summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/compute-post.yaml3
-rw-r--r--docker/firstboot/install_docker_agents.yaml2
-rw-r--r--docker/firstboot/start_docker_agents.sh59
-rw-r--r--environments/enable-tls.yaml3
-rw-r--r--environments/manila-generic-config.yaml26
-rw-r--r--environments/puppet-pacemaker-no-restart.yaml3
-rw-r--r--environments/puppet-pacemaker.yaml39
-rw-r--r--extraconfig/tasks/post_puppet_pacemaker.yaml15
-rw-r--r--extraconfig/tasks/post_puppet_pacemaker_restart.yaml28
-rw-r--r--network/endpoints/endpoint_data.yaml15
-rw-r--r--network/endpoints/endpoint_map.yaml121
-rw-r--r--overcloud-resource-registry-puppet.yaml5
-rw-r--r--overcloud.yaml12
-rw-r--r--puppet/all-nodes-config.yaml13
-rw-r--r--puppet/controller.yaml4
-rw-r--r--puppet/hieradata/README.rst1
-rw-r--r--puppet/hieradata/RedHat.yaml9
-rw-r--r--puppet/hieradata/ceph.yaml9
-rw-r--r--puppet/hieradata/common.yaml50
-rw-r--r--puppet/hieradata/compute.yaml20
-rw-r--r--puppet/hieradata/controller.yaml188
-rw-r--r--puppet/hieradata/database.yaml3
-rw-r--r--puppet/hieradata/object.yaml20
-rw-r--r--puppet/hieradata/volume.yaml15
-rw-r--r--puppet/manifests/overcloud_controller.pp13
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp131
-rw-r--r--puppet/services/ceilometer-agent-central.yaml2
-rw-r--r--puppet/services/ceilometer-agent-compute.yaml2
-rw-r--r--puppet/services/ceilometer-agent-notification.yaml2
-rw-r--r--puppet/services/ceilometer-api.yaml3
-rw-r--r--puppet/services/ceilometer-base.yaml9
-rw-r--r--puppet/services/ceilometer-collector.yaml2
-rw-r--r--puppet/services/ceilometer-expirer.yaml2
-rw-r--r--puppet/services/ceph-base.yaml12
-rw-r--r--puppet/services/ceph-client.yaml2
-rw-r--r--puppet/services/ceph-external.yaml4
-rw-r--r--puppet/services/ceph-mon.yaml3
-rw-r--r--puppet/services/ceph-osd.yaml2
-rw-r--r--puppet/services/cinder-api.yaml9
-rw-r--r--puppet/services/cinder-base.yaml8
-rw-r--r--puppet/services/cinder-scheduler.yaml6
-rw-r--r--puppet/services/cinder-volume.yaml2
-rw-r--r--puppet/services/database/mongodb-base.yaml5
-rw-r--r--puppet/services/database/mysql.yaml7
-rw-r--r--puppet/services/database/redis-base.yaml15
-rw-r--r--puppet/services/glance-api.yaml11
-rw-r--r--puppet/services/glance-registry.yaml6
-rw-r--r--puppet/services/gnocchi-api.yaml3
-rw-r--r--puppet/services/gnocchi-base.yaml10
-rw-r--r--puppet/services/gnocchi-metricd.yaml2
-rw-r--r--puppet/services/gnocchi-statsd.yaml2
-rw-r--r--puppet/services/haproxy.yaml21
-rw-r--r--puppet/services/heat-api-cfn.yaml2
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml2
-rw-r--r--puppet/services/heat-api.yaml2
-rw-r--r--puppet/services/heat-base.yaml15
-rw-r--r--puppet/services/heat-engine.yaml4
-rw-r--r--puppet/services/horizon.yaml6
-rw-r--r--puppet/services/ironic-api.yaml2
-rw-r--r--puppet/services/ironic-base.yaml2
-rw-r--r--puppet/services/ironic-conductor.yaml2
-rw-r--r--puppet/services/kernel.yaml21
-rw-r--r--puppet/services/keystone.yaml13
-rw-r--r--puppet/services/manila-api.yaml46
-rw-r--r--puppet/services/manila-base.yaml119
-rw-r--r--puppet/services/manila-scheduler.yaml57
-rw-r--r--puppet/services/manila-share.yaml29
-rw-r--r--puppet/services/neutron-base.yaml9
-rw-r--r--puppet/services/neutron-compute-plugin-midonet.yaml2
-rw-r--r--puppet/services/neutron-compute-plugin-nuage.yaml2
-rw-r--r--puppet/services/neutron-compute-plugin-opencontrail.yaml2
-rw-r--r--puppet/services/neutron-compute-plugin-plumgrid.yaml2
-rw-r--r--puppet/services/neutron-dhcp.yaml2
-rw-r--r--puppet/services/neutron-l3.yaml3
-rw-r--r--puppet/services/neutron-metadata.yaml3
-rw-r--r--puppet/services/neutron-midonet.yaml2
-rw-r--r--puppet/services/neutron-ovs-agent.yaml2
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml2
-rw-r--r--puppet/services/neutron-plugin-nuage.yaml2
-rw-r--r--puppet/services/neutron-plugin-opencontrail.yaml2
-rw-r--r--puppet/services/neutron-plugin-plumgrid.yaml4
-rw-r--r--puppet/services/neutron-server.yaml7
-rw-r--r--puppet/services/nova-api.yaml7
-rw-r--r--puppet/services/nova-base.yaml27
-rw-r--r--puppet/services/nova-compute.yaml12
-rw-r--r--puppet/services/nova-conductor.yaml2
-rw-r--r--puppet/services/nova-consoleauth.yaml2
-rw-r--r--puppet/services/nova-libvirt.yaml2
-rw-r--r--puppet/services/nova-scheduler.yaml2
-rw-r--r--puppet/services/nova-vncproxy.yaml6
-rw-r--r--puppet/services/pacemaker.yaml5
-rw-r--r--puppet/services/pacemaker/ceilometer-agent-central.yaml2
-rw-r--r--puppet/services/pacemaker/ceilometer-agent-notification.yaml2
-rw-r--r--puppet/services/pacemaker/ceilometer-api.yaml2
-rw-r--r--puppet/services/pacemaker/ceilometer-collector.yaml2
-rw-r--r--puppet/services/pacemaker/cinder-api.yaml2
-rw-r--r--puppet/services/pacemaker/cinder-scheduler.yaml2
-rw-r--r--puppet/services/pacemaker/cinder-volume.yaml2
-rw-r--r--puppet/services/pacemaker/core.yaml20
-rw-r--r--puppet/services/pacemaker/glance-api.yaml3
-rw-r--r--puppet/services/pacemaker/glance-registry.yaml2
-rw-r--r--puppet/services/pacemaker/gnocchi-api.yaml2
-rw-r--r--puppet/services/pacemaker/gnocchi-metricd.yaml2
-rw-r--r--puppet/services/pacemaker/gnocchi-statsd.yaml2
-rw-r--r--puppet/services/pacemaker/haproxy.yaml1
-rw-r--r--puppet/services/pacemaker/heat-api-cfn.yaml2
-rw-r--r--puppet/services/pacemaker/heat-api-cloudwatch.yaml2
-rw-r--r--puppet/services/pacemaker/heat-api.yaml2
-rw-r--r--puppet/services/pacemaker/heat-engine.yaml2
-rw-r--r--puppet/services/pacemaker/manila-share.yaml27
-rw-r--r--puppet/services/pacemaker/neutron-dhcp.yaml2
-rw-r--r--puppet/services/pacemaker/neutron-l3.yaml2
-rw-r--r--puppet/services/pacemaker/neutron-metadata.yaml2
-rw-r--r--puppet/services/pacemaker/neutron-midonet.yaml2
-rw-r--r--puppet/services/pacemaker/neutron-ovs-agent.yaml2
-rw-r--r--puppet/services/pacemaker/neutron-plugin-ml2.yaml2
-rw-r--r--puppet/services/pacemaker/neutron-plugin-nuage.yaml2
-rw-r--r--puppet/services/pacemaker/neutron-plugin-opencontrail.yaml2
-rw-r--r--puppet/services/pacemaker/neutron-plugin-plumgrid.yaml2
-rw-r--r--puppet/services/pacemaker/neutron-server.yaml2
-rw-r--r--puppet/services/pacemaker/nova-api.yaml2
-rw-r--r--puppet/services/pacemaker/nova-conductor.yaml2
-rw-r--r--puppet/services/pacemaker/nova-consoleauth.yaml2
-rw-r--r--puppet/services/pacemaker/nova-scheduler.yaml2
-rw-r--r--puppet/services/pacemaker/nova-vncproxy.yaml2
-rw-r--r--puppet/services/pacemaker/sahara-api.yaml2
-rw-r--r--puppet/services/pacemaker/sahara-engine.yaml2
-rw-r--r--puppet/services/rabbitmq.yaml15
-rw-r--r--puppet/services/sahara-api.yaml2
-rw-r--r--puppet/services/sahara-base.yaml6
-rw-r--r--puppet/services/sahara-engine.yaml6
-rw-r--r--puppet/services/swift-proxy.yaml28
-rw-r--r--puppet/services/swift-ringbuilder.yaml2
-rw-r--r--puppet/services/swift-storage.yaml14
-rw-r--r--puppet/vip-config.yaml1
-rwxr-xr-xtools/yaml-validate.py3
136 files changed, 944 insertions, 640 deletions
diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml
index 3fc07561..60b831be 100644
--- a/docker/compute-post.yaml
+++ b/docker/compute-post.yaml
@@ -42,6 +42,9 @@ parameters:
type: string
description: Config manifests that will be used to step through the deployment.
default: ''
+ RoleData:
+ type: json
+ default: {}
resources:
diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml
index 2858552f..f6d61e2d 100644
--- a/docker/firstboot/install_docker_agents.yaml
+++ b/docker/firstboot/install_docker_agents.yaml
@@ -6,7 +6,7 @@ parameters:
default: heat-docker-agents
DockerNamespace:
type: string
- default: kollaglue
+ default: tripleoupstream
DockerNamespaceIsRegistry:
type: boolean
default: false
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index cb8b2a5d..65c4e6dc 100644
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -1,14 +1,38 @@
#!/bin/bash
set -eux
-# firstboot isn't split out by role yet so we handle it this way
-if ! hostname | grep compute &>/dev/null; then
- echo "Exiting. This script is only for the compute role."
- exit 0
+/sbin/setenforce 0
+/sbin/modprobe ebtables
+
+# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes
+chmod 666 /dev/pts/ptmx
+
+# We need hostname -f to return in a centos container for the puppet hook
+HOSTNAME=$(hostname)
+echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
+
+# update docker for local insecure registry(optional)
+# Note: This is different for different docker versions
+# For older docker versions < 1.4.x use commented line
+#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
+#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
+
+# Local docker registry 1.8
+if [ $docker_namespace_is_registry ]; then
+ /usr/bin/systemctl stop docker.service
+ # if namespace is used with local registry, trim all namespacing
+ trim_var=$docker_registry
+ registry_host="${trim_var%%/*}"
+ /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry[ ]'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker
+ /usr/bin/systemctl start --no-block docker.service
fi
+/usr/bin/docker pull $agent_image &
+DOCKER_PULL_PID=$!
+
mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container
+
# heat-docker-agents service
cat <<EOF > /etc/systemd/system/heat-docker-agents.service
@@ -22,7 +46,6 @@ User=root
Restart=on-failure
ExecStartPre=-/usr/bin/docker kill heat-agents
ExecStartPre=-/usr/bin/docker rm heat-agents
-ExecStartPre=/usr/bin/docker pull $agent_image
ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image
ExecStop=/usr/bin/docker stop heat-agents
@@ -31,30 +54,6 @@ WantedBy=multi-user.target
EOF
-# update docker for local insecure registry(optional)
-# Note: This is different for different docker versions
-# For older docker versions < 1.4.x use commented line
-#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
-#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
-
-# Local docker registry 1.8
-if [ $docker_namespace_is_registry ]; then
- # if namespace is used with local registry, trim all namespacing
- trim_var=$docker_registry
- registry_host="${trim_var%%/*}"
- /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker
-fi
-
-/sbin/setenforce 0
-/sbin/modprobe ebtables
-
-# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes
-chmod 666 /dev/pts/ptmx
-
-# We need hostname -f to return in a centos container for the puppet hook
-HOSTNAME=$(hostname)
-echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
-
# enable and start heat-docker-agents
chmod 0640 /etc/systemd/system/heat-docker-agents.service
/usr/bin/systemctl enable heat-docker-agents.service
@@ -82,3 +81,5 @@ AUTO_EXTEND_POOL=yes
POOL_AUTOEXTEND_PERCENT=30
POOL_AUTOEXTEND_THRESHOLD=70
EOF
+
+wait $DOCKER_PULL_PID
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml
index 289ec2e3..ee1f5387 100644
--- a/environments/enable-tls.yaml
+++ b/environments/enable-tls.yaml
@@ -34,6 +34,9 @@ parameter_defaults:
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
MysqlNoBracketsInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml
new file mode 100644
index 00000000..74011c66
--- /dev/null
+++ b/environments/manila-generic-config.yaml
@@ -0,0 +1,26 @@
+# A Heat environment file which can be used to enable a
+# a Manila generic driver backend.
