tunneling: {get_input: neutron_enable_tunneling} - physical_bridge: {get_input: neutron_physical_bridge} - public_interface: {get_input: neutron_public_interface} - public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - service-password: {get_input: neutron_password} - admin-password: {get_input: admin_password} - rabbit: - host: {get_input: rabbit_host} - username: {get_input: rabbit_username} - password: {get_input: rabbit_password} - ntp: - servers: - - {server: {get_input: ntp_server}} - NovaComputePassthrough: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config} - NovaComputePassthroughSpecific: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config_specific} diff --git a/deprecated/nova-compute-instance.yaml b/deprecated/nova-compute-instance.yaml deleted file mode 100644 index 811c0fc3..00000000 --- a/deprecated/nova-compute-instance.yaml +++ /dev/null @@ -1,273 +0,0 @@ -heat_template_version: 2013-05-23 -description: 'Nova Compute' -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AllNodesConfig: - type: string - description: OS::Heat::Config to use for all nodes deployment - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - DefaultSignalTransport: - default: CFN_SIGNAL - description: Transport to use for software-config signals. - type: string - constraints: - - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ] - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - GlanceHost: - type: string - GlancePort: - default: 9292 - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - default: default - KeystoneHost: - type: string - NeutronBridgeMappings: - type: string - NeutronEnableTunnelling: - type: string - NeutronFlatNetworks: - type: string - default: '' - description: If set, flat networks to configure in neutron plugins. - NeutronHost: - type: string - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron, either gre or vxlan. - type: string - NeutronNetworkVLANRanges: - type: string - NeutronPhysicalBridge: - default: '' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: '' - description: A port to add to the NeutronPhysicalBridge. - type: string - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - type: string - NeutronPublicInterfaceRawDevice: - default: '' - type: string - NeutronDVR: - default: 'False' - type: string - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NovaApiHost: - type: string - NovaComputeDriver: - type: string - default: libvirt.LibvirtDriver - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeLibvirtType: - type: string - default: '' - NovaImage: - type: string - default: overcloud-compute - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NovaPublicIP: - type: string - NtpServer: - type: string - default: '' - OvercloudComputeFlavor: - description: Use this flavor - type: string - constraints: - - custom_constraint: nova.flavor - RabbitHost: - type: string - RabbitUserName: - type: string - RabbitPassword: - type: string - hidden: true - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true -resources: - NovaCompute0: - type: OS::Nova::Server - properties: - image: - {get_param: NovaImage} - image_update_policy: - get_param: ImageUpdatePolicy - flavor: {get_param: OvercloudComputeFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - NovaCompute0Deployment: - type: OS::Heat::StructuredDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_resource: NovaComputeConfig} - server: {get_resource: NovaCompute0} - input_values: - nova_compute_driver: {get_param: NovaComputeDriver} - nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} - nova_public_ip: {get_param: NovaPublicIP} - nova_api_host: {get_param: NovaApiHost} - nova_password: {get_param: NovaPassword} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_compute_agent: {get_param: CeilometerComputeAgent} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - glance_host: {get_param: GlanceHost} - glance_port: {get_param: GlancePort} - glance_protocol: {get_param: GlanceProtocol} - keystone_host: {get_param: KeystoneHost} - neutron_flat_networks: {get_param: NeutronFlatNetworks} - neutron_host: {get_param: NeutronHost} - neutron_local_ip: {get_attr: [NovaCompute0, networks, ctlplane, 0]} - neutron_tenant_network_type: {get_param: NeutronNetworkType} - neutron_tunnel_types: {get_param: NeutronTunnelTypes} - neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: {get_param: NeutronBridgeMappings} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - neutron_physical_bridge: {get_param: NeutronPhysicalBridge} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_password: {get_param: NeutronPassword} - neutron_agent_mode: {get_param: NeutronComputeAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} - neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron_l3_ha: {get_param: NeutronL3HA} - admin_password: {get_param: AdminPassword} - rabbit_host: {get_param: RabbitHost} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - ntp_server: {get_param: NtpServer} - NovaCompute0AllNodesDeployment: - depends_on: - - controller0AllNodesDeployment - - NovaCompute0Deployment - - NovaCompute0PassthroughSpecific - type: OS::Heat::StructuredDeployment - properties: - signal_transport: {get_param: DefaultSignalTransport} - config: {get_param: AllNodesConfig} - server: {get_resource: NovaCompute0} - NovaCompute0Passthrough: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: NovaComputePassthrough} - server: {get_resource: NovaCompute0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config: {get_param: ExtraConfig} - NovaCompute0PassthroughSpecific: - depends_on: [NovaCompute0Passthrough] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: NovaComputePassthroughSpecific} - server: {get_resource: NovaCompute0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config_specific: {get_param: NovaComputeExtraConfig} diff --git a/deprecated/overcloud-source.yaml b/deprecated/overcloud-source.yaml deleted file mode 100644 index 0729b338..00000000 --- a/deprecated/overcloud-source.yaml +++ /dev/null @@ -1,952 +0,0 @@ -description: Deprecated. Please migrate to use overcloud-without-mergepy instead. -heat_template_version: 2013-05-23 -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AdminToken: - default: unset - description: The keystone auth secret. - type: string - hidden: true - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - CinderISCSIHelper: - default: tgtadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 5000 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderPassword: - default: unset - description: The password for the cinder service account, used by cinder-api. - type: string - hidden: true - CloudName: - default: '' - description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org - type: string - ControlFixedIPs: - default: [] - description: Should be used for arbitrary ips. - type: json - controllerExtraConfig: - default: {} - description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - controllerImage: - type: string - default: overcloud-control - constraints: - - custom_constraint: glance.image - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - DefaultSignalTransport: - default: CFN_SIGNAL - description: Transport to use for software-config signals. - type: string - constraints: - - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ] - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - HorizonPort: - type: number - default: 80 - description: Horizon web server port. - GlancePassword: - default: unset - description: The password for the glance service account, used by the glance services. - type: string - hidden: true - GlancePort: - default: 9292 - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - HeatPassword: - default: unset - description: The password for the Heat service account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. - type: string - default: '' - hidden: true - HypervisorNeutronPhysicalBridge: - default: 'br-ex' - description: > - An OVS bridge to create on each hypervisor. This defaults to br-ex the - same as the control plane nodes, as we have a uniform configuration of - the openvswitch agent. Typically should not need to be changed. - type: string - HypervisorNeutronPublicInterface: - default: nic1 - description: What interface to add to the HypervisorNeutronPhysicalBridge. - type: string - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: string - default: "datacentre:br-ex" - NeutronControlPlaneID: - default: '' - type: string - description: Neutron ID for ctlplane network. - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,1400' - description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead. - type: string - NeutronFlatNetworks: - type: string - default: 'datacentre' - description: > - If set, flat networks to configure in neutron plugins. Defaults to - 'datacentre' to permit external network creation. - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron, either gre or vxlan. - type: string - NeutronNetworkVLANRanges: - default: 'datacentre' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: string - NeutronPassword: - default: unset - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: A custom IP address to put onto the NeutronPublicInterface. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge for each control plane node, - and that port will be given the IP address returned by neutron from the - public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling - overcloud.yaml to include the deployment of VLAN ports to the control - plane. - type: string - NeutronComputeAgentMode: - default: 'dvr' - description: Agent mode for the neutron-l3-agent on the compute hosts - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NeutronDVR: - default: 'False' - description: Whether to configure Neutron Distributed Virtual Routers - type: string - NeutronMetadataProxySharedSecret: - default: 'unset' - description: Shared secret to prevent spoofing - type: string - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - type: string - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NovaComputeDriver: - default: libvirt.LibvirtDriver - type: string - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeLibvirtType: - default: '' - type: string - NovaImage: - type: string - default: overcloud-compute - constraints: - - custom_constraint: glance.image - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NtpServer: - type: string - default: '' - OvercloudComputeFlavor: - description: Flavor for compute nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - OvercloudControlFlavor: - description: Flavor for control nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - PublicVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the PublicVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - PublicVirtualNetwork: - default: 'ctlplane' - type: string - description: > - Neutron network to allocate public virtual IP port on. - RabbitCookieSalt: - type: string - default: unset - description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true -resources: - ControlVirtualIP: - type: OS::Neutron::Port - properties: - name: control_virtual_ip - network_id: {get_param: NeutronControlPlaneID} - fixed_ips: - get_param: ControlFixedIPs - replacement_policy: AUTO - MysqlClusterUniquePart: - type: OS::Heat::RandomString - properties: - length: 10 - MysqlRootPassword: - type: OS::Heat::RandomString - properties: - length: 10 - PublicVirtualIP: - type: OS::Neutron::Port - properties: - name: public_virtual_ip - network: {get_param: PublicVirtualNetwork} - fixed_ips: - get_param: PublicVirtualFixedIPs - replacement_policy: AUTO - RabbitCookie: - type: OS::Heat::RandomString - properties: - length: 20 - salt: - get_param: RabbitCookieSalt - NovaCompute0Deployment: - type: FileInclude - Path: deprecated/nova-compute-instance.yaml - SubKey: resources.NovaCompute0Deployment - parameters: - DefaultSignalTransport: - get_param: DefaultSignalTransport - NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - NeutronNetworkType: - get_param: NeutronNetworkType - NeutronTunnelTypes: - get_param: NeutronTunnelTypes - NeutronEnableTunnelling: "True" - NeutronFlatNetworks: - get_param: NeutronFlatNetworks - NeutronNetworkVLANRanges: - get_param: NeutronNetworkVLANRanges - NeutronPhysicalBridge: - get_param: HypervisorNeutronPhysicalBridge - NeutronPublicInterface: - get_param: HypervisorNeutronPublicInterface - NeutronBridgeMappings: - get_param: NeutronBridgeMappings - NeutronDVR: - get_param: NeutronDVR - NeutronAgentMode: - get_param: NeutronComputeAgentMode - NeutronPublicInterfaceRawDevice: - get_param: NeutronPublicInterfaceRawDevice - NeutronMechanismDrivers: - get_param: NeutronMechanismDrivers - NeutronAllowL3AgentFailover: - get_param: NeutronAllowL3AgentFailover - NeutronL3HA: - get_param: NeutronL3HA - NovaCompute0AllNodesDeployment: - type: FileInclude - Path: deprecated/nova-compute-instance.yaml - SubKey: resources.NovaCompute0AllNodesDeployment - parameters: - AllNodesConfig: {get_resource: allNodesConfig} - NovaCompute0: - type: FileInclude - Path: deprecated/nova-compute-instance.yaml - SubKey: resources.NovaCompute0 - NovaCompute0Passthrough: - type: FileInclude - Path: deprecated/nova-compute-instance.yaml - SubKey: resources.NovaCompute0Passthrough - parameters: - passthrough_config: {get_param: ExtraConfig} - NovaCompute0PassthroughSpecific: - type: FileInclude - Path: deprecated/nova-compute-instance.yaml - SubKey: resources.NovaCompute0PassthroughSpecific - parameters: - passthrough_config_specific: {get_param: NovaComputeExtraConfig} - HeatAuthEncryptionKey: - type: OS::Heat::RandomString - controllerConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - admin-password: - get_param: AdminPassword - admin-token: - get_param: AdminToken - bootstack: - public_interface_ip: - get_param: NeutronPublicInterfaceIP - bootstrap_host: - bootstrap_nodeid: - Fn::Select: - - 0 - - Fn::Select: - - 0 - - Merge::Map: - controller0: - - get_attr: - - controller0 - - name - nodeid: {get_input: bootstack_nodeid} - database: - host: &database_host - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - cinder: - db: - Fn::Join: - - '' - - - mysql://cinder:unset@ - - *database_host - - /cinder - debug: {get_param: Debug} - volume_size_mb: - get_param: CinderLVMLoopDeviceSize - service-password: - get_param: CinderPassword - iscsi-helper: - get_param: CinderISCSIHelper - controller-address: - get_input: controller_host - corosync: - bindnetaddr: {get_input: controller_host} - mcastport: 5577 - nodes: - Merge::Map: - controller0: - ip: {get_attr: [controller0, networks, ctlplane, 0]} - pacemaker: - stonith_enabled : false - recheck_interval : 5 - quorum_policy : ignore - db-password: unset - glance: - registry: - host: {get_input: controller_virtual_ip} - backend: swift - db: - Fn::Join: - - '' - - - mysql://glance:unset@ - - *database_host - - /glance - debug: {get_param: Debug} - host: - get_input: controller_virtual_ip - port: - get_param: GlancePort - protocol: - get_param: GlanceProtocol - service-password: - get_param: GlancePassword - swift-store-user: service:glance - swift-store-key: - get_param: GlancePassword - notifier-strategy: - get_param: GlanceNotifierStrategy - log-file: - get_param: GlanceLogFile - heat: - admin_password: - get_param: HeatPassword - admin_tenant_name: service - admin_user: heat - auth_encryption_key: - get_resource: HeatAuthEncryptionKey - db: - Fn::Join: - - '' - - - mysql://heat:unset@ - - *database_host - - /heat - debug: {get_param: Debug} - stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} - watch_server_url: {get_input: heat.watch_server_url} - metadata_server_url: {get_input: heat.metadata_server_url} - waitcondition_server_url: {get_input: heat.waitcondition_server_url} - horizon: - port: {get_param: HorizonPort} - caches: - memcached: - nodes: - Merge::Map: - controller0: - {get_attr: [controller0, name]} - keystone: - db: - Fn::Join: - - '' - - - mysql://keystone:unset@ - - *database_host - - /keystone - debug: {get_param: Debug} - host: - get_input: controller_virtual_ip - ca_certificate: {get_param: KeystoneCACertificate} - signing_key: {get_param: KeystoneSigningKey} - signing_certificate: {get_param: KeystoneSigningCertificate} - ssl: - certificate: {get_param: KeystoneSSLCertificate} - certificate_key: {get_param: KeystoneSSLCertificateKey} - mysql: - innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - local_bind: true - root-password: {get_resource: MysqlRootPassword} - nodes: - Merge::Map: - controller0: - ip: {get_attr: [controller0, networks, ctlplane, 0]} - cluster_name: - Fn::Join: - - '-' - - - 'tripleo' - - {get_resource: MysqlClusterUniquePart} - neutron: - debug: {get_param: Debug} - flat-networks: {get_param: NeutronFlatNetworks} - host: {get_input: controller_virtual_ip} - metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - agent_mode: {get_param: NeutronAgentMode} - router_distributed: {get_param: NeutronDVR} - mechanism_drivers: {get_param: NeutronMechanismDrivers} - allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - l3_ha: {get_param: NeutronL3HA} - ovs: - enable_tunneling: 'True' - local_ip: - get_input: controller_host - network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} - bridge_mappings: {get_param: NeutronBridgeMappings} - public_interface: - get_param: NeutronPublicInterface - public_interface_raw_device: - get_param: NeutronPublicInterfaceRawDevice - public_interface_route: - get_param: NeutronPublicInterfaceDefaultRoute - public_interface_tag: - get_param: NeutronPublicInterfaceTag - physical_bridge: br-ex - tenant_network_type: - get_param: NeutronNetworkType - tunnel_types: - get_param: NeutronTunnelTypes - ovs_db: - Fn::Join: - - '' - - - mysql://neutron:unset@ - - *database_host - - /ovs_neutron?charset=utf8 - service-password: - get_param: NeutronPassword - dnsmasq-options: - get_param: NeutronDnsmasqOptions - ceilometer: - db: - Fn::Join: - - '' - - - mysql://ceilometer:unset@ - - *database_host - - /ceilometer - debug: {get_param: Debug} - metering_secret: {get_param: CeilometerMeteringSecret} - service-password: - get_param: CeilometerPassword - snmpd: - export_MIB: UCD-SNMP-MIB - readonly_user_name: - get_param: SnmpdReadonlyUserName - readonly_user_password: - get_param: SnmpdReadonlyUserPassword - nova: - compute_driver: libvirt.LibvirtDriver - db: - Fn::Join: - - '' - - - mysql://nova:unset@ - - *database_host - - /nova - default_floating_pool: - ext-net - host: {get_input: controller_virtual_ip} - metadata-proxy: true - service-password: - get_param: NovaPassword - rabbit: - host: {get_input: controller_virtual_ip} - username: - get_param: RabbitUserName - password: - get_param: RabbitPassword - cookie: - get_attr: - - RabbitCookie - - value - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_port: {get_param: RabbitClientPort} - ntp: - servers: - - {server: {get_param: NtpServer}} - virtual_interfaces: - instances: - - vrrp_instance_name: VI_CONTROL - virtual_router_id: 51 - keepalive_interface: - get_param: ControlVirtualInterface - priority: 101 - virtual_ips: - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - interface: - get_param: ControlVirtualInterface - - vrrp_instance_name: VI_PUBLIC - virtual_router_id: 52 - keepalive_interface: - get_param: PublicVirtualInterface - priority: 101 - virtual_ips: - - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - interface: - get_param: PublicVirtualInterface - vrrp_sync_groups: - - name: VG1 - members: - - VI_CONTROL - - VI_PUBLIC - keepalived: - keepalive_interface: - get_param: PublicVirtualInterface - priority: 101 - virtual_ips: - - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - interface: - get_param: ControlVirtualInterface - - - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - interface: - get_param: PublicVirtualInterface - haproxy: - nodes: - Merge::Map: - controller0: - ip: {get_attr: [controller0, networks, ctlplane, 0]} - name: {get_attr: [controller0, name]} - net_binds: - - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}} - - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}} - options: - - option httpchk GET / - services: - - name: keystone_admin - port: 35357 - - name: keystone_public - port: 5000 - - name: horizon - port: 80 - - name: neutron - port: 9696 - - name: cinder - port: 8776 - - name: glance_api - port: 9292 - - name: glance_registry - port: 9191 - options: # overwrite options as glace_reg needs auth for http req - - name: heat_api - port: 8004 - - name: heat_cloudwatch - port: 8003 - - name: heat_cfn - port: 8000 - - name: mysql - port: 3306 - net_binds: - - *control_vip - extra_server_params: - - backup - options: - - timeout client 0 - - timeout server 0 - - name: nova_ec2 - port: 8773 - - name: nova_osapi - port: 8774 - - name: nova_metadata - port: 8775 - - name: nova_novncproxy - port: 6080 - - name: ceilometer - port: 8777 - options: # overwrite options as ceil needs auth for http req - - name: swift_proxy_server - port: 8080 - options: - - option httpchk GET /info - - name: rabbitmq - port: 5672 - net_binds: - - *control_vip - options: - - timeout client 0 - - timeout server 0 - - maxconn 1500 - controllerPassthrough: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config} - controllerPassthroughSpecific: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config_specific} - controller0: - type: OS::Nova::Server - properties: - image: - get_param: controllerImage - image_update_policy: - get_param: ImageUpdatePolicy - flavor: - get_param: OvercloudControlFlavor - key_name: - get_param: KeyName - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - controller0AllNodesDeployment: - depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific] - type: OS::Heat::StructuredDeployment - properties: - signal_transport: {get_param: DefaultSignalTransport} - config: {get_resource: allNodesConfig} - server: {get_resource: controller0} - controller0Deployment: - type: OS::Heat::StructuredDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_resource: controllerConfig} - server: {get_resource: controller0} - input_values: - bootstack_nodeid: {get_attr: [controller0, name]} - controller_host: {get_attr: [controller0, networks, ctlplane, 0]} - controller_virtual_ip: - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - heat.watch_server_url: - Fn::Join: - - '' - - - 'http://' - - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - ':8003' - heat.metadata_server_url: - Fn::Join: - - '' - - - 'http://' - - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - ':8000' - heat.waitcondition_server_url: - Fn::Join: - - '' - - - 'http://' - - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - ':8000/v1/waitcondition' - allNodesConfig: - type: OS::Heat::StructuredConfig - properties: - config: - completion-signal: {get_input: deploy_signal_id} - hosts: - Fn::Join: - - "\n" - - - Fn::Join: - - "\n" - - Merge::Map: - NovaCompute0: - Fn::Join: - - ' ' - - - {get_attr: [NovaCompute0, networks, ctlplane, 0]} - - {get_attr: [NovaCompute0, name]} - - Fn::Join: - - "\n" - - Merge::Map: - BlockStorage0: - Fn::Join: - - ' ' - - - {get_attr: [BlockStorage0, networks, ctlplane, 0]} - - {get_attr: [BlockStorage0, name]} - - Fn::Join: - - "\n" - - Merge::Map: - SwiftStorage0: - Fn::Join: - - ' ' - - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]} - - {get_attr: [SwiftStorage0, name]} - - Fn::Join: - - "\n" - - Merge::Map: - controller0: - Fn::Join: - - ' ' - - - {get_attr: [controller0, networks, ctlplane, 0]} - - {get_attr: [controller0, name]} - - {get_param: CloudName} - rabbit: - nodes: - Fn::Join: - - ',' - - Merge::Map: - controller0: - {get_attr: [controller0, name]} - sysctl: - net.ipv4.tcp_keepalive_time: 5 - net.ipv4.tcp_keepalive_probes: 5 - net.ipv4.tcp_keepalive_intvl: 1 - controller0SSLDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: SSLConfig} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - input_values: - controller_host: {get_attr: [controller0, networks, ctlplane, 0]} - ssl_certificate: {get_param: SSLCertificate} - ssl_key: {get_param: SSLKey} - ssl_ca_certificate: {get_param: SSLCACertificate} - controller0Passthrough: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: controllerPassthrough} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config: {get_param: ExtraConfig} - controller0PassthroughSpecific: - depends_on: [controller0Passthrough] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: controllerPassthroughSpecific} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config_specific: {get_param: controllerExtraConfig} -outputs: - KeystoneURL: - description: URL for the Overcloud Keystone service - value: - Fn::Join: - - '' - - - http:// - - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - :5000/v2.0/ diff --git a/deprecated/overcloud-vlan-port.yaml b/deprecated/overcloud-vlan-port.yaml deleted file mode 100644 index 8f6f6937..00000000 --- a/deprecated/overcloud-vlan-port.yaml +++ /dev/null @@ -1,39 +0,0 @@ -outputs: - controller0PublicIP: - description: Address for registering endpoints in the cloud. - value: {get_attr: [controller0_VLANPort, fixed_ips, 0, ip_address]} -resources: - # Override the main template which can also supply a static route. - controller0_99_VLANPort: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ControllerVLANPortConfig} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - input_values: - vlan_port: - list_join: - - '/' - - - {get_attr: [controller0_VLANPort, fixed_ips, 0, ip_address]} - # This should also be pulled out of the subnet. May need a - # neutron fix too - XXX make into a parameter and feed it - # in via _overcloud.sh for now. - - '24' - # Tell the instance to apply the default route. - # Reinstate when https://bugs.launchpad.net/heat/+bug/1336656 is - # sorted - # public_interface_route: - # get_attr: [controller0_VLANPort, fixed_ips, 0, subnet, gateway_ip] - ControllerVLANPortConfig: - type: OS::Heat::StructuredConfig - properties: - config: - neutron: - ovs: - public_interface_tag_ip: {get_input: vlan_port} - controller0_VLANPort: - type: OS::Neutron::Port - properties: - name: controller0_vlan - network: public - replacement_policy: AUTO diff --git a/deprecated/ssl-source.yaml b/deprecated/ssl-source.yaml deleted file mode 100644 index a9357323..00000000 --- a/deprecated/ssl-source.yaml +++ /dev/null @@ -1,54 +0,0 @@ -description: 'ssl-source: SSL endpoint metadata for openstack' -parameters: - SSLCACertificate: - default: '' - description: If set, the contents of an SSL certificate authority file. - type: string - SSLCertificate: - default: '' - description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. - type: string - hidden: true - SSLKey: - default: '' - description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. - type: string - hidden: true -resources: - SSLConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - ssl: - ca_certificate: {get_input: ssl_ca_certificate} - stunnel: - cert: {get_input: ssl_certificate} - key: {get_input: ssl_key} - cacert: {get_input: ssl_ca_certificate} - connect_host: {get_input: controller_host} - ports: - - name: 'ec2' - accept: 13773 - connect: 8773 - - name: 'image' - accept: 13292 - connect: 9292 - - name: 'identity' - accept: 13000 - connect: 5000 - - name: 'network' - accept: 13696 - connect: 9696 - - name: 'compute' - accept: 13774 - connect: 8774 - - name: 'swift-proxy' - accept: 13080 - connect: 8080 - - name: 'cinder' - accept: 13776 - connect: 8776 - - name: 'ceilometer' - accept: 13777 - connect: 8777 diff --git a/deprecated/swift-deploy.yaml b/deprecated/swift-deploy.yaml deleted file mode 100644 index d4d32cbd..00000000 --- a/deprecated/swift-deploy.yaml +++ /dev/null @@ -1,69 +0,0 @@ -description: 'Swift-proxy: OpenStack object storage proxy' -parameters: - SwiftHashSuffix: - default: unset - description: A random string to be used as a salt when hashing to determine mappings in the ring. - type: string - hidden: true - SwiftMountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - SwiftMinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - SwiftPartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - SwiftPassword: - default: unset - description: The password for the swift service account, used by the swift proxy services. - type: string - hidden: true - SwiftReplicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. -resources: - controller0Swift: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: SwiftConfig} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - input_values: - swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_mount_check: {get_param: SwiftMountCheck} - swift_password: {get_param: SwiftPassword} - swift_part_power: {get_param: SwiftPartPower} - swift_devices: - Fn::Join: - - ', ' - - Merge::Map: - controller0: - Fn::Join: - - '' - - - 'r1z1-' - - {get_attr: [controller0, networks, ctlplane, 0]} - - ':%PORT%/d1' - SwiftStorage0: - Fn::Join: - - '' - - - 'r1z1-' - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]} - - ':%PORT%/d1' - swift_proxy_memcache: - Fn::Join: - - ',' - - Merge::Map: - controller0: - Fn::Join: - - ', ' - - - Fn::Join: - - '' - - - {get_attr: [controller0, networks, ctlplane, 0]} - - ':11211' - swift_replicas: { get_param: SwiftReplicas} - swift_min_part_hours: { get_param: SwiftMinPartHours} diff --git a/deprecated/swift-source.yaml b/deprecated/swift-source.yaml deleted file mode 100644 index e6fd951e..00000000 --- a/deprecated/swift-source.yaml +++ /dev/null @@ -1,15 +0,0 @@ -resources: - SwiftConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - swift: - devices: { get_input: swift_devices } - hash: { get_input: swift_hash_suffix } - mount-check: { get_input: swift_mount_check } - part-power: { get_input: swift_part_power } - proxy-memcache: { get_input: swift_proxy_memcache } - replicas: {get_input: swift_replicas } - min-part-hours: {get_input: swift_min_part_hours } - service-password: { get_input: swift_password } diff --git a/deprecated/swift-storage-source.yaml b/deprecated/swift-storage-source.yaml deleted file mode 100644 index 176925b6..00000000 --- a/deprecated/swift-storage-source.yaml +++ /dev/null @@ -1,77 +0,0 @@ -heat_template_version: 2013-05-23 -description: 'Common Swift Storage Configuration' -parameters: - OvercloudSwiftStorageFlavor: - description: Flavor for Swift storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - SwiftReplicas: - type: number - default: 1 - description: How many replicas to use in the swift rings. - SwiftStorageImage: - type: string - default: overcloud-swift-storage -resources: - SwiftStorage0: - type: OS::Nova::Server - properties: - image: {get_param: SwiftStorageImage} - flavor: {get_param: OvercloudSwiftStorageFlavor} - key_name: {get_param: KeyName} - user_data_format: SOFTWARE_CONFIG - SwiftKeystoneConfig: - type: OS::Heat::StructuredConfig - properties: - config: - keystone: - host: {get_input: keystone_host} - SwiftStorage0Keystone: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: SwiftStorage0} - config: {get_resource: SwiftKeystoneConfig} - signal_transport: NO_SIGNAL - input_values: - keystone_host: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - SwiftStorage0Deploy: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: SwiftStorage0} - config: {get_resource: SwiftConfig} - signal_transport: NO_SIGNAL - input_values: - swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_mount_check: {get_param: SwiftMountCheck} - swift_password: {get_param: SwiftPassword} - swift_part_power: {get_param: SwiftPartPower} - swift_devices: - Fn::Join: - - ', ' - - Merge::Map: - controller0: - Fn::Join: - - '' - - - 'r1z1-' - - {get_attr: [controller0, networks, ctlplane, 0]} - - ':%PORT%/d1' - SwiftStorage0: - Fn::Join: - - '' - - - 'r1z1-' - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]} - - ':%PORT%/d1' - swift_proxy_memcache: - Fn::Join: - - ',' - - Merge::Map: - controller0: - Fn::Join: - - ', ' - - - Fn::Join: - - '' - - - {get_attr: [controller0, networks, ctlplane, 0]} - - ':11211' - swift_replicas: { get_param: SwiftReplicas} - swift_min_part_hours: { get_param: SwiftMinPartHours} diff --git a/deprecated/undercloud-bm-nova-config.yaml b/deprecated/undercloud-bm-nova-config.yaml deleted file mode 100644 index 306dc0a1..00000000 --- a/deprecated/undercloud-bm-nova-config.yaml +++ /dev/null @@ -1,23 +0,0 @@ -resources: - undercloudNovaConfig: - type: OS::Heat::StructuredConfig - properties: - config: - nova: - compute_hostname: undercloud - compute_driver: {get_param: NovaComputeDriver} - compute_manager: {get_param: NovaComputeManager} - scheduler_host_manager: {get_param: NovaSchedulerHostManager} - db: {list_join: ['', ['mysql://nova:', {get_param: NovaPassword}, '@localhost/nova']]} - default_ephemeral_format: ext4 - host: 127.0.0.1 - metadata-proxy: false - tuning: - ram_allocation_ratio: 1.0 - reserved_host_memory_mb: 0 - baremetal: - arch: {get_input: nova_arch} - db: {list_join: ['', ['mysql://nova:', {get_param: NovaPassword}, '@localhost/nova_bm']]} - power_manager: {get_input: power_manager} - pxe_deploy_timeout: {get_input: pxe_deploy_timeout} - service-password: {get_input: nova_service_password} diff --git a/deprecated/undercloud-bm-nova-deploy.yaml b/deprecated/undercloud-bm-nova-deploy.yaml deleted file mode 100644 index dca68329..00000000 --- a/deprecated/undercloud-bm-nova-deploy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -parameters: - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NovaComputeDriver: - default: baremetal.driver.BareMetalDriver - description: Full class name for the Nova compute driver - type: string - NovaComputeManager: - default: nova.compute.manager.ComputeManager - description: Full class name for the Nova compute manager - type: string - NovaSchedulerHostManager: - default: nova.scheduler.host_manager.HostManager - description: Full class name for the Nova scheduler host manager - type: string - PowerManager: - default: nova.virt.baremetal.ipmi.IPMI - description: Bare metal power manager driver. - type: string - PxeDeployTimeout: - default: 2400 - description: Timeout for PXE deployment of baremetal nodes - type: number -resources: - undercloudNovaDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudNovaConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - input_values: - nova_arch: {get_param: BaremetalArch} - power_manager: {get_param: PowerManager} - pxe_deploy_timeout: {get_param: PxeDeployTimeout} - nova_service_password: {get_param: NovaPassword} diff --git a/deprecated/undercloud-source.yaml b/deprecated/undercloud-source.yaml deleted file mode 100644 index 317896d9..00000000 --- a/deprecated/undercloud-source.yaml +++ /dev/null @@ -1,412 +0,0 @@ -description: Deprecated. Use instack-undercloud instead. All-in-one baremetal OpenStack and all dependencies. -heat_template_version: 2013-05-23 -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AdminToken: - default: unset - description: The keystone auth secret. - type: string - hidden: true - BaremetalArch: - default: i386 - description: The architecture to use in Nova-BM - i386 or amd64. - type: string - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - DefaultSignalTransport: - default: CFN_SIGNAL - description: Transport to use for software-config signals. - type: string - constraints: - - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ] - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config: - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "compute_manager", - "value": "ironic.nova.compute.manager.ClusterComputeManager" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - Flavor: - description: Flavor to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlancePassword: - default: unset - description: The password for the glance service account, used by the glance services. - type: string - hidden: true - GlancePort: - default: 9292 - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - HeatPassword: - default: unset - description: The password for the Heat service account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. - type: string - default: '' - hidden: true - ImageUpdatePolicy: - default: REBUILD_PRESERVE_EPHEMERAL - description: What policy to use when reconstructing instances. REBUILD for rebuilds, - REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - NeutronPassword: - default: unset - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: > - A custom IP address to put onto the NeutronPublicInterface bridge. - See also NeutronPublicInterfaceTagIP for adding a VLAN tagging IP. - NeutronPublicInterfaceIP is deprecated in the context of deploying - underclouds - its only needed for the seed bootstrap process. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge, and that port will be - given the IP address returned by neutron from the public network. - type: string - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NeutronDVR: - default: 'False' - type: string - NtpServer: - type: string - default: '' - RabbitCookieSalt: - type: string - default: unset - description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - undercloudImage: - default: undercloud - type: string -resources: - RabbitCookie: - type: OS::Heat::RandomString - properties: - length: 20 - salt: - get_param: RabbitCookieSalt - MysqlRootPassword: - type: OS::Heat::RandomString - properties: - length: 10 - undercloudConfig: - type: OS::Heat::StructuredConfig - properties: - config: - completion-signal: {get_input: deploy_signal_id} - admin-password: - get_param: AdminPassword - admin-token: - get_param: AdminToken - bootstrap_host: - bootstrap_nodeid: - Fn::Select: - - 0 - - Fn::Select: - - 0 - - Merge::Map: - undercloud: - - get_attr: - - undercloud - - name - nodeid: {get_input: bootstack_nodeid} - bootstack: - public_interface_ip: - get_param: NeutronPublicInterfaceIP - controller-address: - get_input: controller_host - corosync: - bindnetaddr: {get_input: controller_host} - mcastport: 5577 - nodes: - Merge::Map: - controller0: - ip: {get_attr: [undercloud, networks, ctlplane, 0]} - pacemaker: - stonith_enabled : false - recheck_interval : 5 - quorum_policy : ignore - ceilometer: - db: {list_join: ['', ['mysql://ceilometer:', {get_param: CeilometerPassword}, '@localhost/ceilometer']]} - debug: {get_param: Debug} - metering_secret: {get_param: CeilometerMeteringSecret} - snmpd_readonly_user_name: - get_param: SnmpdReadonlyUserName - snmpd_readonly_user_password: - get_param: SnmpdReadonlyUserPassword - service-password: - get_param: CeilometerPassword - db-password: unset - glance: - backend: file - db: {list_join: ['', ['mysql://glance:', {get_param: GlancePassword}, '@localhost/glance']]} - debug: {get_param: Debug} - host: 127.0.0.1 - port: - get_param: GlancePort - protocol: - get_param: GlanceProtocol - service-password: - get_param: GlancePassword - notifier-strategy: - get_param: GlanceNotifierStrategy - log-file: - get_param: GlanceLogFile - heat: - admin_password: - get_param: HeatPassword - admin_tenant_name: service - admin_user: heat - auth_encryption_key: unset___________ - db: {list_join: ['', ['mysql://heat:', {get_param: HeatPassword}, '@localhost/heat']]} - debug: {get_param: Debug} - stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} - watch_server_url: {get_input: heat.watch_server_url} - metadata_server_url: {get_input: heat.metadata_server_url} - waitcondition_server_url: {get_input: heat.waitcondition_server_url} - keystone: - db: {list_join: ['', ['mysql://keystone:', {get_param: AdminToken}, '@localhost/keystone']]} - debug: {get_param: Debug} - host: 127.0.0.1 - ca_certificate: {get_param: KeystoneCACertificate} - signing_key: {get_param: KeystoneSigningKey} - signing_certificate: {get_param: KeystoneSigningCertificate} - ssl: - certificate: {get_param: KeystoneSSLCertificate} - certificate_key: {get_param: KeystoneSSLCertificateKey} - mysql: - innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - root-password: {get_resource: MysqlRootPassword} - bind_address: 127.0.0.1 - neutron: - debug: {get_param: Debug} - host: 127.0.0.1 - ovs_db: {list_join: ['', ['mysql://neutron:', {get_param: NeutronPassword}, '@localhost/ovs_neutron?charset=utf8']]} - ovs: - local_ip: - get_input: controller_host - public_interface: - get_param: NeutronPublicInterface - public_interface_raw_device: - get_param: NeutronPublicInterfaceRawDevice - public_interface_route: - get_param: NeutronPublicInterfaceDefaultRoute - public_interface_tag: - get_param: NeutronPublicInterfaceTag - physical_bridge: br-ctlplane - physical_network: ctlplane - network_vlan_ranges: ctlplane - bridge_mappings: ctlplane:br-ctlplane - tenant_network_type: vlan - enable_tunneling: 'False' - service-password: - get_param: NeutronPassword - rabbit: - host: 127.0.0.1 - username: - get_param: RabbitUserName - password: - get_param: RabbitPassword - cookie: - get_attr: - - RabbitCookie - - value - ntp: - servers: - - {server: {get_param: NtpServer}} - undercloudPassthroughConfig: - type: OS::Heat::StructuredConfig - properties: - config: {get_input: passthrough_config} - undercloud: - type: OS::Nova::Server - properties: - image: - get_param: undercloudImage - flavor: - get_param: Flavor - key_name: - get_param: KeyName - image_update_policy: - get_param: ImageUpdatePolicy - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - undercloudDeployment: - depends_on: [undercloudPassthroughDeployment] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudConfig} - server: {get_resource: undercloud} - signal_transport: {get_param: DefaultSignalTransport} - input_values: - bootstack_nodeid: - get_attr: - - undercloud - - name - controller_host: - get_attr: - - undercloud - - networks - - ctlplane - - 0 - heat.watch_server_url: - Fn::Join: - - '' - - - 'http://' - - get_attr: [undercloud, networks, ctlplane, 0] - - ':8003' - heat.metadata_server_url: - Fn::Join: - - '' - - - 'http://' - - {get_attr: [undercloud, networks, ctlplane, 0]} - - ':8000' - heat.waitcondition_server_url: - Fn::Join: - - '' - - - 'http://' - - {get_attr: [undercloud, networks, ctlplane, 0]} - - ':8000/v1/waitcondition' - undercloudPassthroughDeployment: - depends_on: [undercloudNovaDeployment] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudPassthroughConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - input_values: - passthrough_config: {get_param: ExtraConfig} diff --git a/deprecated/undercloud-vlan-port.yaml b/deprecated/undercloud-vlan-port.yaml deleted file mode 100644 index 7e39f5fc..00000000 --- a/deprecated/undercloud-vlan-port.yaml +++ /dev/null @@ -1,37 +0,0 @@ -outputs: - PublicIP: - description: Address for registering endpoints in the cloud. - value: {get_attr: [undercloud_VLANPort, fixed_ips, 0, ip_address]} -resources: - # Override the main template which can also supply a static route. - undercloud_99VLANPort: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudVLANPortConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - undercloudVLANPortConfig: - type: OS::Heat::StructuredConfig - properties: - config: - neutron: - ovs: - public_interface_tag_ip: - Fn::Join: - - '/' - - - {get_attr: [undercloud_VLANPort, fixed_ips, 0, ip_address]} - - '24' - # This should also be pulled out of the subnet. May need a - # neutron fix too - XXX make into a parameter and feed it - # in via _undercloud.sh for now. - # Tell the instance to apply the default route. - # Reinstate when https://bugs.launchpad.net/heat/+bug/1336656 is - # sorted - # public_interface_route: - # get_attr: [undercloud_VLANPort, fixed_ips, 0, subnet, gateway_ip] - undercloud_VLANPort: - type: OS::Neutron::Port - properties: - name: undercloud_vlan - network: public - replacement_policy: AUTO
\ No newline at end of file diff --git a/deprecated/undercloud-vm-ironic-config.yaml b/deprecated/undercloud-vm-ironic-config.yaml deleted file mode 100644 index cc0dafb6..00000000 --- a/deprecated/undercloud-vm-ironic-config.yaml +++ /dev/null @@ -1,27 +0,0 @@ -resources: - undercloudNovaConfig: - type: OS::Heat::StructuredConfig - properties: - config: - nova: - compute_hostname: undercloud - compute_driver: {get_param: NovaComputeDriver} - compute_manager: {get_param: NovaComputeManager} - scheduler_host_manager: {get_param: NovaSchedulerHostManager} - db: {list_join: ['', ['mysql://nova:', {get_param: NovaPassword}, '@localhost/nova']]} - debug: {get_param: Debug} - default_ephemeral_format: ext4 - host: 127.0.0.1 - metadata-proxy: false - tuning: - ram_allocation_ratio: 1.0 - reserved_host_memory_mb: 0 - service-password: {get_input: nova_service_password} - undercloudIronicConfig: - type: OS::Heat::StructuredConfig - properties: - config: - ironic: - db: {list_join: ['', ['mysql://ironic:', {get_param: IronicPassword}, '@localhost/ironic']]} - service-password: {get_input: ironic_service_password} - virtual_power_ssh_key: {get_input: virtual_power_ssh_key} diff --git a/deprecated/undercloud-vm-ironic-deploy.yaml b/deprecated/undercloud-vm-ironic-deploy.yaml deleted file mode 100644 index 5d23495c..00000000 --- a/deprecated/undercloud-vm-ironic-deploy.yaml +++ /dev/null @@ -1,44 +0,0 @@ -parameters: - IronicPassword: - type: string - description: Ironic password for keystone access - hidden: true - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NovaComputeDriver: - default: nova.virt.ironic.driver.IronicDriver - description: Full class name for the Nova compute driver - type: string - NovaComputeManager: - default: ironic.nova.compute.manager.ClusteredComputeManager - description: Full class name for the Nova compute manager - type: string - NovaSchedulerHostManager: - default: nova.scheduler.ironic_host_manager.IronicHostManager - description: Full class name for the Nova scheduler host manager - type: string - PowerSSHPrivateKey: - description: Private key for using to ssh to a virtual power host. - type: string - hidden: true -resources: - undercloudNovaDeployment: - depends_on: [undercloudIronicDeployment] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudNovaConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - input_values: - nova_service_password: {get_param: NovaPassword} - undercloudIronicDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudIronicConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - input_values: - ironic_service_password: {get_param: IronicPassword} - virtual_power_ssh_key: {get_param: PowerSSHPrivateKey} diff --git a/deprecated/undercloud-vm-nova-config.yaml b/deprecated/undercloud-vm-nova-config.yaml deleted file mode 100644 index 1fb8abb3..00000000 --- a/deprecated/undercloud-vm-nova-config.yaml +++ /dev/null @@ -1,29 +0,0 @@ -resources: - undercloudNovaConfig: - type: OS::Heat::StructuredConfig - properties: - config: - nova: - compute_hostname: undercloud - compute_driver: {get_param: NovaComputeDriver} - compute_manager: {get_param: NovaComputeManager} - scheduler_host_manager: {get_param: NovaSchedulerHostManager} - db: {list_join: ['', ['mysql://nova:', {get_param: NovaPassword}, '@localhost/nova']]} - default_ephemeral_format: ext4 - host: 127.0.0.1 - metadata-proxy: false - tuning: - ram_allocation_ratio: 1.0 - reserved_host_memory_mb: 0 - baremetal: - arch: {get_input: nova_arch} - db: {list_join: ['', ['mysql://nova:', {get_param: NovaPassword}, '@localhost/nova_bm']]} - power_manager: {get_input: power_manager} - pxe_deploy_timeout: {get_input: pxe_deploy_timeout} - virtual_power: - user: {get_input: user} - ssh_host: {get_input: ssh_host} - ssh_key: {get_input: ssh_key} - type: virsh - service-password: {get_input: nova_service_password} - diff --git a/deprecated/undercloud-vm-nova-deploy.yaml b/deprecated/undercloud-vm-nova-deploy.yaml deleted file mode 100644 index da15b46d..00000000 --- a/deprecated/undercloud-vm-nova-deploy.yaml +++ /dev/null @@ -1,52 +0,0 @@ -parameters: - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NovaComputeDriver: - default: baremetal.driver.BareMetalDriver - description: Full class name for the Nova compute driver - type: string - NovaComputeManager: - default: nova.compute.manager.ComputeManager - description: Full class name for the Nova compute manager - type: string - NovaSchedulerHostManager: - default: