diff options
47 files changed, 948 insertions, 808 deletions
diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 679b79cb..e6326453 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -9,6 +9,9 @@ resource_registry: # NOTE: For now we will need to specify overrides to all services # which use pacemaker. In the future (with upcoming HA light work) this # list will hopefully be much smaller however. + OS::TripleO::Services::CinderApi: ../puppet/services/pacemaker/cinder-api.yaml + OS::TripleO::Services::CinderScheduler: ../puppet/services/pacemaker/cinder-scheduler.yaml + OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml @@ -20,5 +23,7 @@ resource_registry: OS::TripleO::Services::NeutronL3Agent: ../puppet/services/pacemaker/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/pacemaker/neutron-metadata.yaml OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml - OS::TripleO::Services::Loadbalancer: ../puppet/services/pacemaker/loadbalancer.yaml + OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml OS::TripleO::Services::Memcached: ../puppet/services/pacemaker/memcached.yaml + OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml + OS::TripleO::Services::NovaConductor: ../puppet/services/pacemaker/nova-conductor.yaml diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index b207a1fe..2fd48dda 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -122,6 +122,9 @@ resource_registry: # services OS::TripleO::Services: puppet/services/services.yaml + OS::TripleO::Services::CinderApi: puppet/services/cinder-api.yaml + OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml + OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml @@ -133,8 +136,14 @@ resource_registry: OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml - OS::TripleO::Services::Loadbalancer: puppet/services/loadbalancer.yaml + OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml + OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml OS::TripleO::Services::Memcached: puppet/services/memcached.yaml + OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml + OS::TripleO::Services::SaharaApi: puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: puppet/services/sahara-engine.yaml + OS::TripleO::Services::Redis: puppet/services/database/redis.yaml + OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.yaml b/overcloud.yaml index 474fcffb..85f344ab 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -344,18 +344,6 @@ parameters: default: 10280 description: The size of the loopback file used by the cinder LVM driver. type: number - CinderNfsMountOptions: - default: '' - description: > - Mount options for NFS mounts used by Cinder NFS backend. Effective - when CinderEnableNfsBackend is true. - type: string - CinderNfsServers: - default: '' - description: > - NFS servers used by Cinder NFS backend. Effective when - CinderEnableNfsBackend is true. - type: comma_delimited_list CinderPassword: description: The password for the cinder service account, used by cinder-api. type: string @@ -508,10 +496,6 @@ parameters: description: A random string to be used as a salt when hashing to determine mappings in the ring. type: string hidden: true - SwiftPassword: - description: The password for the swift service account, used by the swift proxy services. - type: string - hidden: true SwiftMountCheck: default: 'false' description: Value of mount_check in Swift account/container/object -server.conf @@ -528,10 +512,6 @@ parameters: type: number default: 3 description: How many replicas to use in the swift rings. - SaharaPassword: - description: The password for the sahara service account. - type: string - hidden: true # Compute-specific params CeilometerComputeAgent: @@ -643,6 +623,9 @@ parameters: ControllerServices: default: + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - OS::TripleO::Services::GlanceRegistry @@ -654,8 +637,12 @@ parameters: - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent - OS::TripleO::Services::RabbitMQ - - OS::TripleO::Services::Loadbalancer + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::Redis + - OS::TripleO::Services::NovaConductor description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Controllers. @@ -716,6 +703,14 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + ObjectStorageServices: + default: [] + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the ObjectStorage nodes. + Note this role currently only supports steps 2, 3 and 4 configuration. + type: comma_delimited_list + # Ceph storage specific parameters CephStorageCount: @@ -884,14 +879,6 @@ resources: CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} CeilometerPassword: {get_param: CeilometerPassword} CeilometerMeterDispatcher: {get_param: CeilometerMeterDispatcher} - CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} - CinderNfsMountOptions: {get_param: CinderNfsMountOptions} - CinderNfsServers: {get_param: CinderNfsServers} - CinderPassword: {get_param: CinderPassword} - CinderISCSIHelper: {get_param: CinderISCSIHelper} - CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} - CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} - CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} CloudDomain: {get_param: CloudDomain} ControlVirtualInterface: {get_param: ControlVirtualInterface} controllerExtraConfig: {get_param: controllerExtraConfig} @@ -959,7 +946,6 @@ resources: RabbitClientUseSSL: {get_param: RabbitClientUseSSL} RabbitClientPort: {get_param: RabbitClientPort} RedisPassword: {get_param: RedisPassword} - SaharaPassword: {get_param: SaharaPassword} SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} @@ -968,7 +954,6 @@ resources: SwiftMountCheck: {get_param: SwiftMountCheck} SwiftMinPartHours: {get_param: SwiftMinPartHours} SwiftPartPower: {get_param: SwiftPartPower} - SwiftPassword: {get_param: SwiftPassword} SwiftReplicas: { get_param: SwiftReplicas} TimeZone: {get_param: TimeZone} VirtualIP: {get_attr: [VipMap, net_ip_map, ctlplane]} # deprecated. Use per service VIP settings instead now. @@ -1128,6 +1113,12 @@ resources: SchedulerHints: {get_param: BlockStorageSchedulerHints} NodeIndex: '%index%' + ObjectStorageServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: ObjectStorageServices} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + ObjectStorage: type: OS::Heat::ResourceGroup depends_on: Networks @@ -1160,6 +1151,7 @@ resources: ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: ObjectStorageSchedulerHints} NodeIndex: '%index%' + ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, config_settings]} CephStorageServiceChain: type: OS::TripleO::Services @@ -1580,6 +1572,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} objectstorage_config: {get_attr: [ObjectStorage, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} + StepConfig: {get_attr: [ObjectStorageServiceChain, step_config]} BlockStorageNodesPostDeployment: type: OS::TripleO::BlockStoragePostDeployment diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index f5873ddb..245710f2 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -109,7 +109,7 @@ resources: GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} - cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} @@ -127,7 +127,7 @@ resources: - 'client' - {get_param: CephClientUserName} - 'keyring' - ceph_client_user_name: {get_param: CephClientUserName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index ee00a890..b7f7f4a5 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -531,6 +531,12 @@ resources: nova_api_host: {get_input: nova_api_host} nova::compute::vncproxy_host: {get_input: nova_public_ip} nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} + # TUNNELLED mode provides a security enhancement when using shared storage but is not + # supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), Dan's native encryption + # work will obsolete the need to use TUNNELLED transport mode. + nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend} rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} nova_password: {get_input: nova_password} nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} @@ -545,7 +551,7 @@ resources: ceilometer::rabbit_password: {get_input: rabbit_password} ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} ceilometer::rabbit_port: {get_input: rabbit_client_port} - ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} ceilometer_compute_agent: {get_input: ceilometer_compute_agent} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 703ff265..074cb6f1 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -15,6 +15,8 @@ parameters: description: The password for the aodh services. type: string hidden: true + #TODO(composable Redis): Remove the Redis password param + #As is used by ceilometer CeilometerApiVirtualIP: type: string default: '' @@ -47,56 +49,6 @@ parameters: default: 0 description: Number of workers for Ceilometer service. type: number - CinderEnableDBPurge: - default: true - description: | - Whether to create cron job for purging soft deleted rows in Cinder database. - type: boolean - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - CinderISCSIHelper: - default: lioadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 10280 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderNfsMountOptions: - default: '' - description: > - Mount options for NFS mounts used by Cinder NFS backend. Effective - when CinderEnableNfsBackend is true. - type: string - CinderNfsServers: - default: '' - description: > - NFS servers used by Cinder NFS backend. Effective