+resource_registry:
+ OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml
+ OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+
+
+parameter_defaults:
+ ManilaGenericEnableBackend: true
+ ManilaGenericBackendName: tripleo_generic
+ ManilaGenericDriverHandlesShareServers: true
+ ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf'
+ ManilaGenericVolumeNameTemplate: 'manila-share-%s'
+ ManilaGenericVolumeSnapshotNameTemplate: 'manila-snapshot-%s'
+ ManilaGenericShareMountPath: '/shares'
+ ManilaGenericMaxTimeToCreateVolume: '180'
+ ManilaGenericMaxTimeToAttach: '120'
+ ManilaGenericServiceInstanceSmbConfigPath: '$share_mount_path/smb.conf'
+ ManilaGenericShareVolumeFsType: 'ext4'
+ ManilaGenericCinderVolumeType: ''
+ ManilaGenericServiceInstanceUser: ''
+ ManilaGenericServiceInstancePassword: ''
+ ManilaGenericServiceInstanceFlavorId: 2
+ ManilaGenericServiceNetworkCidr: '172.16.0.0/16'
diff --git a/environments/puppet-pacemaker-no-restart.yaml b/environments/puppet-pacemaker-no-restart.yaml
new file mode 100644
index 00000000..67d8692d
--- /dev/null
+++ b/environments/puppet-pacemaker-no-restart.yaml
@@ -0,0 +1,3 @@
+# use this file *in addition* to puppet-pacemaker.yaml
+resource_registry:
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: OS::Heat::None
diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml
index 8674e009..16430290 100644
--- a/environments/puppet-pacemaker.yaml
+++ b/environments/puppet-pacemaker.yaml
@@ -4,50 +4,17 @@ resource_registry:
OS::TripleO::ControllerConfig: ../puppet/controller-config-pacemaker.yaml
OS::TripleO::Tasks::ControllerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# custom pacemaker services
# NOTE: For now we will need to specify overrides to all services
# which use pacemaker. In the future (with upcoming HA light work) this
# list will hopefully be much smaller however.
- OS::TripleO::Services::CinderApi: ../puppet/services/pacemaker/cinder-api.yaml
- OS::TripleO::Services::CinderScheduler: ../puppet/services/pacemaker/cinder-scheduler.yaml
OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml
- OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml
- OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml
- OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml
- OS::TripleO::Services::HeatApi: ../puppet/services/pacemaker/heat-api.yaml
- OS::TripleO::Services::HeatApiCfn: ../puppet/services/pacemaker/heat-api-cfn.yaml
- OS::TripleO::Services::HeatApiCloudwatch: ../puppet/services/pacemaker/heat-api-cloudwatch.yaml
- OS::TripleO::Services::HeatEngine: ../puppet/services/pacemaker/heat-engine.yaml
- OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/pacemaker/neutron-dhcp.yaml
- OS::TripleO::Services::NeutronL3Agent: ../puppet/services/pacemaker/neutron-l3.yaml
- OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/pacemaker/neutron-metadata.yaml
- OS::TripleO::Services::NeutronServer: ../puppet/services/pacemaker/neutron-server.yaml
- OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/pacemaker/neutron-plugin-ml2.yaml
- # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin)
- OS::TripleO::Services::NeutronCorePluginPlumgrid: ../puppet/services/pacemaker/neutron-plugin-plumgrid.yaml
- OS::TripleO::Services::NeutronCorePluginNuage: ../puppet/services/pacemaker/neutron-plugin-nuage.yaml
- OS::TripleO::Services::NeutronCorePluginOpencontrail: ../puppet/services/pacemaker/neutron-plugin-opencontrail.yaml
- OS::TripleO::Services::NeutronCorePluginMidonet: ../puppet/services/pacemaker/neutron-midonet.yaml
- OS::TripleO::Services::NeutronOvsAgent: ../puppet/services/pacemaker/neutron-ovs-agent.yaml
OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml
- OS::TripleO::Services::Memcached: ../puppet/services/pacemaker/memcached.yaml
OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml
OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml
- OS::TripleO::Services::NovaConductor: ../puppet/services/pacemaker/nova-conductor.yaml
- OS::TripleO::Services::MongoDb: ../puppet/services/pacemaker/database/mongodb.yaml
- OS::TripleO::Services::NovaApi: ../puppet/services/pacemaker/nova-api.yaml
- OS::TripleO::Services::NovaScheduler: ../puppet/services/pacemaker/nova-scheduler.yaml
- OS::TripleO::Services::NovaConsoleauth: ../puppet/services/pacemaker/nova-consoleauth.yaml
- OS::TripleO::Services::NovaVncproxy: ../puppet/services/pacemaker/nova-vncproxy.yaml
- OS::TripleO::Services::CeilometerApi: ../puppet/services/pacemaker/ceilometer-api.yaml
- OS::TripleO::Services::CeilometerCollector: ../puppet/services/pacemaker/ceilometer-collector.yaml
- OS::TripleO::Services::CeilometerAgentCentral: ../puppet/services/pacemaker/ceilometer-agent-central.yaml
- OS::TripleO::Services::CeilometerAgentNotification: ../puppet/services/pacemaker/ceilometer-agent-notification.yaml
- #Gnocchi services
- OS::TripleO::Services::GnocchiApi: ../puppet/services/pacemaker/gnocchi-api.yaml
- OS::TripleO::Services::GnocchiMetricd: ../puppet/services/pacemaker/gnocchi-metricd.yaml
- OS::TripleO::Services::GnocchiStatsd: ../puppet/services/pacemaker/gnocchi-statsd.yaml
OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml
- OS::TripleO::Services::Horizon: ../puppet/services/pacemaker/horizon.yaml
+ # Services that are disabled by default (use relevant environment files):
+ OS::Tripleo::Services::ManilaShare: OS::Heat::None
diff --git a/extraconfig/tasks/post_puppet_pacemaker.yaml b/extraconfig/tasks/post_puppet_pacemaker.yaml
index fbed9ce5..b62502f8 100644
--- a/extraconfig/tasks/post_puppet_pacemaker.yaml
+++ b/extraconfig/tasks/post_puppet_pacemaker.yaml
@@ -29,20 +29,9 @@ resources:
config: {get_resource: ControllerPostPuppetMaintenanceModeConfig}
input_values: {get_param: input_values}
- ControllerPostPuppetRestartConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - get_file: pacemaker_common_functions.sh
- - get_file: pacemaker_resource_restart.sh
-
- ControllerPostPuppetRestartDeployment:
- type: OS::Heat::SoftwareDeployments
+ ControllerPostPuppetRestart:
+ type: OS::TripleO::Tasks::ControllerPostPuppetRestart
depends_on: ControllerPostPuppetMaintenanceModeDeployment
properties:
servers: {get_param: servers}
- config: {get_resource: ControllerPostPuppetRestartConfig}
input_values: {get_param: input_values}
diff --git a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml
new file mode 100644
index 00000000..52760c87
--- /dev/null
+++ b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml
@@ -0,0 +1,28 @@
+heat_template_version: 2014-10-16
+description: 'Post-Puppet restart config for Pacemaker deployments'
+
+parameters:
+ servers:
+ type: json
+ input_values:
+ type: json
+ description: input values for the software deployments
+
+resources:
+
+ ControllerPostPuppetRestartConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - get_file: pacemaker_common_functions.sh
+ - get_file: pacemaker_resource_restart.sh
+
+ ControllerPostPuppetRestartDeployment:
+ type: OS::Heat::SoftwareDeployments
+ properties:
+ servers: {get_param: servers}
+ config: {get_resource: ControllerPostPuppetRestartConfig}
+ input_values: {get_param: input_values}
diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml
index 5afcf5de..363950d1 100644
--- a/network/endpoints/endpoint_data.yaml
+++ b/network/endpoints/endpoint_data.yaml
@@ -133,6 +133,21 @@ Keystone:
port: 35357
port: 5000
+Manila:
+ Internal:
+ vip_param: ManilaApi
+ uri_suffixes:
+ '': /v2/%(tenant_id)s
+ Public:
+ vip_param: Public
+ uri_suffixes:
+ '': /v2/%(tenant_id)s
+ Admin:
+ vip_param: ManilaApi
+ uri_suffixes:
+ '': /v2/%(tenant_id)s
+ port: 8786
+
Neutron:
Internal:
vip_param: NeutronApi
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
index e1b8984f..98dad250 100644
--- a/network/endpoints/endpoint_map.yaml
+++ b/network/endpoints/endpoint_map.yaml
@@ -19,6 +19,7 @@ parameters:
KeystoneAdminApiVirtualIP: {type: string, default: ''}
KeystonePublicApiVirtualIP: {type: string, default: ''}
MysqlNoBracketsVirtualIP: {type: string, default: ''}
+ ManilaApiVirtualIP: {type: string, default: ''}
MysqlVirtualIP: {type: string, default: ''}
NeutronApiVirtualIP: {type: string, default: ''}
NovaApiVirtualIP: {type: string, default: ''}
@@ -57,6 +58,9 @@ parameters:
KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
+ ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS}
+ ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS}
+ ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS}
MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS}
MysqlNoBracketsInternal: {protocol: mysql+pymysql, port: '3306',
host: IP_ADDRESS}
@@ -1473,6 +1477,123 @@ outputs:
IP_ADDRESS: {get_param: PublicVirtualIP}
- ':'
- get_param: [EndpointMap, KeystonePublic, port]
+ ManilaAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ port:
+ get_param: [EndpointMap, ManilaAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ManilaAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaAdmin, port]
+ - /v2/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaAdmin, port]
+ ManilaInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ port:
+ get_param: [EndpointMap, ManilaInternal, port]
+ protocol:
+ get_param: [EndpointMap, ManilaInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaInternal, port]
+ - /v2/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaInternal, port]
+ ManilaPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: PublicVirtualIP}
+ port:
+ get_param: [EndpointMap, ManilaPublic, port]
+ protocol:
+ get_param: [EndpointMap, ManilaPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: PublicVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaPublic, port]
+ - /v2/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: PublicVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaPublic, port]
MysqlInternal:
host:
str_replace:
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 9f253024..dc74e889 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -133,6 +133,7 @@ resource_registry:
OS::TripleO::Services::CinderApi: puppet/services/cinder-api.yaml
OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml
OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml
+ OS::TripleO::Services::Core: OS::Heat::None
OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml
@@ -192,6 +193,10 @@ resource_registry:
OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml
OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml
OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml
+ # Services that are disabled by default (use relevant environment files):
+ OS::Tripleo::Services::ManilaApi: OS::Heat::None
+ OS::Tripleo::Services::ManilaScheduler: OS::Heat::None
+ OS::Tripleo::Services::ManilaShare: OS::Heat::None
parameter_defaults:
EnablePackageInstall: false
diff --git a/overcloud.yaml b/overcloud.yaml
index 3ed879b8..2db7d33d 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -226,6 +226,7 @@ parameters:
IronicApiNetwork: internal_api
KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
KeystonePublicApiNetwork: internal_api
+ ManilaApiNetwork: internal_api
NeutronApiNetwork: internal_api
HeatApiNetwork: internal_api
NovaApiNetwork: internal_api
@@ -257,6 +258,7 @@ parameters:
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Core
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
@@ -299,7 +301,9 @@ parameters:
- OS::TripleO::Services::GnocchiApi
- OS::TripleO::Services::GnocchiMetricd
- OS::TripleO::Services::GnocchiStatsd
-
+ - OS::Tripleo::Services::ManilaApi
+ - OS::Tripleo::Services::ManilaScheduler
+ - OS::Tripleo::Services::ManilaShare
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Controllers.