nova.scheduler.host_manager.HostManager - description: Full class name for the Nova scheduler host manager - type: string - PowerManager: - default: nova.virt.baremetal.virtual_power_driver.VirtualPowerManager - description: Bare metal power manager driver. - type: string - PowerSSHHost: - default: 192.168.122.1 - description: SSH host to ssh to for power management operations. - type: string - PowerSSHPrivateKey: - description: Private key for using to ssh to a virtual power host. - type: string - hidden: true - PowerUserName: - default: stack - description: What username to ssh to the virtual power host with. - type: string - PxeDeployTimeout: - default: 2400 - description: Timeout for PXE deployment of baremetal nodes - type: number -resources: - undercloudNovaDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudNovaConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - input_values: - nova_arch: {get_param: BaremetalArch} - power_manager: {get_param: PowerManager} - pxe_deploy_timeout: {get_param: PxeDeployTimeout} - nova_service_password: {get_param: NovaPassword} - user: {get_param: PowerUserName} - ssh_host: {get_param: PowerSSHHost} - ssh_key: {get_param: PowerSSHPrivateKey} diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml index 0d049ebc..a6607fd9 100644 --- a/docker/compute-post.yaml +++ b/docker/compute-post.yaml @@ -9,6 +9,9 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied + DockerNamespace: + type: string + default: tripleoupstream DockerComputeImage: type: string DockerComputeDataImage: @@ -67,8 +70,24 @@ resources: config: {get_resource: CopyEtcConfig} servers: {get_param: servers} + CopyJsonConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + outputs: + - name: result + config: {get_file: ./generate_json_config.sh} + + CopyJsonDeployment: + type: OS::Heat::SoftwareDeployments + depends_on: CopyEtcDeployment + properties: + config: {get_resource: CopyJsonConfig} + servers: {get_param: servers} + NovaComputeContainersDeploymentOVS: type: OS::Heat::StructuredDeployments + depends_on: CopyJsonDeployment properties: config: {get_resource: NovaComputeContainersConfigOVS} servers: {get_param: servers} @@ -79,7 +98,10 @@ resources: group: docker-compose config: ovsvswitchd: - image: {get_param: DockerOvsVswitchdImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] container_name: ovs-vswitchd net: host privileged: true @@ -87,18 +109,23 @@ resources: volumes: - /run:/run - /lib/modules:/lib/modules:ro + - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json environment: - - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS openvswitchdb: - image: {get_param: DockerOpenvswitchDBImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] container_name: ovs-db-server net: host restart: always volumes: - /run:/run + - /var/lib/etc-data/json-config/ovs-dbserver.json:/var/lib/kolla/config_files/config.json environment: - - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS NovaComputeContainersDeploymentNetconfig: type: OS::Heat::SoftwareDeployments @@ -122,7 +149,7 @@ resources: LibvirtContainersDeployment: type: OS::Heat::StructuredDeployments - depends_on: [CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig] + depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig] properties: config: {get_resource: LibvirtContainersConfig} servers: {get_param: servers} @@ -133,11 +160,20 @@ resources: group: docker-compose config: computedata: - image: {get_param: DockerComputeDataImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerComputeDataImage} ] container_name: computedata + volumes: + - /var/lib/nova/instances + - /var/lib/libvirt libvirt: - image: {get_param: DockerLibvirtImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] container_name: libvirt net: host pid: host @@ -146,16 +182,17 @@ resources: volumes: - /run:/run - /lib/modules:/lib/modules:ro - - /var/lib/etc-data/libvirt/libvirtd.conf:/opt/kolla/libvirtd/libvirtd.conf - - /var/lib/nova/instances:/var/lib/nova/instances + - /sys/fs/cgroup:/sys/fs/cgroup + - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf environment: - - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS volumes_from: - computedata NovaComputeContainersDeployment: type: OS::Heat::StructuredDeployments - depends_on: [CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig, LibvirtContainersDeployment] + depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig, LibvirtContainersDeployment] properties: config: {get_resource: NovaComputeContainersConfig} servers: {get_param: servers} @@ -166,7 +203,10 @@ resources: group: docker-compose config: openvswitch: - image: {get_param: DockerOpenvswitchImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] container_name: openvswitch net: host privileged: true @@ -174,17 +214,20 @@ resources: volumes: - /run:/run - /lib/modules:/lib/modules:ro + - /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json - /var/lib/etc-data/neutron/neutron.conf:/etc/kolla/neutron-openvswitch-agent/:ro - - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/etc/kolla/neutron-openvswitch-agent/:ro + - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro + - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro environment: - - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS volumes_from: - computedata - # FIXME: Kolla now uses a JSON model to run custom commands. We rebuilt a custom container to read in KOLLA_COMMAND_ARGS - # FIXME: Here we're subjugating kolla's start scripts because we want our custom run command neutronagent: - image: {get_param: DockerOpenvswitchImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] container_name: neutronagent net: host pid: host @@ -193,33 +236,32 @@ resources: volumes: - /run:/run - /lib/modules:/lib/modules:ro - - /var/lib/etc-data/neutron/neutron.conf:/etc/neutron/neutron.conf:ro - - /var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:ro + - /var/lib/etc-data/json-config/neutron-agent.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro + - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro environment: - - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS - # FIXME: Kolla now uses a JSON model to run custom commands. We rebuilt a custom container to read in KOLLA_COMMAND_ARGS - - KOLLA_COMMAND_ARGS=--config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS volumes_from: - computedata novacompute: - image: {get_param: DockerComputeImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerComputeImage} ] container_name: novacompute net: host privileged: true restart: always volumes: - /run:/run - - /sys/fs/cgroup:/sys/fs/cgroup - /lib/modules:/lib/modules:ro - - /var/lib/etc-data/:/etc/:ro - - /var/lib/nova/instances:/var/lib/nova/instances + - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS volumes_from: - computedata - # FIXME: this skips the kolla start.sh script and just starts Nova - # Ideally we'd have an environment that switched the kolla container - # to be externally configured. - command: /usr/bin/nova-compute ExtraConfig: depends_on: NovaComputeContainersDeployment diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml index 8adc8939..22a8ff92 100644 --- a/docker/firstboot/install_docker_agents.yaml +++ b/docker/firstboot/install_docker_agents.yaml @@ -4,6 +4,12 @@ parameters: DockerAgentImage: type: string default: dprince/heat-docker-agents-centos + DockerNamespace: + type: string + default: kollaglue + DockerNamespaceIsRegistry: + type: boolean + default: false resources: @@ -21,6 +27,8 @@ resources: str_replace: params: $agent_image: {get_param: DockerAgentImage} + $docker_registry: {get_param: DockerNamespace} + $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry} template: {get_file: ./start_docker_agents.sh} outputs: diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index 88759a5d..a0e95d11 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -7,7 +7,7 @@ if ! hostname | grep compute &>/dev/null; then exit 0 fi -mkdir -p /var/lib/etc-data/ #FIXME: this should be a docker data container +mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container # heat-docker-agents service cat <<EOF > /etc/systemd/system/heat-docker-agents.service @@ -38,14 +38,13 @@ EOF #echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker # Local docker registry 1.8 -#/bin/sed -i s/ADD_REGISTRY/#ADD_REGISTRY/ /etc/sysconfig/docker +if [ $docker_namespace_is_registry ]; then + /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry '/INSECURE_REGISTRY='--insecure-registry $docker_registry'/g" /etc/sysconfig/docker +fi /sbin/setenforce 0 /sbin/modprobe ebtables -# Create /var/lib/etc-data for now. FIXME: This should go into a data container. -#mkdir -p /var/lib/etc-data - echo nameserver 8.8.8.8 > /etc/resolv.conf # We need hostname -f to return in a centos container for the puppet hook diff --git a/docker/generate_json_config.sh b/docker/generate_json_config.sh new file mode 100644 index 00000000..5cf49226 --- /dev/null +++ b/docker/generate_json_config.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +KOLLA_DEST=/var/lib/kolla/config_files +JSON_DEST=/var/lib/etc-data/json-config + +# For more config file generation, simply define a new SERVICE_DATA_ +# prefixed variable. The command string is quoted to include config-file +# arguments. Note that the variable name following SERVICE_DATA_ will be +# the filename the JSON config is written to. + +# [EXAMPLE]: SERVICE_DATA_<SERVICE_NAME>=(<command> <source> <dest> <owner> <perms>) + +SERVICE_DATA_NOVA_LIBVIRT=("/usr/sbin/libvirtd" libvirtd.conf /etc/libvirt/libvirtd.conf root 0644) +SERVICE_DATA_NOVA_COMPUTE=("/usr/bin/nova-compute" nova.conf /etc/nova/nova.conf nova 0600) +SERVICE_DATA_NEUTRON_OPENVSWITCH_AGENT=("/usr/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini" neutron.conf /etc/neutron/neutron.conf neutron 0600 ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini neutron 0600) +SERVICE_DATA_NEUTRON_AGENT=("/usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" neutron.conf /etc/neutron/neutron.conf neutron 0600 ovs_neutron_plugin.ini /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini neutron 0600) +SERVICE_DATA_OVS_VSWITCHD=("/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/openvswitch/ovs-vswitchd.log") +SERVICE_DATA_OVS_DBSERVER=("/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --log-file=/var/log/openvswitch/ovsdb-server.log") + +function create_json_header() { + local command=$1 + + echo "\ +{ + \"command\": \"${command[@]}\"," + +} + +function create_config_file_header() { + echo " \"config_files\": [" +} + +function create_config_file_block() { + local source=$KOLLA_DEST/$1 + local dest=$2 + local owner=$3 + local perm=$4 + + printf "\ +\t{ +\t \"source\": \"$source\", +\t \"dest\": \"$dest\", +\t \"owner\": \"$owner\", +\t \"perm\": \"$perm\" +\t}" +} + +function add_trailing_comma() { + printf ", \n" +} + +function create_config_file_trailer() { + echo -e "\n ]" +} + +function create_json_trailer() { + echo "}" +} + +function create_json_data() { + local config_data=$1 + shift + + create_json_header "$config_data" + create_config_file_header + while [ "$1" ]; do + create_config_file_block "$@" + shift 4 + if [ "$1" ]; then + add_trailing_comma + fi + done + create_config_file_trailer + create_json_trailer +} + +function write_json_data() { + + local name=$1[@] + local service_data=("${!name}") + + local service_name=${1#SERVICE_DATA_} # chop SERVICE_DATA_ prefix + service_name=${service_name//_/-} # switch underscore to dash + service_name=${service_name,,} # change to lowercase + + echo "Creating JSON file ${service_name}" + create_json_data "${service_data[@]}" > "$JSON_DEST/$service_name.json" +} + +function process_configs() { + for service in ${!SERVICE_DATA_*}; do + write_json_data "${service}" + done +} + +process_configs diff --git a/environments/docker-rdo.yaml b/environments/docker-rdo.yaml index 8a6e1018..66824feb 100644 --- a/environments/docker-rdo.yaml +++ b/environments/docker-rdo.yaml @@ -8,10 +8,16 @@ parameters: NovaImage: atomic-image parameter_defaults: - DockerComputeImage: rthallisey/centos-binary-nova-compute:liberty - DockerComputeDataImage: kollaglue/centos-rdo-nova-compute-data:liberty2 - DockerLibvirtImage: kollaglue/centos-rdo-nova-libvirt:liberty2 - DockerNeutronAgentImage: kollaglue/centos-rdo-neutron-agents:liberty2 - DockerOpenvswitchImage: rthallisey/centos-rdo-neutron-openvswitch-agent:latest - DockerOvsVswitchdImage: kollaglue/centos-rdo-ovs-vswitchd:liberty2 - DockerOpenvswitchDBImage: kollaglue/centos-rdo-ovs-db-server:liberty2 + # Defaults to 'tripleoupstream'. Specify a local docker registry + # Example: 192.168.122.131:8787 + DockerNamespace: tripleoupstream + # Enable local Docker registry + DockerNamespaceIsRegistry: false + # Compute Node Images + DockerComputeImage: centos-binary-nova-compute:latest + DockerComputeDataImage: centos-binary-data:latest + DockerLibvirtImage: centos-binary-nova-libvirt:latest + DockerNeutronAgentImage: centos-binary-neutron-agents:latest + DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:latest + DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:latest + DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:latest diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml new file mode 100644 index 00000000..5c2506e9 --- /dev/null +++ b/environments/enable-tls.yaml @@ -0,0 +1,9 @@ +parameter_defaults: + SSLCertificate: | + The contents of your certificate go here + SSLIntermediateCertificate: '' + SSLKey: | + The contents of the private key go here + +resource_registry: + OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/environments/external-loadbalancer-vip.yaml b/environments/external-loadbalancer-vip.yaml new file mode 100644 index 00000000..47d5bd9b --- /dev/null +++ b/environments/external-loadbalancer-vip.yaml @@ -0,0 +1,14 @@ +resource_registry: + OS::TripleO::Network::Ports::NetVipMap: ../network/ports/net_vip_map_external.yaml + +parameter_defaults: + # When using an external loadbalancer set the following in parameter_defaults + # to control your VIPs (currently one per network) + # NOTE: we will eventually move to one VIP per service + # + # ControlNetworkVip: + # ExternalNetworkVip: + # InternalApiNetworkVip: + # StorageNetworkVip: + # StorageMgmtNetworkVip: + EnableLoadBalancer: false
\ No newline at end of file diff --git a/environments/inject-trust-anchor.yaml b/environments/inject-trust-anchor.yaml new file mode 100644 index 00000000..3ecb0d27 --- /dev/null +++ b/environments/inject-trust-anchor.yaml @@ -0,0 +1,6 @@ +parameter_defaults: + SSLRootCertificate: | + The contents of your root CA certificate go here + +resource_registry: + OS::TripleO::NodeTLSCAData: ../puppet/extraconfig/tls/ca-inject.yaml diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml new file mode 100644 index 00000000..071f4108 --- /dev/null +++ b/environments/manage-firewall.yaml @@ -0,0 +1,2 @@ +parameters: + ManageFirewall: true diff --git a/environments/net-bond-with-vlans-no-external.yaml b/environments/net-bond-with-vlans-no-external.yaml new file mode 100644 index 00000000..0da119d9 --- /dev/null +++ b/environments/net-bond-with-vlans-no-external.yaml @@ -0,0 +1,26 @@ +# This template configures each role to use a pair of bonded nics (nic2 and +# nic3) and configures an IP address on each relevant isolated network +# for each role. + +# This template assumes use of network-isolation.yaml and should be specified +# last on the CLI as a Heat environment so as to override specific +# registry settings in the network-isolation registry. +# +# FIXME: if/when we add functionality to heatclient to include heat +# environment files we should think about using it here to automatically +# include network-isolation.yaml. +resource_registry: + + # Set external ports to noop + OS::TripleO::Network::External: ../network/noop.yaml + OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/noop.yaml + + OS::TripleO::BlockStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/cinder-storage.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../network/config/bond-with-vlans/compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-no-external.yaml + OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml + OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml + +# NOTE: with no external interface we should be able to use the +# default Neutron l3_agent.ini setting for the external bridge (br-ex) +# i.e. No need to set: NeutronExternalNetworkBridge: "''" diff --git a/environments/net-single-nic-with-vlans-no-external.yaml b/environments/net-single-nic-with-vlans-no-external.yaml new file mode 100644 index 00000000..a173df4e --- /dev/null +++ b/environments/net-single-nic-with-vlans-no-external.yaml @@ -0,0 +1,25 @@ +# This template configures each role to use Vlans on a single nic for +# each isolated network. +# This template assumes use of network-isolation.yaml and should be specified +# last on the CLI as a Heat environment so as to override specific +# registry settings in the network-isolation registry. +# +# FIXME: if/when we add functionality to heatclient to include heat +# environment files we should think about using it here to automatically +# include network-isolation.yaml. +resource_registry: + + # Set external ports to noop + OS::TripleO::Network::External: ../network/noop.yaml + OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/noop.yaml + + # Configure other ports as normal + OS::TripleO::BlockStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/cinder-storage.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../network/config/single-nic-vlans/compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-no-external.yaml + OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml + OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml + +# NOTE: with no external interface we should be able to use the +# default Neutron l3_agent.ini setting for the external bridge (br-ex) +# i.e. No need to set: NeutronExternalNetworkBridge: "''" diff --git a/environments/network-isolation-no-tunneling.yaml b/environments/network-isolation-no-tunneling.yaml new file mode 100644 index 00000000..5d2a915b --- /dev/null +++ b/environments/network-isolation-no-tunneling.yaml @@ -0,0 +1,37 @@ +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. This version of the environment +# has no dedicated VLAN for tunneling, for deployments that use +# VLAN mode, flat provider networks, etc. +resource_registry: + OS::TripleO::Network::External: ../network/external.yaml + OS::TripleO::Network::InternalApi: ../network/internal_api.yaml + OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml + OS::TripleO::Network::Storage: ../network/storage.yaml + + # Port assignments for the controller role + OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml + OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml + OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml + OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + + # Port assignments for the compute role + OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml + OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml + + # Port assignments for the ceph storage role + OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml + OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + + # Port assignments for the swift storage role + OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml + OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml + OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + + # Port assignments for the block storage role + OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml + OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml + OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + + # Port assignments for service virtual IPs for the controller role + OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml new file mode 100644 index 00000000..4ba8d9cb --- /dev/null +++ b/environments/neutron-nuage-config.yaml @@ -0,0 +1,14 @@ +# A Heat environment file which can be used to enable a +# a Neutron Nuage backend on the controller, configured via puppet +resource_registry: + OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml + +parameter_defaults: + NeutronNuageOSControllerIp: '0.0.0.0' + NeutronNuageNetPartitionName: 'default_name' + NeutronNuageVSDIp: '0.0.0.0:0' + NeutronNuageVSDUsername: 'username' + NeutronNuageVSDPassword: 'password' + NeutronNuageVSDOrganization: 'organization' + NeutronNuageBaseURIVersion: 'default_uri_version' + NeutronNuageCMSId: '' diff --git a/environments/nova-nuage-config.yaml b/environments/nova-nuage-config.yaml new file mode 100644 index 00000000..56c64d15 --- /dev/null +++ b/environments/nova-nuage-config.yaml @@ -0,0 +1,8 @@ +# A Heat environment file which can be used to enable +# Nuage backend on the compute, configured via puppet +resource_registry: + OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml + +parameter_defaults: + NuageActiveController: '0.0.0.0' + NuageStandbyController: '0.0.0.0' diff --git a/environments/updates/README.md b/environments/updates/README.md new file mode 100644 index 00000000..8c03411d --- /dev/null +++ b/environments/updates/README.md @@ -0,0 +1,9 @@ +This directory contains Heat environment file snippets which can +be used to ensure smooth updates of the Overcloud. + +Contents +-------- + +**update-from-keystone-admin-internal-api.yaml** + To be used if the Keystone Admin API was originally deployed on the + Internal API network. diff --git a/environments/updates/update-from-keystone-admin-internal-api.yaml b/environments/updates/update-from-keystone-admin-internal-api.yaml new file mode 100644 index 00000000..3c71ef1b --- /dev/null +++ b/environments/updates/update-from-keystone-admin-internal-api.yaml @@ -0,0 +1,33 @@ +# This environment file provides a default value for ServiceNetMap where +# Keystone Admin API service is running on the Internal API network + +parameters: + ServiceNetMap: + NeutronTenantNetwork: tenant + CeilometerApiNetwork: internal_api + MongoDbNetwork: internal_api + CinderApiNetwork: internal_api + CinderIscsiNetwork: storage + GlanceApiNetwork: storage + GlanceRegistryNetwork: internal_api + KeystoneAdminApiNetwork: internal_api + KeystonePublicApiNetwork: internal_api + NeutronApiNetwork: internal_api + HeatApiNetwork: internal_api + NovaApiNetwork: internal_api + NovaMetadataNetwork: internal_api + NovaVncProxyNetwork: internal_api + SwiftMgmtNetwork: storage_mgmt + SwiftProxyNetwork: storage + HorizonNetwork: internal_api + MemcachedNetwork: internal_api + RabbitMqNetwork: internal_api + RedisNetwork: internal_api + MysqlNetwork: internal_api + CephClusterNetwork: storage_mgmt + CephPublicNetwork: storage + ControllerHostnameResolveNetwork: internal_api + ComputeHostnameResolveNetwork: internal_api + BlockStorageHostnameResolveNetwork: internal_api + ObjectStorageHostnameResolveNetwork: internal_api + CephStorageHostnameResolveNetwork: storage diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index 3ba13f23..e32369e1 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -22,7 +22,8 @@ mkdir -p $timestamp_dir update_identifier=${update_identifier//[^a-zA-Z0-9-_]/} # seconds to wait for this node to rejoin the cluster after update -cluster_start_timeout=360 +cluster_start_timeout=600 +galera_sync_timeout=360 timestamp_file="$timestamp_dir/$update_identifier" if [[ -a "$timestamp_file" ]]; then @@ -41,109 +42,93 @@ if [[ "$list_updates" == "" ]]; then fi pacemaker_status=$(systemctl is-active pacemaker) +pacemaker_dumpfile=$(mktemp) if [[ "$pacemaker_status" == "active" ]] ; then - echo "Checking for and adding missing constraints" +SERVICES="memcached +httpd +neutron-dhcp-agent +neutron-l3-agent +neutron-metadata-agent +neutron-openvswitch-agent +neutron-server +openstack-ceilometer-alarm-evaluator +openstack-ceilometer-alarm-notifier +openstack-ceilometer-api +openstack-ceilometer-central +openstack-ceilometer-collector +openstack-ceilometer-notification +openstack-cinder-api +openstack-cinder-scheduler +openstack-cinder-volume +openstack-glance-api +openstack-glance-registry +openstack-heat-api +openstack-heat-api-cfn +openstack-heat-api-cloudwatch +openstack-heat-engine +openstack-keystone +openstack-nova-api +openstack-nova-conductor +openstack-nova-consoleauth +openstack-nova-novncproxy +openstack-nova-scheduler" + + echo "Dumping Pacemaker config" + pcs cluster cib $pacemaker_dumpfile + + echo "Checking for missing constraints" if ! pcs constraint order show | grep "start openstack-nova-novncproxy-clone then start openstack-nova-api-clone"; then - pcs constraint order start openstack-nova-novncproxy-clone then openstack-nova-api-clone + pcs -f $pacemaker_dumpfile constraint order start openstack-nova-novncproxy-clone then openstack-nova-api-clone fi if ! pcs constraint order show | grep "start rabbitmq-clone then start openstack-keystone-clone"; then - pcs constraint order start rabbitmq-clone then openstack-keystone-clone + pcs -f $pacemaker_dumpfile constraint order start rabbitmq-clone then openstack-keystone-clone fi if ! pcs constraint order show | grep "promote galera-master then start openstack-keystone-clone"; then - pcs constraint order promote galera-master then openstack-keystone-clone + pcs -f $pacemaker_dumpfile constraint order promote galera-master then openstack-keystone-clone fi - if ! pcs constraint order show | grep "start haproxy-clone then start openstack-keystone-clone"; then - pcs constraint order start haproxy-clone then openstack-keystone-clone + if pcs resource | grep "haproxy-clone"; then + SERVICES="$SERVICES haproxy" + if ! pcs constraint order show | grep "start haproxy-clone then start openstack-keystone-clone"; then + pcs -f $pacemaker_dumpfile constraint order start haproxy-clone then openstack-keystone-clone + fi fi if ! pcs constraint order show | grep "start memcached-clone then start openstack-keystone-clone"; then - pcs constraint order start memcached-clone then openstack-keystone-clone + pcs -f $pacemaker_dumpfile constraint order start memcached-clone then openstack-keystone-clone fi if ! pcs constraint order show | grep "promote redis-master then start openstack-ceilometer-central-clone"; then - pcs constraint order promote redis-master then start openstack-ceilometer-central-clone require-all=false + pcs -f $pacemaker_dumpfile constraint order promote redis-master then start openstack-ceilometer-central-clone require-all=false + fi + + # ensure neutron constraints https://review.openstack.org/#/c/229466 + # remove ovs-cleanup after server and add openvswitch-agent instead + if pcs constraint order show | grep "start neutron-server-clone then start neutron-ovs-cleanup-clone"; then + pcs -f $pacemaker_dumpfile constraint remove order-neutron-server-clone-neutron-ovs-cleanup-clone-mandatory + fi + if ! pcs constraint order show | grep "start neutron-server-clone then start neutron-openvswitch-agent-clone"; then + pcs -f $pacemaker_dumpfile constraint order start neutron-server-clone then neutron-openvswitch-agent-clone fi + if ! pcs resource defaults | grep "resource-stickiness: INFINITY"; then - pcs resource defaults resource-stickiness=INFINITY + pcs -f $pacemaker_dumpfile resource defaults resource-stickiness=INFINITY fi echo "Setting resource start/stop timeouts" + for service in $SERVICES; do + pcs -f $pacemaker_dumpfile resource update $service op start timeout=100s op stop timeout=100s + done + # mongod start timeout is higher, setting only stop timeout + pcs -f $pacemaker_dumpfile resource update mongod op stop timeout=100s - # timeouts for non-openstack services and special cases - pcs resource update haproxy op start timeout=100s - pcs resource update haproxy op stop timeout=100s - # mongod start timeout is also higher, setting only stop timeout - pcs resource update mongod op stop timeout=100s - # rabbit start timeout is already 100s - pcs resource update rabbitmq op stop timeout=100s - pcs resource update memcached op start timeout=100s - pcs resource update memcached op stop timeout=100s - pcs resource update httpd op start timeout=100s - pcs resource update httpd op stop timeout=100s - # neutron-netns-cleanup stop timeout is 300s, setting only start timeout - pcs resource update neutron-netns-cleanup op start timeout=100s - # neutron-ovs-cleanup stop timeout is 300s, setting only start timeout - pcs resource update neutron-ovs-cleanup op start timeout=100s - - # timeouts for openstack services - pcs resource update neutron-dhcp-agent op start timeout=100s - pcs resource update neutron-dhcp-agent op stop timeout=100s - pcs resource update neutron-l3-agent op start timeout=100s - pcs resource update neutron-l3-agent op stop timeout=100s - pcs resource update neutron-metadata-agent op start timeout=100s - pcs resource update neutron-metadata-agent op stop timeout=100s - pcs resource update neutron-openvswitch-agent op start timeout=100s - pcs resource update neutron-openvswitch-agent op stop timeout=100s - pcs resource update neutron-server op start timeout=100s - pcs resource update neutron-server op stop timeout=100s - pcs resource update openstack-ceilometer-alarm-evaluator op start timeout=100s - pcs resource update openstack-ceilometer-alarm-evaluator op stop timeout=100s - pcs resource update openstack-ceilometer-alarm-notifier op start timeout=100s - pcs resource update openstack-ceilometer-alarm-notifier op stop timeout=100s - pcs resource update openstack-ceilometer-api op start timeout=100s - pcs resource update openstack-ceilometer-api op stop timeout=100s - pcs resource update openstack-ceilometer-central op start timeout=100s - pcs resource update openstack-ceilometer-central op stop timeout=100s - pcs resource update openstack-ceilometer-collector op start timeout=100s - pcs resource update openstack-ceilometer-collector op stop timeout=100s - pcs resource update openstack-ceilometer-notification op start timeout=100s - pcs resource update openstack-ceilometer-notification op stop timeout=100s - pcs resource update openstack-cinder-api op start timeout=100s - pcs resource update openstack-cinder-api op stop timeout=100s - pcs resource update openstack-cinder-scheduler op start timeout=100s - pcs resource update openstack-cinder-scheduler op stop timeout=100s - pcs resource update openstack-cinder-volume op start timeout=100s - pcs resource update openstack-cinder-volume op stop timeout=100s - pcs resource update openstack-glance-api op start timeout=100s - pcs resource update openstack-glance-api op stop timeout=100s - pcs resource update openstack-glance-registry op start timeout=100s - pcs resource update openstack-glance-registry op stop timeout=100s - pcs resource update openstack-heat-api op start timeout=100s - pcs resource update openstack-heat-api op stop timeout=100s - pcs resource update openstack-heat-api-cfn op start timeout=100s - pcs resource update openstack-heat-api-cfn op stop timeout=100s - pcs resource update openstack-heat-api-cloudwatch op start timeout=100s - pcs resource update openstack-heat-api-cloudwatch op stop timeout=100s - pcs resource update openstack-heat-engine op start timeout=100s - pcs resource update openstack-heat-engine op stop timeout=100s - pcs resource update openstack-keystone op start timeout=100s - pcs resource update openstack-keystone op stop timeout=100s - pcs resource update openstack-nova-api op start timeout=100s - pcs resource update openstack-nova-api op stop timeout=100s - pcs resource update openstack-nova-conductor op start timeout=100s - pcs resource update openstack-nova-conductor op stop timeout=100s - pcs resource update openstack-nova-consoleauth op start timeout=100s - pcs resource update openstack-nova-consoleauth op stop timeout=100s - pcs resource update openstack-nova-novncproxy op start timeout=100s - pcs resource update openstack-nova-novncproxy op stop timeout=100s - pcs resource update openstack-nova-scheduler op start timeout=100s - pcs resource update openstack-nova-scheduler op stop timeout=100s + echo "Applying new Pacemaker config" + pcs cluster cib-push $pacemaker_dumpfile echo "Pacemaker running, stopping cluster node and doing full package update" node_count=$(pcs status xml | grep -o "<nodes_configured.*/>" | grep -o 'number="[0-9]*"' | grep -o "[0-9]*") @@ -153,6 +138,13 @@ if [[ "$pacemaker_status" == "active" ]] ; then else pcs cluster stop fi + + # clean leftover keepalived and radvd instances from neutron + # (can be removed when we remove neutron-netns-cleanup from cluster services) + # see https://review.gerrithub.io/#/c/248931/1/neutron-netns-cleanup.init + killall neutron-keepalived-state-change 2>/dev/null || : + kill $(ps ax | grep -e "keepalived.*\.pid-vrrp" | awk '{print $1}') 2>/dev/null || : + kill $(ps ax | grep -e "radvd.*\.pid\.radvd" | awk '{print $1}') 2>/dev/null || : else echo "Excluding upgrading packages that are handled by config management tooling" command_arguments="$command_arguments --skip-broken" @@ -185,6 +177,17 @@ if [[ "$pacemaker_status" == "active" ]] ; then exit 1 fi done + + tstart=$(date +%s) + while ! clustercheck; do + sleep 5 + tnow=$(date +%s) + if (( tnow-tstart > galera_sync_timeout )) ; then + echo "ERROR galera sync timed out" + exit 1 + fi + done + pcs status else diff --git a/net-config-linux-bridge.yaml b/net-config-linux-bridge.yaml new file mode 100644 index 00000000..0646ffab --- /dev/null +++ b/net-config-linux-bridge.yaml @@ -0,0 +1,73 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config for a simple bridge. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + default: '192.0.2.1' + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + default: '169.254.169.254/32' + + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: linux_bridge + name: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: ControlPlaneIp} + members: + - + type: interface + name: {get_input: interface_name} + # force the MAC address of the bridge to this interface + primary: true + routes: + - + ip_netmask: 0.0.0.0/0 + next_hop: {get_param: ControlPlaneDefaultRoute} + default: true + - + ip_netmask: {get_param: EC2MetadataIp} + next_hop: {get_param: ControlPlaneDefaultRoute} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/config/bond-with-vlans/README.md b/network/config/bond-with-vlans/README.md index 1679df3c..98879b4f 100644 --- a/network/config/bond-with-vlans/README.md +++ b/network/config/bond-with-vlans/README.md @@ -1,6 +1,12 @@ This directory contains Heat templates to help configure Vlans on a bonded pair of NICs for each Overcloud role. +There are two versions of the controller role template, one with +an external network interface, and another without. If the +external network interface is not configured the ctlplane address +ranges will be used for external (public) network traffic. + + Configuration ------------- @@ -13,3 +19,9 @@ something like this: OS::TripleO::Controller::Net::SoftwareConfig: network/config/bond-with-vlans/controller.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: network/config/bond-with-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: network/config/bond-with-vlans/ceph-storage.yaml + +Configuration with no External Network +-------------------------------------- +Same as above except set the following value for the controller role: + + OS::TripleO::Controller::Net::SoftwareConfig: network/config/bond-with-vlans/controller-no-external.yaml diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml new file mode 100644 index 00000000..22579e8f --- /dev/null +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -0,0 +1,114 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config with 2 bonded nics on a bridge + with VLANs attached for the controller role. + +parameters: + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + BondInterfaceOvsOptions: + default: '' + description: The ovs_options string for the bond interface. Set things like + lacp=active and/or bond_mode=balance-slb using this option. + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: ovs_bridge + name: {get_input: bridge_name} + members: + - + type: ovs_bond + name: bond1 + ovs_options: {get_param: BondInterfaceOvsOptions} + members: + - + type: interface + name: nic2 + primary: true + - + type: interface + name: nic3 + - + type: vlan + device: bond1 + vlan_id: {get_param: InternalApiNetworkVlanID} + addresses: + - + ip_netmask: {get_param: InternalApiIpSubnet} + - + type: vlan + device: bond1 + vlan_id: {get_param: StorageNetworkVlanID} + addresses: + - + ip_netmask: {get_param: StorageIpSubnet} + - + type: vlan + device: bond1 + vlan_id: {get_param: StorageMgmtNetworkVlanID} + addresses: + - + ip_netmask: {get_param: StorageMgmtIpSubnet} + - + type: vlan + device: bond1 + vlan_id: {get_param: TenantNetworkVlanID} + addresses: + - + ip_netmask: {get_param: TenantIpSubnet} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml index a0508583..7d650f4b 100644 --- a/network/config/multiple-nics/ceph-storage.yaml +++ b/network/config/multiple-nics/ceph-storage.yaml @@ -92,6 +92,9 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} - type: interface name: nic2 diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml index c84586bb..fdb6c9d8 100644 --- a/network/config/multiple-nics/cinder-storage.yaml +++ b/network/config/multiple-nics/cinder-storage.yaml @@ -92,6 +92,9 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} - type: interface name: nic2 diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index 70a18081..0032a287 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -80,6 +80,9 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} - type: interface name: nic2 diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml index 25ac75f2..00e4f353 100644 --- a/network/config/multiple-nics/swift-storage.yaml +++ b/network/config/multiple-nics/swift-storage.yaml @@ -92,6 +92,9 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} - type: interface name: nic2 diff --git a/network/config/single-nic-vlans/README.md b/network/config/single-nic-vlans/README.md index e3e16574..6f128650 100644 --- a/network/config/single-nic-vlans/README.md +++ b/network/config/single-nic-vlans/README.md @@ -1,6 +1,11 @@ This directory contains Heat templates to help configure Vlans on a single NICs for each Overcloud role. +There are two versions of the controller role template, one with +an external network interface, and another without. If the +external network interface is not configured the ctlplane address +ranges will be used for external (public) network traffic. + Configuration ------------- @@ -17,3 +22,10 @@ something like this: Or use this Heat environment file: environments/net-single-nic-with-vlans.yaml + + +Configuration with no External Network +-------------------------------------- +Same as above except set the following value for the controller role: + + OS::TripleO::Controller::Net::SoftwareConfig: network/config/single-nic-vlans/controller-no-external.yaml diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml new file mode 100644 index 00000000..faf9e9c2 --- /dev/null +++ b/network/config/single-nic-vlans/controller-no-external.yaml @@ -0,0 +1,99 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config to configure VLANs for the + controller role. No external IP is configured. + +parameters: + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: ovs_bridge + name: {get_input: bridge_name} + use_dhcp: true + members: + - + type: interface + name: nic1 + # force the MAC address of the bridge to this interface + primary: true + - + type: vlan + vlan_id: {get_param: InternalApiNetworkVlanID} + addresses: + - + ip_netmask: {get_param: InternalApiIpSubnet} + - + type: vlan + vlan_id: {get_param: StorageNetworkVlanID} + addresses: + - + ip_netmask: {get_param: StorageIpSubnet} + - + type: vlan + vlan_id: {get_param: StorageMgmtNetworkVlanID} + addresses: + - + ip_netmask: {get_param: StorageMgmtIpSubnet} + - + type: vlan + vlan_id: {get_param: TenantNetworkVlanID} + addresses: + - + ip_netmask: {get_param: TenantIpSubnet} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/endpoints/endpoint.yaml b/network/endpoints/endpoint.yaml index 8ffd6c4b..6246cfdd 100644 --- a/network/endpoints/endpoint.yaml +++ b/network/endpoints/endpoint.yaml @@ -19,6 +19,10 @@ parameters: type: string default: '' description: A suffix attached to the URL + CloudName: + type: string + default: '' + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org outputs: endpoint: @@ -28,10 +32,11 @@ outputs: value: port: {get_param: [EndpointMap, {get_param: EndpointName }, port] } protocol: {get_param: [EndpointMap, {get_param: EndpointName }, protocol] } + ip: {get_param: IP} host: str_replace: template: {get_param: [EndpointMap, {get_param: EndpointName }, host]} - params: {IP_ADDRESS: {get_param: IP} } + params: {IP_ADDRESS: {get_param: IP}, CLOUDNAME: {get_param: CloudName}} uri: list_join: - '' @@ -39,7 +44,7 @@ outputs: - '://' - str_replace: template: {get_param: [EndpointMap, {get_param: EndpointName }, host]} - params: {IP_ADDRESS: {get_param: IP} } + params: {IP_ADDRESS: {get_param: IP}, CLOUDNAME: {get_param: CloudName }} - ':' - {get_param: [EndpointMap, {get_param: EndpointName }, port] } - {get_param: UriSuffix } @@ -50,6 +55,6 @@ outputs: - '://' - str_replace: template: {get_param: [EndpointMap, {get_param: EndpointName }, host]} - params: {IP_ADDRESS: {get_param: IP} } + params: {IP_ADDRESS: {get_param: IP}, CLOUDNAME: {get_param: CloudName} } - ':' - {get_param: [EndpointMap, {get_param: EndpointName }, port] } diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 9c000c38..05214011 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -52,9 +52,13 @@ parameters: GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlancePublic: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceRegistryAdmin: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + GlanceRegistryPublic: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} HeatPublic: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HorizonPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'} KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} KeystonePublic: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} @@ -72,6 +76,10 @@ parameters: SwiftPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. + CloudName: + type: string + default: '' + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org resources: @@ -80,18 +88,21 @@ resources: properties: EndpointName: CeilometerInternal EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: CeilometerApiVirtualIP} CeilometerPublic: type: OS::TripleO::Endpoint properties: EndpointName: CeilometerPublic EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: PublicVirtualIP} CeilometerAdmin: type: OS::TripleO::Endpoint properties: EndpointName: CeilometerAdmin EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: CeilometerApiVirtualIP} CinderInternal: @@ -99,6 +110,7 @@ resources: properties: EndpointName: CinderInternal EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: CinderApiVirtualIP} UriSuffix: '/v1/%(tenant_id)s' CinderPublic: @@ -106,6 +118,7 @@ resources: properties: EndpointName: CinderPublic EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: PublicVirtualIP} UriSuffix: '/v1/%(tenant_id)s' CinderAdmin: @@ -113,6 +126,7 @@ resources: properties: EndpointName: CinderAdmin EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: CinderApiVirtualIP} UriSuffix: '/v1/%(tenant_id)s' @@ -121,6 +135,7 @@ resources: properties: EndpointName: CinderInternal EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: CinderApiVirtualIP} UriSuffix: '/v2/%(tenant_id)s' CinderV2Public: @@ -128,6 +143,7 @@ resources: properties: EndpointName: CinderPublic EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: PublicVirtualIP} UriSuffix: '/v2/%(tenant_id)s' CinderV2Admin: @@ -135,6 +151,7 @@ resources: properties: EndpointName: CinderAdmin EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: CinderApiVirtualIP} UriSuffix: '/v2/%(tenant_id)s' @@ -143,19 +160,40 @@ resources: properties: EndpointName: GlanceInternal EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: GlanceApiVirtualIP} GlancePublic: type: OS::TripleO::Endpoint properties: EndpointName: GlancePublic EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: PublicVirtualIP} GlanceAdmin: type: OS::TripleO::Endpoint properties: EndpointName: GlanceAdmin EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} IP: {get_param: GlanceApiVirtualIP} + GlanceRegistryInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlanceInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: GlanceRegistryVirtualIP} + GlanceRegistryPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlancePublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + GlanceRegistryAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlanceAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: GlanceRegistryVirtualIP} HeatInternal: type: OS::TripleO::Endpoint @@ -163,6 +201,7 @@ resources: EndpointName: HeatInternal EndpointMap: { get_param: EndpointMap } IP: {get_param: HeatApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v1/%(tenant_id)s' HeatPublic: type: OS::TripleO::Endpoint @@ -170,6 +209,7 @@ resources: EndpointName: HeatPublic EndpointMap: { get_param: EndpointMap } IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v1/%(tenant_id)s' HeatAdmin: type: OS::TripleO::Endpoint @@ -177,14 +217,25 @@ resources: EndpointName: HeatAdmin EndpointMap: { get_param: EndpointMap } IP: {get_param: HeatApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v1/%(tenant_id)s' + HorizonPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: HeatPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/dashboard' + KeystoneInternal: type: OS::TripleO::Endpoint properties: EndpointName: KeystoneInternal EndpointMap: { get_param: EndpointMap } IP: {get_param: KeystonePublicApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v2.0' KeystonePublic: type: OS::TripleO::Endpoint @@ -192,6 +243,7 @@ resources: EndpointName: KeystonePublic EndpointMap: { get_param: EndpointMap } IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v2.0' KeystoneAdmin: type: OS::TripleO::Endpoint @@ -199,6 +251,7 @@ resources: EndpointName: KeystoneAdmin EndpointMap: { get_param: EndpointMap } IP: {get_param: KeystoneAdminApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v2.0' KeystoneEC2: type: OS::TripleO::Endpoint @@ -206,6 +259,7 @@ resources: EndpointName: KeystoneInternal EndpointMap: { get_param: EndpointMap } IP: {get_param: KeystonePublicApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v2.0/ec2tokens' NeutronInternal: @@ -214,18 +268,21 @@ resources: EndpointName: NeutronInternal EndpointMap: { get_param: EndpointMap } IP: {get_param: NeutronApiVirtualIP} + CloudName: {get_param: CloudName} NeutronPublic: type: OS::TripleO::Endpoint properties: EndpointName: NeutronPublic EndpointMap: { get_param: EndpointMap } IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} NeutronAdmin: type: OS::TripleO::Endpoint properties: EndpointName: NeutronAdmin EndpointMap: { get_param: EndpointMap } IP: {get_param: NeutronApiVirtualIP} + CloudName: {get_param: CloudName} NovaInternal: type: OS::TripleO::Endpoint @@ -233,6 +290,7 @@ resources: EndpointName: NovaInternal EndpointMap: { get_param: EndpointMap } IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v2/%(tenant_id)s' NovaPublic: type: OS::TripleO::Endpoint @@ -240,6 +298,7 @@ resources: EndpointName: NovaPublic EndpointMap: { get_param: EndpointMap } IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v2/%(tenant_id)s' NovaAdmin: type: OS::TripleO::Endpoint @@ -247,6 +306,7 @@ resources: EndpointName: NovaAdmin EndpointMap: { get_param: EndpointMap } IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v2/%(tenant_id)s' NovaV3Internal: type: OS::TripleO::Endpoint @@ -254,6 +314,7 @@ resources: EndpointName: NovaInternal EndpointMap: { get_param: EndpointMap } IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v3' NovaV3Public: type: OS::TripleO::Endpoint @@ -261,6 +322,7 @@ resources: EndpointName: NovaPublic EndpointMap: { get_param: EndpointMap } IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v3' NovaV3Admin: type: OS::TripleO::Endpoint @@ -268,6 +330,7 @@ resources: EndpointName: NovaAdmin EndpointMap: { get_param: EndpointMap } IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v3' NovaEC2Internal: @@ -276,6 +339,7 @@ resources: EndpointName: NovaEC2Internal EndpointMap: { get_param: EndpointMap } IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/services/Cloud' NovaEC2Public: type: OS::TripleO::Endpoint @@ -283,6 +347,7 @@ resources: EndpointName: NovaEC2Public EndpointMap: { get_param: EndpointMap } IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/services/Cloud' NovaEC2Admin: type: OS::TripleO::Endpoint @@ -290,6 +355,7 @@ resources: EndpointName: NovaEC2Admin EndpointMap: { get_param: EndpointMap } IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/services/Admin' SwiftInternal: @@ -298,6 +364,7 @@ resources: EndpointName: SwiftInternal EndpointMap: { get_param: EndpointMap } IP: {get_param: SwiftProxyVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v1/AUTH_%(tenant_id)s' SwiftPublic: type: OS::TripleO::Endpoint @@ -305,6 +372,7 @@ resources: EndpointName: SwiftPublic EndpointMap: { get_param: EndpointMap } IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} UriSuffix: '/v1/AUTH_%(tenant_id)s' SwiftAdmin: type: OS::TripleO::Endpoint @@ -312,6 +380,7 @@ resources: EndpointName: SwiftAdmin EndpointMap: { get_param: EndpointMap } IP: {get_param: SwiftProxyVirtualIP} + CloudName: {get_param: CloudName} # No Suffix for the Admin interface SwiftS3Internal: type: OS::TripleO::Endpoint @@ -319,18 +388,21 @@ resources: EndpointName: SwiftInternal EndpointMap: { get_param: EndpointMap } IP: {get_param: SwiftProxyVirtualIP} + CloudName: {get_param: CloudName} SwiftS3Public: type: OS::TripleO::Endpoint properties: EndpointName: SwiftPublic EndpointMap: { get_param: EndpointMap } IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} SwiftS3Admin: type: OS::TripleO::Endpoint properties: EndpointName: SwiftAdmin EndpointMap: { get_param: EndpointMap } IP: {get_param: SwiftProxyVirtualIP} + CloudName: {get_param: CloudName} outputs: endpoint_map: @@ -347,9 +419,13 @@ outputs: GlanceInternal: {get_attr: [ GlanceInternal, endpoint] } GlancePublic: {get_attr: [ GlancePublic, endpoint] } GlanceAdmin: {get_attr: [ GlanceAdmin, endpoint] } + GlanceRegistryInternal: {get_attr: [ GlanceRegistryInternal, endpoint] } + GlanceRegistryPublic: {get_attr: [ GlanceRegistryPublic, endpoint] } + GlanceRegistryAdmin: {get_attr: [ GlanceRegistryAdmin, endpoint] } HeatInternal: {get_attr: [ HeatInternal, endpoint] } HeatPublic: {get_attr: [ HeatPublic, endpoint] } HeatAdmin: {get_attr: [ HeatAdmin, endpoint] } + HorizonPublic: {get_attr: [ HorizonPublic, endpoint] } KeystoneInternal: {get_attr: [ KeystoneInternal, endpoint] } KeystonePublic: {get_attr: [ KeystonePublic, endpoint] } KeystoneAdmin: {get_attr: [ KeystoneAdmin, endpoint] } diff --git a/network/ports/ctlplane_vip.yaml b/network/ports/ctlplane_vip.yaml index 0d2945bc..3e949f41 100644 --- a/network/ports/ctlplane_vip.yaml +++ b/network/ports/ctlplane_vip.yaml @@ -15,6 +15,7 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string ControlPlaneNetwork: description: The name of the undercloud Neutron control plane diff --git a/network/ports/external.yaml b/network/ports/external.yaml index 63e3eeb3..1e2fff68 100644 --- a/network/ports/external.yaml +++ b/network/ports/external.yaml @@ -15,6 +15,7 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml description: The name of the undercloud Neutron control plane diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml index 711ee17c..d528b327 100644 --- a/network/ports/internal_api.yaml +++ b/network/ports/internal_api.yaml @@ -14,6 +14,7 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string FixedIPs: description: > diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml new file mode 100644 index 00000000..36426b32 --- /dev/null +++ b/network/ports/net_vip_map_external.yaml @@ -0,0 +1,50 @@ +heat_template_version: 2015-04-30 + +parameters: + # Set these via parameter defaults to configure external VIPs + ControlNetworkVip: + default: '' + type: string + ExternalNetworkVip: + default: '' + type: string + InternalApiNetworkVip: + default: '' + type: string + StorageNetworkVip: + default: '' + type: string + StorageMgmtNetworkVip: + default: '' + type: string + # The following are unused in this template + ControlPlaneIp: + default: '' + type: string + ExternalIp: + default: '' + type: string + InternalApiIp: + default: '' + type: string + StorageIp: + default: '' + type: string + StorageMgmtIp: + default: '' + type: string + TenantIp: + default: '' + type: string + +outputs: + net_ip_map: + description: > + A Hash containing a mapping of network names to assigned IPs + for a specific machine. + value: + ctlplane: {get_param: ControlNetworkVip} + external: {get_param: ExternalNetworkVip} + internal_api: {get_param: InternalApiNetworkVip} + storage: {get_param: StorageNetworkVip} + storage_mgmt: {get_param: StorageMgmtNetworkVip} diff --git a/network/ports/storage.yaml b/network/ports/storage.yaml index e013619c..88fb537c 100644 --- a/network/ports/storage.yaml +++ b/network/ports/storage.yaml @@ -14,6 +14,7 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string FixedIPs: description: > @@ -46,4 +47,3 @@ outputs: - '/' - {get_attr: [StoragePort, subnets, 0, cidr, -2]} - {get_attr: [StoragePort, subnets, 0, cidr, -1]} - diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml index 76afae01..c98a21ef 100644 --- a/network/ports/storage_mgmt.yaml +++ b/network/ports/storage_mgmt.yaml @@ -14,6 +14,7 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string FixedIPs: description: > diff --git a/network/ports/tenant.yaml b/network/ports/tenant.yaml index 6e8ad482..94408ca2 100644 --- a/network/ports/tenant.yaml +++ b/network/ports/tenant.yaml @@ -14,6 +14,7 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string FixedIPs: description: > diff --git a/network/ports/vip.yaml b/network/ports/vip.yaml index 299579dc..56efc178 100644 --- a/network/ports/vip.yaml +++ b/network/ports/vip.yaml @@ -15,6 +15,7 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string ControlPlaneNetwork: description: The name of the undercloud Neutron control plane diff --git a/os-apply-config/compute.yaml b/os-apply-config/compute.yaml index ee55c587..c829248b 100644 --- a/os-apply-config/compute.yaml +++ b/os-apply-config/compute.yaml @@ -125,6 +125,11 @@ parameters: NeutronEnableTunnelling: type: string default: "True" + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" NeutronFlatNetworks: type: string default: 'datacentre' @@ -404,6 +409,7 @@ resources: vni_ranges: {get_input: neutron_vni_ranges} bridge_mappings: {get_input: neutron_bridge_mappings} enable_tunneling: {get_input: neutron_enable_tunneling} + l2_population: {get_input: neutron_enable_l2pop} physical_bridge: {get_input: neutron_physical_bridge} public_interface: {get_input: neutron_public_interface} public_interface_raw_device: {get_input: neutron_public_interface_raw_device} @@ -463,6 +469,7 @@ resources: neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} neutron_bridge_mappings: {get_param: NeutronBridgeMappings} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} neutron_physical_bridge: {get_param: NeutronPhysicalBridge} neutron_public_interface: {get_param: NeutronPublicInterface} neutron_password: {get_param: NeutronPassword} diff --git a/os-apply-config/controller.yaml b/os-apply-config/controller.yaml index 09ea49b8..aed2367c 100644 --- a/os-apply-config/controller.yaml +++ b/os-apply-config/controller.yaml @@ -355,9 +355,18 @@ parameters: type: number default: 3 description: The number of neutron dhcp agents to schedule per network + NeutronEnableIsolatedMetadata: + default: 'False' + description: If True, DHCP provide metadata route to VM. + type: string NeutronEnableTunnelling: type: string default: "True" + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" NeutronFlatNetworks: type: string default: 'datacentre' @@ -549,6 +558,9 @@ parameters: NeutronApiVirtualIP: type: string default: '' + NovaApiVirtualIP: + type: string + default: '' ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -720,8 +732,10 @@ resources: allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} l3_ha: {get_input: neutron_l3_ha} dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network} + enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata} ovs: enable_tunneling: {get_input: neutron_enable_tunneling} + l2_population: {get_input: neutron_enable_l2pop} local_ip: {get_input: controller_host} network_vlan_ranges: {get_input: neutron_network_vlan_ranges} bridge_mappings: {get_input: neutron_bridge_mappings} @@ -881,6 +895,8 @@ resources: controller_host: {get_attr: [Controller, networks, ctlplane, 0]} controller_virtual_ip: {get_param: VirtualIP} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} + neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} heat.watch_server_url: list_join: - '' diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 4cfed6b4..c072c292 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -33,6 +33,8 @@ resource_registry: # NodeExtraConfig == All nodes configuration pre service deployment # NodeExtraConfigPost == All nodes configuration post service deployment OS::TripleO::NodeUserData: firstboot/userdata_default.yaml + OS::TripleO::NodeTLSCAData: puppet/extraconfig/tls/no-ca.yaml + OS::TripleO::NodeTLSData: puppet/extraconfig/tls/no-tls.yaml OS::TripleO::ControllerExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::ComputeExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::CephStorageExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml @@ -56,6 +58,7 @@ resource_registry: OS::TripleO::Network::Storage: network/noop.yaml OS::TripleO::Network::Tenant: network/noop.yaml + OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpSubnetMap: network/ports/net_ip_subnet_map.yaml OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml diff --git a/overcloud-resource-registry.yaml b/overcloud-resource-registry.yaml index ed02551b..11a33599 100644 --- a/overcloud-resource-registry.yaml +++ b/overcloud-resource-registry.yaml @@ -39,6 +39,7 @@ resource_registry: OS::TripleO::Network::Storage: network/noop.yaml OS::TripleO::Network::Tenant: network/noop.yaml + OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpSubnetMap: network/ports/net_ip_subnet_map.yaml OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index 50589b7b..67636182 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -115,9 +115,18 @@ parameters: default: 'ctlplane' type: string description: Neutron ID or name for ctlplane network. + NeutronEnableIsolatedMetadata: + default: 'False' + description: If True, DHCP provide metadata route to VM. + type: string NeutronEnableTunnelling: type: string default: "True" + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" NeutronFlatNetworks: type: string default: 'datacentre' @@ -274,6 +283,12 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true + CloudDomain: + default: 'localdomain' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. # Controller-specific params AdminToken: @@ -448,6 +463,14 @@ parameters: type: string constraints: - allowed_values: [ 'basic', 'cadf' ] + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the ones. + type: boolean MysqlInnodbBufferPoolSize: description: > Specifies the size of the buffer pool in megabytes. Setting to @@ -481,20 +504,6 @@ parameters: Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string - SSLCertificate: - default: '' - description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. - type: string - hidden: true - SSLKey: - default: '' - description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. - type: string - hidden: true - SSLCACertificate: - default: '' - description: If set, the contents of an SSL certificate authority file. - type: string SwiftHashSuffix: default: unset description: A random string to be used as a salt when hashing to determine mappings in the ring. @@ -562,6 +571,10 @@ parameters: NovaComputeLibvirtType: default: '' type: string + NovaComputeLibvirtVifDriver: + default: '' + description: Libvirt VIF driver configuration for the network + type: string NovaEnableRbdBackend: default: false description: Whether to enable or not the Rbd backend for Nova @@ -571,6 +584,14 @@ parameters: default: overcloud-compute constraints: - custom_constraint: glance.image + NovaOVSBridge: + default: 'br-int' + description: Name of integration bridge used by Open vSwitch + type: string + NovaSecurityGroupAPI: + default: 'neutron' + description: The full class name of the security API class + type: string OvercloudComputeFlavor: description: Use this flavor type: string @@ -761,6 +782,7 @@ resources: EndpointMap: type: OS::TripleO::EndpointMap properties: + CloudName: {get_param: CloudName} CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} @@ -797,10 +819,13 @@ resources: CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} CloudName: {get_param: CloudName} + CloudDomain: {get_param: CloudDomain} ControlVirtualInterface: {get_param: ControlVirtualInterface} ControllerExtraConfig: {get_param: controllerExtraConfig} Debug: {get_param: Debug} EnableFencing: {get_param: EnableFencing} + ManageFirewall: {get_param: ManageFirewall} + PurgeFirewallRules: {get_param: PurgeFirewallRules} EnableGalera: {get_param: EnableGalera} EnableCephStorage: {get_param: ControllerEnableCephStorage} EnableSwiftStorage: {get_param: ControllerEnableSwiftStorage} @@ -835,7 +860,9 @@ resources: NeutronFlatNetworks: {get_param: NeutronFlatNetworks} NeutronBridgeMappings: {get_param: NeutronBridgeMappings} NeutronExternalNetworkBridge: {get_param: NeutronExternalNetworkBridge} + NeutronEnableIsolatedMetadata: {get_param: NeutronEnableIsolatedMetadata} NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} + NeutronEnableL2Pop: {get_param: NeutronEnableL2Pop} NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges} NeutronPublicInterface: {get_param: NeutronPublicInterface} NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute} @@ -868,17 +895,14 @@ resources: SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} - SSLCertificate: {get_param: SSLCertificate} - SSLKey: {get_param: SSLKey} - SSLCACertificate: {get_param: SSLCACertificate} SwiftHashSuffix: {get_param: SwiftHashSuffix} SwiftMountCheck: {get_param: SwiftMountCheck} SwiftMinPartHours: {get_param: SwiftMinPartHours} SwiftPartPower: {get_param: SwiftPartPower} SwiftPassword: {get_param: SwiftPassword} SwiftReplicas: { get_param: SwiftReplicas} - VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} # deprecated. Use per service VIP settings instead now. - PublicVirtualIP: {get_attr: [PublicVirtualIP, ip_address]} + VirtualIP: {get_attr: [VipMap, net_ip_map, ctlplane]} # deprecated. Use per service VIP settings instead now. + PublicVirtualIP: {get_attr: [VipMap, net_ip_map, external]} ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} @@ -892,12 +916,14 @@ resources: KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} + NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} UpdateIdentifier: {get_param: UpdateIdentifier} Hostname: str_replace: template: {get_param: ControllerHostnameFormat} params: '%stackname%': {get_param: 'OS::stack_name'} + NodeIndex: '%index%' Compute: type: OS::Heat::ResourceGroup @@ -925,6 +951,7 @@ resources: KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} NeutronBridgeMappings: {get_param: NeutronBridgeMappings} NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} + NeutronEnableL2Pop : {get_param: NeutronEnableL2Pop} NeutronFlatNetworks: {get_param: NeutronFlatNetworks} NeutronHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} NeutronNetworkType: {get_param: NeutronNetworkType} @@ -948,9 +975,12 @@ resources: NovaComputeDriver: {get_param: NovaComputeDriver} NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig} NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType} + NovaComputeLibvirtVifDriver: {get_param: NovaComputeLibvirtVifDriver} NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend} - NovaPublicIP: {get_attr: [PublicVirtualIP, ip_address]} + NovaPublicIP: {get_attr: [VipMap, net_ip_map, external]} NovaPassword: {get_param: NovaPassword} + NovaOVSBridge: {get_param: NovaOVSBridge} + NovaSecurityGroupAPI: {get_param: NovaSecurityGroupAPI} NtpServer: {get_param: NtpServer} RabbitHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} RabbitPassword: {get_param: RabbitPassword} @@ -967,6 +997,7 @@ resources: template: {get_param: ComputeHostnameFormat} params: '%stackname%': {get_param: 'OS::stack_name'} + CloudDomain: {get_param: CloudDomain} BlockStorage: type: OS::Heat::ResourceGroup @@ -986,7 +1017,7 @@ resources: CinderPassword: {get_param: CinderPassword} KeyName: {get_param: KeyName} Flavor: {get_param: OvercloudBlockStorageFlavor} - VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + VirtualIP: {get_attr: [VipMap, net_ip_map, ctlplane]} GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} RabbitPassword: {get_param: RabbitPassword} RabbitUserName: {get_param: RabbitUserName} @@ -1004,6 +1035,7 @@ resources: MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} ExtraConfig: {get_param: ExtraConfig} BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig} + CloudDomain: {get_param: CloudDomain} ObjectStorage: type: OS::Heat::ResourceGroup @@ -1032,6 +1064,7 @@ resources: '%stackname%': {get_param: 'OS::stack_name'} ExtraConfig: {get_param: ExtraConfig} ObjectStorageExtraConfig: {get_param: ObjectStorageExtraConfig} + CloudDomain: {get_param: CloudDomain} CephStorage: type: OS::Heat::ResourceGroup @@ -1055,6 +1088,7 @@ resources: '%stackname%': {get_param: 'OS::stack_name'} ExtraConfig: {get_param: ExtraConfig} CephStorageExtraConfig: {get_param: CephStorageExtraConfig} + CloudDomain: {get_param: CloudDomain} ControllerIpListMap: type: OS::TripleO::Network::Ports::NetIpListMap @@ -1164,7 +1198,7 @@ resources: PortName: storage_management_virtual_ip VipMap: - type: OS::TripleO::Network::Ports::NetIpMap + type: OS::TripleO::Network::Ports::NetVipMap properties: ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} @@ -1199,11 +1233,11 @@ resources: mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} # direct configuration of Virtual IPs for each network - control_virtual_ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - public_virtual_ip: {get_attr: [PublicVirtualIP, ip_address]} - internal_api_virtual_ip: {get_attr: [InternalApiVirtualIP, ip_address]} - storage_virtual_ip: {get_attr: [StorageVirtualIP, ip_address]} - storage_mgmt_virtual_ip: {get_attr: [StorageMgmtVirtualIP, ip_address]} + control_virtual_ip: {get_attr: [VipMap, net_ip_map, ctlplane]} + public_virtual_ip: {get_attr: [VipMap, net_ip_map, external]} + internal_api_virtual_ip: {get_attr: [VipMap, net_ip_map, internal_api]} + storage_virtual_ip: {get_attr: [VipMap, net_ip_map, storage]} + storage_mgmt_virtual_ip: {get_attr: [VipMap, net_ip_map, storage_mgmt]} ControllerBootstrapNodeConfig: type: OS::TripleO::BootstrapNode::SoftwareConfig @@ -1437,7 +1471,7 @@ outputs: value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} PublicVip: description: Controller VIP for public API endpoints - value: {get_attr: [PublicVirtualIP, ip_address]} + value: {get_attr: [VipMap, net_ip_map, external]} CeilometerInternalVip: description: VIP for Ceilometer API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 0d968504..1dc20a50 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -54,6 +54,17 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + CloudDomain: + default: '' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. resources: @@ -126,6 +137,7 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: CephStorage} + actions: {get_param: NetworkDeploymentActions} CephStorageDeployment: type: OS::Heat::StructuredDeployment @@ -171,6 +183,13 @@ resources: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: CephStorageDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: CephStorage} + # Hook for site-specific additional pre-deployment config, e.g extra hieradata CephStorageExtraConfigPre: depends_on: CephStorageDeployment @@ -181,7 +200,7 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: CephStorageExtraConfigPre + depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: CephStorage} @@ -202,9 +221,10 @@ outputs: hosts_entry: value: str_replace: - template: "IP HOST.localdomain HOST" + template: "IP HOST.DOMAIN HOST" params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} HOST: {get_attr: [CephStorage, name]} nova_server_resource: description: Heat resource handle for the ceph storage server @@ -222,5 +242,6 @@ outputs: list_join: - ',' - - {get_attr: [CephStorageDeployment, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} - {get_attr: [CephStorageExtraConfigPre, deploy_stdout]} - {get_param: UpdateIdentifier} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index b536418d..f1d25e78 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -107,6 +107,18 @@ parameters: MysqlVirtualIP: type: string default: '' + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + CloudDomain: + default: '' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. + resources: BlockStorage: @@ -178,6 +190,7 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: BlockStorage} + actions: {get_param: NetworkDeploymentActions} BlockStorageDeployment: type: OS::Heat::StructuredDeployment @@ -251,10 +264,17 @@ resources: snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: BlockStorageDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: BlockStorage} + # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: BlockStorageDeployment + depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: BlockStorage} @@ -275,9 +295,10 @@ outputs: hosts_entry: value: str_replace: - template: "IP HOST.localdomain HOST" + template: "IP HOST.DOMAIN HOST" params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} HOST: {get_attr: [BlockStorage, name]} nova_server_resource: description: Heat resource handle for the block storage server @@ -298,4 +319,5 @@ outputs: list_join: - '' - - {get_attr: [BlockStorageDeployment, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} - {get_param: UpdateIdentifier} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 18547732..c33373d1 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -85,6 +85,11 @@ parameters: NeutronEnableTunnelling: type: string default: "True" + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" NeutronFlatNetworks: type: string default: 'datacentre' @@ -198,6 +203,10 @@ parameters: NovaComputeLibvirtType: type: string default: '' + NovaComputeLibvirtVifDriver: + default: '' + description: Libvirt VIF driver configuration for the network + type: string NovaEnableRbdBackend: default: false description: Whether to enable or not the Rbd backend for Nova @@ -210,6 +219,14 @@ parameters: NovaPublicIP: type: string default: '' # Has to be here because of the ignored empty value bug + NovaOVSBridge: + default: 'br-int' + description: Name of integration bridge used by Open vSwitch + type: string + NovaSecurityGroupAPI: + default: 'neutron' + description: The full class name of the security API class + type: string NtpServer: default: '' description: Comma-separated list of ntp servers @@ -268,6 +285,18 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + CloudDomain: + default: '' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. + resources: @@ -342,6 +371,7 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: NovaCompute} + actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} @@ -364,6 +394,7 @@ resources: - '"%{::osfamily}"' - common - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre + - nova_nuage_data # Optionally provided by ComputeExtraConfigPre datafiles: compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} @@ -384,12 +415,15 @@ resources: nova::rabbit_port: {get_input: rabbit_client_port} nova_compute_driver: {get_input: nova_compute_driver} nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} + nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver} nova_api_host: {get_input: nova_api_host} nova::compute::vncproxy_host: {get_input: nova_public_ip} nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} nova_password: {get_input: nova_password} nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} + nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge} + nova::network::neutron::security_group_api: {get_input: nova_security_group_api} ceilometer::debug: {get_input: debug} ceilometer::rabbit_userid: {get_input: rabbit_username} ceilometer::rabbit_password: {get_input: rabbit_password} @@ -418,6 +452,7 @@ resources: neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} neutron_bridge_mappings: {get_input: neutron_bridge_mappings} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} neutron_physical_bridge: {get_input: neutron_physical_bridge} neutron_public_interface: {get_input: neutron_public_interface} nova::network::neutron::neutron_admin_password: {get_input: neutron_password} @@ -447,12 +482,15 @@ resources: debug: {get_param: Debug} nova_compute_driver: {get_param: NovaComputeDriver} nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} + nova_compute_libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} nova_public_ip: {get_param: NovaPublicIP} nova_api_host: {get_param: NovaApiHost} nova_password: {get_param: NovaPassword} nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} + nova_ovs_bridge: {get_param: NovaOVSBridge} + nova_security_group_api: {get_param: NovaSecurityGroupAPI} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} ceilometer_compute_agent: {get_param: CeilometerComputeAgent} @@ -491,6 +529,7 @@ resources: - {get_param: NeutronNetworkVLANRanges} neutron_bridge_mappings: {get_param: NeutronBridgeMappings} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} neutron_physical_bridge: {get_param: NeutronPhysicalBridge} neutron_public_interface: {get_param: NeutronPublicInterface} neutron_password: {get_param: NeutronPassword} @@ -527,6 +566,13 @@ resources: enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: NovaComputeDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: NovaCompute} + # Hook for site-specific additional pre-deployment config, e.g extra hieradata ComputeExtraConfigPre: depends_on: NovaComputeDeployment @@ -537,7 +583,7 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: ComputeExtraConfigPre + depends_on: [ComputeExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: NovaCompute} @@ -575,9 +621,10 @@ outputs: Server's IP address and hostname in the /etc/hosts format value: str_replace: - template: "IP HOST.localdomain HOST" + template: "IP HOST.DOMAIN HOST" params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} HOST: {get_attr: [NovaCompute, name]} nova_server_resource: description: Heat resource handle for the Nova compute server @@ -589,5 +636,6 @@ outputs: list_join: - ',' - - {get_attr: [NovaComputeDeployment, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} - {get_attr: [ComputeExtraConfigPre, deploy_stdout]} - {get_param: UpdateIdentifier} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index ae2b66e3..244c91ef 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -106,6 +106,10 @@ parameters: default: true description: Whether to use Galera instead of regular MariaDB. type: boolean + EnableLoadBalancer: + default: true + description: Whether to deploy a LoadBalancer on the Controller + type: boolean EnableCephStorage: default: false description: Whether to deploy Ceph Storage (OSD) on the Controller @@ -278,6 +282,14 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the new ones. + type: boolean MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -318,6 +330,22 @@ parameters: default: 'dhcp-option-force=26,1400' description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. type: string + NeutronEnableDHCPAgent: + description: Knob to enable/disable DHCP Agent + type: boolean + default: true + NeutronEnableL3Agent: + description: Knob to enable/disable L3 agent + type: boolean + default: true + NeutronEnableMetadataAgent: + description: Knob to enable/disable Metadata agent + type: boolean + default: true + NeutronEnableOVSAgent: + description: Knob to enable/disable OVS Agent + type: boolean + default: true NeutronAgentMode: default: 'dvr_snat' description: Agent mode for the neutron-l3-agent on the controller hosts @@ -366,9 +394,18 @@ parameters: default: 'True' description: Allow automatic l3-agent failover type: string + NeutronEnableIsolatedMetadata: + default: 'False' + description: If True, DHCP provide metadata route to VM. + type: string NeutronEnableTunnelling: type: string default: "True" + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" NeutronFlatNetworks: type: string default: 'datacentre' @@ -505,20 +542,6 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true - SSLCACertificate: - default: '' - description: If set, the contents of an SSL certificate authority file. - type: string - SSLCertificate: - default: '' - description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. - type: string - hidden: true - SSLKey: - default: '' - description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. - type: string - hidden: true SwiftHashSuffix: default: unset description: A random string to be used as a salt when hashing to determine mappings @@ -597,6 +620,20 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + NodeIndex: + type: number + default: 0 + CloudDomain: + default: '' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. resources: @@ -693,10 +730,26 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: Controller} + actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: NetworkDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: Controller} + + # Hook for site-specific passing of private keys/certificates + NodeTLSData: + depends_on: NodeTLSCAData + type: OS::TripleO::NodeTLSData + properties: + server: {get_resource: Controller} + NodeIndex: {get_param: NodeIndex} + ControllerDeployment: type: OS::TripleO::SoftwareDeployment depends_on: NetworkDeployment @@ -706,6 +759,8 @@ resources: input_values: bootstack_nodeid: {get_attr: [Controller, name]} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} + neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} haproxy_log_address: {get_param: HAProxySyslogAddress} heat.watch_server_url: list_join: @@ -806,8 +861,11 @@ resources: keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} enable_galera: {get_param: EnableGalera} + enable_load_balancer: {get_param: EnableLoadBalancer} enable_ceph_storage: {get_param: EnableCephStorage} enable_swift_storage: {get_param: EnableSwiftStorage} + manage_firewall: {get_param: ManageFirewall} + purge_firewall_rules: {get_param: PurgeFirewallRules} mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} mysql_max_connections: {get_param: MysqlMaxConnections} mysql_root_password: {get_param: MysqlRootPassword} @@ -837,6 +895,10 @@ resources: list_join: - "','" - {get_param: NeutronTypeDrivers} + neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent} + neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent} + neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent} + neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent} neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron_l3_ha: {get_param: NeutronL3HA} @@ -887,6 +949,7 @@ resources: neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] } + nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} @@ -998,6 +1061,7 @@ resources: - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre + - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre datafiles: controller_extraconfig: mapped_data: {get_param: ControllerExtraConfig} @@ -1022,6 +1086,7 @@ resources: # Pacemaker enable_fencing: {get_input: enable_fencing} + enable_load_balancer: {get_input: enable_load_balancer} hacluster_pwd: {get_input: pcsd_password} tripleo::fencing::config: {get_input: fencing_config} @@ -1164,6 +1229,8 @@ resources: neutron::server::database_connection: {get_input: neutron_dsn} neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} + neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron_flat_networks: {get_input: neutron_flat_networks} neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} @@ -1172,6 +1239,10 @@ resources: neutron_router_distributed: {get_input: neutron_router_distributed} neutron::core_plugin: {get_input: neutron_core_plugin} neutron::service_plugins: {get_input: neutron_service_plugins} + neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent} + neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent} + neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent} + neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent} neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} @@ -1193,6 +1264,15 @@ resources: neutron_dsn: {get_input: neutron_dsn} neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} neutron::db::mysql::password: {get_input: neutron_password} + neutron::keystone::auth::public_url: {get_input: neutron_public_url } + neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } + neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } + neutron::keystone::auth::password: {get_input: neutron_password } + neutron::keystone::auth::region: {get_input: keystone_region} + neutron::server::notifications::nova_url: {get_input: nova_internal_url} + neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url} + neutron::server::notifications::tenant_name: 'service' + neutron::server::notifications::password: {get_input: nova_password} # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} @@ -1251,6 +1331,9 @@ resources: # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} + # Firewall + tripleo::firewall::manage_firewall: {get_input: manage_firewall} + tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc memcached::listen_ip: {get_input: memcached_network} neutron_public_interface_ip: {get_input: neutron_public_interface_ip} @@ -1260,6 +1343,12 @@ resources: tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} + # NOTE(jaosorior): The service certificate configuration for + # HAProxy was left commented because to properly use this, we + # need to be able to set up the keystone endpoints. And + # currently that is not possible, but is being addressed by + # other commits. A subsequent commit will uncomment this. + #tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -1273,7 +1362,7 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: ControllerExtraConfigPre + depends_on: [ControllerExtraConfigPre, NodeTLSData] type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: Controller} @@ -1324,9 +1413,10 @@ outputs: Server's IP address and hostname in the /etc/hosts format value: str_replace: - template: IP HOST.localdomain HOST CLOUDNAME + template: IP HOST.DOMAIN HOST CLOUDNAME params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} HOST: {get_attr: [Controller, name]} CLOUDNAME: {get_param: CloudName} nova_server_resource: @@ -1353,5 +1443,13 @@ outputs: list_join: - ',' - - {get_attr: [ControllerDeployment, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} + - {get_attr: [NodeTLSData, deploy_stdout]} - {get_attr: [ControllerExtraConfigPre, deploy_stdout]} - {get_param: UpdateIdentifier} + tls_key_modulus_md5: + description: MD5 checksum of the TLS Key Modulus + value: {get_attr: [NodeTLSData, key_modulus_md5]} + tls_cert_modulus_md5: + description: MD5 checksum of the TLS Certificate Modulus + value: {get_attr: [NodeTLSData, cert_modulus_md5]} diff --git a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml new file mode 100644 index 00000000..96368e37 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml @@ -0,0 +1,92 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Nuage configuration on the Compute + +parameters: + server: + description: ID of the compute node to apply this config to + type: string + + NuageActiveController: + description: IP address of the Active Virtualized Services Controller (VSC) + type: string + NuageStandbyController: + description: IP address of the Standby Virtualized Services Controller (VSC) + type: string + NuageMetadataPort: + description: TCP Port to listen for metadata server requests + type: string + default: '9697' + NuageNovaMetadataPort: + description: TCP Port used by Nova metadata server + type: string + default: '8775' + NuageMetadataProxySharedSecret: + description: Shared secret to sign the instance-id request + type: string + NuageNovaClientVersion: + description: Client Version Nova + type: string + default: '2' + NuageNovaOsUsername: + description: Nova username in keystone_authtoken + type: string + default: 'nova' + NuageMetadataAgentStartWithOvs: + description: Set to True if nuage-metadata-agent needs to be started with nuage-openvswitch-switch + type: string + default: 'True' + NuageNovaApiEndpoint: + description: One of publicURL, internalURL, adminURL in "keystone endpoint-list" + type: string + default: 'publicURL' + NuageNovaRegionName: + description: Region name in "keystone endpoint-list" + type: string + default: 'regionOne' + +# Declaration of resources for the template. +resources: + NovaNuageConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + nova_nuage_data: + mapped_data: + nuage::vrs::active_controller: {get_input: ActiveController} + nuage::vrs::standby_controller: {get_input: StandbyController} + nuage::metadataagent::metadata_port: {get_input: MetadataPort} + nuage::metadataagent::nova_metadata_port: {get_input: NovaMetadataPort} + nuage::metadataagent::metadata_secret: {get_input: SharedSecret} + nuage::metadataagent::nova_client_version: {get_input: NovaClientVersion} + nuage::metadataagent::nova_os_username: {get_input: NovaOsUsername} + nuage::metadataagent::metadata_agent_start_with_ovs: {get_input: MetadataAgentStartWithOvs} + nuage::metadataagent::nova_api_endpoint_type: {get_input: NovaApiEndpointType} + nuage::metadataagent::nova_region_name: {get_input: NovaRegionName} + + NovaNuageDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: NovaNuageConfig} + server: {get_param: server} + input_values: + ActiveController: {get_param: NuageActiveController} + StandbyController: {get_param: NuageStandbyController} + MetadataPort: {get_param: NuageMetadataPort} + NovaMetadataPort: {get_param: NuageNovaMetadataPort} + SharedSecret: {get_param: NuageMetadataProxySharedSecret} + NovaClientVersion: {get_param: NuageNovaClientVersion} + NovaOsUsername: {get_param: NuageNovaOsUsername} + MetadataAgentStartWithOvs: {get_param: NuageMetadataAgentStartWithOvs} + NovaApiEndpointType: {get_param: NuageNovaApiEndpoint} + NovaRegionName: {get_param: NuageNovaRegionName} + +# Specify output parameters that will be available +# after the template is instantiated. +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [NovaNuageDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml new file mode 100644 index 00000000..60f02bf8 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml @@ -0,0 +1,83 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Nuage configuration on the Controller + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + + # Config specific parameters, to be provided via parameter_defaults + NeutronNuageOSControllerIp: + description: IP address of the OpenStack Controller + type: string + + NeutronNuageNetPartitionName: + description: Specifies the title that you will see on the VSD + type: string + default: 'default_name' + + NeutronNuageVSDIp: + description: IP address and port of the Virtual Services Directory + type: string + + NeutronNuageVSDUsername: + description: Username to be used to log into VSD + type: string + + NeutronNuageVSDPassword: + description: Password to be used to log into VSD + type: string + + NeutronNuageVSDOrganization: + description: Organization parameter required to log into VSD + type: string + default: 'organization' + + NeutronNuageBaseURIVersion: + description: URI version to be used based on the VSD release + type: string + default: 'default_uri_version' + + NeutronNuageCMSId: + description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD + type: string + +resources: + NeutronNuageConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_nuage_data: + mapped_data: + neutron::plugins::nuage::nuage_oscontroller_ip: {get_input: NuageOSControllerIp} + neutron::plugins::nuage::nuage_net_partition_name: {get_input: NuageNetPartitionName} + neutron::plugins::nuage::nuage_vsd_ip: {get_input: NuageVSDIp} + neutron::plugins::nuage::nuage_vsd_username: {get_input: NuageVSDUsername} + neutron::plugins::nuage::nuage_vsd_password: {get_input: NuageVSDPassword} + neutron::plugins::nuage::nuage_vsd_organization: {get_input: NuageVSDOrganization} + neutron::plugins::nuage::nuage_base_uri_version: {get_input: NuageBaseURIVersion} + neutron::plugins::nuage::nuage_cms_id: {get_input: NuageCMSId} + + NeutronNuageDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: NeutronNuageConfig} + server: {get_param: server} + input_values: + NuageOSControllerIp: {get_param: NeutronNuageOSControllerIp} + NuageNetPartitionName: {get_param: NeutronNuageNetPartitionName} + NuageVSDIp: {get_param: NeutronNuageVSDIp} + NuageVSDUsername: {get_param: NeutronNuageVSDUsername} + NuageVSDPassword: {get_param: NeutronNuageVSDPassword} + NuageVSDOrganization: {get_param: NeutronNuageVSDOrganization} + NuageBaseURIVersion: {get_param: NeutronNuageBaseURIVersion} + NuageCMSId: {get_param: NeutronNuageCMSId} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [NeutronNuageDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml new file mode 100644 index 00000000..7e34f071 --- /dev/null +++ b/puppet/extraconfig/tls/ca-inject.yaml @@ -0,0 +1,66 @@ +heat_template_version: 2015-04-30 + +description: > + This is a template which will inject the trusted anchor. + +parameters: + # Can be overriden via parameter_defaults in the environment + SSLRootCertificate: + description: > + The content of a CA's SSL certificate file in PEM format. + This is evaluated on the client side. + type: string + SSLRootCertificatePath: + default: '/etc/pki/ca-trust/source/anchors/ca.crt.pem' + description: > + The filepath of the root certificate as it will be stored in the nodes. + Note that the path has to be one that can be picked up by the update + trust anchor command. e.g. in RHEL it would be + /etc/pki/ca-trust/source/anchors/ca.crt.pem + type: string + UpdateTrustAnchorsCommand: + default: update-ca-trust extract + description: > + command that will be executed to update the trust anchors. + type: string + + # Passed in by controller.yaml + server: + description: ID of the node to apply this config to + type: string + +resources: + CAConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: cacert_path + - name: cacert_content + - name: update_anchor_command + outputs: + - name: root_cert_md5sum + config: | + #!/bin/sh + cat > ${cacert_path} << EOF + ${cacert_content} + EOF + chmod 0440 ${cacert_path} + chown root:root ${cacert_path} + ${update_anchor_command} + md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum + + CADeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: CAConfig} + server: {get_param: server} + input_values: + cacert_path: {get_param: SSLRootCertificatePath} + cacert_content: {get_param: SSLRootCertificate} + update_anchor_command: {get_param: UpdateTrustAnchorsCommand} + +outputs: + deploy_stdout: + description: Deployment reference + value: {get_attr: [CADeployment, root_cert_md5sum]} diff --git a/puppet/extraconfig/tls/no-ca.yaml b/puppet/extraconfig/tls/no-ca.yaml new file mode 100644 index 00000000..5862a85c --- /dev/null +++ b/puppet/extraconfig/tls/no-ca.yaml @@ -0,0 +1,17 @@ +heat_template_version: 2015-04-30 + +description: > + This is a default no-op template which can be passed to the + OS::Nova::Server resources. This template can be replaced with + a different implementation via the resource registry, such that + deployers may customize their configuration. + +parameters: + server: # Here for compatibility with controller.yaml + description: ID of the controller node to apply this config to + type: string + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: 'Root CA cert injection not enabled.' diff --git a/puppet/extraconfig/tls/no-tls.yaml b/puppet/extraconfig/tls/no-tls.yaml new file mode 100644 index 00000000..2da209cb --- /dev/null +++ b/puppet/extraconfig/tls/no-tls.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2015-04-30 + +description: > + This is a default no-op template. This defines the parameters that + need to be passed in order to have TLS enabled in the controller + nodes. This template can be replaced with a different + implementation via the resource registry, such that deployers + may customize their configuration. + +parameters: + DeployedSSLCertificatePath: + default: '' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string + NodeIndex: # Here for compatibility with tls-cert-inject.yaml + default: 0 + type: number + server: # Here for compatibility with tls-cert-inject.yaml + description: ID of the controller node to apply this config to + type: string + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: 'TLS not enabled.' + deployed_ssl_certificate_path: + value: '' + key_modulus_md5: + description: Key SSL Modulus + value: '' + cert_modulus_md5: + description: Certificate SSL Modulus + value: '' diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml new file mode 100644 index 00000000..739a51ad --- /dev/null +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -0,0 +1,95 @@ +heat_template_version: 2015-04-30 + +description: > + This is a template which will build the TLS Certificates necessary + for the load balancer using the given parameters. + +parameters: + # Can be overriden via parameter_defaults in the environment + SSLCertificate: + default: '' + description: > + The content of the SSL certificate (without Key) in PEM format. + type: string + SSLIntermediateCertificate: + default: '' + description: > + The content of an SSL intermediate CA certificate in PEM format. + type: string + SSLKey: + default: '' + description: > + The content of the SSL Key in PEM format. + type: string + hidden: true + + # Can be overriden by parameter_defaults if the user wants to try deploying + # this in a distro that doesn't support this path. + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string + + # Passed in by the controller + NodeIndex: + default: 0 + type: number + server: + description: ID of the controller node to apply this config to + type: string + +resources: + ControllerTLSConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: cert_path + - name: cert_chain_content + outputs: + - name: chain_md5sum + - name: cert_modulus + - name: key_modulus + config: | + #!