diff options
136 files changed, 944 insertions, 640 deletions
diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml index 3fc07561..60b831be 100644 --- a/docker/compute-post.yaml +++ b/docker/compute-post.yaml @@ -42,6 +42,9 @@ parameters: type: string description: Config manifests that will be used to step through the deployment. default: '' + RoleData: + type: json + default: {} resources: diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml index 2858552f..f6d61e2d 100644 --- a/docker/firstboot/install_docker_agents.yaml +++ b/docker/firstboot/install_docker_agents.yaml @@ -6,7 +6,7 @@ parameters: default: heat-docker-agents DockerNamespace: type: string - default: kollaglue + default: tripleoupstream DockerNamespaceIsRegistry: type: boolean default: false diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index cb8b2a5d..65c4e6dc 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -1,14 +1,38 @@ #!/bin/bash set -eux -# firstboot isn't split out by role yet so we handle it this way -if ! hostname | grep compute &>/dev/null; then - echo "Exiting. This script is only for the compute role." - exit 0 +/sbin/setenforce 0 +/sbin/modprobe ebtables + +# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes +chmod 666 /dev/pts/ptmx + +# We need hostname -f to return in a centos container for the puppet hook +HOSTNAME=$(hostname) +echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts + +# update docker for local insecure registry(optional) +# Note: This is different for different docker versions +# For older docker versions < 1.4.x use commented line +#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker +#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker + +# Local docker registry 1.8 +if [ $docker_namespace_is_registry ]; then + /usr/bin/systemctl stop docker.service + # if namespace is used with local registry, trim all namespacing + trim_var=$docker_registry + registry_host="${trim_var%%/*}" + /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry[ ]'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker + /usr/bin/systemctl start --no-block docker.service fi +/usr/bin/docker pull $agent_image & +DOCKER_PULL_PID=$! + mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container + # heat-docker-agents service cat <<EOF > /etc/systemd/system/heat-docker-agents.service @@ -22,7 +46,6 @@ User=root Restart=on-failure ExecStartPre=-/usr/bin/docker kill heat-agents ExecStartPre=-/usr/bin/docker rm heat-agents -ExecStartPre=/usr/bin/docker pull $agent_image ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image ExecStop=/usr/bin/docker stop heat-agents @@ -31,30 +54,6 @@ WantedBy=multi-user.target EOF -# update docker for local insecure registry(optional) -# Note: This is different for different docker versions -# For older docker versions < 1.4.x use commented line -#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker -#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker - -# Local docker registry 1.8 -if [ $docker_namespace_is_registry ]; then - # if namespace is used with local registry, trim all namespacing - trim_var=$docker_registry - registry_host="${trim_var%%/*}" - /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker -fi - -/sbin/setenforce 0 -/sbin/modprobe ebtables - -# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes -chmod 666 /dev/pts/ptmx - -# We need hostname -f to return in a centos container for the puppet hook -HOSTNAME=$(hostname) -echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts - # enable and start heat-docker-agents chmod 0640 /etc/systemd/system/heat-docker-agents.service /usr/bin/systemctl enable heat-docker-agents.service @@ -82,3 +81,5 @@ AUTO_EXTEND_POOL=yes POOL_AUTOEXTEND_PERCENT=30 POOL_AUTOEXTEND_THRESHOLD=70 EOF + +wait $DOCKER_PULL_PID diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 289ec2e3..ee1f5387 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -34,6 +34,9 @@ parameter_defaults: KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} MysqlNoBracketsInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml new file mode 100644 index 00000000..74011c66 --- /dev/null +++ b/environments/manila-generic-config.yaml @@ -0,0 +1,26 @@ +# A Heat environment file which can be used to enable a +# a Manila generic driver backend. +resource_registry: + OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + + +parameter_defaults: + ManilaGenericEnableBackend: true + ManilaGenericBackendName: tripleo_generic + ManilaGenericDriverHandlesShareServers: true + ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf' + ManilaGenericVolumeNameTemplate: 'manila-share-%s' + ManilaGenericVolumeSnapshotNameTemplate: 'manila-snapshot-%s' + ManilaGenericShareMountPath: '/shares' + ManilaGenericMaxTimeToCreateVolume: '180' + ManilaGenericMaxTimeToAttach: '120' + ManilaGenericServiceInstanceSmbConfigPath: '$share_mount_path/smb.conf' + ManilaGenericShareVolumeFsType: 'ext4' + ManilaGenericCinderVolumeType: '' + ManilaGenericServiceInstanceUser: '' + ManilaGenericServiceInstancePassword: '' + ManilaGenericServiceInstanceFlavorId: 2 + ManilaGenericServiceNetworkCidr: '172.16.0.0/16' diff --git a/environments/puppet-pacemaker-no-restart.yaml b/environments/puppet-pacemaker-no-restart.yaml new file mode 100644 index 00000000..67d8692d --- /dev/null +++ b/environments/puppet-pacemaker-no-restart.yaml @@ -0,0 +1,3 @@ +# use this file *in addition* to puppet-pacemaker.yaml +resource_registry: + OS::TripleO::Tasks::ControllerPostPuppetRestart: OS::Heat::None diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 8674e009..16430290 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -4,50 +4,17 @@ resource_registry: OS::TripleO::ControllerConfig: ../puppet/controller-config-pacemaker.yaml OS::TripleO::Tasks::ControllerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml # custom pacemaker services # NOTE: For now we will need to specify overrides to all services # which use pacemaker. In the future (with upcoming HA light work) this # list will hopefully be much smaller however. - OS::TripleO::Services::CinderApi: ../puppet/services/pacemaker/cinder-api.yaml - OS::TripleO::Services::CinderScheduler: ../puppet/services/pacemaker/cinder-scheduler.yaml OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml - OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml - OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml - OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml - OS::TripleO::Services::HeatApi: ../puppet/services/pacemaker/heat-api.yaml - OS::TripleO::Services::HeatApiCfn: ../puppet/services/pacemaker/heat-api-cfn.yaml - OS::TripleO::Services::HeatApiCloudwatch: ../puppet/services/pacemaker/heat-api-cloudwatch.yaml - OS::TripleO::Services::HeatEngine: ../puppet/services/pacemaker/heat-engine.yaml - OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/pacemaker/neutron-dhcp.yaml - OS::TripleO::Services::NeutronL3Agent: ../puppet/services/pacemaker/neutron-l3.yaml - OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/pacemaker/neutron-metadata.yaml - OS::TripleO::Services::NeutronServer: ../puppet/services/pacemaker/neutron-server.yaml - OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/pacemaker/neutron-plugin-ml2.yaml - # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin) - OS::TripleO::Services::NeutronCorePluginPlumgrid: ../puppet/services/pacemaker/neutron-plugin-plumgrid.yaml - OS::TripleO::Services::NeutronCorePluginNuage: ../puppet/services/pacemaker/neutron-plugin-nuage.yaml - OS::TripleO::Services::NeutronCorePluginOpencontrail: ../puppet/services/pacemaker/neutron-plugin-opencontrail.yaml - OS::TripleO::Services::NeutronCorePluginMidonet: ../puppet/services/pacemaker/neutron-midonet.yaml - OS::TripleO::Services::NeutronOvsAgent: ../puppet/services/pacemaker/neutron-ovs-agent.yaml OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml - OS::TripleO::Services::Memcached: ../puppet/services/pacemaker/memcached.yaml OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml - OS::TripleO::Services::NovaConductor: ../puppet/services/pacemaker/nova-conductor.yaml - OS::TripleO::Services::MongoDb: ../puppet/services/pacemaker/database/mongodb.yaml - OS::TripleO::Services::NovaApi: ../puppet/services/pacemaker/nova-api.yaml - OS::TripleO::Services::NovaScheduler: ../puppet/services/pacemaker/nova-scheduler.yaml - OS::TripleO::Services::NovaConsoleauth: ../puppet/services/pacemaker/nova-consoleauth.yaml - OS::TripleO::Services::NovaVncproxy: ../puppet/services/pacemaker/nova-vncproxy.yaml - OS::TripleO::Services::CeilometerApi: ../puppet/services/pacemaker/ceilometer-api.yaml - OS::TripleO::Services::CeilometerCollector: ../puppet/services/pacemaker/ceilometer-collector.yaml - OS::TripleO::Services::CeilometerAgentCentral: ../puppet/services/pacemaker/ceilometer-agent-central.yaml - OS::TripleO::Services::CeilometerAgentNotification: ../puppet/services/pacemaker/ceilometer-agent-notification.yaml - #Gnocchi services - OS::TripleO::Services::GnocchiApi: ../puppet/services/pacemaker/gnocchi-api.yaml - OS::TripleO::Services::GnocchiMetricd: ../puppet/services/pacemaker/gnocchi-metricd.yaml - OS::TripleO::Services::GnocchiStatsd: ../puppet/services/pacemaker/gnocchi-statsd.yaml OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml - OS::TripleO::Services::Horizon: ../puppet/services/pacemaker/horizon.yaml + # Services that are disabled by default (use relevant environment files): + OS::Tripleo::Services::ManilaShare: OS::Heat::None diff --git a/extraconfig/tasks/post_puppet_pacemaker.yaml b/extraconfig/tasks/post_puppet_pacemaker.yaml index fbed9ce5..b62502f8 100644 --- a/extraconfig/tasks/post_puppet_pacemaker.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker.yaml @@ -29,20 +29,9 @@ resources: config: {get_resource: ControllerPostPuppetMaintenanceModeConfig} input_values: {get_param: input_values} - ControllerPostPuppetRestartConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - get_file: pacemaker_common_functions.sh - - get_file: pacemaker_resource_restart.sh - - ControllerPostPuppetRestartDeployment: - type: OS::Heat::SoftwareDeployments + ControllerPostPuppetRestart: + type: OS::TripleO::Tasks::ControllerPostPuppetRestart depends_on: ControllerPostPuppetMaintenanceModeDeployment properties: servers: {get_param: servers} - config: {get_resource: ControllerPostPuppetRestartConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml new file mode 100644 index 00000000..52760c87 --- /dev/null +++ b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2014-10-16 +description: 'Post-Puppet restart config for Pacemaker deployments' + +parameters: + servers: + type: json + input_values: + type: json + description: input values for the software deployments + +resources: + + ControllerPostPuppetRestartConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: pacemaker_resource_restart.sh + + ControllerPostPuppetRestartDeployment: + type: OS::Heat::SoftwareDeployments + properties: + servers: {get_param: servers} + config: {get_resource: ControllerPostPuppetRestartConfig} + input_values: {get_param: input_values} diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 5afcf5de..363950d1 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -133,6 +133,21 @@ Keystone: port: 35357 port: 5000 +Manila: + Internal: + vip_param: ManilaApi + uri_suffixes: + '': /v2/%(tenant_id)s + Public: + vip_param: Public + uri_suffixes: + '': /v2/%(tenant_id)s + Admin: + vip_param: ManilaApi + uri_suffixes: + '': /v2/%(tenant_id)s + port: 8786 + Neutron: Internal: vip_param: NeutronApi diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index e1b8984f..98dad250 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -19,6 +19,7 @@ parameters: KeystoneAdminApiVirtualIP: {type: string, default: ''} KeystonePublicApiVirtualIP: {type: string, default: ''} MysqlNoBracketsVirtualIP: {type: string, default: ''} + ManilaApiVirtualIP: {type: string, default: ''} MysqlVirtualIP: {type: string, default: ''} NeutronApiVirtualIP: {type: string, default: ''} NovaApiVirtualIP: {type: string, default: ''} @@ -57,6 +58,9 @@ parameters: KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} + ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} MysqlNoBracketsInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} @@ -1473,6 +1477,123 @@ outputs: IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - get_param: [EndpointMap, KeystonePublic, port] + ManilaAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + port: + get_param: [EndpointMap, ManilaAdmin, port] + protocol: + get_param: [EndpointMap, ManilaAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaAdmin, port] + - /v2/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaAdmin, port] + ManilaInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + port: + get_param: [EndpointMap, ManilaInternal, port] + protocol: + get_param: [EndpointMap, ManilaInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaInternal, port] + - /v2/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaInternal, port] + ManilaPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + port: + get_param: [EndpointMap, ManilaPublic, port] + protocol: + get_param: [EndpointMap, ManilaPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaPublic, port] + - /v2/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaPublic, port] MysqlInternal: host: str_replace: diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 9f253024..dc74e889 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -133,6 +133,7 @@ resource_registry: OS::TripleO::Services::CinderApi: puppet/services/cinder-api.yaml OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml + OS::TripleO::Services::Core: OS::Heat::None OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml @@ -192,6 +193,10 @@ resource_registry: OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml + # Services that are disabled by default (use relevant environment files): + OS::Tripleo::Services::ManilaApi: OS::Heat::None + OS::Tripleo::Services::ManilaScheduler: OS::Heat::None + OS::Tripleo::Services::ManilaShare: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.yaml b/overcloud.yaml index 3ed879b8..2db7d33d 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -226,6 +226,7 @@ parameters: IronicApiNetwork: internal_api KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints KeystonePublicApiNetwork: internal_api + ManilaApiNetwork: internal_api NeutronApiNetwork: internal_api HeatApiNetwork: internal_api NovaApiNetwork: internal_api @@ -257,6 +258,7 @@ parameters: - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Core - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi @@ -299,7 +301,9 @@ parameters: - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd - + - OS::Tripleo::Services::ManilaApi + - OS::Tripleo::Services::ManilaScheduler + - OS::Tripleo::Services::ManilaShare description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Controllers. @@ -527,6 +531,7 @@ resources: IronicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]} KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + ManilaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} MysqlVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} MysqlNoBracketsVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} @@ -772,6 +777,7 @@ resources: glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} cinder_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} + manila_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} neutron_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} @@ -895,6 +901,7 @@ resources: heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} redis_vip: {get_attr: [RedisVirtualIP, ip_address]} + manila_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} # direct configuration of Virtual IPs for each network @@ -1130,6 +1137,9 @@ outputs: KeystoneInternalVip: description: VIP for Keystone API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + ManilaInternalVip: + description: VIP for Manila API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} NeutronInternalVip: description: VIP for Neutron API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 55120912..4c9355d5 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -48,6 +48,8 @@ parameters: type: comma_delimited_list cinder_api_node_ips: type: comma_delimited_list + manila_api_node_ips: + type: comma_delimited_list neutron_api_node_ips: type: comma_delimited_list keystone_public_api_node_ips: @@ -106,8 +108,6 @@ resources: - {get_param: ceph_storage_hosts} hiera: datafiles: - RedHat: - raw_data: {get_file: hieradata/RedHat.yaml} bootstrap_node: mapped_data: bootstrap_nodeid: {get_input: bootstrap_nodeid} @@ -262,6 +262,14 @@ resources: list_join: - "','" - {get_param: cinder_api_node_ips} + manila_api_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: manila_api_node_ips} neutron_api_node_ips: str_replace: template: "['SERVERS_LIST']" @@ -334,6 +342,7 @@ resources: aodh::rabbit_hosts: *rabbit_nodes_array cinder::rabbit_hosts: *rabbit_nodes_array glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array + manila::rabbit_hosts: *rabbit_nodes_array heat::rabbit_hosts: *rabbit_nodes_array neutron::rabbit_hosts: *rabbit_nodes_array nova::rabbit_hosts: *rabbit_nodes_array diff --git a/puppet/controller.yaml b/puppet/controller.yaml index f05f6da6..8013ecf4 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -586,6 +586,7 @@ resources: keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} keystone_region: {get_param: KeystoneRegion} + manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} @@ -723,6 +724,9 @@ resources: keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} + # Manila + manila::api::bind_host: {get_input: manila_api_network} + # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} diff --git a/puppet/hieradata/README.rst b/puppet/hieradata/README.rst new file mode 100644 index 00000000..64a60229 --- /dev/null +++ b/puppet/hieradata/README.rst @@ -0,0 +1 @@ +Do not add more hieradata in this directory, and use composable services. diff --git a/puppet/hieradata/RedHat.yaml b/puppet/hieradata/RedHat.yaml deleted file mode 100644 index 25902828..00000000 --- a/puppet/hieradata/RedHat.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# RedHat specific overrides go here -rabbitmq::package_provider: 'yum' - -# The Galera package should work in cluster and -# non-cluster modes based on the config file. -# We set the package name here explicitly so -# that it matches what we pre-install -# in tripleo-puppet-elements. -mysql::server::package_name: 'mariadb-galera-server' diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index ccb41cc4..c8c5804b 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -1,9 +1,2 @@ -ceph::profile::params::osd_pool_default_pg_num: 32 -ceph::profile::params::osd_pool_default_pgp_num: 32 -ceph::profile::params::osd_pool_default_size: 3 -ceph::profile::params::osd_pool_default_min_size: 1 -ceph::profile::params::osds: {/srv/data: {}} -ceph::profile::params::manage_repo: false -ceph::profile::params::authentication_type: cephx - +# Do not add hieradata in this file, and use composable services. ceph_classes: [] diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 65cf9577..e7ae521e 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -1,51 +1,5 @@ -# Common Hiera data gets applied to all nodes -ssh::server::storeconfigs_enabled: false - -# ceilometer settings used by compute and controller ceilo auth settings -ceilometer::agent::auth::auth_region: 'regionOne' -ceilometer::agent::auth::auth_tenant_name: 'service' +# Do not add hieradata in this file, and use composable services. +# TODO(emilien) move it to composable aodh roles later aodh::auth::auth_region: 'regionOne' aodh::auth::auth_tenant_name: 'service' - -gnocchi::auth::auth_region: 'regionOne' -gnocchi::auth::auth_tenant_name: 'service' - -nova::api::admin_tenant_name: 'service' -nova::network::neutron::neutron_project_name: 'service' -nova::network::neutron::neutron_username: 'neutron' -nova::network::neutron::dhcp_domain: '' - -neutron::allow_overlapping_ips: true -neutron::server::project_name: 'service' - -kernel_modules: - nf_conntrack: {} - -sysctl_settings: - net.ipv4.tcp_keepalive_intvl: - value: 1 - net.ipv4.tcp_keepalive_probes: - value: 5 - net.ipv4.tcp_keepalive_time: - value: 5 - net.nf_conntrack_max: - value: 500000 - net.netfilter.nf_conntrack_max: - value: 500000 - # prevent neutron bridges from autoconfiguring ipv6 addresses - net.ipv6.conf.default.accept_ra: - value: 0 - net.ipv6.conf.default.autoconf: - value: 0 - net.core.netdev_max_backlog: - value: 10000 - -nova::rabbit_heartbeat_timeout_threshold: 60 -neutron::rabbit_heartbeat_timeout_threshold: 60 -cinder::rabbit_heartbeat_timeout_threshold: 60 -ceilometer::rabbit_heartbeat_timeout_threshold: 60 -heat::rabbit_heartbeat_timeout_threshold: 60 -keystone::rabbit_heartbeat_timeout_threshold: 60 - -nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index fe203be7..54b3d412 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -1,21 +1,3 @@ -# Hiera data here applies to all compute nodes - -nova::notify_on_state_change: 'vm_and_task_state' -nova::notification_driver: messagingv2 -nova::compute::instance_usage_audit: true -nova::compute::instance_usage_audit_period: 'hour' - -nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" - -nova::network::neutron::neutron_auth_type: 'v3password' - -# Changing the default from 512MB. The current templates can not deploy -# overclouds with swap. On an idle compute node, we see ~1024MB of RAM -# used. 2048 is suggested to account for other possible operations for -# example openvswitch. -nova::compute::reserved_host_memory: 2048 - -ceilometer::agent::auth::auth_tenant_name: 'service' -ceilometer::agent::auth::auth_endpoint_type: 'internalURL' +# Do not add hieradata in this file, and use composable services. compute_classes: [] diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 3ec656dc..905ea304 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,190 +1,16 @@ -# Hiera data here applies to all controller nodes +# Do not add hieradata in this file, and use composable services. -nova::api::enabled: true -nova::vncproxy::enabled: true - -# gnocchi -gnocchi::storage::swift::swift_user: 'service:gnocchi' -gnocchi::storage::swift::swift_auth_version: 2 -gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' -gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3' -gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' -gnocchi::statsd::flush_delay: 10 -gnocchi::statsd::archive_policy_name: 'low' - -# rabbitmq -rabbitmq::delete_guest_user: false -rabbitmq::wipe_db_on_cookie_change: true -rabbitmq::port: '5672' -rabbitmq::package_source: undef -rabbitmq::repos_ensure: false -rabbitmq_environment: - RABBITMQ_NODENAME: "rabbit@%{::hostname}" - RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' -rabbitmq_kernel_variables: - inet_dist_listen_min: '35672' - inet_dist_listen_max: '35672' -rabbitmq_config_variables: - tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' - cluster_partition_handling: 'pause_minority' - loopback_users: '[]' - -mongodb::server::replset: tripleo -mongodb::server::journal: false - -redis::port: 6379 -redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" -redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" -redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' - -# keystone -keystone::roles::admin::email: 'root@localhost' - -# service tenant -glance::api::keystone_tenant: 'service' +# TODO(emilien) move it to composable aodh roles later aodh::api::keystone_tenant: 'service' -glance::registry::keystone_tenant: 'service' -neutron::server::auth_tenant: 'service' -neutron::agents::metadata::auth_tenant: 'service' -neutron::agents::l3::router_delete_namespaces: True -cinder::api::keystone_tenant: 'service' -swift::proxy::authtoken::admin_tenant_name: 'service' -ceilometer::api::keystone_tenant: 'service' -gnocchi::api::keystone_tenant: 'service' -heat::keystone_tenant: 'service' -sahara::admin_tenant_name: 'service' aodh::keystone::auth::tenant: 'service' -ceilometer::keystone::auth::tenant: 