@@ -527,6 +531,7 @@ resources:
IronicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+ ManilaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
MysqlVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
MysqlNoBracketsVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
@@ -772,6 +777,7 @@ resources:
glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
cinder_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
+ manila_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
neutron_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
@@ -895,6 +901,7 @@ resources:
heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
redis_vip: {get_attr: [RedisVirtualIP, ip_address]}
+ manila_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
# direct configuration of Virtual IPs for each network
@@ -1130,6 +1137,9 @@ outputs:
KeystoneInternalVip:
description: VIP for Keystone API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+ ManilaInternalVip:
+ description: VIP for Manila API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
NeutronInternalVip:
description: VIP for Neutron API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 55120912..4c9355d5 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -48,6 +48,8 @@ parameters:
type: comma_delimited_list
cinder_api_node_ips:
type: comma_delimited_list
+ manila_api_node_ips:
+ type: comma_delimited_list
neutron_api_node_ips:
type: comma_delimited_list
keystone_public_api_node_ips:
@@ -106,8 +108,6 @@ resources:
- {get_param: ceph_storage_hosts}
hiera:
datafiles:
- RedHat:
- raw_data: {get_file: hieradata/RedHat.yaml}
bootstrap_node:
mapped_data:
bootstrap_nodeid: {get_input: bootstrap_nodeid}
@@ -262,6 +262,14 @@ resources:
list_join:
- "','"
- {get_param: cinder_api_node_ips}
+ manila_api_node_ips:
+ str_replace:
+ template: "['SERVERS_LIST']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "','"
+ - {get_param: manila_api_node_ips}
neutron_api_node_ips:
str_replace:
template: "['SERVERS_LIST']"
@@ -334,6 +342,7 @@ resources:
aodh::rabbit_hosts: *rabbit_nodes_array
cinder::rabbit_hosts: *rabbit_nodes_array
glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array
+ manila::rabbit_hosts: *rabbit_nodes_array
heat::rabbit_hosts: *rabbit_nodes_array
neutron::rabbit_hosts: *rabbit_nodes_array
nova::rabbit_hosts: *rabbit_nodes_array
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index f05f6da6..8013ecf4 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -586,6 +586,7 @@ resources:
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
keystone_region: {get_param: KeystoneRegion}
+ manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
@@ -723,6 +724,9 @@ resources:
keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
+ # Manila
+ manila::api::bind_host: {get_input: manila_api_network}
+
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
diff --git a/puppet/hieradata/README.rst b/puppet/hieradata/README.rst
new file mode 100644
index 00000000..64a60229
--- /dev/null
+++ b/puppet/hieradata/README.rst
@@ -0,0 +1 @@
+Do not add more hieradata in this directory, and use composable services.
diff --git a/puppet/hieradata/RedHat.yaml b/puppet/hieradata/RedHat.yaml
deleted file mode 100644
index 25902828..00000000
--- a/puppet/hieradata/RedHat.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-# RedHat specific overrides go here
-rabbitmq::package_provider: 'yum'
-
-# The Galera package should work in cluster and
-# non-cluster modes based on the config file.
-# We set the package name here explicitly so
-# that it matches what we pre-install
-# in tripleo-puppet-elements.
-mysql::server::package_name: 'mariadb-galera-server'
diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml
index ccb41cc4..c8c5804b 100644
--- a/puppet/hieradata/ceph.yaml
+++ b/puppet/hieradata/ceph.yaml
@@ -1,9 +1,2 @@
-ceph::profile::params::osd_pool_default_pg_num: 32
-ceph::profile::params::osd_pool_default_pgp_num: 32
-ceph::profile::params::osd_pool_default_size: 3
-ceph::profile::params::osd_pool_default_min_size: 1
-ceph::profile::params::osds: {/srv/data: {}}
-ceph::profile::params::manage_repo: false
-ceph::profile::params::authentication_type: cephx
-
+# Do not add hieradata in this file, and use composable services.
ceph_classes: []
diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
index 65cf9577..e7ae521e 100644
--- a/puppet/hieradata/common.yaml
+++ b/puppet/hieradata/common.yaml
@@ -1,51 +1,5 @@
-# Common Hiera data gets applied to all nodes
-ssh::server::storeconfigs_enabled: false
-
-# ceilometer settings used by compute and controller ceilo auth settings
-ceilometer::agent::auth::auth_region: 'regionOne'
-ceilometer::agent::auth::auth_tenant_name: 'service'
+# Do not add hieradata in this file, and use composable services.
+# TODO(emilien) move it to composable aodh roles later
aodh::auth::auth_region: 'regionOne'
aodh::auth::auth_tenant_name: 'service'
-
-gnocchi::auth::auth_region: 'regionOne'
-gnocchi::auth::auth_tenant_name: 'service'
-
-nova::api::admin_tenant_name: 'service'
-nova::network::neutron::neutron_project_name: 'service'
-nova::network::neutron::neutron_username: 'neutron'
-nova::network::neutron::dhcp_domain: ''
-
-neutron::allow_overlapping_ips: true
-neutron::server::project_name: 'service'
-
-kernel_modules:
- nf_conntrack: {}
-
-sysctl_settings:
- net.ipv4.tcp_keepalive_intvl:
- value: 1
- net.ipv4.tcp_keepalive_probes:
- value: 5
- net.ipv4.tcp_keepalive_time:
- value: 5
- net.nf_conntrack_max:
- value: 500000
- net.netfilter.nf_conntrack_max:
- value: 500000
- # prevent neutron bridges from autoconfiguring ipv6 addresses
- net.ipv6.conf.default.accept_ra:
- value: 0
- net.ipv6.conf.default.autoconf:
- value: 0
- net.core.netdev_max_backlog:
- value: 10000
-
-nova::rabbit_heartbeat_timeout_threshold: 60
-neutron::rabbit_heartbeat_timeout_threshold: 60
-cinder::rabbit_heartbeat_timeout_threshold: 60
-ceilometer::rabbit_heartbeat_timeout_threshold: 60
-heat::rabbit_heartbeat_timeout_threshold: 60
-keystone::rabbit_heartbeat_timeout_threshold: 60
-
-nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL'
diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
index fe203be7..54b3d412 100644
--- a/puppet/hieradata/compute.yaml
+++ b/puppet/hieradata/compute.yaml
@@ -1,21 +1,3 @@
-# Hiera data here applies to all compute nodes
-
-nova::notify_on_state_change: 'vm_and_task_state'
-nova::notification_driver: messagingv2
-nova::compute::instance_usage_audit: true
-nova::compute::instance_usage_audit_period: 'hour'
-
-nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
-
-nova::network::neutron::neutron_auth_type: 'v3password'
-
-# Changing the default from 512MB. The current templates can not deploy
-# overclouds with swap. On an idle compute node, we see ~1024MB of RAM
-# used. 2048 is suggested to account for other possible operations for
-# example openvswitch.
-nova::compute::reserved_host_memory: 2048
-
-ceilometer::agent::auth::auth_tenant_name: 'service'
-ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
+# Do not add hieradata in this file, and use composable services.
compute_classes: []
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 3ec656dc..905ea304 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -1,190 +1,16 @@
-# Hiera data here applies to all controller nodes
+# Do not add hieradata in this file, and use composable services.
-nova::api::enabled: true
-nova::vncproxy::enabled: true
-
-# gnocchi
-gnocchi::storage::swift::swift_user: 'service:gnocchi'
-gnocchi::storage::swift::swift_auth_version: 2
-gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
-gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
-gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
-gnocchi::statsd::flush_delay: 10
-gnocchi::statsd::archive_policy_name: 'low'
-
-# rabbitmq
-rabbitmq::delete_guest_user: false
-rabbitmq::wipe_db_on_cookie_change: true
-rabbitmq::port: '5672'
-rabbitmq::package_source: undef
-rabbitmq::repos_ensure: false
-rabbitmq_environment:
- RABBITMQ_NODENAME: "rabbit@%{::hostname}"
- RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
-rabbitmq_kernel_variables:
- inet_dist_listen_min: '35672'
- inet_dist_listen_max: '35672'
-rabbitmq_config_variables:
- tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
- cluster_partition_handling: 'pause_minority'
- loopback_users: '[]'
-
-mongodb::server::replset: tripleo
-mongodb::server::journal: false
-
-redis::port: 6379
-redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
-redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
-redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
-
-# keystone
-keystone::roles::admin::email: 'root@localhost'
-
-# service tenant
-glance::api::keystone_tenant: 'service'
+# TODO(emilien) move it to composable aodh roles later
aodh::api::keystone_tenant: 'service'
-glance::registry::keystone_tenant: 'service'
-neutron::server::auth_tenant: 'service'
-neutron::agents::metadata::auth_tenant: 'service'
-neutron::agents::l3::router_delete_namespaces: True
-cinder::api::keystone_tenant: 'service'
-swift::proxy::authtoken::admin_tenant_name: 'service'
-ceilometer::api::keystone_tenant: 'service'
-gnocchi::api::keystone_tenant: 'service'
-heat::keystone_tenant: 'service'
-sahara::admin_tenant_name: 'service'
aodh::keystone::auth::tenant: 'service'
-ceilometer::keystone::auth::tenant: 'service'
-cinder::keystone::auth::tenant: 'service'
-glance::keystone::auth::tenant: 'service'
-gnocchi::keystone::auth::tenant: 'service'
-heat::keystone::auth::tenant: 'service'
-neutron::keystone::auth::tenant: 'service'
-nova::keystone::auth::tenant: 'service'
-sahara::keystone::auth::tenant: 'service'
-swift::keystone::auth::tenant: 'service'
-
-# keystone
-keystone::cron::token_flush::maxdelay: 3600
-keystone::roles::admin::service_tenant: 'service'
-keystone::roles::admin::admin_tenant: 'admin'
-keystone::cron::token_flush::destination: '/dev/null'
-keystone::config::keystone_config:
- DEFAULT/secure_proxy_ssl_header:
- value: 'HTTP_X_FORWARDED_PROTO'
- ec2/driver:
- value: 'keystone.contrib.ec2.backends.sql.Ec2'
-keystone::service_name: 'httpd'
-keystone::wsgi::apache::ssl: false
-
-#swift
-swift::proxy::pipeline:
- - 'catch_errors'
- - 'healthcheck'
- - 'proxy-logging'
- - 'cache'
- - 'ratelimit'
- - 'bulk'
- - 'tempurl'
- - 'formpost'
- - 'authtoken'
- - 'keystone'
- - 'staticweb'
- - 'proxy-logging'
- - 'proxy-server'
-
-swift::proxy::account_autocreate: true
-swift::keystone::auth::configure_s3_endpoint: false
-swift::keystone::auth::operator_roles:
- - admin
- - swiftoperator
-
-# glance
-glance::api::pipeline: 'keystone'
-glance::api::show_image_direct_url: true
-glance::registry::pipeline: 'keystone'
-glance::backend::swift::swift_store_create_container_on_put: true
-glance_file_pcmk_directory: '/var/lib/glance/images'
-
-# neutron
-neutron::server::sync_db: true
-
-# nova
-nova::notify_on_state_change: 'vm_and_task_state'
-nova::api::default_floating_pool: 'public'
-nova::api::sync_db_api: true
-nova::api::enable_proxy_headers_parsing: true
-nova::notification_driver: messaging
-# ceilometer
-ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
-
-# cinder
-cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
-cinder::cron::db_purge::destination: '/dev/null'
-cinder::host: hostgroup
-
-# TODO(jaosorior): Move to cinder profile once cinder is moved as a composable
-# service.
-cinder::api::enable_proxy_headers_parsing: true
-
-# heat
-heat::engine::configure_delegated_roles: false
-heat::engine::trusts_delegated_roles: []
-heat::instance_user: ''
-heat::cron::purge_deleted::age: 30
-heat::cron::purge_deleted::age_type: 'days'
-heat::cron::purge_deleted::maxdelay: 3600
-heat::cron::purge_deleted::destination: '/dev/null'
-heat::keystone::domain::domain_name: 'heat_stack'
-heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
-heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
-heat::auth_plugin: 'password'
-
-# pacemaker
-pacemaker::corosync::cluster_name: 'tripleo_cluster'
-pacemaker::corosync::manage_fw: false
-pacemaker::resource_defaults::defaults:
- resource-stickiness: { value: INFINITY }
-corosync_token_timeout: 10000
-
-# horizon
-horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
-horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
-horizon::vhost_extra_params:
- add_listen: false
- priority: 10
- access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
-
-# mysql
-mysql::server::manage_config_file: true
-
-
-tripleo::haproxy::keystone_admin: true
-tripleo::haproxy::keystone_public: true
-tripleo::haproxy::neutron: true
-tripleo::haproxy::cinder: true
-tripleo::haproxy::glance_api: true
-tripleo::haproxy::glance_registry: true
-tripleo::haproxy::nova_osapi: true
-tripleo::haproxy::nova_metadata: true
-tripleo::haproxy::nova_novncproxy: true
-tripleo::haproxy::mysql: true
-tripleo::haproxy::redis: true
-tripleo::haproxy::sahara: true
-tripleo::haproxy::swift_proxy_server: true
-tripleo::haproxy::ceilometer: true
-tripleo::haproxy::aodh: true
-tripleo::haproxy::gnocchi: true
-tripleo::haproxy::heat_api: true
-tripleo::haproxy::heat_cloudwatch: true
-tripleo::haproxy::heat_cfn: true
-tripleo::haproxy::horizon: true
-
-controller_classes: []
-# firewall
+# TODO(emilien) move it to composable roles later
+# Already WIP with https://review.openstack.org/330785
+# and https://review.openstack.org/338527
tripleo::firewall::firewall_rules:
'128 aodh':
dport:
- 8042
- 13042
+
+controller_classes: []
diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml
index 5591f7e0..05d4b697 100644
--- a/puppet/hieradata/database.yaml
+++ b/puppet/hieradata/database.yaml
@@ -1,4 +1,7 @@
+# Do not add hieradata in this file, and use composable services.
