diff options
41 files changed, 364 insertions, 162 deletions
diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml new file mode 100644 index 00000000..4115d8b2 --- /dev/null +++ b/environments/manila-cephfsnative-config.yaml @@ -0,0 +1,18 @@ +# A Heat environment file which can be used to enable a +# a Manila CephFS Native driver backend. +resource_registry: + OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::Tripleo::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml + + +parameter_defaults: + ManilaCephFSNativeEnableBackend: true + ManilaCephFSNativeBackendName: cephfsnative + ManilaCephFSNativeDriverHandlesShareServers: false + ManilaCephFSNativeCephFSConfPath: '/etc/ceph/cephfs.conf' + ManilaCephFSNativeCephFSAuthId: 'manila' + ManilaCephFSNativeCephFSClusterName: 'ceph' + ManilaCephFSNativeCephFSEnableSnapshots: true diff --git a/extraconfig/all_nodes/mac_hostname.j2.yaml b/extraconfig/all_nodes/mac_hostname.j2.yaml index af6aa7f7..75ffc9e6 100644 --- a/extraconfig/all_nodes/mac_hostname.j2.yaml +++ b/extraconfig/all_nodes/mac_hostname.j2.yaml @@ -34,7 +34,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsController - servers: {get_param: servers, {{role.name}}} + servers: {get_param: [servers, {{role.name}}]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE {% endfor %} @@ -63,7 +63,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: DistributeMacDeploymentsController - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: DistributeMacConfig} input_values: # FIXME(shardy): It'd be more convenient if we could join these diff --git a/extraconfig/all_nodes/random_string.j2.yaml b/extraconfig/all_nodes/random_string.j2.yaml index 1c42cb85..9ce2ca8a 100644 --- a/extraconfig/all_nodes/random_string.j2.yaml +++ b/extraconfig/all_nodes/random_string.j2.yaml @@ -34,7 +34,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: RandomDeploymentsController - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: RandomConfig} actions: ['CREATE'] # Only do this on CREATE input_values: @@ -44,7 +44,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: RandomDeploymentsCompute - servers: {get_param: servers, Compute} + servers: {get_param: [servers, Compute]} config: {get_resource: RandomConfig} actions: ['CREATE'] # Only do this on CREATE input_values: diff --git a/extraconfig/all_nodes/swap-partition.j2.yaml b/extraconfig/all_nodes/swap-partition.j2.yaml index 014a96a1..36076b0c 100644 --- a/extraconfig/all_nodes/swap-partition.j2.yaml +++ b/extraconfig/all_nodes/swap-partition.j2.yaml @@ -37,7 +37,7 @@ resources: type: OS::Heat::SoftwareDeploymentGroup properties: config: {get_resource: SwapConfig} - servers: {get_param: servers, {{role.name}}} + servers: {get_param: [servers, {{role.name}}]} input_values: swap_partition_label: {get_param: swap_partition_label} actions: ["CREATE"] diff --git a/extraconfig/all_nodes/swap.j2.yaml b/extraconfig/all_nodes/swap.j2.yaml index 97149080..ce65dacb 100644 --- a/extraconfig/all_nodes/swap.j2.yaml +++ b/extraconfig/all_nodes/swap.j2.yaml @@ -50,7 +50,7 @@ resources: type: OS::Heat::SoftwareDeploymentGroup properties: config: {get_resource: SwapConfig} - servers: {get_param: servers, {{role.name}}} + servers: {get_param: [servers, {{role.name}}]} input_values: swap_size_megabytes: {get_param: swap_size_megabytes} swap_path: {get_param: swap_path} diff --git a/extraconfig/tasks/major_upgrade_ceph_mon.sh b/extraconfig/tasks/major_upgrade_ceph_mon.sh index 21a2b5bc..b633e658 100755 --- a/extraconfig/tasks/major_upgrade_ceph_mon.sh +++ b/extraconfig/tasks/major_upgrade_ceph_mon.sh @@ -24,7 +24,7 @@ if [ ${CEPH_STATUS} = HEALTH_ERR ]; then fi # Useful when upgrading with OSDs num < replica size -if [ ${ignore_ceph_upgrade_warnings:-false} != "true" ]; then +if [[ ${ignore_ceph_upgrade_warnings:-False} != [Tt]rue ]]; then timeout 300 bash -c "while [ ${CEPH_STATUS} != HEALTH_OK ]; do echo WARNING: Waiting for Ceph cluster status to go HEALTH_OK; sleep 30; diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index 2490ce27..0c590a42 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -19,7 +19,7 @@ STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk pcs property set stonith-enabled=false # Migrate to HA NG -if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then +if [[ -n $(is_bootstrap_node) ]]; then migrate_full_to_ng_ha fi @@ -29,9 +29,26 @@ fi # is going to take a long time because rabbit is down. By having the service stopped # systemctl try-restart is a noop -for $service in $(services_to_migrate); do +for service in $(services_to_migrate); do manage_systemd_service stop "${service%%-clone}" - check_resource_systemd "${service%%-clone}" stopped 600 + # So the reason for not reusing check_resource_systemd is that + # I have observed systemctl is-active returning unknown with at least + # one service that was stopped (See LP 1627254) + timeout=600 + tstart=$(date +%s) + tend=$(( $tstart + $timeout )) + check_interval=3 + while (( $(date +%s) < $tend )); do + if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then + echo "$service still active, sleeping $check_interval seconds." + sleep $check_interval + else + # we do not care if it is inactive, unknown or failed as long as it is + # not running + break + fi + + done done # In case the mysql package is updated, the database on disk must be @@ -46,7 +63,7 @@ done # on mysql package versionning, but this can be overriden manually # to support specific upgrade scenario -if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then +if [[ -n $(is_bootstrap_node) ]]; then if [ $DO_MYSQL_UPGRADE -eq 1 ]; then mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql" cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR" @@ -68,7 +85,7 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) fi -# Swift isn't