'service' -cinder::keystone::auth::tenant: 'service' -glance::keystone::auth::tenant: 'service' -gnocchi::keystone::auth::tenant: 'service' -heat::keystone::auth::tenant: 'service' -neutron::keystone::auth::tenant: 'service' -nova::keystone::auth::tenant: 'service' -sahara::keystone::auth::tenant: 'service' -swift::keystone::auth::tenant: 'service' - -# keystone -keystone::cron::token_flush::maxdelay: 3600 -keystone::roles::admin::service_tenant: 'service' -keystone::roles::admin::admin_tenant: 'admin' -keystone::cron::token_flush::destination: '/dev/null' -keystone::config::keystone_config: - DEFAULT/secure_proxy_ssl_header: - value: 'HTTP_X_FORWARDED_PROTO' - ec2/driver: - value: 'keystone.contrib.ec2.backends.sql.Ec2' -keystone::service_name: 'httpd' -keystone::wsgi::apache::ssl: false - -#swift -swift::proxy::pipeline: - - 'catch_errors' - - 'healthcheck' - - 'proxy-logging' - - 'cache' - - 'ratelimit' - - 'bulk' - - 'tempurl' - - 'formpost' - - 'authtoken' - - 'keystone' - - 'staticweb' - - 'proxy-logging' - - 'proxy-server' - -swift::proxy::account_autocreate: true -swift::keystone::auth::configure_s3_endpoint: false -swift::keystone::auth::operator_roles: - - admin - - swiftoperator - -# glance -glance::api::pipeline: 'keystone' -glance::api::show_image_direct_url: true -glance::registry::pipeline: 'keystone' -glance::backend::swift::swift_store_create_container_on_put: true -glance_file_pcmk_directory: '/var/lib/glance/images' - -# neutron -neutron::server::sync_db: true - -# nova -nova::notify_on_state_change: 'vm_and_task_state' -nova::api::default_floating_pool: 'public' -nova::api::sync_db_api: true -nova::api::enable_proxy_headers_parsing: true -nova::notification_driver: messaging -# ceilometer -ceilometer::agent::auth::auth_endpoint_type: 'internalURL' - -# cinder -cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler -cinder::cron::db_purge::destination: '/dev/null' -cinder::host: hostgroup - -# TODO(jaosorior): Move to cinder profile once cinder is moved as a composable -# service. -cinder::api::enable_proxy_headers_parsing: true - -# heat -heat::engine::configure_delegated_roles: false -heat::engine::trusts_delegated_roles: [] -heat::instance_user: '' -heat::cron::purge_deleted::age: 30 -heat::cron::purge_deleted::age_type: 'days' -heat::cron::purge_deleted::maxdelay: 3600 -heat::cron::purge_deleted::destination: '/dev/null' -heat::keystone::domain::domain_name: 'heat_stack' -heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' -heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' -heat::auth_plugin: 'password' - -# pacemaker -pacemaker::corosync::cluster_name: 'tripleo_cluster' -pacemaker::corosync::manage_fw: false -pacemaker::resource_defaults::defaults: - resource-stickiness: { value: INFINITY } -corosync_token_timeout: 10000 - -# horizon -horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache -horizon::django_session_engine: 'django.contrib.sessions.backends.cache' -horizon::vhost_extra_params: - add_listen: false - priority: 10 - access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' - -# mysql -mysql::server::manage_config_file: true - - -tripleo::haproxy::keystone_admin: true -tripleo::haproxy::keystone_public: true -tripleo::haproxy::neutron: true -tripleo::haproxy::cinder: true -tripleo::haproxy::glance_api: true -tripleo::haproxy::glance_registry: true -tripleo::haproxy::nova_osapi: true -tripleo::haproxy::nova_metadata: true -tripleo::haproxy::nova_novncproxy: true -tripleo::haproxy::mysql: true -tripleo::haproxy::redis: true -tripleo::haproxy::sahara: true -tripleo::haproxy::swift_proxy_server: true -tripleo::haproxy::ceilometer: true -tripleo::haproxy::aodh: true -tripleo::haproxy::gnocchi: true -tripleo::haproxy::heat_api: true -tripleo::haproxy::heat_cloudwatch: true -tripleo::haproxy::heat_cfn: true -tripleo::haproxy::horizon: true - -controller_classes: [] -# firewall +# TODO(emilien) move it to composable roles later +# Already WIP with https://review.openstack.org/330785 +# and https://review.openstack.org/338527 tripleo::firewall::firewall_rules: '128 aodh': dport: - 8042 - 13042 + +controller_classes: [] diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml index 5591f7e0..05d4b697 100644 --- a/puppet/hieradata/database.yaml +++ b/puppet/hieradata/database.yaml @@ -1,4 +1,7 @@ +# Do not add hieradata in this file, and use composable services. + # Aodh +# TODO(emilien) move it to composable aodh roles later aodh::db::mysql::user: aodh aodh::db::mysql::host: "%{hiera('mysql_virtual_ip')}" aodh::db::mysql::dbname: aodh diff --git a/puppet/hieradata/object.yaml b/puppet/hieradata/object.yaml index d4a0e81d..5aa0cfb6 100644 --- a/puppet/hieradata/object.yaml +++ b/puppet/hieradata/object.yaml @@ -1,21 +1,3 @@ -# Hiera data for swift storage nodes -swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' -swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' - -swift::storage::all::object_pipeline: - - healthcheck - - recon - - object-server -swift::storage::all::container_pipeline: - - healthcheck - - container-server -swift::storage::all::account_pipeline: - - healthcheck - - account-server - -swift::proxy::keystone::operator_roles: - - admin - - swiftoperator - - ResellerAdmin +# Do not add hieradata in this file, and use composable services. object_classes: [] diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml index 8640c0a7..42b85e1a 100644 --- a/puppet/hieradata/volume.yaml +++ b/puppet/hieradata/volume.yaml @@ -1,14 +1,3 @@ -# Hiera data here applies to all volume storage nodes +# Do not add hieradata in this file, and use composable services. -# cinder -cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler - -cinder::config::cinder_config: - DEFAULT/nova_catalog_info: - value: 'compute:Compute Service:internalURL' - DEFAULT/swift_catalog_info: - value: 'object-store:swift:internalURL' - -cinder_user_enabled_backends: [] - -volume_classes: []
\ No newline at end of file +volume_classes: [] diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 3778271c..067207f2 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -24,19 +24,6 @@ if hiera('step') >= 2 { } #END STEP 2 if hiera('step') >= 4 { - - $nova_ipv6 = hiera('nova::use_ipv6', false) - if $nova_ipv6 { - $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') - } else { - $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') - } - - class { '::nova' : - memcached_servers => $memcached_servers - } - include ::nova::config - # Aodh class { '::aodh' : database_connection => hiera('aodh_mysql_conn_string'), diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 9ebfb6d5..709d9968 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -43,19 +43,6 @@ if hiera('step') >= 2 { } #END STEP 2 if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { - $nova_ipv6 = hiera('nova::use_ipv6', false) - if $nova_ipv6 { - $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') - } else { - $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') - } - - class { '::nova' : - memcached_servers => $memcached_servers - } - - include ::nova::config - # Aodh class { '::aodh' : database_connection => hiera('aodh_mysql_conn_string'), @@ -89,98 +76,6 @@ if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { if hiera('step') >= 5 { if $pacemaker_master { - pacemaker::constraint::base { 'openstack-core-then-httpd-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::apache::params::service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::apache::params::service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - - # Nova - pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::nova::params::consoleauth_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::colocation { 'nova-consoleauth-with-openstack-core': - source => "${::nova::params::consoleauth_service_name}-clone", - target => 'openstack-core-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::consoleauth_service_name}-clone", - second_resource => "${::nova::params::vncproxy_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], - } - pacemaker::constraint::colocation { 'nova-vncproxy-with-nova-consoleauth-colocation': - source => "${::nova::params::vncproxy_service_name}-clone", - target => "${::nova::params::consoleauth_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], - } - pacemaker::constraint::base { 'nova-vncproxy-then-nova-api-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::vncproxy_service_name}-clone", - second_resource => "${::nova::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], - Pacemaker::Resource::Service[$::nova::params::api_service_name]], - } - pacemaker::constraint::colocation { 'nova-api-with-nova-vncproxy-colocation': - source => "${::nova::params::api_service_name}-clone", - target => "${::nova::params::vncproxy_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], - Pacemaker::Resource::Service[$::nova::params::api_service_name]], - } - pacemaker::constraint::base { 'nova-api-then-nova-scheduler-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::api_service_name}-clone", - second_resource => "${::nova::params::scheduler_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], - Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], - } - pacemaker::constraint::colocation { 'nova-scheduler-with-nova-api-colocation': - source => "${::nova::params::scheduler_service_name}-clone", - target => "${::nova::params::api_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], - Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], - } - pacemaker::constraint::base { 'nova-scheduler-then-nova-conductor-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::scheduler_service_name}-clone", - second_resource => "${::nova::params::conductor_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], - Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], - } - pacemaker::constraint::colocation { 'nova-conductor-with-nova-scheduler-colocation': - source => "${::nova::params::conductor_service_name}-clone", - target => "${::nova::params::scheduler_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], - Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], - } - # Fedora doesn't know `require-all` parameter for constraints yet if $::operatingsystem == 'Fedora' { $redis_aodh_constraint_params = undef @@ -239,32 +134,6 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], } - - #VSM - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - pacemaker::resource::ocf { 'vsm-p' : - ocf_agent_name => 'heartbeat:VirtualDomain', - resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml', - require => Class['n1k_vsm'], - meta_params => 'resource-stickiness=INFINITY', - } - if str2bool(hiera('n1k_vsm::pacemaker_control', true)) { - pacemaker::resource::ocf { 'vsm-s' : - ocf_agent_name => 'heartbeat:VirtualDomain', - resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml', - require => Class['n1k_vsm'], - meta_params => 'resource-stickiness=INFINITY', - } - pacemaker::constraint::colocation { 'vsm-colocation-contraint': - source => 'vsm-p', - target => 'vsm-s', - score => '-INFINITY', - require => [Pacemaker::Resource::Ocf['vsm-p'], - Pacemaker::Resource::Ocf['vsm-s']], - } - } - } - } } #END STEP 5 diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 34735f75..80f656d0 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -28,7 +28,7 @@ outputs: role_data: description: Role data for the Ceilometer Central Agent role. value: - service_name: ceilometer-agent-central + service_name: ceilometer_agent_central config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 9e4d0575..181c64d2 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Ceilometer Compute Agent role. value: - service_name: ceilometer-agent-compute + service_name: ceilometer_agent_compute config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index b65e189b..58e28a3d 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Ceilometer Notification Agent role. value: - service_name: ceilometer-agent-notification + service_name: ceilometer_agent_notification config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index