+
# Aodh
+# TODO(emilien) move it to composable aodh roles later
aodh::db::mysql::user: aodh
aodh::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
aodh::db::mysql::dbname: aodh
diff --git a/puppet/hieradata/object.yaml b/puppet/hieradata/object.yaml
index d4a0e81d..5aa0cfb6 100644
--- a/puppet/hieradata/object.yaml
+++ b/puppet/hieradata/object.yaml
@@ -1,21 +1,3 @@
-# Hiera data for swift storage nodes
-swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
-swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
-
-swift::storage::all::object_pipeline:
- - healthcheck
- - recon
- - object-server
-swift::storage::all::container_pipeline:
- - healthcheck
- - container-server
-swift::storage::all::account_pipeline:
- - healthcheck
- - account-server
-
-swift::proxy::keystone::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
+# Do not add hieradata in this file, and use composable services.
object_classes: []
diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml
index 8640c0a7..42b85e1a 100644
--- a/puppet/hieradata/volume.yaml
+++ b/puppet/hieradata/volume.yaml
@@ -1,14 +1,3 @@
-# Hiera data here applies to all volume storage nodes
+# Do not add hieradata in this file, and use composable services.
-# cinder
-cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
-
-cinder::config::cinder_config:
- DEFAULT/nova_catalog_info:
- value: 'compute:Compute Service:internalURL'
- DEFAULT/swift_catalog_info:
- value: 'object-store:swift:internalURL'
-
-cinder_user_enabled_backends: []
-
-volume_classes: [] \ No newline at end of file
+volume_classes: []
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 3778271c..067207f2 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -24,19 +24,6 @@ if hiera('step') >= 2 {
} #END STEP 2
if hiera('step') >= 4 {
-
- $nova_ipv6 = hiera('nova::use_ipv6', false)
- if $nova_ipv6 {
- $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
- } else {
- $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211')
- }
-
- class { '::nova' :
- memcached_servers => $memcached_servers
- }
- include ::nova::config
-
# Aodh
class { '::aodh' :
database_connection => hiera('aodh_mysql_conn_string'),
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 9ebfb6d5..709d9968 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -43,19 +43,6 @@ if hiera('step') >= 2 {
} #END STEP 2
if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
- $nova_ipv6 = hiera('nova::use_ipv6', false)
- if $nova_ipv6 {
- $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
- } else {
- $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211')
- }
-
- class { '::nova' :
- memcached_servers => $memcached_servers
- }
-
- include ::nova::config
-
# Aodh
class { '::aodh' :
database_connection => hiera('aodh_mysql_conn_string'),
@@ -89,98 +76,6 @@ if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
if hiera('step') >= 5 {
if $pacemaker_master {
- pacemaker::constraint::base { 'openstack-core-then-httpd-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::apache::params::service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::apache::params::service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
-
- # Nova
- pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::nova::params::consoleauth_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::colocation { 'nova-consoleauth-with-openstack-core':
- source => "${::nova::params::consoleauth_service_name}-clone",
- target => 'openstack-core-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint':
- constraint_type => 'order',
- first_resource => "${::nova::params::consoleauth_service_name}-clone",
- second_resource => "${::nova::params::vncproxy_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]],
- }
- pacemaker::constraint::colocation { 'nova-vncproxy-with-nova-consoleauth-colocation':
- source => "${::nova::params::vncproxy_service_name}-clone",
- target => "${::nova::params::consoleauth_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]],
- }
- pacemaker::constraint::base { 'nova-vncproxy-then-nova-api-constraint':
- constraint_type => 'order',
- first_resource => "${::nova::params::vncproxy_service_name}-clone",
- second_resource => "${::nova::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name],
- Pacemaker::Resource::Service[$::nova::params::api_service_name]],
- }
- pacemaker::constraint::colocation { 'nova-api-with-nova-vncproxy-colocation':
- source => "${::nova::params::api_service_name}-clone",
- target => "${::nova::params::vncproxy_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name],
- Pacemaker::Resource::Service[$::nova::params::api_service_name]],
- }
- pacemaker::constraint::base { 'nova-api-then-nova-scheduler-constraint':
- constraint_type => 'order',
- first_resource => "${::nova::params::api_service_name}-clone",
- second_resource => "${::nova::params::scheduler_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::nova::params::api_service_name],
- Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]],
- }
- pacemaker::constraint::colocation { 'nova-scheduler-with-nova-api-colocation':
- source => "${::nova::params::scheduler_service_name}-clone",
- target => "${::nova::params::api_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::nova::params::api_service_name],
- Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]],
- }
- pacemaker::constraint::base { 'nova-scheduler-then-nova-conductor-constraint':
- constraint_type => 'order',
- first_resource => "${::nova::params::scheduler_service_name}-clone",
- second_resource => "${::nova::params::conductor_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name],
- Pacemaker::Resource::Service[$::nova::params::conductor_service_name]],
- }
- pacemaker::constraint::colocation { 'nova-conductor-with-nova-scheduler-colocation':
- source => "${::nova::params::conductor_service_name}-clone",
- target => "${::nova::params::scheduler_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name],
- Pacemaker::Resource::Service[$::nova::params::conductor_service_name]],
- }
-
# Fedora doesn't know `require-all` parameter for constraints yet
if $::operatingsystem == 'Fedora' {
$redis_aodh_constraint_params = undef
@@ -239,32 +134,6 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
}
-
- #VSM
- if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- pacemaker::resource::ocf { 'vsm-p' :
- ocf_agent_name => 'heartbeat:VirtualDomain',
- resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml',
- require => Class['n1k_vsm'],
- meta_params => 'resource-stickiness=INFINITY',
- }
- if str2bool(hiera('n1k_vsm::pacemaker_control', true)) {
- pacemaker::resource::ocf { 'vsm-s' :
- ocf_agent_name => 'heartbeat:VirtualDomain',
- resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml',
- require => Class['n1k_vsm'],
- meta_params => 'resource-stickiness=INFINITY',
- }
- pacemaker::constraint::colocation { 'vsm-colocation-contraint':
- source => 'vsm-p',
- target => 'vsm-s',
- score => '-INFINITY',
- require => [Pacemaker::Resource::Ocf['vsm-p'],
- Pacemaker::Resource::Ocf['vsm-s']],
- }
- }
- }
-
}
} #END STEP 5
diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml
index 34735f75..80f656d0 100644
--- a/puppet/services/ceilometer-agent-central.yaml
+++ b/puppet/services/ceilometer-agent-central.yaml
@@ -28,7 +28,7 @@ outputs:
role_data:
description: Role data for the Ceilometer Central Agent role.
value:
- service_name: ceilometer-agent-central
+ service_name: ceilometer_agent_central
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml
index 9e4d0575..181c64d2 100644
--- a/puppet/services/ceilometer-agent-compute.yaml
+++ b/puppet/services/ceilometer-agent-compute.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Ceilometer Compute Agent role.
value:
- service_name: ceilometer-agent-compute
+ service_name: ceilometer_agent_compute
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml
index b65e189b..58e28a3d 100644
--- a/puppet/services/ceilometer-agent-notification.yaml
+++ b/puppet/services/ceilometer-agent-notification.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Ceilometer Notification Agent role.
value:
- service_name: ceilometer-agent-notification
+ service_name: ceilometer_agent_notification
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index d0f3767d..c5c143b0 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Ceilometer API role.
value:
- service_name: ceilometer-api
+ service_name: ceilometer_api
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
@@ -30,5 +30,6 @@ outputs:
dport:
- 8777
- 13777
+ - ceilometer::api::keystone_tenant: 'service'
step_config: |
include ::tripleo::profile::base::ceilometer::api
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 40060a11..5342cefb 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -62,7 +62,7 @@ outputs:
role_data:
description: Role data for the Ceilometer role.
value:
- service_name: ceilometer-base
+ service_name: ceilometer_base
config_settings:
ceilometer::db::database_connection:
list_join:
@@ -83,6 +83,9 @@ outputs:
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents}
+ ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion}
+ ceilometer::agent::auth::auth_tenant_name: 'service'
+ ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
ceilometer::db::mysql::password: {get_param: CeilometerPassword}
ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher}
ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]}
@@ -94,6 +97,7 @@ outputs:
ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
+ ceilometer::keystone::auth::tenant: 'service'
ceilometer::rabbit_userid: {get_param: RabbitUserName}
ceilometer::rabbit_password: {get_param: RabbitPassword}
ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
@@ -104,3 +108,6 @@ outputs:
ceilometer::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ ceilometer::rabbit_heartbeat_timeout_threshold: 60
+ ceilometer::db::database_db_max_retries: -1
+ ceilometer::db::database_max_retries: -1
diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml
index 540a4654..7a7bc19d 100644
--- a/puppet/services/ceilometer-collector.yaml
+++ b/puppet/services/ceilometer-collector.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Ceilometer Collector role.
value:
- service_name: ceilometer-collector
+ service_name: ceilometer_collector
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml
index 7816a859..c960e6dc 100644
--- a/puppet/services/ceilometer-expirer.yaml
+++ b/puppet/services/ceilometer-expirer.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Ceilometer Expirer role.
value:
- service_name: ceilometer-expirer
+ service_name: ceilometer_expirer
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml
index 76f649b0..bce52f36 100644
--- a/puppet/services/ceph-base.yaml
+++ b/puppet/services/ceph-base.yaml
@@ -5,12 +5,10 @@ description: >
parameters:
CephAdminKey:
- default: ''
description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientKey:
- default: ''
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
type: string
hidden: true
@@ -18,7 +16,6 @@ parameters:
default: openstack
type: string
CephClusterFSID:
- default: ''
type: string
description: The Ceph cluster FSID. Must be a UUID.
CephIPv6:
@@ -57,10 +54,17 @@ outputs:
role_data:
description: Role data for the Ceph base service.
value:
- service_name: ceph-base
+ service_name: ceph_base
config_settings:
tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6}
tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
+ ceph::profile::params::osd_pool_default_pg_num: 32
+ ceph::profile::params::osd_pool_default_pgp_num: 32
+ ceph::profile::params::osd_pool_default_size: 3
+ ceph::profile::params::osd_pool_default_min_size: 1
+ ceph::profile::params::osds: {/srv/data: {}}
+ ceph::profile::params::manage_repo: false
+ ceph::profile::params::authentication_type: cephx
ceph::profile::params::fsid: {get_param: CephClusterFSID}
ceph::profile::params::client_keys:
str_replace:
diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml
index fc23f719..33bbbe58 100644
--- a/puppet/services/ceph-client.yaml
+++ b/puppet/services/ceph-client.yaml
@@ -18,7 +18,7 @@ outputs:
role_data:
description: Role data for the Cinder OSD service.
value:
- service_name: ceph-client
+ service_name: ceph_client
config_settings:
get_attr: [CephBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml
index b656e245..f6fe26db 100644
--- a/puppet/services/ceph-external.yaml
+++ b/puppet/services/ceph-external.yaml
@@ -5,7 +5,6 @@ description: >
parameters:
CephClientKey:
- default: ''
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
type: string
hidden: true
@@ -13,7 +12,6 @@ parameters:
default: openstack
type: string
CephClusterFSID:
- default: ''
type: string
description: The Ceph cluster FSID. Must be a UUID.
CephExternalMonHost:
@@ -40,7 +38,7 @@ outputs:
role_data:
description: Role data for the Ceph External service.
value:
- service_name: ceph-external
+ service_name: ceph_external
config_settings:
tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost}
ceph::profile::params::fsid: {get_param: CephClusterFSID}
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index 8df7683d..f48515e5 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -13,7 +13,6 @@ parameters:
default: False
type: boolean
CephMonKey:
- default: ''
description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
@@ -41,7 +40,7 @@ outputs:
role_data:
description: Role data for the Ceph Monitor service.
value:
- service_name: ceph-mon
+ service_name: ceph_mon
config_settings:
map_merge:
- get_attr: [CephBase, role_data, config_settings]
diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml
index b6f464bb..21cefb34 100644
--- a/puppet/services/ceph-osd.yaml
+++ b/puppet/services/ceph-osd.yaml
@@ -18,7 +18,7 @@ outputs:
role_data:
description: Role data for the Cinder OSD service.
value:
- service_name: ceph-osd
+ service_name: ceph_osd
config_settings:
map_merge:
- get_attr: [CephBase, role_data, config_settings]
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index 0cefb380..5e58dee9 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -30,13 +30,20 @@ outputs:
role_data:
description: Role data for the Cinder API role.
value:
- service_name: cinder-api
+ service_name: cinder_api
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- cinder::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
cinder::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
cinder::api::keystone_password: {get_param: CinderPassword}
+ cinder::api::keystone_tenant: 'service'
+ cinder::api::enable_proxy_headers_parsing: true
+ cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
+ # TODO(emilien) move it to puppet-cinder
+ cinder::config:
+ DEFAULT/swift_catalog_info:
+ value: 'object-store:swift:internalURL'
cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
tripleo.cinder_api.firewall_rules:
diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml
index adacc737..d923e7c6 100644
--- a/puppet/services/cinder-base.yaml
+++ b/puppet/services/cinder-base.yaml
@@ -40,7 +40,7 @@ outputs:
role_data:
description: Role data for the Cinder base service.
value:
- service_name: cinder-base
+ service_name: cinder_base
config_settings:
cinder::database_connection:
list_join:
@@ -63,3 +63,9 @@ outputs:
cinder::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ cinder::rabbit_heartbeat_timeout_threshold: 60
+ cinder::keystone::auth::tenant: 'service'
+ cinder::host: hostgroup
+ cinder::cron::db_purge::destination: '/dev/null'
+ cinder::db::database_db_max_retries: -1
+ cinder::db::database_max_retries: -1
diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml
index 2e1e852d..e03090a2 100644
--- a/puppet/services/cinder-scheduler.yaml
+++ b/puppet/services/cinder-scheduler.yaml
@@ -21,8 +21,10 @@ outputs:
role_data:
description: Role data for the Cinder Scheduler role.
value:
- service_name: cinder-scheduler
+ service_name: cinder_scheduler
config_settings:
- get_attr: [CinderBase, role_data, config_settings]
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
step_config: |
include ::tripleo::profile::base::cinder::scheduler
diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
index 8f63ff6a..9f49bc06 100644
--- a/puppet/services/cinder-volume.yaml
+++ b/puppet/services/cinder-volume.yaml
@@ -59,7 +59,7 @@ outputs:
role_data:
description: Role data for the Cinder Volume role.
value:
- service_name: cinder-volume
+ service_name: cinder_volume
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml
index ed0b92af..b8761320 100644
--- a/puppet/services/database/mongodb-base.yaml
+++ b/puppet/services/database/mongodb-base.yaml
@@ -24,8 +24,9 @@ outputs:
role_data:
description: Role data for the MongoDB base service.
value:
- service_name: mongodb-base
+ service_name: mongodb_base
config_settings:
mongodb::server::nojournal: {get_param: MongoDbNoJournal}
+ mongodb::server::journal: false
mongodb::server::ipv6: {get_param: MongoDbIPv6}
- mongodb::server::replset: {get_param: MongoDbReplset} \ No newline at end of file
+ mongodb::server::replset: {get_param: MongoDbReplset}
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index 0a19b2a7..6f8f91b5 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -17,6 +17,13 @@ outputs:
value:
service_name: mysql
config_settings:
+ # The Galera package should work in cluster and
+ # non-cluster modes based on the config file.