when - CinderEnableNfsBackend is true. - type: comma_delimited_list - CinderPassword: - description: The password for the cinder service and db account, used by cinder-api. - type: string - hidden: true - CinderBackendConfig: - default: {} - description: Contains parameters to configure Cinder backends. Typically - set via parameter_defaults in the resource registry. - type: json - CinderWorkers: - default: 0 - description: Number of workers for Cinder service. - type: number controllerExtraConfig: default: {} description: | @@ -270,11 +222,6 @@ parameters: SaharaApiVirtualIP: type: string default: '' - SaharaPassword: - default: unset - description: The password for the sahara service account, used by sahara-api. - type: string - hidden: true MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -521,8 +468,8 @@ parameters: description: Set rabbit subscriber port, change this if using SSL type: number RedisPassword: + description: The password for Redis type: string - description: The password to access the Redis service hidden: true RedisVirtualIP: type: string @@ -560,11 +507,6 @@ parameters: default: true description: Whether to manage Swift rings or not type: boolean - SwiftPassword: - description: The password for the swift service account, used by the swift proxy - services. - hidden: true - type: string SwiftProxyVirtualIP: type: string default: '' @@ -572,10 +514,6 @@ parameters: type: number default: 3 description: How many replicas to use in the swift rings. - SwiftWorkers: - default: 0 - description: Number of workers for Swift service. - type: number TimeZone: default: 'UTC' description: The timezone to be set on controller nodes. @@ -821,10 +759,8 @@ resources: input_values: bootstack_nodeid: {get_attr: [Controller, name]} ceilometer_workers: {get_param: CeilometerWorkers} - cinder_workers: {get_param: CinderWorkers} nova_workers: {get_param: NovaWorkers} neutron_workers: {get_param: NeutronWorkers} - swift_workers: {get_param: SwiftWorkers} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} haproxy_log_address: {get_param: HAProxySyslogAddress} @@ -836,29 +772,6 @@ resources: admin_password: {get_param: AdminPassword} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} debug: {get_param: Debug} - cinder_enable_db_purge: {get_param: CinderEnableDBPurge} - cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} - cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} - cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} - cinder_nfs_servers: - str_replace: - template: SERVERS - params: - SERVERS: {get_param: CinderNfsServers} - cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} - cinder_password: {get_param: CinderPassword} - cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} - cinder_backend_config: {get_param: CinderBackendConfig} - cinder_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://cinder:' - - {get_param: CinderPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/cinder' cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]} cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]} cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} @@ -1059,33 +972,13 @@ resources: control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_password: {get_param: SwiftPassword} swift_part_power: {get_param: SwiftPartPower} swift_ring_build: {get_param: SwiftRingBuild} swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} - swift_public_url: {get_param: [EndpointMap, SwiftPublic, uri]} - swift_internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} - swift_admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} - swift_public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} - swift_internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} - swift_admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - sahara_password: {get_param: SaharaPassword} - sahara_public_url: {get_param: [EndpointMap, SaharaPublic, uri]} - sahara_internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} - sahara_admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} - sahara_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://sahara:' - - {get_param: SaharaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/sahara' swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} cinder_iscsi_network: @@ -1117,7 +1010,6 @@ resources: SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} - redis_password: {get_param: RedisPassword} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} @@ -1203,50 +1095,19 @@ resources: tripleo::fencing::config: {get_input: fencing_config} # Swift + # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network} - swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri} - swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri} swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} - swift::swift_hash_suffix: {get_input: swift_hash_suffix} - swift::proxy::authtoken::admin_password: {get_input: swift_password} - swift::proxy::workers: {get_input: swift_workers} + swift::swift_hash_path_suffix: {get_input: swift_hash_suffix} tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: {get_input: swift_part_power} tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} - swift::keystone::auth::public_url: {get_input: swift_public_url } - swift::keystone::auth::internal_url: {get_input: swift_internal_url } - swift::keystone::auth::admin_url: {get_input: swift_admin_url } - swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 } - swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 } - swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 } - swift::keystone::auth::password: {get_input: swift_password } - swift::keystone::auth::region: {get_input: keystone_region} # Cinder - cinder_enable_db_purge: {get_input: cinder_enable_db_purge} - cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} - cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend} - cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options} - cinder_nfs_servers: {get_input: cinder_nfs_servers} - cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} - cinder_iscsi_helper: {get_input: cinder_iscsi_helper} - cinder_iscsi_ip_address: {get_input: cinder_iscsi_network} - cinder::database_connection: {get_input: cinder_dsn} - cinder::api::keystone_password: {get_input: cinder_password} - cinder::api::auth_uri: {get_input: keystone_auth_uri} - cinder::api::identity_uri: {get_input: keystone_identity_uri} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network} cinder::api::bind_host: {get_input: cinder_api_network} - cinder::rabbit_userid: {get_input: rabbit_username} - cinder::rabbit_password: {get_input: rabbit_password} - cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - cinder::rabbit_port: {get_input: rabbit_client_port} - cinder::debug: {get_input: debug} - cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} - cinder::glance::glance_api_servers: {get_input: glance_api_servers} - cinder_backend_config: {get_input: CinderBackendConfig} - cinder::db::mysql::password: {get_input: cinder_password} cinder::keystone::auth::public_url: {get_input: cinder_public_url } cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } @@ -1292,7 +1153,7 @@ resources: # Neutron neutron::bind_host: {get_input: neutron_api_network} neutron::server::auth_uri: {get_input: keystone_auth_uri} - neutron::server::identity_uri: {get_input: keystone_identity_uri} + neutron::server::auth_url: {get_input: keystone_identity_uri} neutron::server::database_connection: {get_input: neutron_dsn} neutron::server::api_workers: {get_input: neutron_workers} neutron::network_device_mtu: {get_input: neutron_tenant_mtu} @@ -1322,7 +1183,7 @@ resources: neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types} neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types} neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions} - neutron::server::auth_password: {get_input: neutron_password} + neutron::server::password: {get_input: neutron_password} neutron_dsn: {get_input: neutron_dsn} neutron::db::mysql::password: {get_input: neutron_password} neutron::keystone::auth::public_url: {get_input: neutron_public_url } @@ -1330,7 +1191,6 @@ resources: neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } neutron::keystone::auth::password: {get_input: neutron_password } neutron::keystone::auth::region: {get_input: keystone_region} - neutron::server::notifications::nova_url: {get_input: nova_internal_url} neutron::server::notifications::auth_url: {get_input: neutron_auth_url} neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' @@ -1339,7 +1199,7 @@ resources: # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} ceilometer_mysql_conn_string: {get_input: ceilometer_dsn} - ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} ceilometer::rabbit_userid: {get_input: rabbit_username} ceilometer::rabbit_password: {get_input: rabbit_password} ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} @@ -1347,8 +1207,8 @@ resources: ceilometer::debug: {get_input: debug} ceilometer::api::host: {get_input: ceilometer_api_network} ceilometer::api::keystone_password: {get_input: ceilometer_password} - ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} - ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} + ceilometer::api::auth_uri: {get_input: keystone_auth_uri} + ceilometer::api::identity_uri: {get_input: keystone_identity_uri} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} @@ -1412,12 +1272,7 @@ resources: gnocchi::keystone::auth::region: {get_input: keystone_region} # Nova - nova::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - nova::rabbit_port: {get_input: rabbit_client_port} nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} - nova::debug: {get_input: debug} nova::use_ipv6: {get_input: nova_ipv6} nova::api::auth_uri: {get_input: keystone_auth_uri} nova::api::identity_uri: {get_input: keystone_identity_uri} @@ -1454,41 +1309,11 @@ resources: horizon::bind_address: {get_input: horizon_network} horizon::keystone_url: {get_input: keystone_auth_uri} - # Sahara - sahara::host: {get_input: sahara_api_network} - sahara::plugins: - - cdh - - hdp - - mapr - - vanilla - - spark - - storm - sahara::admin_password: {get_input: sahara_password} - sahara::auth_uri: {get_input: keystone_auth_uri} - sahara::admin_user: sahara - sahara::identity_uri: {get_input: keystone_identity_uri} - sahara::use_neutron: true - sahara::database_connection: {get_input: sahara_dsn} - sahara::debug: {get_input: debug} - sahara::rpc_backend: rabbit - sahara::rabbit_userid: {get_input: rabbit_username} - sahara::rabbit_password: {get_input: rabbit_password} - sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - sahara::rabbit_port: {get_input: rabbit_client_port} - sahara::db::mysql::password: {get_input: sahara_password} - sahara::keystone::auth::public_url: {get_input: sahara_public_url } - sahara::keystone::auth::internal_url: {get_input: sahara_internal_url } - sahara::keystone::auth::admin_url: {get_input: sahara_admin_url } - sahara::keystone::auth::password: {get_input: sahara_password } - sahara::keystone::auth::region: {get_input: keystone_region} # RabbitMQ rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} # Redis redis::bind: {get_input: redis_network} - redis::requirepass: {get_input: redis_password} - redis::masterauth: {get_input: redis_password} - redis::sentinel_auth_pass: {get_input: redis_password} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} @@ -1501,13 +1326,15 @@ resources: timezone::timezone: {get_input: timezone} control_virtual_interface: {get_input: control_virtual_interface} public_virtual_interface: {get_input: public_virtual_interface} - tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} - tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::loadbalancer::haproxy_stats_user: {get_input: haproxy_stats_user} - tripleo::loadbalancer::haproxy_stats_password: {get_input: haproxy_stats_password} - tripleo::loadbalancer::redis_password: {get_input: redis_password} + tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface} + tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface} + tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface} + tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface} + tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address} + tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user} + tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password} + tripleo::haproxy::redis_password: {get_input: redis_password} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml index 26ce7138..3e455347 100644 --- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml +++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml @@ -85,7 +85,7 @@ resources: tripleo::cluster::cassandra::ssl_storage_port: {get_param: CassandraSslStoragePort} tripleo::cluster::cassandra::client_port: {get_param: CassandraClientPort} tripleo::cluster::cassandra::client_port_thrift: {get_param: CassandraClientPortThrift} - tripleo::loadbalancer::midonet_api: true + tripleo::haproxy::midonet_api: true # Missed Neutron Puppet data neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.MidonetInterfaceDriver' neutron::agents::dhcp::dhcp_driver: 'midonet.neutron.agent.midonet_driver.DhcpNoOpDriver' diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 308c609a..7d4dc15b 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -83,7 +83,7 @@ resources: GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} - cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} @@ -101,7 +101,7 @@ resources: - 'client' - {get_param: CephClientUserName} - 'keyring' - ceph_client_user_name: {get_param: CephClientUserName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml index 9b6981bb..9423208e 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml @@ -51,7 +51,7 @@ resources: datafiles: cinder_dellsc_data: mapped_data: - cinder_enable_dellsc_backend: {get_input: EnableDellScBackend} + tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_input: EnableDellScBackend} cinder::backend::dellsc_iscsi::volume_backend_name: {get_input: DellScBackendName} cinder::backend::dellsc_iscsi::san_ip: {get_input: DellScSanIp} cinder::backend::dellsc_iscsi::san_login: {get_input: DellScSanLogin} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml index 36db334e..c7af6f22 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml @@ -50,7 +50,7 @@ resources: datafiles: cinder_eqlx_data: mapped_data: - cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend} + tripleo::profile::base::cinder::volume::cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend} cinder::backend::eqlx::volume_backend_name: {get_input: EqlxBackendName} cinder::backend::eqlx::san_ip: {get_input: EqlxSanIp} cinder::backend::eqlx::san_login: {get_input: EqlxSanLogin} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml index ab442f2b..6ff90881 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml @@ -87,7 +87,7 @@ resources: datafiles: cinder_netapp_data: mapped_data: - cinder_enable_netapp_backend: {get_input: EnableNetappBackend} + tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend} cinder::backend::netapp::title: {get_input: NetappBackendName} cinder::backend::netapp::netapp_login: {get_input: NetappLogin} cinder::backend::netapp::netapp_password: {get_input: NetappPassword} diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index 1e480e60..b29b91cf 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -1,4 +1,3 @@ -ceph::profile::params::osd_journal_size: 1024 ceph::profile::params::osd_pool_default_pg_num: 32 ceph::profile::params::osd_pool_default_pgp_num: 32 ceph::profile::params::osd_pool_default_size: 3 diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 34965959..65cf9577 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -17,6 +17,7 @@ nova::network::neutron::neutron_username: 'neutron' nova::network::neutron::dhcp_domain: '' neutron::allow_overlapping_ips: true +neutron::server::project_name: 'service' kernel_modules: nf_conntrack: {} diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 1e888f39..5a46fc2b 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -1,5 +1,6 @@ # Hiera data here applies to all compute nodes +nova::host: "%{::fqdn}" nova::notify_on_state_change: 'vm_and_task_state' nova::notification_driver: messagingv2 nova::compute::enabled: true @@ -22,4 +23,6 @@ nova::compute::reserved_host_memory: 2048 ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' +neutron::host: "%{::fqdn}" + compute_classes: [] diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 321ae804..3ad0748e 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,7 +1,6 @@ # Hiera data here applies to all controller nodes nova::api::enabled: true -nova::conductor::enabled: true nova::consoleauth::enabled: true nova::vncproxy::enabled: true nova::scheduler::enabled: true @@ -31,6 +30,7 @@ rabbitmq_kernel_variables: rabbitmq_config_variables: tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' cluster_partition_handling: 'pause_minority' + loopback_users: '[]' mongodb::server::replset: tripleo mongodb::server::journal: false @@ -114,6 +114,7 @@ neutron::server::sync_db: true nova::notify_on_state_change: 'vm_and_task_state' nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true +nova::api::enable_proxy_headers_parsing: true nova::scheduler::filter::ram_allocation_ratio: '1.0' nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' @@ -126,7 +127,6 @@ ceilometer::agent::auth::auth_endpoint_type: 'internalURL' cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler cinder::cron::db_purge::destination: '/dev/null' cinder::host: hostgroup -cinder_user_enabled_backends: [] # TODO(jaosorior): Move to cinder profile once cinder is moved as a composable # service. @@ -143,6 +143,7 @@ heat::cron::purge_deleted::destination: '/dev/null' heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' +heat::auth_plugin: 'password' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' @@ -163,26 +164,26 @@ horizon::vhost_extra_params: mysql::server::manage_config_file: true -tripleo::loadbalancer::keystone_admin: true -tripleo::loadbalancer::keystone_public: true -tripleo::loadbalancer::neutron: true -tripleo::loadbalancer::cinder: true -tripleo::loadbalancer::glance_api: true -tripleo::loadbalancer::glance_registry: true -tripleo::loadbalancer::nova_osapi: true -tripleo::loadbalancer::nova_metadata: true -tripleo::loadbalancer::nova_novncproxy: true -tripleo::loadbalancer::mysql: true -tripleo::loadbalancer::redis: true -tripleo::loadbalancer::sahara: true -tripleo::loadbalancer::swift_proxy_server: true -tripleo::loadbalancer::ceilometer: true -tripleo::loadbalancer::aodh: true -tripleo::loadbalancer::gnocchi: true -tripleo::loadbalancer::heat_api: true -tripleo::loadbalancer::heat_cloudwatch: true -tripleo::loadbalancer::heat_cfn: true -tripleo::loadbalancer::horizon: true +tripleo::haproxy::keystone_admin: true +tripleo::haproxy::keystone_public: true +tripleo::haproxy::neutron: true +tripleo::haproxy::cinder: true +tripleo::haproxy::glance_api: true +tripleo::haproxy::glance_registry: true +tripleo::haproxy::nova_osapi: true +tripleo::haproxy::nova_metadata: true +tripleo::haproxy::nova_novncproxy: true +tripleo::haproxy::mysql: true +tripleo::haproxy::redis: true +tripleo::haproxy::sahara: true +tripleo::haproxy::swift_proxy_server: true +tripleo::haproxy::ceilometer: true +tripleo::haproxy::aodh: true +tripleo::haproxy::gnocchi: true +tripleo::haproxy::heat_api: true +tripleo::haproxy::heat_cloudwatch: true +tripleo::haproxy::heat_cfn: true +tripleo::haproxy::horizon: true controller_classes: [] # firewall diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 6ff74e12..6a6f54e0 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -70,7 +70,7 @@ if hiera('step') >= 4 { include ::ceph::profile::client $client_keys = hiera('ceph::profile::params::client_keys') - $client_user = join(['client.', hiera('ceph_client_user_name')]) + $client_user = join(['client.', hiera('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name')]) class { '::nova::compute::rbd': libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], } @@ -108,13 +108,6 @@ if hiera('step') >= 4 { nova_config { 'DEFAULT/my_ip': value => $ipaddress; 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; - 'DEFAULT/host': value => $fqdn; - # TUNNELLED mode provides a security enhancement when using shared storage but is not - # supported when not using shared storage. - # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 - # In future versions of QEMU (2.6, mostly), Dan's native encryption - # work will obsolete the need to use TUNNELLED transport mode. - 'libvirt/live_migration_tunnelled': value => $rbd_ephemeral_storage; } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { @@ -204,10 +197,6 @@ if hiera('step') >= 4 { } } - neutron_config { - 'DEFAULT/host': value => $fqdn; - } - include ::ceilometer include ::ceilometer::config include ::ceilometer::agent::compute diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 536c680f..87776ea9 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -61,25 +61,6 @@ if hiera('step') >= 2 { } } - # Redis - $redis_node_ips = hiera('redis_node_ips') - $redis_master_hostname = downcase(hiera('bootstrap_nodeid')) - - if $redis_master_hostname == $::hostname { - $slaveof = undef - } else { - $slaveof = "${redis_master_hostname} 6379" - } - class {'::redis' : - slaveof => $slaveof, - } - - if count($redis_node_ips) > 1 { - Class['::tripleo::redis_notification'] -> Service['redis-sentinel'] - include ::redis::sentinel - include ::tripleo::redis_notification - } - if str2bool(hiera('enable_galera', true)) { $mysql_config_file = '/etc/my.cnf.d/galera.cnf' } else { @@ -107,8 +88,6 @@ if hiera('step') >= 2 { include ::nova::db::mysql include ::nova::db::mysql_api include ::neutron::db::mysql - include ::cinder::db::mysql - include ::sahara::db::mysql if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { include ::gnocchi::db::mysql } @@ -117,9 +96,6 @@ if hiera('step') >= 2 { include ::aodh::db::mysql } - # pre-install swift here so we can build rings - include ::swift - $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) if $enable_ceph { @@ -185,8 +161,6 @@ if hiera('step') >= 4 { } include ::nova::config include ::nova::api - include ::nova::cert - include ::nova::conductor include ::nova::consoleauth include ::nova::network::neutron include ::nova::vncproxy @@ -225,8 +199,8 @@ if hiera('step') >= 4 { class {'::tripleo::network::midonet::api': zookeeper_servers => $zookeeper_node_ips, - vip => hiera('tripleo::loadbalancer::public_virtual_ip'), - keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), + vip => hiera('public_virtual_ip'), + keystone_ip => hiera('public_virtual_ip'), keystone_admin_token => hiera('keystone::admin_token'), # TODO: create a 'bind' hiera key for api bind_address => hiera('neutron::bind_host'), @@ -271,9 +245,9 @@ if hiera('step') >= 4 { if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { class {'::neutron::plugins::midonet': - midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), + midonet_api_ip => hiera('public_virtual_ip'), keystone_tenant => hiera('neutron::server::auth_tenant'), - keystone_password => hiera('neutron::server::auth_password') + keystone_password => hiera('neutron::server::password') } } else { @@ -313,155 +287,15 @@ if hiera('step') >= 4 { Service['neutron-server'] -> Service['neutron-metadata'] } - include ::cinder - include ::cinder::config - include ::cinder::api - include ::cinder::glance - include ::cinder::scheduler - include ::cinder::volume - include ::cinder::ceilometer - class { '::cinder::setup_test_volume': - size => join([hiera('cinder_lvm_loop_device_size'), 'M']), - } - - $cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) - if $cinder_enable_iscsi { - $cinder_iscsi_backend = 'tripleo_iscsi' - - cinder::backend::iscsi { $cinder_iscsi_backend : - iscsi_ip_address => hiera('cinder_iscsi_ip_address'), - iscsi_helper => hiera('cinder_iscsi_helper'), - } - } - if $enable_ceph { - $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), size => hiera('ceph::profile::params::osd_pool_default_size'), } - - $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] - - } else { - $cinder_pool_requires = [] } - if hiera('cinder_enable_rbd_backend', false) { - $cinder_rbd_backend = 'tripleo_ceph' - - cinder::backend::rbd { $cinder_rbd_backend : - backend_host => hiera('cinder::host'), - rbd_pool => hiera('cinder_rbd_pool_name'), - rbd_user => hiera('ceph_client_user_name'), - rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => $cinder_pool_requires, - } - } - - if hiera('cinder_enable_eqlx_backend', false) { - $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - - cinder::backend::eqlx { $cinder_eqlx_backend : - volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), - san_ip => hiera('cinder::backend::eqlx::san_ip', undef), - san_login => hiera('cinder::backend::eqlx::san_login', undef), - san_password => hiera('cinder::backend::eqlx::san_password', undef), - san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), - eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), - eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), - eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), - eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), - } - } - - if hiera('cinder_enable_dellsc_backend', false) { - $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : - volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), - san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), - san_login => hiera('cinder::backend::dellsc_iscsi::san_login', undef), - san_password => hiera('cinder::backend::dellsc_iscsi::san_password', undef), - dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), - iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), - iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), - dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), - dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), - } - } - - if hiera('cinder_enable_netapp_backend', false) { - $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - - if hiera('cinder::backend::netapp::nfs_shares', undef) { - $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') - } - - cinder::backend::netapp { $cinder_netapp_backend : - netapp_login => hiera('cinder::backend::netapp::netapp_login', undef), - netapp_password => hiera('cinder::backend::netapp::netapp_password', undef), - netapp_server_hostname => hiera('cinder::backend::netapp::netapp_server_hostname', undef), - netapp_server_port => hiera('cinder::backend::netapp::netapp_server_port', undef), - netapp_size_multiplier => hiera('cinder::backend::netapp::netapp_size_multiplier', undef), - netapp_storage_family => hiera('cinder::backend::netapp::netapp_storage_family', undef), - netapp_storage_protocol => hiera('cinder::backend::netapp::netapp_storage_protocol', undef), - netapp_transport_type => hiera('cinder::backend::netapp::netapp_transport_type', undef), - netapp_vfiler => hiera('cinder::backend::netapp::netapp_vfiler', undef), - netapp_volume_list => hiera('cinder::backend::netapp::netapp_volume_list', undef), - netapp_vserver => hiera('cinder::backend::netapp::netapp_vserver', undef), - netapp_partner_backend_name => hiera('cinder::backend::netapp::netapp_partner_backend_name', undef), - nfs_shares => $cinder_netapp_nfs_shares, - nfs_shares_config => hiera('cinder::backend::netapp::nfs_shares_config', undef), - netapp_copyoffload_tool_path => hiera('cinder::backend::netapp::netapp_copyoffload_tool_path', undef), - netapp_controller_ips => hiera('cinder::backend::netapp::netapp_controller_ips', undef), - netapp_sa_password => hiera('cinder::backend::netapp::netapp_sa_password', undef), - netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef), - netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef), - netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef), - } - } - - if hiera('cinder_enable_nfs_backend', false) { - $cinder_nfs_backend = 'tripleo_nfs' - - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] - } - - package {'nfs-utils': } -> - cinder::backend::nfs { $cinder_nfs_backend : - nfs_servers => hiera('cinder_nfs_servers'), - nfs_mount_options => hiera('cinder_nfs_mount_options',''), - nfs_shares_config => '/etc/cinder/shares-nfs.conf', - } - } - - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) - class { '::cinder::backends' : - enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), - } - - # swift proxy - include ::swift::proxy - include ::swift::proxy::proxy_logging - include ::swift::proxy::healthcheck - include ::swift::proxy::cache - include ::swift::proxy::keystone - include ::swift::proxy::authtoken - include ::swift::proxy::staticweb - include ::swift::proxy::ratelimit - include ::swift::proxy::catch_errors - include ::swift::proxy::tempurl - include ::swift::proxy::formpost - # swift storage if str2bool(hiera('enable_swift_storage', true)) { class { '::swift::storage::all': @@ -520,11 +354,6 @@ if hiera('step') >= 4 { include ::aodh::listener include ::aodh::client - # Sahara - include ::sahara - include ::sahara::service::api - include ::sahara::service::engine - # Horizon include ::apache::mod::remoteip if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { @@ -582,14 +411,10 @@ if hiera('step') >= 4 { if hiera('step') >= 5 { $nova_enable_db_purge = hiera('nova_enable_db_purge', true) - $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } - if $cinder_enable_db_purge { - include ::cinder::cron::db_purge - } } #END STEP 5 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 30345694..f5f5f73d 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -21,12 +21,10 @@ Pcmk_resource <| |> { # TODO(jistr): use pcs resource provider instead of just no-ops Service <| tag == 'aodh-service' or - tag == 'cinder-service' or tag == 'ceilometer-service' or tag == 'gnocchi-service' or tag == 'neutron-service' or - tag == 'nova-service' or - tag == 'sahara-service' + tag == 'nova-service' |> { hasrestart => true, restart => '/bin/true', @@ -109,12 +107,6 @@ if hiera('step') >= 1 { } } - # Redis - class { '::redis' : - service_manage => false, - notify_service => false, - } - # Galera if str2bool(hiera('enable_galera', true)) { $mysql_config_file = '/etc/my.cnf.d/galera.cnf' @@ -227,15 +219,6 @@ if hiera('step') >= 2 { require => Class['::mysql::server'], before => Exec['galera-ready'], } - - pacemaker::resource::ocf { 'redis': - ocf_agent_name => 'heartbeat:redis', - master_params => '', - meta_params => 'notify=true ordered=true interleave=true', - resource_params => 'wait_last_known_master=true', - require => Class['::redis'], - } - } $mysql_root_password = hiera('mysql::server::root_password') $mysql_clustercheck_password = hiera('mysql_clustercheck_password') @@ -298,9 +281,6 @@ if hiera('step') >= 2 { class { '::neutron::db::mysql': require => Exec['galera-ready'], } - class { '::cinder::db::mysql': - require => Exec['galera-ready'], - } if downcase(hiera('ceilometer_backend')) == 'mysql' { class { '::ceilometer::db::mysql': @@ -313,14 +293,8 @@ if hiera('step') >= 2 { require => Exec['galera-ready'], } } - class { '::sahara::db::mysql': - require => Exec['galera-ready'], - } } - # pre-install swift here so we can build rings - include ::swift - # Ceph $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) @@ -406,14 +380,6 @@ MYSQL_HOST=localhost\n", manage_service => false, enabled => false, } - class { '::nova::cert' : - manage_service => false, - enabled => false, - } - class { '::nova::conductor' : - manage_service => false, - enabled => false, - } class { '::nova::consoleauth' : manage_service => false, enabled => false, @@ -461,8 +427,8 @@ MYSQL_HOST=localhost\n", class {'::tripleo::network::midonet::api': zookeeper_servers => $zookeeper_node_ips, - vip => hiera('tripleo::loadbalancer::public_virtual_ip'), - keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), + vip => hiera('public_virtual_ip'), + keystone_ip => hiera('public_virtual_ip'), keystone_admin_token => hiera('keystone::admin_token'), # TODO: create a 'bind' hiera key for api bind_address => hiera('neutron::bind_host'), @@ -495,9 +461,9 @@ MYSQL_HOST=localhost\n", } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { class {'::neutron::plugins::midonet': - midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), + midonet_api_ip => hiera('public_virtual_ip'), keystone_tenant => hiera('neutron::server::auth_tenant'), - keystone_password => hiera('neutron::server::auth_password') + keystone_password => hiera('neutron::server::password') } } if hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { @@ -540,179 +506,14 @@ MYSQL_HOST=localhost\n", include ::neutron::agents::bigswitch } - include ::cinder - include ::cinder::config - class { '::cinder::api': - sync_db => $sync_db, - manage_service => false, - enabled => false, - } - class { '::cinder::scheduler' : - manage_service => false, - enabled => false, - } - class { '::cinder::volume' : - manage_service => false, - enabled => false, - } - include ::cinder::glance - include ::cinder::ceilometer - class { '::cinder::setup_test_volume': - size => join([hiera('cinder_lvm_loop_device_size'), 'M']), - } - - $cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) - if $cinder_enable_iscsi { - $cinder_iscsi_backend = 'tripleo_iscsi' - - cinder::backend::iscsi { $cinder_iscsi_backend : - iscsi_ip_address => hiera('cinder_iscsi_ip_address'), - iscsi_helper => hiera('cinder_iscsi_helper'), - } - } - if $enable_ceph { - $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), size => hiera('ceph::profile::params::osd_pool_default_size'), } - - $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] - - } else { - $cinder_pool_requires = [] - } - - if hiera('cinder_enable_rbd_backend', false) { - $cinder_rbd_backend = 'tripleo_ceph' - - cinder::backend::rbd { $cinder_rbd_backend : - backend_host => hiera('cinder::host'), - rbd_pool => hiera('cinder_rbd_pool_name'), - rbd_user => hiera('ceph_client_user_name'), - rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => $cinder_pool_requires, - } - } - - if hiera('cinder_enable_eqlx_backend', false) { - $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - - cinder::backend::eqlx { $cinder_eqlx_backend : - volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), - san_ip => hiera('cinder::backend::eqlx::san_ip', undef), - san_login => hiera('cinder::backend::eqlx::san_login', undef), - san_password => hiera('cinder::backend::eqlx::san_password', undef), - san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), - eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), - eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), - eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), - eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), - } - } - - if hiera('cinder_enable_dellsc_backend', false) { - $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : - volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), - san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), - san_login => hiera('cinder::backend::dellsc_iscsi::san_login', undef), - san_password => hiera('cinder::backend::dellsc_iscsi::san_password', undef), - dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), - iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), - iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), - dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), - dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), - } - } - - if hiera('cinder_enable_netapp_backend', false) { - $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - - if hiera('cinder::backend::netapp::nfs_shares', undef) { - $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') - } - - cinder::backend::netapp { $cinder_netapp_backend : - netapp_login => hiera('cinder::backend::netapp::netapp_login', undef), - netapp_password => hiera('cinder::backend::netapp::netapp_password', undef), - netapp_server_hostname => hiera('cinder::backend::netapp::netapp_server_hostname', undef), - netapp_server_port => hiera('cinder::backend::netapp::netapp_server_port', undef), - netapp_size_multiplier => hiera('cinder::backend::netapp::netapp_size_multiplier', undef), - netapp_storage_family => hiera('cinder::backend::netapp::netapp_storage_family', undef), - netapp_storage_protocol => hiera('cinder::backend::netapp::netapp_storage_protocol', undef), - netapp_transport_type => hiera('cinder::backend::netapp::netapp_transport_type', undef), - netapp_vfiler => hiera('cinder::backend::netapp::netapp_vfiler', undef), - netapp_volume_list => hiera('cinder::backend::netapp::netapp_volume_list', undef), - netapp_vserver => hiera('cinder::backend::netapp::netapp_vserver', undef), - netapp_partner_backend_name => hiera('cinder::backend::netapp::netapp_partner_backend_name', undef), - nfs_shares => $cinder_netapp_nfs_shares, - nfs_shares_config => hiera('cinder::backend::netapp::nfs_shares_config', undef), - netapp_copyoffload_tool_path => hiera('cinder::backend::netapp::netapp_copyoffload_tool_path', undef), - netapp_controller_ips => hiera('cinder::backend::netapp::netapp_controller_ips', undef), - netapp_sa_password => hiera('cinder::backend::netapp::netapp_sa_password', undef), - netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef), - netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef), - netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef), - } - } - - if hiera('cinder_enable_nfs_backend', false) { - $cinder_nfs_backend = 'tripleo_nfs' - - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] - } - - package { 'nfs-utils': } -> - cinder::backend::nfs { $cinder_nfs_backend: - nfs_servers => hiera('cinder_nfs_servers'), - nfs_mount_options => hiera('cinder_nfs_mount_options',''), - nfs_shares_config => '/etc/cinder/shares-nfs.conf', - } - } - - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) - class { '::cinder::backends' : - enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), - } - - class { '::sahara': - sync_db => $sync_db, - } - class { '::sahara::service::api': - manage_service => false, - enabled => false, - } - class { '::sahara::service::engine': - manage_service => false, - enabled => false, - } - - # swift proxy - class { '::swift::proxy' : - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, } - include ::swift::proxy::proxy_logging - include ::swift::proxy::healthcheck - include ::swift::proxy::cache - include ::swift::proxy::keystone - include ::swift::proxy::authtoken - include ::swift::proxy::staticweb - include ::swift::proxy::ratelimit - include ::swift::proxy::catch_errors - include ::swift::proxy::tempurl - include ::swift::proxy::formpost # swift storage if str2bool(hiera('enable_swift_storage', true)) { @@ -908,14 +709,10 @@ password=\"${mysql_root_password}\"", } $nova_enable_db_purge = hiera('nova_enable_db_purge', true) - $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } - if $cinder_enable_db_purge { - include ::cinder::cron::db_purge - } if $pacemaker_master { @@ -938,85 +735,6 @@ password=\"${mysql_root_password}\"", Pacemaker::Resource::Ocf['openstack-core']], } - # Cinder - pacemaker::resource::service { $::cinder::params::api_service : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::cinder::params::scheduler_service : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::cinder::params::volume_service : } - - pacemaker::constraint::base { 'keystone-then-cinder-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::cinder::params::api_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::cinder::params::api_service]], - } - pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint': - constraint_type => 'order', - first_resource => "${::cinder::params::api_service}-clone", - second_resource => "${::cinder::params::scheduler_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], - } - pacemaker::constraint::colocation { 'cinder-scheduler-with-cinder-api-colocation': - source => "${::cinder::params::scheduler_service}-clone", - target => "${::cinder::params::api_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], - } - pacemaker::constraint::base { 'cinder-scheduler-then-cinder-volume-constraint': - constraint_type => 'order', - first_resource => "${::cinder::params::scheduler_service}-clone", - second_resource => $::cinder::params::volume_service, - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], - } - pacemaker::constraint::colocation { 'cinder-volume-with-cinder-scheduler-colocation': - source => $::cinder::params::volume_service, - target => "${::cinder::params::scheduler_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], - } - - # Sahara - pacemaker::resource::service { $::sahara::params::api_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::sahara::params::engine_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'keystone-then-sahara-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::sahara::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint': - constraint_type => 'order', - first_resource => "${::sahara::params::api_service_name}-clone", - second_resource => "${::sahara::params::engine_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], - Pacemaker::Resource::Service[$::sahara::params::engine_service_name]], - } - if hiera('neutron::enable_ovs_agent', true) { pacemaker::resource::service { $::neutron::params::ovs_agent_service: clone_params => 'interleave=true', @@ -1113,9 +831,6 @@ password=\"${mysql_root_password}\"", pacemaker::resource::service { $::nova::params::api_service_name : clone_params => 'interleave=true', } - pacemaker::resource::service { $::nova::params::conductor_service_name : - clone_params => 'interleave=true', - } pacemaker::resource::service { $::nova::params::consoleauth_service_name : clone_params => 'interleave=true', require => Pacemaker::Resource::Ocf['openstack-core'], diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index ae074589..3585c993 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -16,42 +16,46 @@ include ::tripleo::packages include ::tripleo::firewall -create_resources(kmod::load, hiera('kernel_modules'), {}) -create_resources(sysctl::value, hiera('sysctl_settings'), {}) -Exec <| tag == 'kmod::load' |> -> Sysctl <| |> +if hiera('step') >= 1 { + create_resources(kmod::load, hiera('kernel_modules'), {}) + create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - -include ::timezone + include ::timezone -include ::swift -class { '::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), -} -if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], + if count(hiera('ntp::servers')) > 0 { + include ::ntp } } -$swift_components = ['account', 'container', 'object'] -swift::storage::filter::recon { $swift_components : } -swift::storage::filter::healthcheck { $swift_components : } +if hiera('step') >= 4 { + class { '::swift::storage::all': + mount_check => str2bool(hiera('swift_mount_check')), + } + if(!defined(File['/srv/node'])) { + file { '/srv/node': + ensure => directory, + owner => 'swift', + group => 'swift', + require => Package['openstack-swift'], + } + } + + $swift_components = ['account', 'container', 'object'] + swift::storage::filter::recon { $swift_components : } + swift::storage::filter::healthcheck { $swift_components : } -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + $snmpd_user = hiera('snmpd_readonly_user_name') + snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), + } + class { '::snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + } + + hiera_include('object_classes') } -hiera_include('object_classes') package_manifest{'/var/lib/tripleo/installed-packages/overcloud_object': ensure => present} diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp index a623da29..2411ff84 100644 --- a/puppet/manifests/ringbuilder.pp +++ b/puppet/manifests/ringbuilder.pp @@ -89,6 +89,11 @@ class tripleo::ringbuilder ( } } +if hiera('step') >= 2 { + # pre-install swift here so we can build rings + include ::swift +} + if hiera('step') >= 3 { include ::tripleo::ringbuilder } diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 38d2ac64..15c8c1f1 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -48,3 +48,7 @@ are re-asserted when applying latter ones. 5) Service activation (Pacemaker) 6) Fencing (Pacemaker) + +Note: Not all roles currently support all steps: + + * ObjectStorage role only supports steps 2, 3 and 4 diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml new file mode 100644 index 00000000..c53bef6f --- /dev/null +++ b/puppet/services/cinder-api.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder API service configured with Puppet + +parameters: + CinderEnableDBPurge: + default: true + description: | + Whether to create cron job for purging soft deleted rows in Cinder database. + type: boolean + CinderPassword: + description: The password for the cinder service account, used by cinder-api. + type: string + hidden: true + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder API role. + value: + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - cinder::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + cinder::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + cinder::api::keystone_password: {get_param: CinderPassword} + cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge} + step_config: | + include ::tripleo::profile::base::cinder::api diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml new file mode 100644 index 00000000..85682448 --- /dev/null +++ b/puppet/services/cinder-base.yaml @@ -0,0 +1,58 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder base service. Shared by all Cinder services. + +parameters: + CinderPassword: + description: The password for the cinder service account, used by cinder-api. + type: string + hidden: true + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + +outputs: + role_data: + description: Role data for the Cinder base service. + value: + config_settings: + cinder::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://cinder:' + - {get_param: CinderPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/cinder' + cinder::db::mysql::password: {get_param: CinderPassword} + cinder::debug: {get_param: Debug} + cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + cinder::rabbit_userid: {get_param: RabbitUserName} + cinder::rabbit_password: {get_param: RabbitPassword} + cinder::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml new file mode 100644 index 00000000..6bdf86bc --- /dev/null +++ b/puppet/services/cinder-scheduler.