d0f3767d..c5c143b0 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Ceilometer API role. value: - service_name: ceilometer-api + service_name: ceilometer_api config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] @@ -30,5 +30,6 @@ outputs: dport: - 8777 - 13777 + - ceilometer::api::keystone_tenant: 'service' step_config: | include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 40060a11..5342cefb 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -62,7 +62,7 @@ outputs: role_data: description: Role data for the Ceilometer role. value: - service_name: ceilometer-base + service_name: ceilometer_base config_settings: ceilometer::db::database_connection: list_join: @@ -83,6 +83,9 @@ outputs: ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} + ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} + ceilometer::agent::auth::auth_tenant_name: 'service' + ceilometer::agent::auth::auth_endpoint_type: 'internalURL' ceilometer::db::mysql::password: {get_param: CeilometerPassword} ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher} ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]} @@ -94,6 +97,7 @@ outputs: ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} ceilometer::keystone::auth::password: {get_param: CeilometerPassword} ceilometer::keystone::auth::region: {get_param: KeystoneRegion} + ceilometer::keystone::auth::tenant: 'service' ceilometer::rabbit_userid: {get_param: RabbitUserName} ceilometer::rabbit_password: {get_param: RabbitPassword} ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} @@ -104,3 +108,6 @@ outputs: ceilometer::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + ceilometer::rabbit_heartbeat_timeout_threshold: 60 + ceilometer::db::database_db_max_retries: -1 + ceilometer::db::database_max_retries: -1 diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index 540a4654..7a7bc19d 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Ceilometer Collector role. value: - service_name: ceilometer-collector + service_name: ceilometer_collector config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml index 7816a859..c960e6dc 100644 --- a/puppet/services/ceilometer-expirer.yaml +++ b/puppet/services/ceilometer-expirer.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Ceilometer Expirer role. value: - service_name: ceilometer-expirer + service_name: ceilometer_expirer config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index 76f649b0..bce52f36 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -5,12 +5,10 @@ description: > parameters: CephAdminKey: - default: '' description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientKey: - default: '' description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. type: string hidden: true @@ -18,7 +16,6 @@ parameters: default: openstack type: string CephClusterFSID: - default: '' type: string description: The Ceph cluster FSID. Must be a UUID. CephIPv6: @@ -57,10 +54,17 @@ outputs: role_data: description: Role data for the Ceph base service. value: - service_name: ceph-base + service_name: ceph_base config_settings: tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6} tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} + ceph::profile::params::osd_pool_default_pg_num: 32 + ceph::profile::params::osd_pool_default_pgp_num: 32 + ceph::profile::params::osd_pool_default_size: 3 + ceph::profile::params::osd_pool_default_min_size: 1 + ceph::profile::params::osds: {/srv/data: {}} + ceph::profile::params::manage_repo: false + ceph::profile::params::authentication_type: cephx ceph::profile::params::fsid: {get_param: CephClusterFSID} ceph::profile::params::client_keys: str_replace: diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml index fc23f719..33bbbe58 100644 --- a/puppet/services/ceph-client.yaml +++ b/puppet/services/ceph-client.yaml @@ -18,7 +18,7 @@ outputs: role_data: description: Role data for the Cinder OSD service. value: - service_name: ceph-client + service_name: ceph_client config_settings: get_attr: [CephBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index b656e245..f6fe26db 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -5,7 +5,6 @@ description: > parameters: CephClientKey: - default: '' description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. type: string hidden: true @@ -13,7 +12,6 @@ parameters: default: openstack type: string CephClusterFSID: - default: '' type: string description: The Ceph cluster FSID. Must be a UUID. CephExternalMonHost: @@ -40,7 +38,7 @@ outputs: role_data: description: Role data for the Ceph External service. value: - service_name: ceph-external + service_name: ceph_external config_settings: tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost} ceph::profile::params::fsid: {get_param: CephClusterFSID} diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 8df7683d..f48515e5 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -13,7 +13,6 @@ parameters: default: False type: boolean CephMonKey: - default: '' description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true @@ -41,7 +40,7 @@ outputs: role_data: description: Role data for the Ceph Monitor service. value: - service_name: ceph-mon + service_name: ceph_mon config_settings: map_merge: - get_attr: [CephBase, role_data, config_settings] diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml index b6f464bb..21cefb34 100644 --- a/puppet/services/ceph-osd.yaml +++ b/puppet/services/ceph-osd.yaml @@ -18,7 +18,7 @@ outputs: role_data: description: Role data for the Cinder OSD service. value: - service_name: ceph-osd + service_name: ceph_osd config_settings: map_merge: - get_attr: [CephBase, role_data, config_settings] diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 0cefb380..5e58dee9 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -30,13 +30,20 @@ outputs: role_data: description: Role data for the Cinder API role. value: - service_name: cinder-api + service_name: cinder_api config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - cinder::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} cinder::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} cinder::api::keystone_password: {get_param: CinderPassword} + cinder::api::keystone_tenant: 'service' + cinder::api::enable_proxy_headers_parsing: true + cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' + # TODO(emilien) move it to puppet-cinder + cinder::config: + DEFAULT/swift_catalog_info: + value: 'object-store:swift:internalURL' cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge} tripleo.cinder_api.firewall_rules: diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index adacc737..d923e7c6 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -40,7 +40,7 @@ outputs: role_data: description: Role data for the Cinder base service. value: - service_name: cinder-base + service_name: cinder_base config_settings: cinder::database_connection: list_join: @@ -63,3 +63,9 @@ outputs: cinder::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + cinder::rabbit_heartbeat_timeout_threshold: 60 + cinder::keystone::auth::tenant: 'service' + cinder::host: hostgroup + cinder::cron::db_purge::destination: '/dev/null' + cinder::db::database_db_max_retries: -1 + cinder::db::database_max_retries: -1 diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 2e1e852d..e03090a2 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -21,8 +21,10 @@ outputs: role_data: description: Role data for the Cinder Scheduler role. value: - service_name: cinder-scheduler + service_name: cinder_scheduler config_settings: - get_attr: [CinderBase, role_data, config_settings] + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler step_config: | include ::tripleo::profile::base::cinder::scheduler diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 8f63ff6a..9f49bc06 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -59,7 +59,7 @@ outputs: role_data: description: Role data for the Cinder Volume role. value: - service_name: cinder-volume + service_name: cinder_volume config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml index ed0b92af..b8761320 100644 --- a/puppet/services/database/mongodb-base.yaml +++ b/puppet/services/database/mongodb-base.yaml @@ -24,8 +24,9 @@ outputs: role_data: description: Role data for the MongoDB base service. value: - service_name: mongodb-base + service_name: mongodb_base config_settings: mongodb::server::nojournal: {get_param: MongoDbNoJournal} + mongodb::server::journal: false mongodb::server::ipv6: {get_param: MongoDbIPv6} - mongodb::server::replset: {get_param: MongoDbReplset}
\ No newline at end of file + mongodb::server::replset: {get_param: MongoDbReplset} diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 0a19b2a7..6f8f91b5 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -17,6 +17,13 @@ outputs: value: service_name: mysql config_settings: + # The Galera package should work in cluster and + # non-cluster modes based on the config file. + # We set the package name here explicitly so + # that it matches what we pre-install + # in tripleo-puppet-elements. + mysql::server::package_name: 'mariadb-galera-server' + mysql::server::manage_config_file: true tripleo.mysql.firewall_rules: '104 mysql galera': dport: diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index c7b083fa..fe8c0659 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -13,10 +13,13 @@ outputs: role_data: description: Role data for the redis role. value: - service_name: redis-base + service_name: redis_base config_settings: - redis::requirepass: {get_param: RedisPassword} - redis::masterauth: {get_param: RedisPassword} - redis::sentinel_auth_pass: {get_param: RedisPassword} - tripleo::loadbalancer::redis_password: {get_param: RedisPassword} - + redis::requirepass: {get_param: RedisPassword} + redis::masterauth: {get_param: RedisPassword} + redis::sentinel_auth_pass: {get_param: RedisPassword} + redis::port: 6379 + redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"' + redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"' + redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' + tripleo::loadbalancer::redis_password: {get_param: RedisPassword} diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index ee4c17c7..99065789 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -65,7 +65,7 @@ outputs: role_data: description: Role data for the Glance API role. value: - service_name: glance-api + service_name: glance_api config_settings: glance::api::database_connection: list_join: @@ -85,6 +85,7 @@ outputs: params: REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} glance::api::keystone_password: {get_param: GlancePassword} + glance::api::enable_proxy_headers_parsing: true glance::api::debug: {get_param: Debug} glance::api::workers: {get_param: GlanceWorkers} glance_notifier_strategy: {get_param: GlanceNotifierStrategy} @@ -92,6 +93,7 @@ outputs: glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_param: GlancePassword} + glance::backend::swift::swift_store_create_container_on_put: true glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} glance_backend: {get_param: GlanceBackend} @@ -104,10 +106,17 @@ outputs: glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} glance::keystone::auth::password: {get_param: GlancePassword } + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 tripleo.glance_api.firewall_rules: '112 glance_api': dport: - 9292 - 13292 + glance::keystone::auth::tenant: 'service' + glance::api::keystone_tenant: 'service' + glance::api::pipeline: 'keystone' + glance::api::show_image_direct_url: true + step_config: | include ::tripleo::profile::base::glance::api diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index f9d9dd6b..40d18191 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -26,7 +26,7 @@ outputs: role_data: description: Role data for the Glance Registry role. value: - service_name: glance-registry + service_name: glance_registry config_settings: glance::registry::database_connection: list_join: @@ -38,6 +38,8 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' glance::registry::keystone_password: {get_param: GlancePassword} + glance::registry::keystone_tenant: 'service' + glance::registry::pipeline: 'keystone' glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } glance::registry::debug: {get_param: Debug} @@ -48,6 +50,8 @@ outputs: glance::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 tripleo.glance_registry.firewall_rules: '112 glance_registry': diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index bf23cda1..d97626a6 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Gnocchi role. value: - service_name: gnocchi-api + service_name: gnocchi_api config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] @@ -29,5 +29,6 @@ outputs: dport: - 8041 - 13041 + - gnocchi::api::keystone_tenant: 'service' step_config: | include ::tripleo::profile::base::gnocchi::api diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index fa00f736..a408d5d7 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -30,6 +30,10 @@ parameters: CephClientUserName: default: openstack type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint outputs: aux_parameters: @@ -39,7 +43,7 @@ outputs: role_data: description: Shared role data for the Heat services. value: - service_name: gnocchi-base + service_name: gnocchi_base config_settings: #Gnocchi engine gnocchi::debug: {get_input: debug} @@ -52,7 +56,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - gnocchi::keystone::auth::region: 'regionOne' + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} gnocchi::keystone::auth::tenant: 'service' gnocchi::keystone::auth::password: {get_param: GnocchiPassword} gnocchi::db::mysql::password: {get_param: GnocchiPassword} @@ -90,3 +94,5 @@ outputs: gnocchi::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + gnocchi::auth::auth_region: {get_param: KeystoneRegion} + gnocchi::auth::auth_tenant_name: 'service' diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index 20215380..8041c6f4 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Gnocchi role. value: - service_name: gnocchi-metricd + service_name: gnocchi_metricd config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index 4fef7af6..9c8e6897 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Gnocchi role. value: - service_name: gnocchi-statsd + service_name: gnocchi_statsd config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 1a629c1d..902a1c3f 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -19,5 +19,26 @@ outputs: tripleo.haproxy.firewall_rules: '107 haproxy stats': dport: 1993 + # TODO(emilien) make it composable to find which services are actually running + tripleo::haproxy::keystone_admin: true + tripleo::haproxy::keystone_public: true + tripleo::haproxy::neutron: true + tripleo::haproxy::cinder: true + tripleo::haproxy::glance_api: true + tripleo::haproxy::glance_registry: true + tripleo::haproxy::nova_osapi: true + tripleo::haproxy::nova_metadata: true + tripleo::haproxy::nova_novncproxy: true + tripleo::haproxy::mysql: true + tripleo::haproxy::redis: true + tripleo::haproxy::sahara: true + tripleo::haproxy::swift_proxy_server: true + tripleo::haproxy::ceilometer: true + tripleo::haproxy::aodh: true + tripleo::haproxy::gnocchi: true + tripleo::haproxy::heat_api: true + tripleo::haproxy::heat_cloudwatch: true + tripleo::haproxy::heat_cfn: true + tripleo::haproxy::horizon: true step_config: | include ::tripleo::profile::base::haproxy diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 67c89bb9..f8832dd8 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -30,7 +30,7 @@ outputs: role_data: description: Role data for the Heat CloudFormation API role. value: - service_name: heat-api-cfn + service_name: heat_api_cfn config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 32a0a58d..b4669ac3 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -22,7 +22,7 @@ outputs: role_data: description: Role data for the Heat Cloudwatch API role. value: - service_name: heat-api-cloudwatch + service_name: heat_api_cloudwatch config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 0bb208d1..c0e7a690 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -30,7 +30,7 @@ outputs: role_data: description: Role data for the Heat API role. value: - service_name: heat-api + service_name: heat_api config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 2a7aeabc..01f2a51b 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -31,7 +31,7 @@ outputs: role_data: description: Shared role data for the Heat services. value: - service_name: heat-base + service_name: heat_base config_settings: heat::rabbit_userid: {get_param: RabbitUserName} heat::rabbit_password: {get_param: RabbitPassword} @@ -45,3 +45,16 @@ outputs: context_is_admin: key: 'context_is_admin' value: 'role:admin' + heat::rabbit_heartbeat_timeout_threshold: 60 + heat::keystone_tenant: 'service' + heat::keystone::auth::tenant: 'service' + heat::keystone::domain::domain_name: 'heat_stack' + heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' + heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' + heat::auth_plugin: 'password' + heat::cron::purge_deleted::age: 30 + heat::cron::purge_deleted::age_type: 'days' + heat::cron::purge_deleted::maxdelay: 3600 + heat::cron::purge_deleted::destination: '/dev/null' + heat::db::database_db_max_retries: -1 + heat::db::database_max_retries: -1 diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 2fd01885..13555a62 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -35,11 +35,13 @@ outputs: role_data: description: Role data for the Heat Engine role. value: - service_name: heat-engine + service_name: heat_engine config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::engine::num_engine_workers: {get_param: HeatWorkers} + heat::engine::configure_delegated_roles: false + heat::engine::trusts_delegated_roles: [] tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge} heat::database_connection: list_join: diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index dc7ba8c9..64cf450a 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -36,5 +36,11 @@ outputs: dport: - 80 - 443 + horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache + horizon::django_session_engine: 'django.contrib.sessions.backends.cache' + horizon::vhost_extra_params: + add_listen: false + priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' step_config: | include ::tripleo::profile::base::horizon diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 6f369f74..949cdf31 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -24,7 +24,7 @@ outputs: role_data: description: Role data for the Ironic API role. value: - service_name: ironic-api + service_name: ironic_api config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index fb9d4dde..41d2234a 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -40,7 +40,7 @@ outputs: role_data: description: Role data for the Ironic role. value: - service_name: ironic-base + service_name: ironic_base config_settings: ironic::database_connection: list_join: diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 574e5aef..a3bce305 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -24,7 +24,7 @@ outputs: role_data: description: Role data for the Ironic conductor role. value: - service_name: ironic-conductor + service_name: ironic_conductor config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 9e8a53f0..50ebe925 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -15,5 +15,26 @@ outputs: description: Role data for the Kernel modules value: service_name: kernel + config_settings: + kernel_modules: + nf_conntrack: {} + sysctl_settings: + net.ipv4.tcp_keepalive_intvl: + value: 1 + net.ipv4.tcp_keepalive_probes: + value: 5 + net.ipv4.tcp_keepalive_time: + value: 5 + net.nf_conntrack_max: + value: 500000 + net.netfilter.nf_conntrack_max: + value: 500000 + # prevent neutron bridges from autoconfiguring ipv6 addresses + net.ipv6.conf.default.accept_ra: + value: 0 + net.ipv6.conf.default.autoconf: + value: 0 + net.core.netdev_max_backlog: + value: 10000 step_config: | include ::tripleo::profile::base::kernel diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index de920de3..abc738d9 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -110,6 +110,7 @@ outputs: keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::enable_proxy_headers_parsing: true keystone::debug: {get_param: Debug} keystone::db::mysql::password: {get_param: AdminToken} keystone::rabbit_userid: {get_param: RabbitUserName} @@ -132,10 +133,22 @@ outputs: keystone::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + keystone::rabbit_heartbeat_timeout_threshold: 60 + keystone::cron::token_flush::maxdelay: 3600 + keystone::roles::admin::service_tenant: 'service' + keystone::roles::admin::admin_tenant: 'admin' + keystone::cron::token_flush::destination: '/dev/null' + keystone::config::keystone_config: + ec2/driver: + value: 'keystone.contrib.ec2.backends.sql.Ec2' + keystone::service_name: 'httpd' + keystone::wsgi::apache::ssl: false keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} # override via extraconfig: keystone::wsgi::apache::threads: 1 + keystone::db::database_db_max_retries: -1 + keystone::db::database_max_retries: -1 tripleo.keystone.firewall_rules: '111 keystone': dport: diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml new file mode 100644 index 00000000..ccae4467 --- /dev/null +++ b/puppet/services/manila-api.yaml @@ -0,0 +1,46 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-api service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-api role. + value: + service_name: manila_api + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::api::keystone_password: {get_param: ManilaPassword} + manila::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + manila::api::keystone_auth_host: {get_param: [EndpointMap, ManilaInternal, host]} + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::password: {get_param: ManilaPassword } + manila::keystone::auth::region: {get_param: KeystoneRegion } + manila::api::keystone_tenant: 'service' + step_config: | + include ::tripleo::profile::base::manila::api + diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml new file mode 100644 index 00000000..c156379b --- /dev/null +++ b/puppet/services/manila-base.yaml @@ -0,0 +1,119 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Manila base service. Shared by manila-api/scheduler/share services + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + # Config specific parameters, to be provided via parameter_defaults + ManilaGenericEnableBackend: + type: boolean + default: true + ManilaGenericBackendName: + type: string + default: tripleo_generic + ManilaGenericDriverHandlesShareServers: + type: string + default: true + ManilaGenericSmbTemplateConfigPath: + type: string + default: '$state_path/smb.conf' + ManilaGenericVolumeNameTemplate: + type: string + default: 'manila-share-%s' + ManilaGenericVolumeSnapshotNameTemplate: + type: string + default: 'manila-snapshot-%s' + ManilaGenericShareMountPath: + type: string + default: '/shares' + ManilaGenericMaxTimeToCreateVolume: + type: string + default: '180' + ManilaGenericMaxTimeToAttach: + type: string + default: '120' + ManilaGenericServiceInstanceSmbConfigPath: + type: string + default: '$share_mount_path/smb.conf' + ManilaGenericShareVolumeFsType: + type: string + default: 'ext4' + ManilaGenericCinderVolumeType: + type: string + default: '' + ManilaGenericServiceInstanceUser: + type: string + default: '' + ManilaGenericServiceInstancePassword: #SET THIS via parameter_defaults + type: string + hidden: true + ManilaGenericServiceInstanceFlavorId: + type: number + default: 1 + ManilaGenericServiceNetworkCidr: + type: string + default: '172.16.0.0/16' + +outputs: + role_data: + description: Role data for the Manila Base service. + value: + service_name: manila_base + config_settings: + manila::rabbit_userid: {get_param: RabbitUserName} + manila::rabbit_password: {get_param: RabbitPassword} + manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + manila::rabbit_port: {get_param: RabbitClientPort} + manila::debug: {get_param: Debug} + manila::db::mysql::user: manila + manila::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + manila::db::mysql::dbname: manila + manila::db::database_db_max_retries: -1 + manila::db::database_max_retries: -1 + manila_generic_enable_backend: {get_param: ManilaGenericEnableBackend} + manila::backend::generic::title: {get_param: ManilaGenericBackendName} + manila::backend::generic::driver_handles_share_servers: {get_param: ManilaGenericDriverHandlesShareServers} + manila::backend::generic::smb_template_config_path: {get_param: ManilaGenericSmbTemplateConfigPath} + manila::backend::generic::volume_name_template: {get_param: ManilaGenericVolumeNameTemplate} + manila::backend::generic::volume_snapshot_name_template: {get_param: ManilaGenericVolumeSnapshotNameTemplate} + manila::backend::generic::share_mount_path: {get_param: ManilaGenericShareMountPath} + manila::backend::generic::max_time_to_create_volume: {get_param: ManilaGenericMaxTimeToCreateVolume} + manila::backend::generic::max_time_to_attach: {get_param: ManilaGenericMaxTimeToAttach} + manila::backend::generic::service_instance_smb_config_path: {get_param: ManilaGenericServiceInstanceSmbConfigPath} + manila::backend::generic::share_volume_fstype: {get_param: ManilaGenericShareVolumeFsType} + manila::backend::generic::cinder_volume_type: {get_param: ManilaGenericCinderVolumeType} + manila::service_instance::service_instance_user: {get_param: ManilaGenericServiceInstanceUser} + manila::service_instance::service_instance_password: {get_param: ManilaGenericServiceInstancePassword} + manila::service_instance::service_instance_flavor_id: {get_param: ManilaGenericServiceInstanceFlavorId} + manila::service_instance::service_network_cidr: {get_param: ManilaGenericServiceNetworkCidr} + manila::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml new file mode 100644 index 00000000..b1d55a05 --- /dev/null +++ b/puppet/services/manila-scheduler.yaml @@ -0,0 +1,57 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-scheduler service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaPassword: + type: string + description: The password for the nova service and db account, used by nova-api. + hidden: true + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-scheduler role. + value: + service_name: manila_scheduler + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + manila::compute::nova::nova_admin_password: {get_param: NovaPassword} + manila::compute::nova::nova_admin_tenant_name: 'service' + manila::db::mysql::password: {get_param: ManilaPassword} + manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]} + manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword} + manila::sql_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://manila:' + - {get_param: ManilaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/manila' + step_config: | + include ::tripleo::profile::base::manila::scheduler + diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml new file mode 100644 index 00000000..20f36aa3 --- /dev/null +++ b/puppet/services/manila-share.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-share service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-share role. + value: + service_name: manila_share + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::volume::cinder::cinder_admin_tenant_name: 'service' + step_config: | + include ::tripleo::profile::base::manila::share diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 301759c7..3f8ac7e8 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -47,7 +47,7 @@ outputs: role_data: description: Role data for the Neutron base service. value: - service_name: neutron-base + service_name: neutron_base config_settings: neutron::rabbit_password: {get_param: RabbitPassword} neutron::rabbit_user: {get_param: RabbitUserName} @@ -61,4 +61,9 @@ outputs: params: PLUGINS: {get_param: NeutronServicePlugins} neutron::debug: {get_param: Debug} - neutron::host: '"%{::fqdn}"' + neutron::allow_overlapping_ips: true + neutron::rabbit_heartbeat_timeout_threshold: 60 + neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed + neutron::keystone::auth::tenant: 'service' + neutron::db::database_db_max_retries: -1 + neutron::db::database_max_retries: -1 diff --git a/puppet/services/neutron-compute-plugin-midonet.yaml b/puppet/services/neutron-compute-plugin-midonet.yaml index f08afd15..200aaa1b 100644 --- a/puppet/services/neutron-compute-plugin-midonet.yaml +++ b/puppet/services/neutron-compute-plugin-midonet.yaml @@ -14,7 +14,7 @@ outputs: role_data: description: Role data for the Neutron Compute Plumgrid plugin value: - service_name: neutron-compute-plugin-midonet + service_name: neutron_compute_plugin_midonet config_settings: step_config: | include ::tripleo::profile::base::neutron::agents::midonet diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml index f6e2f3a8..44aac571 100644 --- a/puppet/services/neutron-compute-plugin-nuage.yaml +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -18,7 +18,7 @@ outputs: role_data: description: Role data for the Neutron Compute Nuage plugin value: - service_name: neutron-compute-plugin-nuage + service_name: neutron_compute_plugin_nuage config_settings: tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service' tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword} diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/puppet/services/neutron-compute-plugin-opencontrail.yaml index b95a6554..fb6d640c 100644 --- a/puppet/services/neutron-compute-plugin-opencontrail.yaml +++ b/puppet/services/neutron-compute-plugin-opencontrail.yaml @@ -14,7 +14,7 @@ outputs: role_data: description: Role data for the Neutron Compute OpenContrail plugin value: - service_name: neutron-compute-plugin-opencontrail + service_name: neutron_compute_plugin_opencontrail config_settings: step_config: | include ::tripleo::profile::base::neutron::opencontrail::vrouter diff --git a/puppet/services/neutron-compute-plugin-plumgrid.yaml b/puppet/services/neutron-compute-plugin-plumgrid.yaml index 064ac9e0..ad1e3465 100644 --- a/puppet/services/neutron-compute-plugin-plumgrid.yaml +++ b/puppet/services/neutron-compute-plugin-plumgrid.yaml @@ -14,7 +14,7 @@ outputs: role_data: description: Role data for the Neutron Compute Plumgrid plugin value: - service_name: neutron-compute-plugin-plumgrid + service_name: neutron_compute_plugin_plumgrid config_settings: step_config: | include tripleo::profile::base::neutron::plumgrid diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 1c57aa45..322e018d 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -23,7 +23,7 @@ outputs: role_data: description: Role data for the Neutron DHCP agent service. value: - service_name: neutron-dhcp + service_name: neutron_dhcp config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 0e568614..a7232a39 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -26,10 +26,11 @@ outputs: role_data: description: Role data for the Neutron L3 agent service. value: - service_name: neutron-l3 + service_name: neutron_l3 config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} + neutron::agents::l3::router_delete_namespaces: True step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 04c80e01..73d8c3da 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -31,7 +31,7 @@ outputs: role_data: description: Role data for the Neutron Metadata agent service. value: - service_name: neutron-metadata + service_name: neutron_metadata config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -39,5 +39,6 @@ outputs: neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + neutron::agents::metadata::auth_tenant: 'service' step_config: | include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml index d48d97f0..ccc0b0dd 100644 --- a/puppet/services/neutron-midonet.yaml +++ b/puppet/services/neutron-midonet.yaml @@ -36,7 +36,7 @@ outputs: role_data: description: Role data for the Neutron Midonet plugin and services value: - service_name: neutron-midonet + service_name: neutron_midonet config_settings: tripleo::profile::base::neutron::midonet::admin_password: {get_param: AdminPassword} tripleo::profile::base::neutron::midonet::keystone_admin_token: {get_param: AdminToken} diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 30caeec3..d8679f2e 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -47,7 +47,7 @@ outputs: role_data: description: Role data for the Neutron OVS agent service. value: - service_name: neutron-ovs-agent + service_name: neutron_ovs_agent config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 3511b2f2..158122ed 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -61,7 +61,7 @@ outputs: role_data: description: Role data for the Neutron ML2 plugin. value: - service_name: neutron-plugin-ml2 + service_name: neutron_plugin_ml2 config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml index 3889f84a..5f228f96 100644 --- a/puppet/services/neutron-plugin-nuage.yaml +++ b/puppet/services/neutron-plugin-nuage.yaml @@ -59,7 +59,7 @@ outputs: role_data: description: Role data for the Neutron Nuage plugin value: - service_name: neutron-plugin-nuage + service_name: neutron_plugin_nuage config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml index 1d23c497..ed6a2c04 100644 --- a/puppet/services/neutron-plugin-opencontrail.yaml +++ b/puppet/services/neutron-plugin-opencontrail.yaml @@ -42,7 +42,7 @@ outputs: role_data: description: Role data for the Neutron Opencontrail plugin value: - service_name: neutron-plugin-opencontrail + service_name: neutron_plugin_opencontrail config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index 484d163f..5488bed7 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -80,7 +80,7 @@ outputs: role_data: description: Role data for the Neutron Plumgrid plugin value: - service_name: neutron-plugin-plumgrid + service_name: neutron_plugin_plumgrid config_settings: neutron::plugins::plumgrid::connection: list_join: @@ -90,7 +90,7 @@ outputs: - {get_param: NeutronPassword} - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - - '/ovs_neutron?charset=utf8' + - '/ovs_neutron' neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]} neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml index 253a6bfe..1c7cef49 100644 --- a/puppet/services/neutron-server.yaml +++ b/puppet/services/neutron-server.yaml @@ -39,7 +39,7 @@ outputs: role_data: description: Role data for the Neutron Server agent service. value: - service_name: neutron-server + service_name: neutron_server config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -51,9 +51,10 @@ outputs: - {get_param: NeutronPassword} - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - - '/ovs_neutron?charset=utf8' + - '/ovs_neutron' neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + neutron::server::auth_tenant: 'service' neutron::server::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} @@ -65,6 +66,8 @@ outputs: neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' neutron::server::notifications::password: {get_param: NovaPassword} + neutron::server::project_name: 'service' + neutron::server::sync_db: true neutron::db::mysql::password: {get_param: NeutronPassword} neutron::db::mysql::user: neutron neutron::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 0dd8fd51..045a8614 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -24,7 +24,7 @@ outputs: role_data: description: Role data for the Nova API service. value: - service_name: nova-api + service_name: nova_api config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -42,5 +42,10 @@ outputs: - 8774 - 13774 - 8775 + nova::api::admin_tenant_name: 'service' + nova::api::enabled: true + nova::api::default_floating_pool: 'public' + nova::api::sync_db_api: true + nova::api::enable_proxy_headers_parsing: true step_config: | include tripleo::profile::base::nova::api diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index c94e0246..e3379821 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -40,7 +40,7 @@ outputs: role_data: description: Role data for the Nova base service. value: - service_name: nova-base + service_name: nova_base config_settings: nova::rabbit_password: {get_param: RabbitPassword} nova::rabbit_user: {get_param: RabbitUserName} @@ -79,4 +79,27 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" nova::debug: {get_param: Debug} - nova::host: '"%{::fqdn}"' + nova::network::neutron::neutron_project_name: 'service' + nova::network::neutron::neutron_username: 'neutron' + nova::network::neutron::dhcp_domain: '' + nova::rabbit_heartbeat_timeout_threshold: 60 + nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' + nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. + nova::notify_on_state_change: 'vm_and_task_state' + nova::notification_driver: messagingv2 + nova::network::neutron::neutron_auth_type: 'v3password' + nova::keystone::auth::tenant: 'service' + nova::db::mysql::user: nova + nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql::dbname: nova + nova::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + nova::db::mysql_api::user: nova_api + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql_api::dbname: nova_api + nova::db::mysql_api::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + nova::db::database_db_max_retries: -1 + nova::db::database_max_retries: -1 diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index a7226bd0..bcc3a232 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -26,12 +26,12 @@ outputs: role_data: description: Role data for the Nova Compute service. value: - service_name: nova-compute + service_name: nova_compute config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] - nova::compute::libvirt::manage_libvirt_services: false - # we manage migration in nova common puppet profile + # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true tripleo::profile::base::nova::nova_compute_enabled: true @@ -42,6 +42,14 @@ outputs: - '.' - - 'client' - {get_param: CephClientUserName} + nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"' + nova::compute::instance_usage_audit: true + nova::compute::instance_usage_audit_period: 'hour' + # Changing the default from 512MB. The current templates can not deploy + # overclouds with swap. On an idle compute node, we see ~1024MB of RAM + # used. 2048 is suggested to account for other possible operations for + # example openvswitch. + nova::compute::reserved_host_memory: 2048 step_config: | # TODO(emilien): figure how to deal with libvirt profile. # We'll probably threat it like we do with Neutron plugins. diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index c334de44..5964f883 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -24,7 +24,7 @@ outputs: role_data: description: Role data for the Nova Conductor service. value: - service_name: nova-conductor + service_name: nova_conductor config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 0e7bf3b4..5fbce1b1 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Nova Consoleauth service. value: - service_name: nova-consoleauth + service_name: nova_consoleauth config_settings: get_attr: [NovaBase, role_data, config_settings] step_config: | diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 087ad277..939b6a09 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Libvirt service. value: - service_name: nova-libvirt + service_name: nova_libvirt config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 4187b728..bd6e5116 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Nova Scheduler service. value: - service_name: nova-scheduler + service_name: nova_scheduler config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml index d8e04cc8..0b9cef38 100644 --- a/puppet/services/nova-vncproxy.yaml +++ b/puppet/services/nova-vncproxy.yaml @@ -20,8 +20,10 @@ outputs: role_data: description: Role data for the Nova Vncproxy service. value: - service_name: nova-vncproxy + service_name: nova_vncproxy config_settings: - get_attr: [NovaBase, role_data, config_settings] + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::vncproxy::enabled: true step_config: | include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 9520cb9c..b0ebb7d4 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -16,6 +16,11 @@ outputs: value: service_name: pacemaker config_settings: + pacemaker::corosync::cluster_name: 'tripleo_cluster' + pacemaker::corosync::manage_fw: false + pacemaker::resource_defaults::defaults: + resource-stickiness: { value: INFINITY } + corosync_token_timeout: 10000 tripleo.pacemaker.firewall_rules: '130 pacemaker tcp': proto: 'tcp' diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml index 3ba78fc2..471b9f7a 100644 --- a/puppet/services/pacemaker/ceilometer-agent-central.yaml +++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Ceilometer Central Agent pacemaker role. value: - service_name: ceilometer-agent-central + service_name: ceilometer_agent_central config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml index 0fb008c4..2530848f 100644 --- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml +++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Ceilometer Notification Agent pacemaker role. value: - service_name: ceilometer-agent-notification + service_name: ceilometer_agent_notification config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml index 5cd8bb81..f1885372 100644 --- a/puppet/services/pacemaker/ceilometer-api.yaml +++ b/puppet/services/pacemaker/ceilometer-api.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Ceilometer API pacemaker role. value: - service_name: ceilometer-api + service_name: ceilometer_api config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml index 9e3671e5..8d31e1aa 100644 --- a/puppet/services/pacemaker/ceilometer-collector.yaml +++ b/puppet/services/pacemaker/ceilometer-collector.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Ceilometer Collector pacemaker role. value: - service_name: ceilometer-collector + service_name: ceilometer_collector config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml index d1313b27..706a189b 100644 --- a/puppet/services/pacemaker/cinder-api.yaml +++ b/puppet/services/pacemaker/cinder-api.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Cinder API role. value: - service_name: cinder-api + service_name: cinder_api config_settings: map_merge: - get_attr: [CinderApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml index c4e0a34f..350d7126 100644 --- a/puppet/services/pacemaker/cinder-scheduler.yaml +++ b/puppet/services/pacemaker/cinder-scheduler.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Cinder Scheduler role. value: - service_name: cinder-scheduler + service_name: cinder_scheduler config_settings: map_merge: - get_attr: [CinderSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index 3e28039e..7b6e9a77 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Cinder Volume role. value: - service_name: cinder-volume + service_name: cinder_volume config_settings: map_merge: - get_attr: [CinderVolumeBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/core.yaml b/puppet/services/pacemaker/core.yaml new file mode 100644 index 00000000..1c0c043c --- /dev/null +++ b/puppet/services/pacemaker/core.yaml @@ -0,0 +1,20 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Core (fake) service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Core role. + value: + service_name: core + config_settings: {} + step_config: | + include ::tripleo::profile::pacemaker::core
\ No newline at end of file diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml index bc611b0a..0fc17b22 100644 --- a/puppet/services/pacemaker/glance-api.yaml +++ b/puppet/services/pacemaker/glance-api.yaml @@ -45,7 +45,7 @@ outputs: role_data: description: Role data for the Glance role. value: - service_name: glance-api + service_name: glance_api config_settings: map_merge: - get_attr: [GlanceApiBase, role_data, config_settings] @@ -53,6 +53,7 @@ outputs: glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} + glance_file_pcmk_directory: '/var/lib/glance/images' glance::api::manage_service: false glance::api::enabled: false step_config: | diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml index 72ca9393..ae7aa307 100644 --- a/puppet/services/pacemaker/glance-registry.yaml +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Glance role. value: - service_name: glance-registry + service_name: glance_registry config_settings: map_merge: - get_attr: [GlanceRegistryBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml index 6c01bc53..bcd73e61 100644 --- a/puppet/services/pacemaker/gnocchi-api.yaml +++ b/puppet/services/pacemaker/gnocchi-api.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Gnocchi role. value: - service_name: gnocchi-api + service_name: gnocchi_api config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml index 4895bac6..ec487e89 100644 --- a/puppet/services/pacemaker/gnocchi-metricd.yaml +++ b/puppet/services/pacemaker/gnocchi-metricd.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Gnocchi role. value: - service_name: gnocchi-metricd + service_name: gnocchi_metricd config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml index 2760df37..d1106524 100644 --- a/puppet/services/pacemaker/gnocchi-statsd.yaml +++ b/puppet/services/pacemaker/gnocchi-statsd.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Gnocchi role. value: - service_name: gnocchi-statsd + service_name: gnocchi_statsd config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index 811a6697..c450530b 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -27,5 +27,6 @@ outputs: - tripleo::haproxy::haproxy_service_manage: false tripleo::haproxy::mysql_clustercheck: true enable_keepalived: false + tripleo::haproxy::keepalived: false step_config: | include ::tripleo::profile::pacemaker::haproxy diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml index bf01ceda..8f2c561a 100644 --- a/puppet/services/pacemaker/heat-api-cfn.yaml +++ b/puppet/services/pacemaker/heat-api-cfn.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Heat CloudFormation API role. value: - service_name: heat-api-cfn + service_name: heat_api_cfn config_settings: map_merge: - get_attr: [HeatApiCfnBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml index 6ee844d3..a08e0262 100644 --- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml +++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Heat Cloudwatch API role. value: - service_name: heat-api-cloudwatch + service_name: heat_api_cloudwatch config_settings: map_merge: - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml index 14604428..5cf25516 100644 --- a/puppet/services/pacemaker/heat-api.yaml +++ b/puppet/services/pacemaker/heat-api.yaml @@ -20,7 +20,7 @@ outputs: role_data: description: Role data for the Heat API role. value: - service_name: heat-api + service_name: heat_api config_settings: map_merge: - get_attr: [HeatApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml index 450917fd..4d41cbe4 100644 --- a/puppet/services/pacemaker/heat-engine.yaml +++ b/puppet/services/pacemaker/heat-engine.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Heat engine role. value: - service_name: heat-engine + service_name: heat_engine config_settings: map_merge: - get_attr: [HeatEngineBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml new file mode 100644 index 00000000..0f88e89c --- /dev/null +++ b/puppet/services/pacemaker/manila-share.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + The manila-share service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + ManilaShareBase: + type: ../manila-share.yaml + +outputs: + role_data: + description: Role data for the manila-share pacemaker role. + value: + service_name: manila_share + config_settings: + map_merge: + - get_attr: [ManilaShareBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::manila diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml index 312e275f..3a5ada47 100644 --- a/puppet/services/pacemaker/neutron-dhcp.yaml +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Neutron DHCP role. value: - service_name: neutron-dhcp + service_name: neutron_dhcp config_settings: map_merge: - get_attr: [NeutronDhcpBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml index 8607614b..a4f2c0e1 100644 --- a/puppet/services/pacemaker/neutron-l3.yaml +++ b/puppet/services/pacemaker/neutron-l3.