+ # We set the package name here explicitly so
+ # that it matches what we pre-install
+ # in tripleo-puppet-elements.
+ mysql::server::package_name: 'mariadb-galera-server'
+ mysql::server::manage_config_file: true
tripleo.mysql.firewall_rules:
'104 mysql galera':
dport:
diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml
index c7b083fa..fe8c0659 100644
--- a/puppet/services/database/redis-base.yaml
+++ b/puppet/services/database/redis-base.yaml
@@ -13,10 +13,13 @@ outputs:
role_data:
description: Role data for the redis role.
value:
- service_name: redis-base
+ service_name: redis_base
config_settings:
- redis::requirepass: {get_param: RedisPassword}
- redis::masterauth: {get_param: RedisPassword}
- redis::sentinel_auth_pass: {get_param: RedisPassword}
- tripleo::loadbalancer::redis_password: {get_param: RedisPassword}
-
+ redis::requirepass: {get_param: RedisPassword}
+ redis::masterauth: {get_param: RedisPassword}
+ redis::sentinel_auth_pass: {get_param: RedisPassword}
+ redis::port: 6379
+ redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"'
+ redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"'
+ redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
+ tripleo::loadbalancer::redis_password: {get_param: RedisPassword}
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index ee4c17c7..99065789 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -65,7 +65,7 @@ outputs:
role_data:
description: Role data for the Glance API role.
value:
- service_name: glance-api
+ service_name: glance_api
config_settings:
glance::api::database_connection:
list_join:
@@ -85,6 +85,7 @@ outputs:
params:
REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
glance::api::keystone_password: {get_param: GlancePassword}
+ glance::api::enable_proxy_headers_parsing: true
glance::api::debug: {get_param: Debug}
glance::api::workers: {get_param: GlanceWorkers}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
@@ -92,6 +93,7 @@ outputs:
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_param: GlancePassword}
+ glance::backend::swift::swift_store_create_container_on_put: true
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
glance_backend: {get_param: GlanceBackend}
@@ -104,10 +106,17 @@ outputs:
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
glance::keystone::auth::password: {get_param: GlancePassword }
+ glance::registry::db::database_db_max_retries: -1
+ glance::registry::db::database_max_retries: -1
tripleo.glance_api.firewall_rules:
'112 glance_api':
dport:
- 9292
- 13292
+ glance::keystone::auth::tenant: 'service'
+ glance::api::keystone_tenant: 'service'
+ glance::api::pipeline: 'keystone'
+ glance::api::show_image_direct_url: true
+
step_config: |
include ::tripleo::profile::base::glance::api
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
index f9d9dd6b..40d18191 100644
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@@ -26,7 +26,7 @@ outputs:
role_data:
description: Role data for the Glance Registry role.
value:
- service_name: glance-registry
+ service_name: glance_registry
config_settings:
glance::registry::database_connection:
list_join:
@@ -38,6 +38,8 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
glance::registry::keystone_password: {get_param: GlancePassword}
+ glance::registry::keystone_tenant: 'service'
+ glance::registry::pipeline: 'keystone'
glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::registry::debug: {get_param: Debug}
@@ -48,6 +50,8 @@ outputs:
glance::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ glance::registry::db::database_db_max_retries: -1
+ glance::registry::db::database_max_retries: -1
tripleo.glance_registry.firewall_rules:
'112 glance_registry':
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index bf23cda1..d97626a6 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Gnocchi role.
value:
- service_name: gnocchi-api
+ service_name: gnocchi_api
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
@@ -29,5 +29,6 @@ outputs:
dport:
- 8041
- 13041
+ - gnocchi::api::keystone_tenant: 'service'
step_config: |
include ::tripleo::profile::base::gnocchi::api
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index fa00f736..a408d5d7 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -30,6 +30,10 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
outputs:
aux_parameters:
@@ -39,7 +43,7 @@ outputs:
role_data:
description: Shared role data for the Heat services.
value:
- service_name: gnocchi-base
+ service_name: gnocchi_base
config_settings:
#Gnocchi engine
gnocchi::debug: {get_input: debug}
@@ -52,7 +56,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/gnocchi'
- gnocchi::keystone::auth::region: 'regionOne'
+ gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
gnocchi::keystone::auth::tenant: 'service'
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
@@ -90,3 +94,5 @@ outputs:
gnocchi::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ gnocchi::auth::auth_region: {get_param: KeystoneRegion}
+ gnocchi::auth::auth_tenant_name: 'service'
diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml
index 20215380..8041c6f4 100644
--- a/puppet/services/gnocchi-metricd.yaml
+++ b/puppet/services/gnocchi-metricd.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Gnocchi role.
value:
- service_name: gnocchi-metricd
+ service_name: gnocchi_metricd
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml
index 4fef7af6..9c8e6897 100644
--- a/puppet/services/gnocchi-statsd.yaml
+++ b/puppet/services/gnocchi-statsd.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Gnocchi role.
value:
- service_name: gnocchi-statsd
+ service_name: gnocchi_statsd
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 1a629c1d..902a1c3f 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -19,5 +19,26 @@ outputs:
tripleo.haproxy.firewall_rules:
'107 haproxy stats':
dport: 1993
+ # TODO(emilien) make it composable to find which services are actually running
+ tripleo::haproxy::keystone_admin: true
+ tripleo::haproxy::keystone_public: true
+ tripleo::haproxy::neutron: true
+ tripleo::haproxy::cinder: true
+ tripleo::haproxy::glance_api: true
+ tripleo::haproxy::glance_registry: true
+ tripleo::haproxy::nova_osapi: true
+ tripleo::haproxy::nova_metadata: true
+ tripleo::haproxy::nova_novncproxy: true
+ tripleo::haproxy::mysql: true
+ tripleo::haproxy::redis: true
+ tripleo::haproxy::sahara: true
+ tripleo::haproxy::swift_proxy_server: true
+ tripleo::haproxy::ceilometer: true
+ tripleo::haproxy::aodh: true
+ tripleo::haproxy::gnocchi: true
+ tripleo::haproxy::heat_api: true
+ tripleo::haproxy::heat_cloudwatch: true
+ tripleo::haproxy::heat_cfn: true
+ tripleo::haproxy::horizon: true
step_config: |
include ::tripleo::profile::base::haproxy
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 67c89bb9..f8832dd8 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -30,7 +30,7 @@ outputs:
role_data:
description: Role data for the Heat CloudFormation API role.
value:
- service_name: heat-api-cfn
+ service_name: heat_api_cfn
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index 32a0a58d..b4669ac3 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -22,7 +22,7 @@ outputs:
role_data:
description: Role data for the Heat Cloudwatch API role.
value:
- service_name: heat-api-cloudwatch
+ service_name: heat_api_cloudwatch
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index 0bb208d1..c0e7a690 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -30,7 +30,7 @@ outputs:
role_data:
description: Role data for the Heat API role.
value:
- service_name: heat-api
+ service_name: heat_api
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml
index 2a7aeabc..01f2a51b 100644
--- a/puppet/services/heat-base.yaml
+++ b/puppet/services/heat-base.yaml
@@ -31,7 +31,7 @@ outputs:
role_data:
description: Shared role data for the Heat services.
value:
- service_name: heat-base
+ service_name: heat_base
config_settings:
heat::rabbit_userid: {get_param: RabbitUserName}
heat::rabbit_password: {get_param: RabbitPassword}
@@ -45,3 +45,16 @@ outputs:
context_is_admin:
key: 'context_is_admin'
value: 'role:admin'
+ heat::rabbit_heartbeat_timeout_threshold: 60
+ heat::keystone_tenant: 'service'
+ heat::keystone::auth::tenant: 'service'
+ heat::keystone::domain::domain_name: 'heat_stack'
+ heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
+ heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
+ heat::auth_plugin: 'password'
+ heat::cron::purge_deleted::age: 30
+ heat::cron::purge_deleted::age_type: 'days'
+ heat::cron::purge_deleted::maxdelay: 3600
+ heat::cron::purge_deleted::destination: '/dev/null'
+ heat::db::database_db_max_retries: -1
+ heat::db::database_max_retries: -1
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index 2fd01885..13555a62 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -35,11 +35,13 @@ outputs:
role_data:
description: Role data for the Heat Engine role.
value:
- service_name: heat-engine
+ service_name: heat_engine
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::engine::num_engine_workers: {get_param: HeatWorkers}
+ heat::engine::configure_delegated_roles: false
+ heat::engine::trusts_delegated_roles: []
tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge}
heat::database_connection:
list_join:
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index dc7ba8c9..64cf450a 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -36,5 +36,11 @@ outputs:
dport:
- 80
- 443
+ horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
+ horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
+ horizon::vhost_extra_params:
+ add_listen: false
+ priority: 10
+ access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
step_config: |
include ::tripleo::profile::base::horizon
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 6f369f74..949cdf31 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -24,7 +24,7 @@ outputs:
role_data:
description: Role data for the Ironic API role.
value:
- service_name: ironic-api
+ service_name: ironic_api
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml
index fb9d4dde..41d2234a 100644
--- a/puppet/services/ironic-base.yaml
+++ b/puppet/services/ironic-base.yaml
@@ -40,7 +40,7 @@ outputs:
role_data:
description: Role data for the Ironic role.
value:
- service_name: ironic-base
+ service_name: ironic_base
config_settings:
ironic::database_connection:
list_join:
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 574e5aef..a3bce305 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -24,7 +24,7 @@ outputs:
role_data:
description: Role data for the Ironic conductor role.
value:
- service_name: ironic-conductor
+ service_name: ironic_conductor
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 9e8a53f0..50ebe925 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -15,5 +15,26 @@ outputs:
description: Role data for the Kernel modules
value:
service_name: kernel
+ config_settings:
+ kernel_modules:
+ nf_conntrack: {}
+ sysctl_settings:
+ net.ipv4.tcp_keepalive_intvl:
+ value: 1
+ net.ipv4.tcp_keepalive_probes:
+ value: 5
+ net.ipv4.tcp_keepalive_time:
+ value: 5
+ net.nf_conntrack_max:
+ value: 500000
+ net.netfilter.nf_conntrack_max:
+ value: 500000
+ # prevent neutron bridges from autoconfiguring ipv6 addresses
+ net.ipv6.conf.default.accept_ra:
+ value: 0
+ net.ipv6.conf.default.autoconf:
+ value: 0
+ net.core.netdev_max_backlog:
+ value: 10000
step_config: |
include ::tripleo::profile::base::kernel
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index de920de3..abc738d9 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -110,6 +110,7 @@ outputs:
keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::enable_proxy_headers_parsing: true
keystone::debug: {get_param: Debug}
keystone::db::mysql::password: {get_param: AdminToken}
keystone::rabbit_userid: {get_param: RabbitUserName}
@@ -132,10 +133,22 @@ outputs:
keystone::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ keystone::rabbit_heartbeat_timeout_threshold: 60
+ keystone::cron::token_flush::maxdelay: 3600
+ keystone::roles::admin::service_tenant: 'service'
+ keystone::roles::admin::admin_tenant: 'admin'
+ keystone::cron::token_flush::destination: '/dev/null'
+ keystone::config::keystone_config:
+ ec2/driver:
+ value: 'keystone.contrib.ec2.backends.sql.Ec2'
+ keystone::service_name: 'httpd'
+ keystone::wsgi::apache::ssl: false
keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
# override via extraconfig:
keystone::wsgi::apache::threads: 1
+ keystone::db::database_db_max_retries: -1
+ keystone::db::database_max_retries: -1
tripleo.keystone.firewall_rules:
'111 keystone':
dport:
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
new file mode 100644
index 00000000..ccae4467
--- /dev/null
+++ b/puppet/services/manila-api.yaml
@@ -0,0 +1,46 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Manila-api service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ManilaPassword:
+ description: The password for the manila service account.