/bin/sh + cat << EOF | tee ${cert_path} > /dev/null + ${cert_chain_content} + EOF + chmod 0440 ${cert_path} + chown root:haproxy ${cert_path} + md5sum ${cert_path} > ${heat_outputs_path}.chain_md5sum + openssl x509 -noout -modulus -in ${cert_path} \ + | openssl md5 | cut -c 10- \ + > ${heat_outputs_path}.cert_modulus + openssl rsa -noout -modulus -in ${cert_path} \ + | openssl md5 | cut -c 10- \ + > ${heat_outputs_path}.key_modulus + + ControllerTLSDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: ControllerTLSConfig} + server: {get_param: server} + input_values: + cert_path: {get_param: DeployedSSLCertificatePath} + cert_chain_content: + list_join: + - '' + - - {get_param: SSLCertificate} + - {get_param: SSLIntermediateCertificate} + - {get_param: SSLKey} + +outputs: + deploy_stdout: + description: Deployment reference + value: {get_attr: [ControllerTLSDeployment, chain_md5sum]} + deployed_ssl_certificate_path: + description: The location that the TLS certificate was deployed to. + value: {get_param: DeployedSSLCertificatePath} + key_modulus_md5: + description: MD5 checksum of the Key SSL Modulus + value: {get_attr: [ControllerTLSDeployment, key_modulus]} + cert_modulus_md5: + description: MD5 checksum of the Certificate SSL Modulus + value: {get_attr: [ControllerTLSDeployment, cert_modulus]} diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index ca6d3954..1e480e60 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -1,6 +1,6 @@ ceph::profile::params::osd_journal_size: 1024 -ceph::profile::params::osd_pool_default_pg_num: 128 -ceph::profile::params::osd_pool_default_pgp_num: 128 +ceph::profile::params::osd_pool_default_pg_num: 32 +ceph::profile::params::osd_pool_default_pgp_num: 32 ceph::profile::params::osd_pool_default_size: 3 ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::osds: {/srv/data: {}} diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 030f661d..95f5ccb8 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -9,8 +9,6 @@ ceilometer::agent::auth::auth_tenant_name: 'admin' nova::network::neutron::neutron_admin_tenant_name: 'service' nova::network::neutron::neutron_admin_username: 'neutron' -nova::network::neutron::vif_plugging_is_fatal: false -nova::network::neutron::vif_plugging_timeout: 30 nova::network::neutron::dhcp_domain: '' neutron::allow_overlapping_ips: true diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 173020f8..fa8dcc81 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -12,6 +12,12 @@ nova::compute::libvirt::migration_support: true nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" +# Changing the default from 512MB. The current templates can not deploy +# overclouds with swap. On an idle compute node, we see ~1024MB of RAM +# used. 2048 is suggested to account for other possible operations for +# example openvswitch. +nova::compute::reserved_host_memory: 2048 + ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index a4914c0e..f42ddf6c 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -127,3 +127,109 @@ tripleo::loadbalancer::heat_cfn: true tripleo::loadbalancer::horizon: true controller_classes: [] +# firewall +tripleo::firewall::firewall_rules: + '101 mongodb_config': + port: 27019 + '102 mongodb_sharding': + port: 27018 + '103 mongod': + port: 27017 + '104 mysql galera': + port: + - 873 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 + '105 ntp': + port: 123 + proto: udp + '106 vrrp': + proto: vrrp + '107 haproxy stats': + port: 1993 + '108 redis': + port: + - 6379 + - 26379 + '109 rabbitmq': + port: + - 5672 + - 35672 + '110 ceph': + port: + - 6789 + - '6800-6810' + '111 keystone': + port: + - 5000 + - 13000 + - 35357 + - 13357 + '112 glance': + port: + - 9292 + - 9191 + - 13292 + '113 nova': + port: + - 6080 + - 13080 + - 8773 + - 3773 + - 8774 + - 13774 + - 8775 + '114 neutron server': + port: + - 9696 + - 13696 + '115 neutron dhcp input': + proto: 'udp' + port: 67 + '116 neutron dhcp output': + proto: 'udp' + chain: 'OUTPUT' + port: 68 + '118 neutron vxlan networks': + proto: 'udp' + port: 4789 + '119 cinder': + port: + - 8776 + - 13776 + '120 iscsi initiator': + port: 3260 + '121 memcached': + port: 11211 + '122 swift proxy': + port: + - 8080 + - 13808 + '123 swift storage': + port: + - 873 + - 6000 + - 6001 + - 6002 + '124 ceilometer': + port: + - 8777 + - 13777 + '125 heat': + port: + - 8000 + - 13800 + - 8003 + - 13003 + - 8004 + - 13004 + '126 horizon': + port: + - 80 + - 443 + '127 snmp': + port: 161 + proto: 'udp' diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 51f5e88d..7f8970cc 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -14,6 +14,7 @@ # under the License. include ::tripleo::packages +include ::tripleo::firewall create_resources(sysctl::value, hiera('sysctl_settings'), {}) diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index cd41cc79..f3a02eba 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -14,6 +14,7 @@ # under the License. include ::tripleo::packages +include ::tripleo::firewall create_resources(sysctl::value, hiera('sysctl_settings'), {}) @@ -70,20 +71,35 @@ include ::nova::compute::libvirt include ::nova::network::neutron include ::neutron -class { '::neutron::plugins::ml2': - flat_networks => split(hiera('neutron_flat_networks'), ','), - tenant_network_types => [hiera('neutron_tenant_network_type')], -} +# If the value of core plugin is set to 'nuage', +# include nuage agent, +# else use the default value of 'ml2' +if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { + include ::nuage::vrs + include ::nova::compute::neutron + + class { '::nuage::metadataagent': + nova_os_tenant_name => hiera('nova::api::admin_tenant_name'), + nova_os_password => hiera('nova_password'), + nova_metadata_ip => hiera('nova_metadata_node_ips'), + nova_auth_ip => hiera('keystone_public_api_virtual_ip'), + } +} else { + class { '::neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), + tenant_network_types => [hiera('neutron_tenant_network_type')], + } -class { '::neutron::agents::ml2::ovs': - bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), - tunnel_types => split(hiera('neutron_tunnel_types'), ','), -} + class { '::neutron::agents::ml2::ovs': + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), + } -if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + class { '::neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } } } diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 34be39f3..a8abbb77 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -14,6 +14,9 @@ # under the License. include ::tripleo::packages +include ::tripleo::firewall + +$enable_load_balancer = hiera('enable_load_balancer', true) if hiera('step') >= 1 { @@ -21,9 +24,11 @@ if hiera('step') >= 1 { $controller_node_ips = split(hiera('controller_node_ips'), ',') - class { '::tripleo::loadbalancer' : - controller_hosts => $controller_node_ips, - manage_vip => true, + if $enable_load_balancer { + class { '::tripleo::loadbalancer' : + controller_hosts => $controller_node_ips, + manage_vip => true, + } } } @@ -227,64 +232,73 @@ if hiera('step') >= 3 { include ::neutron include ::neutron::server - include ::neutron::agents::l3 - include ::neutron::agents::dhcp - include ::neutron::agents::metadata + include ::neutron::server::notifications - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], - } + # If the value of core plugin is set to 'nuage', + # include nuage core plugin, + # else use the default value of 'ml2' + if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { + include ::neutron::plugins::nuage + } else { + include ::neutron::agents::l3 + include ::neutron::agents::dhcp + include ::neutron::agents::metadata + + file { '/etc/neutron/dnsmasq-neutron.conf': + content => hiera('neutron_dnsmasq_options'), + owner => 'neutron', + group => 'neutron', + notify => Service['neutron-dhcp-service'], + require => Package['neutron'], + } - class { '::neutron::plugins::ml2': - flat_networks => split(hiera('neutron_flat_networks'), ','), - tenant_network_types => [hiera('neutron_tenant_network_type')], - mechanism_drivers => [hiera('neutron_mechanism_drivers')], - } - class { '::neutron::agents::ml2::ovs': - bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), - tunnel_types => split(hiera('neutron_tunnel_types'), ','), - } - if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus1000v + class { '::neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), + tenant_network_types => [hiera('neutron_tenant_network_type')], + mechanism_drivers => [hiera('neutron_mechanism_drivers')], + } + class { '::neutron::agents::ml2::ovs': + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), + } + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::nexus1000v - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), + class { '::neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } + + class { '::n1k_vsm': + n1kv_source => hiera('n1kv_vsm_source', undef), + n1kv_version => hiera('n1kv_vsm_version', undef), + pacemaker_control => false, + } } - class { '::n1k_vsm': - n1kv_source => hiera('n1kv_vsm_source', undef), - n1kv_version => hiera('n1kv_vsm_version', undef), - pacemaker_control => false, + if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::ucsm + } + if 'cisco_nexus' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::nexus + include ::neutron::plugins::ml2::cisco::type_nexus_vxlan } - } - if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::ucsm - } - if 'cisco_nexus' in hiera('neutron_mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus - include ::neutron::plugins::ml2::cisco::type_nexus_vxlan - } + if hiera('neutron_enable_bigswitch_ml2', false) { + include ::neutron::plugins::ml2::bigswitch::restproxy + } + neutron_l3_agent_config { + 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); + } + neutron_dhcp_agent_config { + 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); + } - if hiera('neutron_enable_bigswitch_ml2', false) { - include ::neutron::plugins::ml2::bigswitch::restproxy + Service['neutron-server'] -> Service['neutron-dhcp-service'] + Service['neutron-server'] -> Service['neutron-l3'] + Service['neutron-server'] -> Service['neutron-ovs-agent-service'] + Service['neutron-server'] -> Service['neutron-metadata'] } - neutron_l3_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } - neutron_dhcp_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } - - Service['neutron-server'] -> Service['neutron-dhcp-service'] - Service['neutron-server'] -> Service['neutron-l3'] - Service['neutron-server'] -> Service['neutron-ovs-agent-service'] - Service['neutron-server'] -> Service['neutron-metadata'] include ::cinder include ::cinder::api @@ -307,15 +321,13 @@ if hiera('step') >= 3 { if $enable_ceph { - Ceph_pool { + $ceph_pools = hiera('ceph_pools') + ceph::pool { $ceph_pools : pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), size => hiera('ceph::profile::params::osd_pool_default_size'), } - $ceph_pools = hiera('ceph_pools') - ceph::pool { $ceph_pools : } - $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] } else { diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index b9623714..1a66c5ea 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -19,6 +19,7 @@ Pcmk_resource <| |> { } include ::tripleo::packages +include ::tripleo::firewall if $::hostname == downcase(hiera('bootstrap_nodeid')) { $pacemaker_master = true @@ -29,6 +30,7 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) { } $enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5 +$enable_load_balancer = hiera('enable_load_balancer', true) # When to start and enable services which haven't been Pacemakerized # FIXME: remove when we start all OpenStack services using Pacemaker @@ -45,12 +47,14 @@ if hiera('step') >= 1 { $controller_node_ips = split(hiera('controller_node_ips'), ',') $controller_node_names = split(downcase(hiera('controller_node_names')), ',') - class { '::tripleo::loadbalancer' : - controller_hosts => $controller_node_ips, - controller_hosts_names => $controller_node_names, - manage_vip => false, - mysql_clustercheck => true, - haproxy_service_manage => false, + if $enable_load_balancer { + class { '::tripleo::loadbalancer' : + controller_hosts => $controller_node_ips, + controller_hosts_names => $controller_node_names, + manage_vip => false, + mysql_clustercheck => true, + haproxy_service_manage => false, + } } $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) @@ -178,156 +182,160 @@ if hiera('step') >= 2 { if $pacemaker_master { - include ::pacemaker::resource_defaults + if $enable_load_balancer { - # FIXME: we should not have to access tripleo::loadbalancer class - # parameters here to configure pacemaker VIPs. The configuration - # of pacemaker VIPs could move into puppet-tripleo or we should - # make use of less specific hiera parameters here for the settings. - pacemaker::resource::service { 'haproxy': - clone_params => true, - } + include ::pacemaker::resource_defaults - $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip') - pacemaker::resource::ip { 'control_vip': - ip_address => $control_vip, - } - pacemaker::constraint::base { 'control_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${control_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['control_vip']], - } - pacemaker::constraint::colocation { 'control_vip-with-haproxy': - source => "ip-${control_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['control_vip']], - } - - $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip') - if $public_vip and $public_vip != $control_vip { - pacemaker::resource::ip { 'public_vip': - ip_address => $public_vip, - } - pacemaker::constraint::base { 'public_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${public_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['public_vip']], - } - pacemaker::constraint::colocation { 'public_vip-with-haproxy': - source => "ip-${public_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['public_vip']], + # FIXME: we should not have to access tripleo::loadbalancer class + # parameters here to configure pacemaker VIPs. The configuration + # of pacemaker VIPs could move into puppet-tripleo or we should + # make use of less specific hiera parameters here for the settings. + pacemaker::resource::service { 'haproxy': + clone_params => true, } - } - $redis_vip = hiera('redis_vip') - if $redis_vip and $redis_vip != $control_vip { - pacemaker::resource::ip { 'redis_vip': - ip_address => $redis_vip, + $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip') + pacemaker::resource::ip { 'control_vip': + ip_address => $control_vip, } - pacemaker::constraint::base { 'redis_vip-then-haproxy': + pacemaker::constraint::base { 'control_vip-then-haproxy': constraint_type => 'order', - first_resource => "ip-${redis_vip}", + first_resource => "ip-${control_vip}", second_resource => 'haproxy-clone', first_action => 'start', second_action => 'start', constraint_params => 'kind=Optional', require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['redis_vip']], + Pacemaker::Resource::Ip['control_vip']], } - pacemaker::constraint::colocation { 'redis_vip-with-haproxy': - source => "ip-${redis_vip}", + pacemaker::constraint::colocation { 'control_vip-with-haproxy': + source => "ip-${control_vip}", target => 'haproxy-clone', score => 'INFINITY', require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['redis_vip']], + Pacemaker::Resource::Ip['control_vip']], } - } - $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip') - if $internal_api_vip and $internal_api_vip != $control_vip { - pacemaker::resource::ip { 'internal_api_vip': - ip_address => $internal_api_vip, - } - pacemaker::constraint::base { 'internal_api_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${internal_api_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['internal_api_vip']], - } - pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy': - source => "ip-${internal_api_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['internal_api_vip']], + $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip') + if $public_vip and $public_vip != $control_vip { + pacemaker::resource::ip { 'public_vip': + ip_address => $public_vip, + } + pacemaker::constraint::base { 'public_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${public_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['public_vip']], + } + pacemaker::constraint::colocation { 'public_vip-with-haproxy': + source => "ip-${public_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['public_vip']], + } } - } - $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip') - if $storage_vip and $storage_vip != $control_vip { - pacemaker::resource::ip { 'storage_vip': - ip_address => $storage_vip, - } - pacemaker::constraint::base { 'storage_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${storage_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_vip']], - } - pacemaker::constraint::colocation { 'storage_vip-with-haproxy': - source => "ip-${storage_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_vip']], + $redis_vip = hiera('redis_vip') + if $redis_vip and $redis_vip != $control_vip { + pacemaker::resource::ip { 'redis_vip': + ip_address => $redis_vip, + } + pacemaker::constraint::base { 'redis_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${redis_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['redis_vip']], + } + pacemaker::constraint::colocation { 'redis_vip-with-haproxy': + source => "ip-${redis_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['redis_vip']], + } } - } - $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip') - if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip { - pacemaker::resource::ip { 'storage_mgmt_vip': - ip_address => $storage_mgmt_vip, + $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip') + if $internal_api_vip and $internal_api_vip != $control_vip { + pacemaker::resource::ip { 'internal_api_vip': + ip_address => $internal_api_vip, + } + pacemaker::constraint::base { 'internal_api_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${internal_api_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['internal_api_vip']], + } + pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy': + source => "ip-${internal_api_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['internal_api_vip']], + } } - pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${storage_mgmt_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_mgmt_vip']], + + $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip') + if $storage_vip and $storage_vip != $control_vip { + pacemaker::resource::ip { 'storage_vip': + ip_address => $storage_vip, + } + pacemaker::constraint::base { 'storage_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${storage_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_vip']], + } + pacemaker::constraint::colocation { 'storage_vip-with-haproxy': + source => "ip-${storage_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_vip']], + } } - pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy': - source => "ip-${storage_mgmt_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_mgmt_vip']], + + $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip') + if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip { + pacemaker::resource::ip { 'storage_mgmt_vip': + ip_address => $storage_mgmt_vip, + } + pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${storage_mgmt_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_mgmt_vip']], + } + pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy': + source => "ip-${storage_mgmt_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_mgmt_vip']], + } } + } pacemaker::resource::service { $::memcached::params::service_name : @@ -590,37 +598,48 @@ if hiera('step') >= 3 { manage_service => false, enabled => false, } - class { '::neutron::agents::dhcp' : - manage_service => false, - enabled => false, - } - class { '::neutron::agents::l3' : - manage_service => false, - enabled => false, + include ::neutron::server::notifications + if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { + include ::neutron::plugins::nuage } - class { '::neutron::agents::metadata': - manage_service => false, - enabled => false, + if hiera('neutron::enable_dhcp_agent',true) { + class { '::neutron::agents::dhcp' : + manage_service => false, + enabled => false, + } + file { '/etc/neutron/dnsmasq-neutron.conf': + content => hiera('neutron_dnsmasq_options'), + owner => 'neutron', + group => 'neutron', + notify => Service['neutron-dhcp-service'], + require => Package['neutron'], + } } - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], + if hiera('neutron::enable_l3_agent',true) { + class { '::neutron::agents::l3' : + manage_service => false, + enabled => false, + } } - class { '::neutron::plugins::ml2': - flat_networks => split(hiera('neutron_flat_networks'), ','), - tenant_network_types => [hiera('neutron_tenant_network_type')], - mechanism_drivers => [hiera('neutron_mechanism_drivers')], + if hiera('neutron::enable_metadata_agent',true) { + class { '::neutron::agents::metadata': + manage_service => false, + enabled => false, + } } - class { '::neutron::agents::ml2::ovs': - manage_service => false, - enabled => false, - bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), - tunnel_types => split(hiera('neutron_tunnel_types'), ','), + if hiera('neutron::core_plugin') == 'ml2' { + class { '::neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), + tenant_network_types => [hiera('neutron_tenant_network_type')], + mechanism_drivers => [hiera('neutron_mechanism_drivers')], + } + class { '::neutron::agents::ml2::ovs': + manage_service => false, + enabled => false, + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), + } } - if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { include ::neutron::plugins::ml2::cisco::ucsm } @@ -683,15 +702,13 @@ if hiera('step') >= 3 { if $enable_ceph { - Ceph_pool { + $ceph_pools = hiera('ceph_pools') + ceph::pool { $ceph_pools : pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), size => hiera('ceph::profile::params::osd_pool_default_size'), } - $ceph_pools = hiera('ceph_pools') - ceph::pool { $ceph_pools : } - $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] } else { @@ -924,15 +941,16 @@ if hiera('step') >= 4 { File['/etc/keystone/ssl/private/signing_key.pem'], File['/etc/keystone/ssl/certs/signing_cert.pem']], } - - pacemaker::constraint::base { 'haproxy-then-keystone-constraint': - constraint_type => 'order', - first_resource => 'haproxy-clone', - second_resource => "${::keystone::params::service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + if $enable_load_balancer { + pacemaker::constraint::base { 'haproxy-then-keystone-constraint': + constraint_type => 'order', + first_resource => 'haproxy-clone', + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } } pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint': constraint_type => 'order', @@ -1059,59 +1077,69 @@ if hiera('step') >= 4 { clone_params => 'interleave=true', require => Pacemaker::Resource::Service[$::keystone::params::service_name], } - pacemaker::resource::service { $::neutron::params::l3_agent_service: - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::neutron::params::dhcp_agent_service: - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::neutron::params::ovs_agent_service: - clone_params => 'interleave=true', + if hiera('neutron::enable_l3_agent', true) { + pacemaker::resource::service { $::neutron::params::l3_agent_service: + clone_params => 'interleave=true', + } } - pacemaker::resource::service { $::neutron::params::metadata_agent_service: - clone_params => 'interleave=true', + if hiera('neutron::enable_dhcp_agent', true) { + pacemaker::resource::service { $::neutron::params::dhcp_agent_service: + clone_params => 'interleave=true', + } } - pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service: - ocf_agent_name => 'neutron:OVSCleanup', - clone_params => 'interleave=true', + if hiera('neutron::enable_ovs_agent', true) { + pacemaker::resource::service { $::neutron::params::ovs_agent_service: + clone_params => 'interleave=true', + } } - pacemaker::resource::ocf { 'neutron-netns-cleanup': - ocf_agent_name => 'neutron:NetnsCleanup', - clone_params => 'interleave=true', + if hiera('neutron::enable_metadata_agent', true) { + pacemaker::resource::service { $::neutron::params::metadata_agent_service: + clone_params => 'interleave=true', + } } + if hiera('neutron::enable_ovs_agent', true) { + pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service: + ocf_agent_name => 'neutron:OVSCleanup', + clone_params => 'interleave=true', + } + pacemaker::resource::ocf { 'neutron-netns-cleanup': + ocf_agent_name => 'neutron:NetnsCleanup', + clone_params => 'interleave=true', + } - # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent - pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_cleanup_service}-clone", - second_resource => 'neutron-netns-cleanup-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], - } - pacemaker::constraint::colocation { 'neutron-ovs-cleanup-to-netns-cleanup-colocation': - source => 'neutron-netns-cleanup-clone', - target => "${::neutron::params::ovs_cleanup_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], - } - pacemaker::constraint::base { 'neutron-netns-cleanup-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => 'neutron-netns-cleanup-clone', - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - pacemaker::constraint::colocation { 'neutron-netns-cleanup-to-openvswitch-agent-colocation': - source => "${::neutron::params::ovs_agent_service}-clone", - target => 'neutron-netns-cleanup-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent + pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::ovs_cleanup_service}-clone", + second_resource => 'neutron-netns-cleanup-clone', + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], + Pacemaker::Resource::Ocf['neutron-netns-cleanup']], + } + pacemaker::constraint::colocation { 'neutron-ovs-cleanup-to-netns-cleanup-colocation': + source => 'neutron-netns-cleanup-clone', + target => "${::neutron::params::ovs_cleanup_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], + Pacemaker::Resource::Ocf['neutron-netns-cleanup']], + } + pacemaker::constraint::base { 'neutron-netns-cleanup-to-openvswitch-agent-constraint': + constraint_type => 'order', + first_resource => 'neutron-netns-cleanup-clone', + second_resource => "${::neutron::params::ovs_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + } + pacemaker::constraint::colocation { 'neutron-netns-cleanup-to-openvswitch-agent-colocation': + source => "${::neutron::params::ovs_agent_service}-clone", + target => 'neutron-netns-cleanup-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + } } #another chain keystone-->neutron-server-->ovs-agent-->dhcp-->l3 @@ -1124,63 +1152,71 @@ if hiera('step') >= 4 { require => [Pacemaker::Resource::Service[$::keystone::params::service_name], Pacemaker::Resource::Service[$::neutron::params::server_service]], } - pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + if hiera('neutron::enable_ovs_agent',true) { + pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::server_service}-clone", + second_resource => "${::neutron::params::ovs_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::server_service], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + } } - pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_agent_service}-clone", - second_resource => "${::neutron::params::dhcp_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], + if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) { + pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::ovs_agent_service}-clone", + second_resource => "${::neutron::params::dhcp_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], + Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], + } + pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': + source => "${::neutron::params::dhcp_agent_service}-clone", + target => "${::neutron::params::ovs_agent_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], + Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], + } } - pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': - source => "${::neutron::params::dhcp_agent_service}-clone", - target => "${::neutron::params::ovs_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::dhcp_agent_service}-clone", - second_resource => "${::neutron::params::l3_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]], - } - pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation': - source => "${::neutron::params::l3_agent_service}-clone", - target => "${::neutron::params::dhcp_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]], - } - pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::l3_agent_service}-clone", - second_resource => "${::neutron::params::metadata_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]], + if hiera('neutron::enable_dhcp_agent',true) and hiera('l3_agent_service',true) { + pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::dhcp_agent_service}-clone", + second_resource => "${::neutron::params::l3_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], + Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] + } + pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation': + source => "${::neutron::params::l3_agent_service}-clone", + target => "${::neutron::params::dhcp_agent_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], + Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] + } } - pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation': - source => "${::neutron::params::metadata_agent_service}-clone", - target => "${::neutron::params::l3_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]], + if hiera('neutron::enable_l3_agent',true) and hiera('neutron::enable_metadata_agent',true) { + pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::l3_agent_service}-clone", + second_resource => "${::neutron::params::metadata_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], + Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] + } + pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation': + source => "${::neutron::params::metadata_agent_service}-clone", + target => "${::neutron::params::l3_agent_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], + Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] + } } # Nova diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 5f0b4c82..1eabddf1 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -14,6 +14,7 @@ # under the License. include ::tripleo::packages +include ::tripleo::firewall create_resources(sysctl::value, hiera('sysctl_settings'), {}) diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 7f24959a..2bdd8a9c 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -14,6 +14,7 @@ # under the License. include ::tripleo::packages +include ::tripleo::firewall create_resources(sysctl::value, hiera('sysctl_settings'), {}) diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 3d9b9018..fbb2b878 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -77,6 +77,17 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + CloudDomain: + default: '' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. resources: @@ -149,6 +160,7 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: SwiftStorage} + actions: {get_param: NetworkDeploymentActions} SwiftStorageHieraConfig: type: OS::Heat::StructuredConfig @@ -213,10 +225,17 @@ resources: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: SwiftStorageHieraDeploy + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: SwiftStorage} + # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: SwiftStorageHieraDeploy + depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: SwiftStorage} @@ -237,9 +256,10 @@ outputs: hosts_entry: value: str_replace: - template: "IP HOST.localdomain HOST" + template: "IP HOST.DOMAIN HOST" params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} HOST: {get_attr: [SwiftStorage, name]} nova_server_resource: description: Heat resource handle for the swift storage server @@ -267,4 +287,5 @@ outputs: list_join: - ',' - - {get_attr: [SwiftStorageHieraDeploy, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} - {get_param: UpdateIdentifier} @@ -14,10 +14,3 @@ classifier = Operating System :: POSIX :: Linux Programming Language :: Other Environment :: Console - -[files] -packages = - tripleo_heat_merge -[entry_points] -console_scripts = - tripleo-heat-merge = tripleo_heat_merge.merge:main diff --git a/test_merge.bash b/test_merge.bash deleted file mode 100755 index de29d075..00000000 --- a/test_merge.bash +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -set -ue -result="" -cleanup() { - if [ -n "$result" ] ; then - rm -f $result - fi -} -trap cleanup EXIT -run_test() { - local cmd=$1 - local expected=$2 - result=$(mktemp /tmp/test_merge.XXXXXX) - fail=0 - $cmd --output $result - if ! cmp $result $expected ; then - diff -u $expected $result || : - echo FAIL - $cmd result does not match expected - fail=1 - else - echo PASS - $cmd - fi - cleanup -} -echo -merge_py="./tripleo_heat_merge/merge.py" -run_test "python $merge_py examples/source.yaml" examples/source_lib_result.yaml -run_test "python $merge_py examples/source2.yaml" examples/source2_lib_result.yaml -run_test "python $merge_py examples/source_include_subkey.yaml" examples/source_include_subkey_result.yaml -run_test "python $merge_py examples/launchconfig1.yaml examples/launchconfig2.yaml" examples/launchconfig_result.yaml -run_test "python $merge_py --scale NovaCompute=3 examples/scale1.yaml" examples/scale_result.yaml -run_test "python $merge_py --scale NovaCompute=3 examples/scale_map.yaml" examples/scale_map_result.yaml -run_test "python $merge_py --hot examples/source_hot.yaml" examples/source_lib_result_hot.yaml -run_test "python $merge_py --hot examples/source2_hot.yaml" examples/source2_lib_result_hot.yaml -run_test "python $merge_py --hot examples/source_include_subkey_hot.yaml" examples/source_include_subkey_result_hot.yaml -run_test "python $merge_py --hot examples/launchconfig1_hot.yaml examples/launchconfig2_hot.yaml" examples/launchconfig_result_hot.yaml -run_test "python $merge_py --hot --scale NovaCompute=3 examples/scale1_hot.yaml" examples/scale_result_hot.yaml -run_test "python $merge_py --hot --scale NovaCompute=3 examples/scale_map_hot.yaml" examples/scale_map_result_hot.yaml -run_test "python $merge_py --hot --scale NovaCompute=5,1,2 examples/scale_map_hot.yaml" examples/scale_map_result_hot_blacklist.yaml -run_test "python $merge_py --hot --scale NovaCompute=3, examples/scale_map_hot.yaml" examples/scale_map_result_hot.yaml -echo -trap - EXIT -exit $fail diff --git a/tripleo_heat_merge/__init__.py b/tripleo_heat_merge/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/tripleo_heat_merge/__init__.py +++ /dev/null diff --git a/tripleo_heat_merge/merge.py b/tripleo_heat_merge/merge.py deleted file mode 100644 index b5bec0f4..00000000 --- a/tripleo_heat_merge/merge.py +++ /dev/null @@ -1,436 +0,0 @@ -import os -import sys -import yaml -import argparse - - -class Cfn(object): - - base_template = { - 'HeatTemplateFormatVersion': '2012-12-12', - 'Description': [] - } - get_resource = 'Ref' - get_param = 'Ref' - description = 'Description' - parameters = 'Parameters' - outputs = 'Outputs' - resources = 'Resources' - type = 'Type' - properties = 'Properties' - metadata = 'Metadata' - depends_on = 'DependsOn' - get_attr = 'Fn::GetAtt' - - -class Hot(object): - - base_template = { - 'heat_template_version': '2013-05-23', - 'description': [] - } - get_resource = 'get_resource' - get_param = 'get_param' - description = 'description' - parameters = 'parameters' - outputs = 'outputs' - resources = 'resources' - type = 'type' - properties = 'properties' - metadata = 'metadata' - depends_on = 'depends_on' - get_attr = 'get_attr' - - -lang = Cfn() - - -def apply_maps(template): - """Apply Merge::Map within template. - - Any dict {'Merge::Map': {'Foo': 'Bar', 'Baz': 'Quux'}} - will resolve to ['Bar', 'Quux'] - that is a dict with key - 'Merge::Map' is replaced entirely by that dict['Merge::Map'].values(). - """ - if isinstance(template, dict): - if 'Merge::Map' in template: - return sorted( - apply_maps(value) for value in template['Merge::Map'].values() - ) - else: - return dict((key, apply_maps(value)) - for key, value in template.items()) - elif isinstance(template, list): - return [apply_maps(item) for item in template] - else: - return template - - -def apply_scaling(template, scaling, in_copies=None): - """Apply a set of scaling operations to template. - - This is a single pass recursive function: for each call we process one - dict or list and recurse to handle children containers. - - Values are handled via scale_value. - - Keys in dicts are copied per the scaling rule. - Values are either replaced or copied depending on whether the given - scaling rule is in in_copies. - - in_copies is reset to None when a dict {'Merge::Map': someobject} is - encountered. - - :param scaling: A dict of prefix -> (count, blacklists). - """ - in_copies = dict(in_copies or {}) - # Shouldn't be needed but to avoid unexpected side effects/bugs we short - # circuit no-ops. - if not scaling: - return template - if isinstance(template, dict): - if 'Merge::Map' in template: - in_copies = None - new_template = {} - for key, value in template.items(): - for prefix, copy_num, new_key in scale_value( - key, scaling, in_copies): - if prefix: - # e.g. Compute0, 1, Compute1Foo - in_copies[prefix] = prefix[:-1] + str(copy_num) - if isinstance(value, (dict, list)): - new_value = apply_scaling(value, scaling, in_copies) - new_template[new_key] = new_value - else: - new_values = list(scale_value(value, scaling, in_copies)) - # We have nowhere to multiply a non-container value of a - # dict, so it may be copied or unchanged but not scaled. - assert len(new_values) == 1 - new_template[new_key] = new_values[0][2] - if prefix: - del in_copies[prefix] - return new_template - elif isinstance(template, list): - new_template = [] - for value in template: - if isinstance(value, (dict, list)): - new_template.append(apply_scaling(value, scaling, in_copies)) - else: - for _, _, new_value in scale_value(value, scaling, in_copies): - new_template.append(new_value) - return new_template - else: - raise Exception("apply_scaling called with non-container %r" % template) - - -def scale_value(value, scaling, in_copies): - """Scale out a value. - - :param value: The value to scale (not a container). - :param scaling: The scaling map (prefix-> (copies, blacklist) to use. - :param in_copies: What containers we're currently copying. - :return: An iterator of the new values for the value as tuples: - (prefix, copy_num, value). E.g. Compute0, 1, Compute1Foo - prefix and copy_num are only set when: - - a prefix in scaling matches value - - and that prefix is not in in_copies - """ - if isinstance(value, (str, unicode)): - for prefix, (copies, blacklist) in scaling.items(): - if not value.startswith(prefix): - continue - suffix = value[len(prefix):] - if prefix in in_copies: - # Adjust to the copy number we're on - yield None, None, in_copies[prefix] + suffix - return - else: - for n in range(copies): - if n not in blacklist: - yield prefix, n, prefix[:-1] + str(n) + suffix - return - yield None, None, value - else: - yield None, None, value - - -def parse_scaling(scaling_args): - """Translate a list of scaling requests to a dict prefix:count.""" - scaling_args = scaling_args or [] - result = {} - for item in scaling_args: - key, values = item.split('=') - values = values.split(',') - value = int(values[0]) - blacklist = frozenset(int(v) for v in values[1:] if v) - result[key + '0'] = value, blacklist - return result - - -def _translate_role(role, master_role, slave_roles): - if not master_role: - return role - if role == master_role: - return role - if role not in slave_roles: - return role - return master_role - -def translate_role(role, master_role, slave_roles): - r = _translate_role(role, master_role, slave_roles) - if not isinstance(r, basestring): - raise Exception('%s -> %r' % (role, r)) - return r - -def resolve_params(item, param, value): - if item in ({lang.get_param: param}, {lang.get_resource: param}): - return value - if isinstance(item, dict): - copy_item = dict(item) - for k, v in iter(copy_item.items()): - item[k] = resolve_params(v, param, value) - elif isinstance(item, list): - copy_item = list(item) - new_item = [] - for v in copy_item: - new_item.append(resolve_params(v, param, value)) - item = new_item - return item - -MERGABLE_TYPES = {'OS::Nova::Server': - {'image': 'image'}, - 'AWS::EC2::Instance': - {'image': 'ImageId'}, - 'AWS::AutoScaling::LaunchConfiguration': - {}, - } -INCLUDED_TEMPLATE_DIR = os.getcwd() - - -def resolve_includes(template, params=None): - new_template = {} - if params is None: - params = {} - for key, value in iter(template.items()): - if key == '__include__': - new_params = dict(params) # do not propagate up the stack - if not isinstance(value, dict): - raise ValueError('__include__ must be a mapping') - if 'path' not in value: - raise ValueError('__include__ must have path') - if 'params' in value: - if not isinstance(value['params'], dict): - raise ValueError('__include__ params must be a mapping') - new_params.update(value['params']) - with open(value['path']) as include_file: - sub_template = yaml.safe_load(include_file.read()) - if 'subkey' in value: - if ((not isinstance(value['subkey'], int) - and not isinstance(sub_template, dict))): - raise RuntimeError('subkey requires mapping root or' - ' integer for list root') - sub_template = sub_template[value['subkey']] - for k, v in iter(new_params.items()): - sub_template = resolve_params(sub_template, k, v) - new_template.update(resolve_includes(sub_template)) - else: - if isinstance(value, dict): - new_template[key] = resolve_includes(value) - else: - new_template[key] = value - return new_template - -def main(argv=None): - if argv is None: - argv = sys.argv[1:] - parser = argparse.ArgumentParser() - parser.add_argument('templates', nargs='+') - parser.add_argument('--master-role', nargs='?', - help='Translate slave_roles to this') - parser.add_argument('--slave-roles', nargs='*', - help='Translate all of these to master_role') - parser.add_argument('--included-template-dir', nargs='?', - default=INCLUDED_TEMPLATE_DIR, - help='Path for resolving included templates') - parser.add_argument('--output', - help='File to write output to. - for stdout', - default='-') - parser.add_argument('--scale', action="append", - help="Names to scale out. Pass Prefix=2 to cause a key Prefix0Foo to " - "be copied to Prefix1Foo in the output, and value Prefix0Bar to be" - "renamed to Prefix1Bar inside that copy, or copied to Prefix1Bar " - "outside of any copy. Pass Prefix=3,1 to cause Prefix1* to be elided" - "when scaling Prefix out. Prefix=4,1,2 will likewise elide Prefix1 and" - "Prefix2.") - parser.add_argument( - '--change-image-params', action='store_true', default=False, - help="Change parameters in templates to match resource names. This was " - " the default at one time but it causes issues when parameter " - " names need to remain stable.") - parser.add_argument( - '--hot', action='store_true', default=False, - help="Assume source templates are in the HOT format, and generate a " - "HOT template artifact.") - args = parser.parse_args(argv) - if args.hot: - global lang - lang = Hot() - - templates = args.templates - scaling = parse_scaling(args.scale) - merged_template = merge(templates, args.master_role, args.slave_roles, - args.included_template_dir, scaling=scaling, - change_image_params=args.change_image_params) - if args.output == '-': - out_file = sys.stdout - else: - out_file = file(args.output, 'wt') - out_file.write(merged_template) - - -def merge(templates, master_role=None, slave_roles=None, - included_template_dir=INCLUDED_TEMPLATE_DIR, - scaling=None, change_image_params=None): - scaling = scaling or {} - errors = [] - end_template = dict(lang.base_template) - resource_changes=[] - for template_path in templates: - template = yaml.safe_load(open(template_path)) - # Resolve __include__ tags - template = resolve_includes(template) - end_template[lang.description].append(template.get(lang.description, - template_path)) - new_parameters = template.get(lang.parameters, {}) - for p, pbody in sorted(new_parameters.items()): - if p in end_template.get(lang.parameters, {}): - if pbody != end_template[lang.parameters][p]: - errors.append('Parameter %s from %s conflicts.' % (p, - template_path)) - continue - if lang.parameters not in end_template: - end_template[lang.parameters] = {} - end_template[lang.parameters][p] = pbody - - new_outputs = template.get(lang.outputs, {}) - for o, obody in sorted(new_outputs.items()): - if o in end_template.get(lang.outputs, {}): - if pbody != end_template[lang.outputs][p]: - errors.append('Output %s from %s conflicts.' % (o, - template_path)) - continue - if lang.outputs not in end_template: - end_template[lang.outputs] = {} - end_template[lang.outputs][o] = obody - - new_resources = template.get(lang.resources, {}) - for r, rbody in sorted(new_resources.items()): - if rbody[lang.type] in MERGABLE_TYPES: - if change_image_params: - if 'image' in MERGABLE_TYPES[rbody[lang.type]]: - image_key = MERGABLE_TYPES[rbody[lang.type]]['image'] - # XXX Assuming ImageId is always a Ref - ikey_val = end_template[lang.parameters][rbody[lang.properties][image_key][lang.get_param]] - del end_template[lang.parameters][rbody[lang.properties][image_key][lang.get_param]] - if 'OpenStack::Role' in rbody.get(lang.metadata, {}): - sys.stderr.write("WARNING: OpenStack::Role is deprecated" - " and will be removed in a later release\n"); - role = rbody.get(lang.metadata, {}).get('OpenStack::Role', r) - role = translate_role(role, master_role, slave_roles) - if role != r: - resource_changes.append((r, role)) - if role in end_template.get(lang.resources, {}): - new_metadata = rbody.get(lang.metadata, {}) - for m, mbody in iter(new_metadata.items()): - if m in end_template[lang.resources][role].get(lang.metadata, {}): - if m == 'OpenStack::ImageBuilder::Elements': - end_template[lang.resources][role][lang.metadata][m].extend(mbody) - sys.stderr.write( - "WARNING: OpenStack::ImageBuilder::Elements" - " is deprecated and will be removed in a" - " later release\n"); - continue - if mbody != end_template[lang.resources][role][lang.metadata][m]: - errors.append('Role %s metadata key %s conflicts.' % - (role, m)) - continue - role_res = end_template[lang.resources][role] - if role_res[lang.type] == 'OS::Heat::StructuredConfig': - end_template[lang.resources][role][lang.properties]['config'][m] = mbody - else: - end_template[lang.resources][role][lang.metadata][m] = mbody - continue - if lang.resources not in end_template: - end_template[lang.resources] = {} - end_template[lang.resources][role] = rbody - if change_image_params: - if 'image' in MERGABLE_TYPES[rbody[lang.type]]: - ikey = '%sImage' % (role) - end_template[lang.resources][role][lang.properties][image_key] = {lang.get_param: ikey} - end_template[lang.parameters][ikey] = ikey_val - elif rbody[lang.type] == 'FileInclude': - # we trust os.path.join to DTRT: if FileInclude path isn't - # absolute, join to included_template_dir (./) - with open(os.path.join(included_template_dir, rbody['Path'])) as rfile: - include_content = yaml.safe_load(rfile.read()) - subkeys = rbody.get('SubKey','').split('.') - while len(subkeys) and subkeys[0]: - include_content = include_content[subkeys.pop(0)] - for replace_param, replace_value in iter(rbody.get(lang.parameters, - {}).items()): - include_content = resolve_params(include_content, - replace_param, - replace_value) - if lang.resources not in end_template: - end_template[lang.resources] = {} - end_template[lang.resources][r] = include_content - else: - if r in end_template.get(lang.resources, {}): - if rbody != end_template[lang.resources][r]: - errors.append('Resource %s from %s conflicts' % (r, - template_path)) - continue - if lang.resources not in end_template: - end_template[lang.resources] = {} - end_template[lang.resources][r] = rbody - - end_template = apply_scaling(end_template, scaling) - end_template = apply_maps(end_template) - - def fix_ref(item, old, new): - if isinstance(item, dict): - copy_item = dict(item) - for k, v in sorted(copy_item.items()): - if k == lang.get_resource and v == old: - item[k] = new - continue - if k == lang.depends_on and v == old: - item[k] = new - continue - if k == lang.get_attr and isinstance(v, list) and v[0] == old: - new_list = list(v) - new_list[0] = new - item[k] = new_list - continue - if k == 'AllowedResources' and isinstance(v, list) and old in v: - while old in v: - pos = v.index(old) - v[pos] = new - continue - fix_ref(v, old, new) - elif isinstance(item, list): - copy_item = list(item) - for v in item: - fix_ref(v, old, new) - - for change in resource_changes: - fix_ref(end_template, change[0], change[1]) - - if errors: - for e in errors: - sys.stderr.write("ERROR: %s\n" % e) - end_template[lang.description] = ','.join(end_template[lang.description]) - return yaml.safe_dump(end_template, default_flow_style=False) - -if __name__ == "__main__": - main() |