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Scheduler service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Scheduler role. + value: + config_settings: + get_attr: [CinderBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::cinder::scheduler diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml new file mode 100644 index 00000000..d28f40e6 --- /dev/null +++ b/puppet/services/cinder-volume.yaml @@ -0,0 +1,71 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Volume service configured with Puppet + +parameters: + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + CinderISCSIHelper: + default: lioadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 10280 + description: The size of the loopback file used by the cinder LVM driver. + type: number + CinderNfsMountOptions: + default: '' + description: > + Mount options for NFS mounts used by Cinder NFS backend. Effective + when CinderEnableNfsBackend is true. + type: string + CinderNfsServers: + default: '' + description: > + NFS servers used by Cinder NFS backend. Effective when + CinderEnableNfsBackend is true. + type: comma_delimited_list + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - tripleo::profile::base::cinder::volume::cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} + tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} + tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: + str_replace: + template: SERVERS + params: + SERVERS: {get_param: CinderNfsServers} + tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml new file mode 100644 index 00000000..77b3c9f0 --- /dev/null +++ b/puppet/services/database/redis-base.yaml @@ -0,0 +1,21 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Redis service configured with Puppet + +parameters: + RedisPassword: + description: The password for Redis + type: string + hidden: true + +outputs: + role_data: + description: Role data for the redis role. + value: + config_settings: + redis::requirepass: {get_param: RedisPassword} + redis::masterauth: {get_param: RedisPassword} + redis::sentinel_auth_pass: {get_param: RedisPassword} + tripleo::loadbalancer::redis_password: {get_param: RedisPassword} + diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml new file mode 100644 index 00000000..2669592a --- /dev/null +++ b/puppet/services/database/redis.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Redis service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + RedisBase: + type: ./redis-base.yaml + +outputs: + role_data: + description: Role data for the redis role. + value: + config_settings: + map_merge: + - get_attr: [RedisBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::database::redis diff --git a/puppet/services/loadbalancer.yaml b/puppet/services/haproxy.yaml index 1b9654fc..844637bc 100644 --- a/puppet/services/loadbalancer.yaml +++ b/puppet/services/haproxy.yaml @@ -1,7 +1,7 @@ heat_template_version: 2016-04-08 description: > - Loadbalancer service configured with Puppet + HAproxy service configured with Puppet parameters: EndpointMap: @@ -12,7 +12,7 @@ parameters: outputs: role_data: - description: Role data for the Loadbalancer role. + description: Role data for the HAproxy role. value: step_config: | - include ::tripleo::profile::base::loadbalancer + include ::tripleo::profile::base::haproxy diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 51807f92..4a5ec2c0 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -49,7 +49,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' - heat::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} heat::keystone_password: {get_param: HeatPassword} diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml new file mode 100644 index 00000000..09ce26b5 --- /dev/null +++ b/puppet/services/keepalived.yaml @@ -0,0 +1,18 @@ +heat_template_version: 2016-04-08 + +description: > + Keepalived service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Keepalived role. + value: + step_config: | + include ::tripleo::profile::base::keepalived diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml new file mode 100644 index 00000000..7de14f68 --- /dev/null +++ b/puppet/services/nova-base.yaml @@ -0,0 +1,39 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova base service. Shared for all Nova services. + +parameters: + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + Debug: + type: string + default: '' + description: Set to True to enable debugging on all services. + +outputs: + role_data: + description: Role data for the Neutron base service. + value: + config_settings: + nova::rabbit_password: {get_param: RabbitPassword} + nova::rabbit_user: {get_param: RabbitUserName} + nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + nova::rabbit_port: {get_param: RabbitClientPort} + nova::debug: {get_param: Debug} diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml new file mode 100644 index 00000000..412dd275 --- /dev/null +++ b/puppet/services/nova-conductor.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Conductor service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova Conductor service. + type: number + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova Conductor service. + value: + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::conductor::workers: {get_param: NovaWorkers} + step_config: | + include tripleo::profile::base::nova::conductor diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml new file mode 100644 index 00000000..0f66cc06 --- /dev/null +++ b/puppet/services/pacemaker/cinder-api.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder API service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderApiBase: + type: ../cinder-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder API role. + value: + config_settings: + map_merge: + - get_attr: [CinderApiBase, role_data, config_settings] + - cinder::api::manage_service: false + cinder::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::cinder::api diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml new file mode 100644 index 00000000..d1472c00 --- /dev/null +++ b/puppet/services/pacemaker/cinder-scheduler.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Scheduler service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderSchedulerBase: + type: ../cinder-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Scheduler role. + value: + config_settings: + map_merge: + - get_attr: [CinderSchedulerBase, role_data, config_settings] + - cinder::scheduler::manage_service: false + cinder::scheduler::enabled: false + step_config: + include ::tripleo::profile::pacemaker::cinder::scheduler diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml new file mode 100644 index 00000000..ee4e6cea --- /dev/null +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Volume service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderVolumeBase: + type: ../cinder-volume.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + config_settings: + map_merge: + - get_attr: [CinderVolumeBase, role_data, config_settings] + - cinder::volume::manage_service: false + cinder::volume::enabled: false + step_config: + include ::tripleo::profile::pacemaker::cinder::volume diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml new file mode 100644 index 00000000..0e46f8a3 --- /dev/null +++ b/puppet/services/pacemaker/database/redis.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Redis service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + RedisBase: + type: ../../database/redis-base.yaml + +outputs: + role_data: + description: Role data for the Redis pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [RedisBase, role_data, config_settings] + - tripleo::profile::pacemaker::database::redis::redis_vip: {get_input: redis_vip} + redis::service_manage: false + redis::notify_service: false + step_config: | + include ::tripleo::profile::pacemaker::database::redis diff --git a/puppet/services/pacemaker/loadbalancer.yaml b/puppet/services/pacemaker/haproxy.yaml index be6825f6..c2ca2816 100644 --- a/puppet/services/pacemaker/loadbalancer.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -1,7 +1,7 @@ heat_template_version: 2016-04-08 description: > - Loadbalancer service with Pacemaker configured with Puppet + HAproxy service with Pacemaker configured with Puppet parameters: EndpointMap: @@ -12,19 +12,19 @@ parameters: resources: LoadbalancerServiceBase: - type: ../loadbalancer.yaml + type: ../haproxy.yaml properties: EndpointMap: {get_param: EndpointMap} outputs: role_data: - description: Role data for the Loadbalancer pacemaker role. + description: Role data for the HAproxy with pacemaker role. value: config_settings: map_merge: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] - - tripleo::loadbalancer::haproxy_service_manage: false - tripleo::loadbalancer::mysql_clustercheck: true - tripleo::loadbalancer::manage_vip: false + - tripleo::haproxy::haproxy_service_manage: false + tripleo::haproxy::mysql_clustercheck: true + enable_keepalived: false step_config: | - include ::tripleo::profile::pacemaker::loadbalancer + include ::tripleo::profile::pacemaker::haproxy diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml new file mode 100644 index 00000000..a484f0df --- /dev/null +++ b/puppet/services/pacemaker/nova-conductor.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Conductor service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaConductorBase: + type: ../nova-conductor.