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+resources:
+ ManilaBase:
+ type: ./manila-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Manila-api role.
+ value:
+ service_name: manila_api
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - manila::api::keystone_password: {get_param: ManilaPassword}
+ manila::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::api::keystone_auth_host: {get_param: [EndpointMap, ManilaInternal, host]}
+ manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaPublic, uri]}
+ manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaInternal, uri]}
+ manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaAdmin, uri]}
+ manila::keystone::auth::password: {get_param: ManilaPassword }
+ manila::keystone::auth::region: {get_param: KeystoneRegion }
+ manila::api::keystone_tenant: 'service'
+ step_config: |
+ include ::tripleo::profile::base::manila::api
+
diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml
new file mode 100644
index 00000000..c156379b
--- /dev/null
+++ b/puppet/services/manila-base.yaml
@@ -0,0 +1,119 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Manila base service. Shared by manila-api/scheduler/share services
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ # Config specific parameters, to be provided via parameter_defaults
+ ManilaGenericEnableBackend:
+ type: boolean
+ default: true
+ ManilaGenericBackendName:
+ type: string
+ default: tripleo_generic
+ ManilaGenericDriverHandlesShareServers:
+ type: string
+ default: true
+ ManilaGenericSmbTemplateConfigPath:
+ type: string
+ default: '$state_path/smb.conf'
+ ManilaGenericVolumeNameTemplate:
+ type: string
+ default: 'manila-share-%s'
+ ManilaGenericVolumeSnapshotNameTemplate:
+ type: string
+ default: 'manila-snapshot-%s'
+ ManilaGenericShareMountPath:
+ type: string
+ default: '/shares'
+ ManilaGenericMaxTimeToCreateVolume:
+ type: string
+ default: '180'
+ ManilaGenericMaxTimeToAttach:
+ type: string
+ default: '120'
+ ManilaGenericServiceInstanceSmbConfigPath:
+ type: string
+ default: '$share_mount_path/smb.conf'
+ ManilaGenericShareVolumeFsType:
+ type: string
+ default: 'ext4'
+ ManilaGenericCinderVolumeType:
+ type: string
+ default: ''
+ ManilaGenericServiceInstanceUser:
+ type: string
+ default: ''
+ ManilaGenericServiceInstancePassword: #SET THIS via parameter_defaults
+ type: string
+ hidden: true
+ ManilaGenericServiceInstanceFlavorId:
+ type: number
+ default: 1
+ ManilaGenericServiceNetworkCidr:
+ type: string
+ default: '172.16.0.0/16'
+
+outputs:
+ role_data:
+ description: Role data for the Manila Base service.
+ value:
+ service_name: manila_base
+ config_settings:
+ manila::rabbit_userid: {get_param: RabbitUserName}
+ manila::rabbit_password: {get_param: RabbitPassword}
+ manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ manila::rabbit_port: {get_param: RabbitClientPort}
+ manila::debug: {get_param: Debug}
+ manila::db::mysql::user: manila
+ manila::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
+ manila::db::mysql::dbname: manila
+ manila::db::database_db_max_retries: -1
+ manila::db::database_max_retries: -1
+ manila_generic_enable_backend: {get_param: ManilaGenericEnableBackend}
+ manila::backend::generic::title: {get_param: ManilaGenericBackendName}
+ manila::backend::generic::driver_handles_share_servers: {get_param: ManilaGenericDriverHandlesShareServers}
+ manila::backend::generic::smb_template_config_path: {get_param: ManilaGenericSmbTemplateConfigPath}
+ manila::backend::generic::volume_name_template: {get_param: ManilaGenericVolumeNameTemplate}
+ manila::backend::generic::volume_snapshot_name_template: {get_param: ManilaGenericVolumeSnapshotNameTemplate}
+ manila::backend::generic::share_mount_path: {get_param: ManilaGenericShareMountPath}
+ manila::backend::generic::max_time_to_create_volume: {get_param: ManilaGenericMaxTimeToCreateVolume}
+ manila::backend::generic::max_time_to_attach: {get_param: ManilaGenericMaxTimeToAttach}
+ manila::backend::generic::service_instance_smb_config_path: {get_param: ManilaGenericServiceInstanceSmbConfigPath}
+ manila::backend::generic::share_volume_fstype: {get_param: ManilaGenericShareVolumeFsType}
+ manila::backend::generic::cinder_volume_type: {get_param: ManilaGenericCinderVolumeType}
+ manila::service_instance::service_instance_user: {get_param: ManilaGenericServiceInstanceUser}
+ manila::service_instance::service_instance_password: {get_param: ManilaGenericServiceInstancePassword}
+ manila::service_instance::service_instance_flavor_id: {get_param: ManilaGenericServiceInstanceFlavorId}
+ manila::service_instance::service_network_cidr: {get_param: ManilaGenericServiceNetworkCidr}
+ manila::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+
diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml
new file mode 100644
index 00000000..b1d55a05
--- /dev/null
+++ b/puppet/services/manila-scheduler.yaml
@@ -0,0 +1,57 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Manila-scheduler service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaPassword:
+ type: string
+ description: The password for the nova service and db account, used by nova-api.
+ hidden: true
+ NeutronPassword:
+ description: The password for the neutron service and db account, used by neutron agents.
+ type: string
+ hidden: true
+ ManilaPassword:
+ description: The password for the manila service account.
+ type: string
+ hidden: true
+
+resources:
+ ManilaBase:
+ type: ./manila-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Manila-scheduler role.
+ value:
+ service_name: manila_scheduler
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::compute::nova::nova_admin_password: {get_param: NovaPassword}
+ manila::compute::nova::nova_admin_tenant_name: 'service'
+ manila::db::mysql::password: {get_param: ManilaPassword}
+ manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]}
+ manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword}
+ manila::sql_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://manila:'
+ - {get_param: ManilaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/manila'
+ step_config: |
+ include ::tripleo::profile::base::manila::scheduler
+
diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml
new file mode 100644
index 00000000..20f36aa3
--- /dev/null
+++ b/puppet/services/manila-share.yaml
@@ -0,0 +1,29 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Manila-share service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ ManilaBase:
+ type: ./manila-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Manila-share role.
+ value:
+ service_name: manila_share
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - manila::volume::cinder::cinder_admin_tenant_name: 'service'
+ step_config: |
+ include ::tripleo::profile::base::manila::share
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index 301759c7..3f8ac7e8 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -47,7 +47,7 @@ outputs:
role_data:
description: Role data for the Neutron base service.
value:
- service_name: neutron-base
+ service_name: neutron_base
config_settings:
neutron::rabbit_password: {get_param: RabbitPassword}
neutron::rabbit_user: {get_param: RabbitUserName}
@@ -61,4 +61,9 @@ outputs:
params:
PLUGINS: {get_param: NeutronServicePlugins}
neutron::debug: {get_param: Debug}
- neutron::host: '"%{::fqdn}"'
+ neutron::allow_overlapping_ips: true
+ neutron::rabbit_heartbeat_timeout_threshold: 60
+ neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed
+ neutron::keystone::auth::tenant: 'service'
+ neutron::db::database_db_max_retries: -1
+ neutron::db::database_max_retries: -1
diff --git a/puppet/services/neutron-compute-plugin-midonet.yaml b/puppet/services/neutron-compute-plugin-midonet.yaml
index f08afd15..200aaa1b 100644
--- a/puppet/services/neutron-compute-plugin-midonet.yaml
+++ b/puppet/services/neutron-compute-plugin-midonet.yaml
@@ -14,7 +14,7 @@ outputs:
role_data:
description: Role data for the Neutron Compute Plumgrid plugin
value:
- service_name: neutron-compute-plugin-midonet
+ service_name: neutron_compute_plugin_midonet
config_settings:
step_config: |
include ::tripleo::profile::base::neutron::agents::midonet
diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml
index f6e2f3a8..44aac571 100644
--- a/puppet/services/neutron-compute-plugin-nuage.yaml
+++ b/puppet/services/neutron-compute-plugin-nuage.yaml
@@ -18,7 +18,7 @@ outputs:
role_data:
description: Role data for the Neutron Compute Nuage plugin
value:
- service_name: neutron-compute-plugin-nuage
+ service_name: neutron_compute_plugin_nuage
config_settings:
tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service'
tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword}
diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/puppet/services/neutron-compute-plugin-opencontrail.yaml
index b95a6554..fb6d640c 100644
--- a/puppet/services/neutron-compute-plugin-opencontrail.yaml
+++ b/puppet/services/neutron-compute-plugin-opencontrail.yaml
@@ -14,7 +14,7 @@ outputs:
role_data:
description: Role data for the Neutron Compute OpenContrail plugin
value:
- service_name: neutron-compute-plugin-opencontrail
+ service_name: neutron_compute_plugin_opencontrail
config_settings:
step_config: |
include ::tripleo::profile::base::neutron::opencontrail::vrouter
diff --git a/puppet/services/neutron-compute-plugin-plumgrid.yaml b/puppet/services/neutron-compute-plugin-plumgrid.yaml
index 064ac9e0..ad1e3465 100644
--- a/puppet/services/neutron-compute-plugin-plumgrid.yaml
+++ b/puppet/services/neutron-compute-plugin-plumgrid.yaml
@@ -14,7 +14,7 @@ outputs:
role_data:
description: Role data for the Neutron Compute Plumgrid plugin
value:
- service_name: neutron-compute-plugin-plumgrid
+ service_name: neutron_compute_plugin_plumgrid
config_settings:
step_config: |
include tripleo::profile::base::neutron::plumgrid
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
index 1c57aa45..322e018d 100644
--- a/puppet/services/neutron-dhcp.yaml
+++ b/puppet/services/neutron-dhcp.yaml
@@ -23,7 +23,7 @@ outputs:
role_data:
description: Role data for the Neutron DHCP agent service.
value:
- service_name: neutron-dhcp
+ service_name: neutron_dhcp
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index 0e568614..a7232a39 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -26,10 +26,11 @@ outputs:
role_data:
description: Role data for the Neutron L3 agent service.
value:
- service_name: neutron-l3
+ service_name: neutron_l3
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
+ neutron::agents::l3::router_delete_namespaces: True
step_config: |
include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml
index 04c80e01..73d8c3da 100644
--- a/puppet/services/neutron-metadata.yaml
+++ b/puppet/services/neutron-metadata.yaml
@@ -31,7 +31,7 @@ outputs:
role_data:
description: Role data for the Neutron Metadata agent service.
value:
- service_name: neutron-metadata
+ service_name: neutron_metadata
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
@@ -39,5 +39,6 @@ outputs:
neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ neutron::agents::metadata::auth_tenant: 'service'
step_config: |
include tripleo::profile::base::neutron::metadata
diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml
index d48d97f0..ccc0b0dd 100644
--- a/puppet/services/neutron-midonet.yaml
+++ b/puppet/services/neutron-midonet.yaml
@@ -36,7 +36,7 @@ outputs:
role_data:
description: Role data for the Neutron Midonet plugin and services
value:
- service_name: neutron-midonet
+ service_name: neutron_midonet
config_settings:
tripleo::profile::base::neutron::midonet::admin_password: {get_param: AdminPassword}
tripleo::profile::base::neutron::midonet::keystone_admin_token: {get_param: AdminToken}
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 30caeec3..d8679f2e 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -47,7 +47,7 @@ outputs:
role_data:
description: Role data for the Neutron OVS agent service.
value:
- service_name: neutron-ovs-agent
+ service_name: neutron_ovs_agent
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index 3511b2f2..158122ed 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -61,7 +61,7 @@ outputs:
role_data:
description: Role data for the Neutron ML2 plugin.