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Neutron L3 role. value: - service_name: neutron-l3 + service_name: neutron_l3 config_settings: map_merge: - get_attr: [NeutronL3Base, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml index 96f3fb4b..9b322f22 100644 --- a/puppet/services/pacemaker/neutron-metadata.yaml +++ b/puppet/services/pacemaker/neutron-metadata.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Neutron Metadata role. value: - service_name: neutron-metadata + service_name: neutron_metadata config_settings: map_merge: - get_attr: [NeutronMetadataBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml index 3c185da9..e93ed661 100644 --- a/puppet/services/pacemaker/neutron-midonet.yaml +++ b/puppet/services/pacemaker/neutron-midonet.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Neutron Midonet plugin. value: - service_name: neutron-midonet + service_name: neutron_midonet config_settings: map_merge: - get_attr: [NeutronMidonetBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml index 214dc1c0..b2260de9 100644 --- a/puppet/services/pacemaker/neutron-ovs-agent.yaml +++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml @@ -19,7 +19,7 @@ outputs: role_data: description: Role data for the Neutron OVS agent service. value: - service_name: neutron-ovs-agent + service_name: neutron_ovs_agent config_settings: get_attr: [NeutronOvsBase, role_data, config_settings] step_config: | diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml index a4c4a5e4..dc10d093 100644 --- a/puppet/services/pacemaker/neutron-plugin-ml2.yaml +++ b/puppet/services/pacemaker/neutron-plugin-ml2.yaml @@ -19,7 +19,7 @@ outputs: role_data: description: Role data for the Neutron ML2 plugin. value: - service_name: neutron-plugin-ml2 + service_name: neutron_plugin_ml2 config_settings: map_merge: - get_attr: [NeutronMl2Base, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-plugin-nuage.yaml b/puppet/services/pacemaker/neutron-plugin-nuage.yaml index 64ad0f42..414c046c 100644 --- a/puppet/services/pacemaker/neutron-plugin-nuage.yaml +++ b/puppet/services/pacemaker/neutron-plugin-nuage.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Neutron Nuage plugin. value: - service_name: neutron-plugin-nuage + service_name: neutron_plugin_nuage config_settings: map_merge: - get_attr: [NeutronPluginNuageBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml index f2fd5b92..1d385d83 100644 --- a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml +++ b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Neutron OpenContrail plugin. value: - service_name: neutron-plugin-opencontrail + service_name: neutron_plugin_opencontrail config_settings: map_merge: - get_attr: [NeutronPluginOpenContrail, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml index 9ceaf004..69f5fd27 100644 --- a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml +++ b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Neutron PLUMgrid plugin. value: - service_name: neutron-plugin-plumgrid + service_name: neutron_plugin_plumgrid config_settings: map_merge: - get_attr: [NeutronPluginPlumgridBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml index 74234a85..b0f739dc 100644 --- a/puppet/services/pacemaker/neutron-server.yaml +++ b/puppet/services/pacemaker/neutron-server.yaml @@ -25,7 +25,7 @@ outputs: role_data: description: Role data for the Neutron Server. value: - service_name: neutron-server + service_name: neutron_server config_settings: map_merge: - get_attr: [NeutronServerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml index 467955fa..2d497ab5 100644 --- a/puppet/services/pacemaker/nova-api.yaml +++ b/puppet/services/pacemaker/nova-api.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Nova API role. value: - service_name: nova-api + service_name: nova_api config_settings: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml index fe0b00f3..1f57cf08 100644 --- a/puppet/services/pacemaker/nova-conductor.yaml +++ b/puppet/services/pacemaker/nova-conductor.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Nova Conductor role. value: - service_name: nova-conductor + service_name: nova_conductor config_settings: map_merge: - get_attr: [NovaConductorBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml index cc683eb5..bbab8bea 100644 --- a/puppet/services/pacemaker/nova-consoleauth.yaml +++ b/puppet/services/pacemaker/nova-consoleauth.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Nova Consoleauth role. value: - service_name: nova-consoleauth + service_name: nova_consoleauth config_settings: map_merge: - get_attr: [NovaConsoleauthBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml index dbb643c5..bf2c62bc 100644 --- a/puppet/services/pacemaker/nova-scheduler.yaml +++ b/puppet/services/pacemaker/nova-scheduler.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Nova Scheduler role. value: - service_name: nova-scheduler + service_name: nova_scheduler config_settings: map_merge: - get_attr: [NovaSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-vncproxy.yaml b/puppet/services/pacemaker/nova-vncproxy.yaml index 8fb07d57..0353d924 100644 --- a/puppet/services/pacemaker/nova-vncproxy.yaml +++ b/puppet/services/pacemaker/nova-vncproxy.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Nova Vncproxy role. value: - service_name: nova-vncproxy + service_name: nova_vncproxy config_settings: map_merge: - get_attr: [NovaVncproxyBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index a4dfa137..ac05a01a 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Sahara API role. value: - service_name: sahara-api + service_name: sahara_api config_settings: map_merge: - get_attr: [SaharaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index 31d9bea5..f6bd8f61 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -21,7 +21,7 @@ outputs: role_data: description: Role data for the Sahara Engine role. value: - service_name: sahara-engine + service_name: sahara_engine config_settings: map_merge: - get_attr: [SaharaEngineBase, role_data, config_settings] diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 3c5909ca..4c02f359 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -42,5 +42,20 @@ outputs: - 4369 - 5672 - 35672 + rabbitmq::delete_guest_user: false + rabbitmq::wipe_db_on_cookie_change: true + rabbitmq::port: '5672' + rabbitmq::package_source: undef + rabbitmq::repos_ensure: false + rabbitmq_environment: + RABBITMQ_NODENAME: "rabbit@%{::hostname}" + RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' + rabbitmq_kernel_variables: + inet_dist_listen_min: '35672' + inet_dist_listen_max: '35672' + rabbitmq_config_variables: + tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' + cluster_partition_handling: 'pause_minority' + loopback_users: '[]' step_config: | include ::tripleo::profile::base::rabbitmq diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index c9112019..7ca9bbd5 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -34,7 +34,7 @@ outputs: role_data: description: Role data for the Sahara API role. value: - service_name: sahara-api + service_name: sahara_api config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 72fc33a3..2f8cd91b 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -31,7 +31,7 @@ outputs: role_data: description: Role data for the Sahara base service. value: - service_name: sahara-base + service_name: sahara_base config_settings: sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} @@ -47,3 +47,7 @@ outputs: - spark - storm sahara::rpc_backend: rabbit + sahara::admin_tenant_name: 'service' + sahara::keystone::auth::tenant: 'service' + sahara::db::database_db_max_retries: -1 + sahara::db::database_max_retries: -1 diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index b799e27c..074f83c7 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -23,18 +23,18 @@ outputs: role_data: description: Role data for the Sahara Engine role. value: - service_name: sahara-engine + service_name: sahara_engine config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - sahara_dsn: &sahara_dsn list_join: - '' - - - {get_param: [EndpointMap, MysqlVirtual, protocol]} + - - {get_param: [EndpointMap, MysqlInternal, protocol]} - '://sahara:' - {get_param: SaharaPassword} - '@' - - {get_param: [EndpointMap, MysqlVirtual, host]} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' sahara::database_connection: *sahara_dsn sahara::db::mysql::password: {get_param: SaharaPassword} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 12165cc1..99af7499 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -35,12 +35,13 @@ outputs: role_data: description: Role data for the Swift proxy service. value: - service_name: swift-proxy + service_name: swift_proxy config_settings: # Swift swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} swift::proxy::authtoken::admin_password: {get_param: SwiftPassword} + swift::proxy::authtoken::admin_tenant_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} @@ -56,5 +57,30 @@ outputs: dport: - 8080 - 13808 + swift::keystone::auth::tenant: 'service' + swift::keystone::auth::configure_s3_endpoint: false + swift::keystone::auth::operator_roles: + - admin + - swiftoperator + - ResellerAdmin + swift::proxy::keystone::operator_roles: + - admin + - swiftoperator + - ResellerAdmin + swift::proxy::pipeline: + - 'catch_errors' + - 'healthcheck' + - 'proxy-logging' + - 'cache' + - 'ratelimit' + - 'bulk' + - 'tempurl' + - 'formpost' + - 'authtoken' + - 'keystone' + - 'staticweb' + - 'proxy-logging' + - 'proxy-server' + swift::proxy::account_autocreate: true step_config: | include ::tripleo::profile::base::swift::proxy diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml index b341b0fc..0b17c73c 100644 --- a/puppet/services/swift-ringbuilder.yaml +++ b/puppet/services/swift-ringbuilder.yaml @@ -30,7 +30,7 @@ outputs: role_data: description: Role data for Swift Ringbuilder configuration. value: - service_name: swift-ringbuilder + service_name: swift_ringbuilder config_settings: tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild} tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas} diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index d63dc87c..74679231 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -36,7 +36,7 @@ outputs: role_data: description: Role data for the Swift Proxy role. value: - service_name: swift-storage + service_name: swift_storage config_settings: # Swift swift::storage::all::mount_check: {get_param: SwiftMountCheck} @@ -48,5 +48,17 @@ outputs: - 6000 - 6001 - 6002 + swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' + swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' + swift::storage::all::object_pipeline: + - healthcheck + - recon + - object-server + swift::storage::all::container_pipeline: + - healthcheck + - container-server + swift::storage::all::account_pipeline: + - healthcheck + - account-server step_config: | include ::tripleo::profile::base::swift::storage diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index 51129053..7ce23a20 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -23,6 +23,7 @@ resources: glance_registry_vip: {get_input: glance_registry_vip} sahara_api_vip: {get_input: sahara_api_vip} swift_proxy_vip: {get_input: swift_proxy_vip} + manila_api_vip: {get_input: manila_api_vip} nova_api_vip: {get_input: nova_api_vip} nova_metadata_vip: {get_input: nova_metadata_vip} ceilometer_api_vip: {get_input: ceilometer_api_vip} diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 34219eff..c93c84bc 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -33,8 +33,9 @@ def validate_service(filename, tpl): print('ERROR: service_name is required in role_data for %s.' % filename) return 1 + # service_name must match the filename, but with an underscore if (role_data['service_name'] != - os.path.basename(filename).split('.')[0]): + os.path.basename(filename).split('.')[0].replace("-", "_")): print('ERROR: service_name should match file name for service: %s.' % filename) return 1 |