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Conductor role. + value: + config_settings: + map_merge: + - get_attr: [NovaConductorBase, role_data, config_settings] + - nova::conductor::manage_service: false + nova::conductor::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::conductor diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml new file mode 100644 index 00000000..a5db77c4 --- /dev/null +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara API service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + SaharaApiBase: + type: ../sahara-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sahara API role. + value: + config_settings: + map_merge: + - get_attr: [SaharaApiBase, role_data, config_settings] + - sahara::service::api::manage_service: false + sahara::service::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::sahara diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml new file mode 100644 index 00000000..129f88bf --- /dev/null +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -0,0 +1,32 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara Engine service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + SaharaEngineBase: + type: ../sahara-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sahara Engine role. + value: + config_settings: + map_merge: + - get_attr: [SaharaEngineBase, role_data, config_settings] + - sahara::service::engine::manage_service: false + sahara::service::engine::enabled: false + # No puppet manifests since sahara-engine is included in + # ::tripleo::profile::pacemaker::sahara which is maintained alongside of + # pacemaker/sahara-api.yaml. + step_config: diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml new file mode 100644 index 00000000..93bf7385 --- /dev/null +++ b/puppet/services/sahara-api.yaml @@ -0,0 +1,52 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SaharaPassword: + default: unset + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true + SaharaWorkers: + default: 0 + description: The number of workers for the sahara-api. + type: number + SaharaApiVirtualIP: + type: string + default: '' + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + SaharaBase: + type: ./sahara-base.yaml + +outputs: + role_data: + description: Role data for the Sahara API role. + value: + config_settings: + map_merge: + - get_attr: [SaharaBase, role_data, config_settings] + - sahara::host: {get_param: SaharaApiVirtualIP} + sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} + sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + sahara::admin_password: {get_param: SaharaPassword} + sahara::service::api::api_workers: {get_param: SaharaApiWorkers} + sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} + sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} + sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} + sahara::keystone::auth::password: {get_param: SaharaPassword } + sahara::keystone::auth::region: {get_param: KeystoneRegion} + step_config: | + include ::tripleo::profile::base::sahara::api diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml new file mode 100644 index 00000000..275d7536 --- /dev/null +++ b/puppet/services/sahara-base.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara base service. Shared for all Sahara services. + +parameters: + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + Debug: + type: string + default: '' + description: Set to True to enable debugging on all services. + +outputs: + role_data: + description: Role data for the Sahara base service. + value: + config_settings: + sahara::rabbit_password: {get_param: RabbitPassword} + sahara::rabbit_user: {get_param: RabbitUserName} + sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + sahara::rabbit_port: {get_param: RabbitClientPort} + sahara::debug: {get_param: Debug} + sahara::use_neutron: true + sahara::plugins: + - cdh + - hdp + - mapr + - vanilla + - spark + - storm + sahara::rpc_backend: rabbit diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml new file mode 100644 index 00000000..17ef49fa --- /dev/null +++ b/puppet/services/sahara-engine.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara Engine service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SaharaPassword: + default: unset + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true + +resources: + SaharaBase: + type: ./sahara-base.yaml + +outputs: + role_data: + description: Role data for the Sahara Engine role. + value: + config_settings: + map_merge: + - get_attr: [SaharaBase, role_data, config_settings] + - sahara_dsn: &sahara_dsn + list_join: + - '' + - - {get_param: [EndpointMap, MysqlVirtual, protocol]} + - '://sahara:' + - {get_param: SaharaPassword} + - '@' + - {get_param: [EndpointMap, MysqlVirtual, host]} + - '/sahara' + sahara::database_connection: *sahara_dsn + sahara::db::mysql::password: {get_param: SaharaPassword} + step_config: | + include ::tripleo::profile::base::sahara::engine diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml new file mode 100644 index 00000000..a86aeaf5 --- /dev/null +++ b/puppet/services/swift-proxy.yaml @@ -0,0 +1,49 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Swift Proxy service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + SwiftPassword: + description: The password for the swift service account, used by the swift proxy services. + type: string + hidden: true + SwiftWorkers: + default: 0 + description: Number of workers for Swift service. + type: number + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + + +outputs: + role_data: + description: Role data for the Swift proxy service. + value: + config_settings: + # Swift + swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + swift::proxy::authtoken::admin_password: {get_param: SwiftPassword} + swift::proxy::workers: {get_param: SwiftWorkers} + swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} + swift::keystone::auth::password: {get_param: SwiftPassword} + swift::keystone::auth::region: {get_param: KeystoneRegion} + step_config: | + include ::tripleo::profile::base::swift::proxy diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index b262f947..1aba2bb4 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -11,6 +11,10 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' resources: @@ -31,51 +35,56 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: - get_file: manifests/overcloud_object.pp + list_join: + - '' + - - get_file: manifests/overcloud_object.pp + - get_file: manifests/ringbuilder.pp + - {get_param: StepConfig} - StorageDeployment_Step1: + StorageRingbuilderDeployment_Step2: type: OS::Heat::StructuredDeployments depends_on: StorageArtifactsDeploy properties: - name: StorageDeployment_Step1 + name: StorageRingbuilderDeployment_Step2 servers: {get_param: servers} config: {get_resource: StoragePuppetConfig} input_values: + step: 2 update_identifier: {get_param: NodeConfigIdentifiers} - StorageRingbuilderPuppetConfig: - type: OS::Heat::SoftwareConfig + StorageRingbuilderDeployment_Step3: + type: OS::Heat::StructuredDeployments + depends_on: StorageRingbuilderDeployment_Step2 properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - inputs: - - name: step - outputs: - - name: result - config: - get_file: manifests/ringbuilder.pp + name: StorageRingbuilderDeployment_Step3 + servers: {get_param: servers} + config: {get_resource: StoragePuppetConfig} + input_values: + step: 3 + update_identifier: {get_param: NodeConfigIdentifiers} - StorageRingbuilderDeployment_Step2: + StorageDeployment_Step4: type: OS::Heat::StructuredDeployments - depends_on: StorageDeployment_Step1 + depends_on: StorageRingbuilderDeployment_Step3 properties: - name: StorageRingbuilderDeployment_Step2 + name: StorageDeployment_Step4 servers: {get_param: servers} - config: {get_resource: StorageRingbuilderPuppetConfig} + config: {get_resource: StoragePuppetConfig} input_values: - step: 3 # Note ringbuilder.pp expects >=3 + step: 4 update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. ExtraConfig: - depends_on: StorageRingbuilderDeployment_Step2 + depends_on: StorageDeployment_Step4 type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: servers} diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 3f6f4733..ed52f928 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -121,6 +121,9 @@ parameters: NodeIndex: type: number default: 0 + ServiceConfigSettings: + type: json + default: {} resources: @@ -257,6 +260,7 @@ resources: - heat_config_%{::deploy_config_name} - object_extraconfig - extraconfig + - service_configs - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - all_nodes # provided by allNodesConfig @@ -265,6 +269,8 @@ resources: - network merge_behavior: deeper datafiles: + service_configs: + mapped_data: {get_param: ServiceConfigSettings} common: raw_data: {get_file: hieradata/common.yaml} network: @@ -279,7 +285,7 @@ resources: object: raw_data: {get_file: hieradata/object.yaml} mapped_data: # data supplied directly to this deployment configuration, etc - swift::swift_hash_suffix: { get_input: swift_hash_suffix } + swift::swift_hash_path_suffix: { get_input: swift_hash_suffix } tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: { get_input: swift_part_power } tripleo::ringbuilder::replicas: {get_input: swift_replicas } diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index 3e8e9182..92234b6c 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -32,11 +32,20 @@ resources: horizon_vip: {get_input: horizon_vip} redis_vip: {get_input: redis_vip} mysql_vip: {get_input: mysql_vip} - tripleo::loadbalancer::public_virtual_ip: {get_input: public_virtual_ip} - tripleo::loadbalancer::controller_virtual_ip: {get_input: control_virtual_ip} - tripleo::loadbalancer::internal_api_virtual_ip: {get_input: internal_api_virtual_ip} - tripleo::loadbalancer::storage_virtual_ip: {get_input: storage_virtual_ip} - tripleo::loadbalancer::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} + public_virtual_ip: {get_input: public_virtual_ip} + controller_virtual_ip: {get_input: control_virtual_ip} + internal_api_virtual_ip: {get_input: internal_api_virtual_ip} + storage_virtual_ip: {get_input: storage_virtual_ip} + storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} + # public_virtual_ip and controller_virtual_ip are needed in + # both HAproxy & keepalived. + tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip} + tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip} + tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip} + tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip} + tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip} + tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip} + tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip} |