value:
- service_name: neutron-plugin-ml2
+ service_name: neutron_plugin_ml2
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml
index 3889f84a..5f228f96 100644
--- a/puppet/services/neutron-plugin-nuage.yaml
+++ b/puppet/services/neutron-plugin-nuage.yaml
@@ -59,7 +59,7 @@ outputs:
role_data:
description: Role data for the Neutron Nuage plugin
value:
- service_name: neutron-plugin-nuage
+ service_name: neutron_plugin_nuage
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml
index 1d23c497..ed6a2c04 100644
--- a/puppet/services/neutron-plugin-opencontrail.yaml
+++ b/puppet/services/neutron-plugin-opencontrail.yaml
@@ -42,7 +42,7 @@ outputs:
role_data:
description: Role data for the Neutron Opencontrail plugin
value:
- service_name: neutron-plugin-opencontrail
+ service_name: neutron_plugin_opencontrail
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml
index 484d163f..5488bed7 100644
--- a/puppet/services/neutron-plugin-plumgrid.yaml
+++ b/puppet/services/neutron-plugin-plumgrid.yaml
@@ -80,7 +80,7 @@ outputs:
role_data:
description: Role data for the Neutron Plumgrid plugin
value:
- service_name: neutron-plugin-plumgrid
+ service_name: neutron_plugin_plumgrid
config_settings:
neutron::plugins::plumgrid::connection:
list_join:
@@ -90,7 +90,7 @@ outputs:
- {get_param: NeutronPassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- - '/ovs_neutron?charset=utf8'
+ - '/ovs_neutron'
neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]}
neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword}
neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml
index 253a6bfe..1c7cef49 100644
--- a/puppet/services/neutron-server.yaml
+++ b/puppet/services/neutron-server.yaml
@@ -39,7 +39,7 @@ outputs:
role_data:
description: Role data for the Neutron Server agent service.
value:
- service_name: neutron-server
+ service_name: neutron_server
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
@@ -51,9 +51,10 @@ outputs:
- {get_param: NeutronPassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- - '/ovs_neutron?charset=utf8'
+ - '/ovs_neutron'
neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ neutron::server::auth_tenant: 'service'
neutron::server::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
neutron::server::api_workers: {get_param: NeutronWorkers}
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
@@ -65,6 +66,8 @@ outputs:
neutron::server::notifications::tenant_name: 'service'
neutron::server::notifications::project_name: 'service'
neutron::server::notifications::password: {get_param: NovaPassword}
+ neutron::server::project_name: 'service'
+ neutron::server::sync_db: true
neutron::db::mysql::password: {get_param: NeutronPassword}
neutron::db::mysql::user: neutron
neutron::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 0dd8fd51..045a8614 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -24,7 +24,7 @@ outputs:
role_data:
description: Role data for the Nova API service.
value:
- service_name: nova-api
+ service_name: nova_api
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
@@ -42,5 +42,10 @@ outputs:
- 8774
- 13774
- 8775
+ nova::api::admin_tenant_name: 'service'
+ nova::api::enabled: true
+ nova::api::default_floating_pool: 'public'
+ nova::api::sync_db_api: true
+ nova::api::enable_proxy_headers_parsing: true
step_config: |
include tripleo::profile::base::nova::api
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index c94e0246..e3379821 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -40,7 +40,7 @@ outputs:
role_data:
description: Role data for the Nova base service.
value:
- service_name: nova-base
+ service_name: nova_base
config_settings:
nova::rabbit_password: {get_param: RabbitPassword}
nova::rabbit_user: {get_param: RabbitUserName}
@@ -79,4 +79,27 @@ outputs:
- '%'
- "%{hiera('mysql_bind_host')}"
nova::debug: {get_param: Debug}
- nova::host: '"%{::fqdn}"'
+ nova::network::neutron::neutron_project_name: 'service'
+ nova::network::neutron::neutron_username: 'neutron'
+ nova::network::neutron::dhcp_domain: ''
+ nova::rabbit_heartbeat_timeout_threshold: 60
+ nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL'
+ nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed.
+ nova::notify_on_state_change: 'vm_and_task_state'
+ nova::notification_driver: messagingv2
+ nova::network::neutron::neutron_auth_type: 'v3password'
+ nova::keystone::auth::tenant: 'service'
+ nova::db::mysql::user: nova
+ nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
+ nova::db::mysql::dbname: nova
+ nova::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ nova::db::mysql_api::user: nova_api
+ nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
+ nova::db::mysql_api::dbname: nova_api
+ nova::db::mysql_api::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ nova::db::database_db_max_retries: -1
+ nova::db::database_max_retries: -1
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index a7226bd0..bcc3a232 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -26,12 +26,12 @@ outputs:
role_data:
description: Role data for the Nova Compute service.
value:
- service_name: nova-compute
+ service_name: nova_compute
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::compute::libvirt::manage_libvirt_services: false
- # we manage migration in nova common puppet profile
+ # we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
tripleo::profile::base::nova::nova_compute_enabled: true
@@ -42,6 +42,14 @@ outputs:
- '.'
- - 'client'
- {get_param: CephClientUserName}
+ nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"'
+ nova::compute::instance_usage_audit: true
+ nova::compute::instance_usage_audit_period: 'hour'
+ # Changing the default from 512MB. The current templates can not deploy
+ # overclouds with swap. On an idle compute node, we see ~1024MB of RAM
+ # used. 2048 is suggested to account for other possible operations for
+ # example openvswitch.
+ nova::compute::reserved_host_memory: 2048
step_config: |
# TODO(emilien): figure how to deal with libvirt profile.
# We'll probably threat it like we do with Neutron plugins.
diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml
index c334de44..5964f883 100644
--- a/puppet/services/nova-conductor.yaml
+++ b/puppet/services/nova-conductor.yaml
@@ -24,7 +24,7 @@ outputs:
role_data:
description: Role data for the Nova Conductor service.
value:
- service_name: nova-conductor
+ service_name: nova_conductor
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml
index 0e7bf3b4..5fbce1b1 100644
--- a/puppet/services/nova-consoleauth.yaml
+++ b/puppet/services/nova-consoleauth.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Nova Consoleauth service.
value:
- service_name: nova-consoleauth
+ service_name: nova_consoleauth
config_settings:
get_attr: [NovaBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 087ad277..939b6a09 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Libvirt service.
value:
- service_name: nova-libvirt
+ service_name: nova_libvirt
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml
index 4187b728..bd6e5116 100644
--- a/puppet/services/nova-scheduler.yaml
+++ b/puppet/services/nova-scheduler.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Nova Scheduler service.
value:
- service_name: nova-scheduler
+ service_name: nova_scheduler
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml
index d8e04cc8..0b9cef38 100644
--- a/puppet/services/nova-vncproxy.yaml
+++ b/puppet/services/nova-vncproxy.yaml
@@ -20,8 +20,10 @@ outputs:
role_data:
description: Role data for the Nova Vncproxy service.
value:
- service_name: nova-vncproxy
+ service_name: nova_vncproxy
config_settings:
- get_attr: [NovaBase, role_data, config_settings]
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ - nova::vncproxy::enabled: true
step_config: |
include tripleo::profile::base::nova::vncproxy
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index 9520cb9c..b0ebb7d4 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -16,6 +16,11 @@ outputs:
value:
service_name: pacemaker
config_settings:
+ pacemaker::corosync::cluster_name: 'tripleo_cluster'
+ pacemaker::corosync::manage_fw: false
+ pacemaker::resource_defaults::defaults:
+ resource-stickiness: { value: INFINITY }
+ corosync_token_timeout: 10000
tripleo.pacemaker.firewall_rules:
'130 pacemaker tcp':
proto: 'tcp'
diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml
index 3ba78fc2..471b9f7a 100644
--- a/puppet/services/pacemaker/ceilometer-agent-central.yaml
+++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Ceilometer Central Agent pacemaker role.
value:
- service_name: ceilometer-agent-central
+ service_name: ceilometer_agent_central
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml
index 0fb008c4..2530848f 100644
--- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml
+++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Ceilometer Notification Agent pacemaker role.
value:
- service_name: ceilometer-agent-notification
+ service_name: ceilometer_agent_notification
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml
index 5cd8bb81..f1885372 100644
--- a/puppet/services/pacemaker/ceilometer-api.yaml
+++ b/puppet/services/pacemaker/ceilometer-api.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Ceilometer API pacemaker role.
value:
- service_name: ceilometer-api
+ service_name: ceilometer_api
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml
index 9e3671e5..8d31e1aa 100644
--- a/puppet/services/pacemaker/ceilometer-collector.yaml
+++ b/puppet/services/pacemaker/ceilometer-collector.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Ceilometer Collector pacemaker role.
value:
- service_name: ceilometer-collector
+ service_name: ceilometer_collector
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml
index d1313b27..706a189b 100644
--- a/puppet/services/pacemaker/cinder-api.yaml
+++ b/puppet/services/pacemaker/cinder-api.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Cinder API role.
value:
- service_name: cinder-api
+ service_name: cinder_api
config_settings:
map_merge:
- get_attr: [CinderApiBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml
index c4e0a34f..350d7126 100644
--- a/puppet/services/pacemaker/cinder-scheduler.yaml
+++ b/puppet/services/pacemaker/cinder-scheduler.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Cinder Scheduler role.
value:
- service_name: cinder-scheduler
+ service_name: cinder_scheduler
config_settings:
map_merge:
- get_attr: [CinderSchedulerBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml
index 3e28039e..7b6e9a77 100644
--- a/puppet/services/pacemaker/cinder-volume.yaml
+++ b/puppet/services/pacemaker/cinder-volume.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Cinder Volume role.
value:
- service_name: cinder-volume
+ service_name: cinder_volume
config_settings:
map_merge:
- get_attr: [CinderVolumeBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/core.yaml b/puppet/services/pacemaker/core.yaml
new file mode 100644
index 00000000..1c0c043c
--- /dev/null
+++ b/puppet/services/pacemaker/core.yaml
@@ -0,0 +1,20 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Core (fake) service with Pacemaker configured with Puppet.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Core role.
+ value:
+ service_name: core
+ config_settings: {}
+ step_config: |
+ include ::tripleo::profile::pacemaker::core \ No newline at end of file
diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml
index bc611b0a..0fc17b22 100644
--- a/puppet/services/pacemaker/glance-api.yaml
+++ b/puppet/services/pacemaker/glance-api.yaml
@@ -45,7 +45,7 @@ outputs:
role_data:
description: Role data for the Glance role.
value:
- service_name: glance-api
+ service_name: glance_api
config_settings:
map_merge:
- get_attr: [GlanceApiBase, role_data, config_settings]
@@ -53,6 +53,7 @@ outputs:
glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
+ glance_file_pcmk_directory: '/var/lib/glance/images'
glance::api::manage_service: false
glance::api::enabled: false
step_config: |
diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml
index 72ca9393..ae7aa307 100644
--- a/puppet/services/pacemaker/glance-registry.yaml
+++ b/puppet/services/pacemaker/glance-registry.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Glance role.
value:
- service_name: glance-registry
+ service_name: glance_registry
config_settings:
map_merge:
- get_attr: [GlanceRegistryBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml
index 6c01bc53..bcd73e61 100644
--- a/puppet/services/pacemaker/gnocchi-api.yaml
+++ b/puppet/services/pacemaker/gnocchi-api.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Gnocchi role.
value:
- service_name: gnocchi-api
+ service_name: gnocchi_api
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml
index 4895bac6..ec487e89 100644
--- a/puppet/services/pacemaker/gnocchi-metricd.yaml
+++ b/puppet/services/pacemaker/gnocchi-metricd.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Gnocchi role.
value:
- service_name: gnocchi-metricd
+ service_name: gnocchi_metricd
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml
index 2760df37..d1106524 100644
--- a/puppet/services/pacemaker/gnocchi-statsd.yaml
+++ b/puppet/services/pacemaker/gnocchi-statsd.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Gnocchi role.
value:
- service_name: gnocchi-statsd
+ service_name: gnocchi_statsd
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml
index 811a6697..c450530b 100644
--- a/puppet/services/pacemaker/haproxy.yaml
+++ b/puppet/services/pacemaker/haproxy.yaml
@@ -27,5 +27,6 @@ outputs:
- tripleo::haproxy::haproxy_service_manage: false
tripleo::haproxy::mysql_clustercheck: true
enable_keepalived: false
+ tripleo::haproxy::keepalived: false
step_config: |
include ::tripleo::profile::pacemaker::haproxy
diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml
index bf01ceda..8f2c561a 100644
--- a/puppet/services/pacemaker/heat-api-cfn.yaml
+++ b/puppet/services/pacemaker/heat-api-cfn.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Heat CloudFormation API role.
value:
- service_name: heat-api-cfn
+ service_name: heat_api_cfn
config_settings:
map_merge:
- get_attr: [HeatApiCfnBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml
index 6ee844d3..a08e0262 100644
--- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml
+++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Heat Cloudwatch API role.
value:
- service_name: heat-api-cloudwatch
+ service_name: heat_api_cloudwatch
config_settings:
map_merge:
- get_attr: [HeatApiCloudwatchBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml
index 14604428..5cf25516 100644
--- a/puppet/services/pacemaker/heat-api.yaml
+++ b/puppet/services/pacemaker/heat-api.yaml
@@ -20,7 +20,7 @@ outputs:
role_data:
description: Role data for the Heat API role.
value:
- service_name: heat-api
+ service_name: heat_api
config_settings:
map_merge:
- get_attr: [HeatApiBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml
index 450917fd..4d41cbe4 100644
--- a/puppet/services/pacemaker/heat-engine.yaml
+++ b/puppet/services/pacemaker/heat-engine.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Heat engine role.
value:
- service_name: heat-engine
+ service_name: heat_engine
config_settings:
map_merge:
- get_attr: [HeatEngineBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml
new file mode 100644
index 00000000..0f88e89c
--- /dev/null
+++ b/puppet/services/pacemaker/manila-share.yaml
@@ -0,0 +1,27 @@
+heat_template_version: 2016-04-08
+
+description: >
+ The manila-share service with Pacemaker configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ ManilaShareBase:
+ type: ../manila-share.yaml
+
+outputs:
+ role_data:
+ description: Role data for the manila-share pacemaker role.
+ value:
+ service_name: manila_share
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaShareBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::pacemaker::manila
diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml
index 312e275f..3a5ada47 100644
--- a/puppet/services/pacemaker/neutron-dhcp.yaml
+++ b/puppet/services/pacemaker/neutron-dhcp.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Neutron DHCP role.
value:
- service_name: neutron-dhcp
+ service_name: neutron_dhcp
config_settings:
map_merge:
- get_attr: [NeutronDhcpBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml
index 8607614b..a4f2c0e1 100644
--- a/puppet/services/pacemaker/neutron-l3.yaml
+++ b/puppet/services/pacemaker/neutron-l3.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Neutron L3 role.
value:
- service_name: neutron-l3
+ service_name: neutron_l3
config_settings:
map_merge:
- get_attr: [NeutronL3Base, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml
index 96f3fb4b..9b322f22 100644
--- a/puppet/services/pacemaker/neutron-metadata.yaml
+++ b/puppet/services/pacemaker/neutron-metadata.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Neutron Metadata role.
value:
- service_name: neutron-metadata
+ service_name: neutron_metadata
config_settings:
map_merge:
- get_attr: [NeutronMetadataBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml
index 3c185da9..e93ed661 100644
--- a/puppet/services/pacemaker/neutron-midonet.yaml
+++ b/puppet/services/pacemaker/neutron-midonet.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Neutron Midonet plugin.
value:
- service_name: neutron-midonet
+ service_name: neutron_midonet
config_settings:
map_merge:
- get_attr: [NeutronMidonetBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml
index 214dc1c0..b2260de9 100644
--- a/puppet/services/pacemaker/neutron-ovs-agent.yaml
+++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml
@@ -19,7 +19,7 @@ outputs:
role_data:
description: Role data for the Neutron OVS agent service.
value:
- service_name: neutron-ovs-agent
+ service_name: neutron_ovs_agent
config_settings:
get_attr: [NeutronOvsBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml
index a4c4a5e4..dc10d093 100644
--- a/puppet/services/pacemaker/neutron-plugin-ml2.yaml
+++ b/puppet/services/pacemaker/neutron-plugin-ml2.yaml
@@ -19,7 +19,7 @@ outputs:
role_data:
description: Role data for the Neutron ML2 plugin.
value:
- service_name: neutron-plugin-ml2
+ service_name: neutron_plugin_ml2
config_settings:
map_merge:
- get_attr: [NeutronMl2Base, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-plugin-nuage.yaml b/puppet/services/pacemaker/neutron-plugin-nuage.yaml
index 64ad0f42..414c046c 100644
--- a/puppet/services/pacemaker/neutron-plugin-nuage.yaml
+++ b/puppet/services/pacemaker/neutron-plugin-nuage.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Neutron Nuage plugin.
value:
- service_name: neutron-plugin-nuage
+ service_name: neutron_plugin_nuage
config_settings:
map_merge:
- get_attr: [NeutronPluginNuageBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml
index f2fd5b92..1d385d83 100644
--- a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml
+++ b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Neutron OpenContrail plugin.
value:
- service_name: neutron-plugin-opencontrail
+ service_name: neutron_plugin_opencontrail
config_settings:
map_merge:
- get_attr: [NeutronPluginOpenContrail, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml
index 9ceaf004..69f5fd27 100644
--- a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml
+++ b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Neutron PLUMgrid plugin.
value:
- service_name: neutron-plugin-plumgrid
+ service_name: neutron_plugin_plumgrid
config_settings:
map_merge:
- get_attr: [NeutronPluginPlumgridBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml
index 74234a85..b0f739dc 100644
--- a/puppet/services/pacemaker/neutron-server.yaml
+++ b/puppet/services/pacemaker/neutron-server.yaml
@@ -25,7 +25,7 @@ outputs:
role_data:
description: Role data for the Neutron Server.
value:
- service_name: neutron-server
+ service_name: neutron_server
config_settings:
map_merge:
- get_attr: [NeutronServerBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml
index 467955fa..2d497ab5 100644
--- a/puppet/services/pacemaker/nova-api.yaml
+++ b/puppet/services/pacemaker/nova-api.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Nova API role.
value:
- service_name: nova-api
+ service_name: nova_api
config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml
index fe0b00f3..1f57cf08 100644
--- a/puppet/services/pacemaker/nova-conductor.yaml
+++ b/puppet/services/pacemaker/nova-conductor.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Nova Conductor role.
value:
- service_name: nova-conductor
+ service_name: nova_conductor
config_settings:
map_merge:
- get_attr: [NovaConductorBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml
index cc683eb5..bbab8bea 100644
--- a/puppet/services/pacemaker/nova-consoleauth.yaml
+++ b/puppet/services/pacemaker/nova-consoleauth.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Nova Consoleauth role.
value:
- service_name: nova-consoleauth
+ service_name: nova_consoleauth
config_settings:
map_merge:
- get_attr: [NovaConsoleauthBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml
index dbb643c5..bf2c62bc 100644
--- a/puppet/services/pacemaker/nova-scheduler.yaml
+++ b/puppet/services/pacemaker/nova-scheduler.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Nova Scheduler role.
value:
- service_name: nova-scheduler
+ service_name: nova_scheduler
config_settings:
map_merge:
- get_attr: [NovaSchedulerBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/nova-vncproxy.yaml b/puppet/services/pacemaker/nova-vncproxy.yaml
index 8fb07d57..0353d924 100644
--- a/puppet/services/pacemaker/nova-vncproxy.yaml
+++ b/puppet/services/pacemaker/nova-vncproxy.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Nova Vncproxy role.
value:
- service_name: nova-vncproxy
+ service_name: nova_vncproxy
config_settings:
map_merge:
- get_attr: [NovaVncproxyBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml
index a4dfa137..ac05a01a 100644
--- a/puppet/services/pacemaker/sahara-api.yaml
+++ b/puppet/services/pacemaker/sahara-api.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Sahara API role.
value:
- service_name: sahara-api
+ service_name: sahara_api
config_settings:
map_merge:
- get_attr: [SaharaApiBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml
index 31d9bea5..f6bd8f61 100644
--- a/puppet/services/pacemaker/sahara-engine.yaml
+++ b/puppet/services/pacemaker/sahara-engine.yaml
@@ -21,7 +21,7 @@ outputs:
role_data:
description: Role data for the Sahara Engine role.
value:
- service_name: sahara-engine
+ service_name: sahara_engine
config_settings:
map_merge:
- get_attr: [SaharaEngineBase, role_data, config_settings]
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 3c5909ca..4c02f359 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -42,5 +42,20 @@ outputs:
- 4369
- 5672
- 35672
+ rabbitmq::delete_guest_user: false
+ rabbitmq::wipe_db_on_cookie_change: true
+ rabbitmq::port: '5672'
+ rabbitmq::package_source: undef
+ rabbitmq::repos_ensure: false
+ rabbitmq_environment:
+ RABBITMQ_NODENAME: "rabbit@%{::hostname}"
+ RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
+ rabbitmq_kernel_variables:
+ inet_dist_listen_min: '35672'
+ inet_dist_listen_max: '35672'
+ rabbitmq_config_variables:
+ tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
+ cluster_partition_handling: 'pause_minority'
+ loopback_users: '[]'
step_config: |
include ::tripleo::profile::base::rabbitmq
diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml
index c9112019..7ca9bbd5 100644
--- a/puppet/services/sahara-api.yaml
+++ b/puppet/services/sahara-api.yaml
@@ -34,7 +34,7 @@ outputs:
role_data:
description: Role data for the Sahara API role.
value:
- service_name: sahara-api
+ service_name: sahara_api
config_settings:
map_merge:
- get_attr: [SaharaBase, role_data, config_settings]
diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
index 72fc33a3..2f8cd91b 100644
--- a/puppet/services/sahara-base.yaml
+++ b/puppet/services/sahara-base.yaml
@@ -31,7 +31,7 @@ outputs:
role_data:
description: Role data for the Sahara base service.
value:
- service_name: sahara-base
+ service_name: sahara_base
config_settings:
sahara::rabbit_password: {get_param: RabbitPassword}
sahara::rabbit_user: {get_param: RabbitUserName}
@@ -47,3 +47,7 @@ outputs:
- spark
- storm
sahara::rpc_backend: rabbit
+ sahara::admin_tenant_name: 'service'
+ sahara::keystone::auth::tenant: 'service'
+ sahara::db::database_db_max_retries: -1
+ sahara::db::database_max_retries: -1
diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml
index b799e27c..074f83c7 100644
--- a/puppet/services/sahara-engine.yaml
+++ b/puppet/services/sahara-engine.yaml
@@ -23,18 +23,18 @@ outputs:
role_data:
description: Role data for the Sahara Engine role.
value:
- service_name: sahara-engine
+ service_name: sahara_engine
config_settings:
map_merge:
- get_attr: [SaharaBase, role_data, config_settings]
- sahara_dsn: &sahara_dsn
list_join:
- ''
- - - {get_param: [EndpointMap, MysqlVirtual, protocol]}
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- '://sahara:'
- {get_param: SaharaPassword}
- '@'
- - {get_param: [EndpointMap, MysqlVirtual, host]}
+ - {get_param: [EndpointMap, MysqlInternal, host]}
- '/sahara'
sahara::database_connection: *sahara_dsn
sahara::db::mysql::password: {get_param: SaharaPassword}
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 12165cc1..99af7499 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -35,12 +35,13 @@ outputs:
role_data:
description: Role data for the Swift proxy service.
value:
- service_name: swift-proxy
+ service_name: swift_proxy
config_settings:
# Swift
swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
+ swift::proxy::authtoken::admin_tenant_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
@@ -56,5 +57,30 @@ outputs:
dport:
- 8080
- 13808
+ swift::keystone::auth::tenant: 'service'
+ swift::keystone::auth::configure_s3_endpoint: false
+ swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ swift::proxy::keystone::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ swift::proxy::pipeline:
+ - 'catch_errors'
+ - 'healthcheck'
+ - 'proxy-logging'
+ - 'cache'
+ - 'ratelimit'
+ - 'bulk'
+ - 'tempurl'
+ - 'formpost'
+ - 'authtoken'
+ - 'keystone'
+ - 'staticweb'
+ - 'proxy-logging'
+ - 'proxy-server'
+ swift::proxy::account_autocreate: true
step_config: |
include ::tripleo::profile::base::swift::proxy
diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml
index b341b0fc..0b17c73c 100644
--- a/puppet/services/swift-ringbuilder.yaml
+++ b/puppet/services/swift-ringbuilder.yaml
@@ -30,7 +30,7 @@ outputs:
role_data:
description: Role data for Swift Ringbuilder configuration.
value:
- service_name: swift-ringbuilder
+ service_name: swift_ringbuilder
config_settings:
tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild}
tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas}
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
index d63dc87c..74679231 100644
--- a/puppet/services/swift-storage.yaml
+++ b/puppet/services/swift-storage.yaml
@@ -36,7 +36,7 @@ outputs:
role_data:
description: Role data for the Swift Proxy role.
value:
- service_name: swift-storage
+ service_name: swift_storage
config_settings:
# Swift
swift::storage::all::mount_check: {get_param: SwiftMountCheck}
@@ -48,5 +48,17 @@ outputs:
- 6000
- 6001
- 6002
+ swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+ swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+ swift::storage::all::object_pipeline:
+ - healthcheck
+ - recon
+ - object-server
+ swift::storage::all::container_pipeline:
+ - healthcheck
+ - container-server
+ swift::storage::all::account_pipeline:
+ - healthcheck
+ - account-server
step_config: |
include ::tripleo::profile::base::swift::storage
diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml
index 51129053..7ce23a20 100644
--- a/puppet/vip-config.yaml
+++ b/puppet/vip-config.yaml
@@ -23,6 +23,7 @@ resources:
glance_registry_vip: {get_input: glance_registry_vip}
sahara_api_vip: {get_input: sahara_api_vip}
swift_proxy_vip: {get_input: swift_proxy_vip}
+ manila_api_vip: {get_input: manila_api_vip}
nova_api_vip: {get_input: nova_api_vip}
nova_metadata_vip: {get_input: nova_metadata_vip}
ceilometer_api_vip: {get_input: ceilometer_api_vip}
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 34219eff..c93c84bc 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -33,8 +33,9 @@ def validate_service(filename, tpl):
print('ERROR: service_name is required in role_data for %s.'
% filename)
return 1
+ # service_name must match the filename, but with an underscore
if (role_data['service_name'] !=
- os.path.basename(filename).split('.')[0]):
+ os.path.basename(filename).split('.')[0].replace("-", "_")):
print('ERROR: service_name should match file name for service: %s.'
% filename)
return 1