controled by pacemaker +# Swift isn't controlled by pacemaker systemctl_swift stop tstart=$(date +%s) @@ -151,5 +168,13 @@ fi # Pin messages sent to compute nodes to kilo, these will be upgraded later crudini --set /etc/nova/nova.conf upgrade_levels compute "$upgrade_level_nova_compute" +# https://bugzilla.redhat.com/show_bug.cgi?id=1284047 +# Change-Id: Ib3f6c12ff5471e1f017f28b16b1e6496a4a4b435 +crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit +# https://bugzilla.redhat.com/show_bug.cgi?id=1284058 +# Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists +crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server" +# LP: 1615035, required only for M/N upgrade. +crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index 6bb2fa73..6055a3f9 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -32,6 +32,13 @@ fi start_or_enable_service galera check_resource galera started 600 +# We need mongod which is now a systemd service up and running before calling +# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes +# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely +# we should be good. +# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm +systemctl start mongod +check_resource mongod started 600 if [[ -n $(is_bootstrap_node) ]]; then tstart=$(date +%s) @@ -53,6 +60,7 @@ if [[ -n $(is_bootstrap_node) ]]; then keystone-manage db_sync neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head nova-manage db sync + nova-manage api_db sync #TODO(marios):someone from sahara needs to check this: # sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head fi @@ -68,7 +76,7 @@ systemctl_swift start # We need to start the systemd services we explicitely stopped at step _1.sh # FIXME: Should we let puppet during the convergence step do the service enabling or # should we add it here? -for $service in $(services_to_migrate); do - manage_systemd_service stop "${service%%-clone}" +for service in $(services_to_migrate); do + manage_systemd_service start "${service%%-clone}" check_resource_systemd "${service%%-clone}" started 600 done diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index 7244f949..a2a1bb5d 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -46,7 +46,7 @@ resources: CephMonUpgradeDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: CephMonUpgradeConfig} input_values: {get_param: input_values} update_policy: @@ -83,7 +83,7 @@ resources: type: OS::Heat::SoftwareDeploymentGroup depends_on: CephMonUpgradeDeployment properties: - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: ControllerPacemakerUpgradeConfig_Step1} input_values: {get_param: input_values} @@ -97,7 +97,7 @@ resources: BlockStorageUpgradeDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: servers, BlockStorage} + servers: {get_param: [servers, BlockStorage]} config: {get_resource: BlockStorageUpgradeConfig} input_values: {get_param: input_values} @@ -116,7 +116,7 @@ resources: type: OS::Heat::SoftwareDeploymentGroup depends_on: BlockStorageUpgradeDeployment properties: - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: ControllerPacemakerUpgradeConfig_Step2} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index b8c5321b..d974bb79 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -109,10 +109,11 @@ function services_to_migrate { # during the conversion # 2. Remove all the colocation constraints and then the ordering constraints, except the # ones related to haproxy/VIPs which exist in Newton as well -# 3. Remove all the resources that won't be managed by pacemaker in newton. Note that they -# will show up as ORPHANED but they will keep running normally via systemd. They will be -# enabled to start at boot by puppet during the converge step -# 4. Take the cluster out of maintenance-mode and do a resource cleanup +# 3. Take the cluster out of maintenance-mode and do a resource cleanup +# 4. Remove all the resources that won't be managed by pacemaker in newton. The +# outcome will be +# that they are stopped and removed from pacemakers control +# 5. Do a resource cleanup to make sure the cluster is in a clean state function migrate_full_to_ng_ha { if [[ -n $(pcmk_running) ]]; then pcs property set maintenance-mode=true @@ -135,32 +136,35 @@ function migrate_full_to_ng_ha { log_debug "Deleting ordering constraint $constraint from CIB" pcs constraint remove "$constraint" done + # At this stage all the pacemaker resources are removed from the CIB. + # Once we remove the maintenance-mode those systemd resources will keep + # on running. They shall be systemd enabled via the puppet converge + # step later on + pcs property set maintenance-mode=false # At this stage there are no constraints whatsoever except the haproxy/ip ones - # which we want to keep. We now delete each resource that will move to systemd - # Note that the corresponding systemd resource will stay running, which means that - # later when we do the "yum update", things will be a bit slower because each - # "systemctl try-restart <service>" is not a no-op any longer because the service is up - # and running and it will be restarted with rabbitmq being down. + # which we want to keep. We now disable and then delete each resource + # that will move to systemd. + # We want the systemd resources be stopped before doing "yum update", + # that way "systemctl try-restart <service>" is no-op because the + # service was down already PCS_STATUS_OUTPUT="$(pcs status)" for resource in $(services_to_migrate) "delay-clone" "openstack-core-clone"; do if echo "$PCS_STATUS_OUTPUT" | grep "$resource"; then log_debug "Deleting $resource from the CIB" - - # We need to add --force because the cluster is in maintenance mode and the resource - # is unmanaged. The if serves to make this idempotent + if ! pcs resource disable "$resource" --wait=600; then + echo_error "ERROR: resource $resource failed to be disabled" + exit 1 + fi pcs resource delete --force "$resource" else log_debug "Service $service not found as a pacemaker resource, not trying to delete." fi done - # At this stage all the pacemaker resources are removed from the CIB. Once we remove the - # maintenance-mode those systemd resources will keep on running. They shall be systemd enabled - # via the puppet converge step later on - pcs property set maintenance-mode=false - # We need to do a pcs resource cleanup here + crm_resource --wait to make sure the - # cluster is in a clean state before we stop everything, upgrade and restart everything + # We need to do a pcs resource cleanup here + crm_resource --wait to + # make sure the cluster is in a clean state before we stop everything, + # upgrade and restart everything pcs resource cleanup # We are making sure here that the cluster is stable before proceeding if ! timeout -k 10 600 crm_resource --wait; then diff --git a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml index 91406fba..b9a87d33 100644 --- a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml +++ b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml @@ -20,6 +20,6 @@ resources: AodhMysqlMigrationScriptDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: AodhMysqlMigrationScriptConfig} input_values: {get_param: input_values} diff --git a/network/ports/from_service.yaml b/network/ports/from_service.yaml index 3d61910e..782b6b07 100644 --- a/network/ports/from_service.yaml +++ b/network/ports/from_service.yaml @@ -24,6 +24,12 @@ parameters: description: The name of the undercloud Neutron control plane default: ctlplane type: string + FixedIPs: # Here for compatibility with ctlplane_vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json ServiceVips: default: {} type: json diff --git a/network/ports/from_service_v6.yaml b/network/ports/from_service_v6.yaml index 2dd0a0ee..80060b57 100644 --- a/network/ports/from_service_v6.yaml +++ b/network/ports/from_service_v6.yaml @@ -24,6 +24,12 @@ parameters: description: The name of the undercloud Neutron control plane default: ctlplane type: string + FixedIPs: # Here for compatibility with ctlplane_vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json ServiceVips: default: {} type: json diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 505f033d..f0a6035a 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -220,6 +220,7 @@ resource_registry: OS::Tripleo::Services::ManilaShare: OS::Heat::None OS::Tripleo::Services::ManilaBackendGeneric: OS::Heat::None OS::Tripleo::Services::ManilaBackendNetapp: OS::Heat::None + OS::Tripleo::Services::ManilaBackendCephFs: OS::Heat::None OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::AodhApi: puppet/services/aodh-api.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index aad1af62..e2ff4c14 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -261,6 +261,21 @@ resources: {% for r in roles %} - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings] {% endfor %} + # This next step combines two yaql passes: + # - The inner one does a deep merge on the service_config_settings for all roles + # - The outer one filters the map based on the services enabled for the role + # then merges the result into one map. + - yaql: + expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {}) + data: + map: + yaql: + expression: $.data.where($ != null).reduce($1.mergeWith($2), {}) + data: + {% for r in roles %} + - get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings] + {% endfor %} + services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]} LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} @@ -536,8 +551,6 @@ outputs: EnabledServices: description: The services enabled on each role value: - Controller: {get_attr: [ControllerServiceChain, role_data, service_names]} - Compute: {get_attr: [ComputeServiceChain, role_data, service_names]} - BlockStorage: {get_attr: [BlockStorageServiceChain, role_data, service_names]} - ObjectStorage: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} - CephStorage: {get_attr: [CephStorageServiceChain, role_data, service_names]} +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} +{% endfor %} diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml index 5dea044e..6a2ea4d5 100644 --- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml +++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml @@ -94,10 +94,10 @@ resources: type: OS::Heat::StructuredDeploymentGroup properties: config: {get_resource: NetworkMidoNetConfig} - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} NetworkMidonetDeploymentComputes: type: OS::Heat::StructuredDeploymentGroup properties: config: {get_resource: NetworkMidoNetConfig} - servers: {get_param: servers, Compute} + servers: {get_param: [servers, Compute]} diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index 728c7ccc..7bda0cd5 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -132,7 +132,7 @@ resources: properties: name: NetworkCiscoDeployment config: {get_resource: NetworkCiscoConfig} - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} input_values: UCSM_ip: {get_param: NetworkUCSMIp} UCSM_username: {get_param: NetworkUCSMUsername} @@ -179,7 +179,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsController - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -187,7 +187,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsCompute - servers: {get_param: servers, Compute} + servers: {get_param: [servers, Compute]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -195,7 +195,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsBlockStorage - servers: {get_param: servers, BlockStorage} + servers: {get_param: [servers, BlockStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -203,7 +203,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsObjectStorage - servers: {get_param: servers, ObjectStorage} + servers: {get_param: [servers, ObjectStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -211,7 +211,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsCephStorage - servers: {get_param: servers, CephStorage} + servers: {get_param: [servers, CephStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 15e93863..d3d9b5ad 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -74,5 +74,7 @@ outputs: aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms} + service_config_settings: + get_attr: [AodhBase, role_data, service_config_settings] step_config: | include tripleo::profile::base::aodh::api diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 187345ad..5314b837 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -87,12 +87,6 @@ outputs: aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } aodh::auth::auth_password: {get_param: AodhPassword} - aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} - aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} - aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} - aodh::keystone::auth::password: {get_param: AodhPassword} - aodh::keystone::auth::region: {get_param: KeystoneRegion} - aodh::keystone::auth::tenant: 'service' aodh::db::mysql::user: aodh aodh::db::mysql::password: {get_param: AodhPassword} aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} @@ -102,3 +96,11 @@ outputs: - "%{hiera('mysql_bind_host')}" aodh::auth::auth_region: 'regionOne' aodh::auth::auth_tenant_name: 'service' + service_config_settings: + keystone: + aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} + aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} + aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} + aodh::keystone::auth::password: {get_param: AodhPassword} + aodh::keystone::auth::region: {get_param: KeystoneRegion} + aodh::keystone::auth::tenant: 'service' diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index c8f679c2..50431e3d 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -77,5 +77,7 @@ outputs: '"%{::fqdn_$NETWORK}"' params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + service_config_settings: + get_attr: [CeilometerServiceBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 62fdd5c1..25fccd9e 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -107,12 +107,6 @@ outputs: ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' - ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} - ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} - ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} - ceilometer::keystone::auth::password: {get_param: CeilometerPassword} - ceilometer::keystone::auth::region: {get_param: KeystoneRegion} - ceilometer::keystone::auth::tenant: 'service' ceilometer::rabbit_userid: {get_param: RabbitUserName} ceilometer::rabbit_password: {get_param: RabbitPassword} ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} @@ -127,3 +121,11 @@ outputs: ceilometer::db::database_db_max_retries: -1 ceilometer::db::database_max_retries: -1 ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} + service_config_settings: + keystone: + ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} + ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} + ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} + ceilometer::keystone::auth::password: {get_param: CeilometerPassword} + ceilometer::keystone::auth::region: {get_param: KeystoneRegion} + ceilometer::keystone::auth::tenant: 'service' diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 6bb4f6d1..18a4b780 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -67,11 +67,13 @@ outputs: tripleo.ceph_rgw.firewall_rules: '122 ceph rgw': dport: {get_param: [EndpointMap, CephRgwInternal, port]} - ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} - ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} - ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} - ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} - ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} - ceph::rgw::keystone::auth::tenant: 'service' step_config: | include ::tripleo::profile::base::ceph::rgw + service_config_settings: + keystone: + ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} + ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} + ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} + ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} + ceph::rgw::keystone::auth::tenant: 'service' diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 1dae9f15..875a3aa1 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -65,19 +65,8 @@ outputs: cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} cinder::keystone::authtoken::password: {get_param: CinderPassword} cinder::keystone::authtoken::project_name: 'service' - cinder::keystone::auth::tenant: 'service' - cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} - cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} - cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} - cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} - cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} - cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} - cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} - cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} - cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} - cinder::keystone::auth::password: {get_param: CinderPassword} - cinder::keystone::auth::region: {get_param: KeystoneRegion} cinder::api::enable_proxy_headers_parsing: true + cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' # TODO(emilien) move it to puppet-cinder cinder::config: @@ -98,3 +87,17 @@ outputs: cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} step_config: | include ::tripleo::profile::base::cinder::api + service_config_settings: + keystone: + cinder::keystone::auth::tenant: 'service' + cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} + cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} + cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} + cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} + cinder::keystone::auth::password: {get_param: CinderPassword} + cinder::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index b0eea481..094a7c9f 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -74,5 +74,11 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 51f19baf..c399bf4e 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -135,11 +135,6 @@ outputs: glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} - glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} - glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} - glance::keystone::auth::password: {get_param: GlancePassword } - glance::keystone::auth::region: {get_param: KeystoneRegion} glance::registry::db::database_db_max_retries: -1 glance::registry::db::database_max_retries: -1 tripleo.glance_api.firewall_rules: @@ -147,7 +142,6 @@ outputs: dport: - 9292 - 13292 - glance::keystone::auth::tenant: 'service' glance::api::authtoken::project_name: 'service' glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true @@ -160,3 +154,11 @@ outputs: glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]} step_config: | include ::tripleo::profile::base::glance::api + service_config_settings: + keystone: + glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} + glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} + glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} + glance::keystone::auth::password: {get_param: GlancePassword } + glance::keystone::auth::region: {get_param: KeystoneRegion} + glance::keystone::auth::tenant: 'service' diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 07d3b01e..481a44cb 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -78,12 +78,6 @@ outputs: - 13041 gnocchi::api::enabled: true gnocchi::api::service_name: 'httpd' - gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } - gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} - gnocchi::keystone::auth::password: {get_param: GnocchiPassword} - gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } - gnocchi::keystone::auth::region: {get_param: KeystoneRegion} - gnocchi::keystone::auth::tenant: 'service' gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword} @@ -110,3 +104,11 @@ outputs: gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]} step_config: | include ::tripleo::profile::base::gnocchi::api + service_config_settings: + keystone: + gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi::keystone::auth::password: {get_param: GnocchiPassword} + gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} + gnocchi::keystone::auth::tenant: 'service' diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 4e9c45e6..a47fec5a 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -60,12 +60,6 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api_cfn::workers: {get_param: HeatWorkers} - heat::keystone::auth_cfn::tenant: 'service' - heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} - heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} - heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} - heat::keystone::auth_cfn::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} tripleo.heat_api_cfn.firewall_rules: '125 heat_cfn': dport: @@ -80,3 +74,11 @@ outputs: heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cfn + service_config_settings: + keystone: + heat::keystone::auth_cfn::tenant: 'service' + heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} + heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} + heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} + heat::keystone::auth_cfn::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index edaff77a..2ea96fc0 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -60,12 +60,6 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api::workers: {get_param: HeatWorkers} - heat::keystone::auth::tenant: 'service' - heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} - heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} - heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} - heat::keystone::auth::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} tripleo.heat_api.firewall_rules: '125 heat_api': dport: @@ -80,3 +74,11 @@ outputs: heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api + service_config_settings: + keystone: + heat::keystone::auth::tenant: 'service' + heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} + heat::keystone::auth::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 5c3f370e..19e54f5b 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -58,12 +58,6 @@ outputs: ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} - ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} - ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} - ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} - ironic::keystone::auth::auth_name: 'ironic' - ironic::keystone::auth::password: {get_param: IronicPassword } - ironic::keystone::auth::tenant: 'service' tripleo.ironic_api.firewall_rules: '133 ironic api': dport: @@ -71,3 +65,11 @@ outputs: - 13385 step_config: | include ::tripleo::profile::base::ironic::api + service_config_settings: + keystone: + ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} + ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + ironic::keystone::auth::auth_name: 'ironic' + ironic::keystone::auth::password: {get_param: IronicPassword } + ironic::keystone::auth::tenant: 'service' diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index e358930b..b7a807fa 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -118,7 +118,6 @@ outputs: logging_groups: - keystone config_settings: - config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] - keystone::database_connection: diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 1513ab31..531b4b0b 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -51,14 +51,6 @@ outputs: manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } manila::keystone::authtoken::project_name: 'service' - manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} - manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} - manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} - manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} - manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} - manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} - manila::keystone::auth::password: {get_param: ManilaPassword } - manila::keystone::auth::region: {get_param: KeystoneRegion } # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): @@ -69,4 +61,13 @@ outputs: manila::api::enable_proxy_headers_parsing: true step_config: | include ::tripleo::profile::base::manila::api - + service_config_settings: + keystone: + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} + manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::password: {get_param: ManilaPassword} + manila::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml new file mode 100644 index 00000000..89a36d21 --- /dev/null +++ b/puppet/services/manila-backend-cephfs.yaml @@ -0,0 +1,61 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Manila Cephfs backend + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # CephFS Native backend params: + ManilaCephFSNativeEnableBackend: + type: boolean + default: false + ManilaCephFSNativeBackendName: + type: string + default: cephfsnative + ManilaCephFSNativeDriverHandlesShareServers: + type: boolean + default: false + ManilaCephFSNativeShareBackendName: + type: string + default: 'cephfs' + ManilaCephFSNativeCephFSConfPath: + type: string + default: '/etc/ceph/cephfs.conf' + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + ManilaCephFSNativeCephFSClusterName: + type: string + default: 'ceph' + ManilaCephFSNativeCephFSEnableSnapshots: + type: boolean + default: true + +outputs: + role_data: + description: Role data for the Manila Cephfs backend. + value: + service_name: manila_backend_cephfs + config_settings: + manila::backend::cephfsnative::enable_backend: {get_param: ManilaCephFSNativeEnableBackend} + manila::backend::cephfsnative::title: {get_param: ManilaCephFSNativeBackendName} + manila::backend::cephfsnative::driver_handles_share_servers: {get_param: ManilaCephFSNativeDriverHandlesShareServers} + manila::backend::cephfsnative::share_backend_name: {get_param: ManilaCephFSNativeShareBackendName} + manila::backend::cephfsnative::cephfs_conf_path: {get_param: ManilaCephFSNativeCephFSConfPath} + manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId} + manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} + manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} + step_config: diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index b939e7be..8cfa20bd 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -114,12 +114,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - neutron::keystone::auth::tenant: 'service' - neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} - neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } - neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } - neutron::keystone::auth::password: {get_param: NeutronPassword} - neutron::keystone::auth::region: {get_param: KeystoneRegion} neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} @@ -161,3 +155,11 @@ outputs: neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} step_config: | include tripleo::profile::base::neutron::server + service_config_settings: + keystone: + neutron::keystone::auth::tenant: 'service' + neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} + neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron::keystone::auth::password: {get_param: NeutronPassword} + neutron::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index a124d4a1..8be4c6d6 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -23,9 +23,16 @@ parameters: type: string hidden: true NeutronWorkers: - default: 0 - description: Number of workers for Neutron service. - type: number + default: '' + description: | + Sets the number of worker processes for the neutron metadata agent. The + default value results in the configuration being left unset and a + system-dependent default will be chosen (usually the number of + processors). Please note that this can result in a large number of + processes and memory consumption on systems with a large core count. On + such systems it is recommended that a non-default value be selected that + matches the load requirements. + type: string NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. type: string diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 9d42fe65..25ae0176 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -94,12 +94,6 @@ outputs: nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true - nova::keystone::auth::tenant: 'service' - nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} - nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} - nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} - nova::keystone::auth::password: {get_param: NovaPassword} - nova::keystone::auth::region: {get_param: KeystoneRegion} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP @@ -113,3 +107,11 @@ outputs: step_config: | include tripleo::profile::base::nova::api + service_config_settings: + keystone: + nova::keystone::auth::tenant: 'service' + nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} + nova::keystone::auth::password: {get_param: NovaPassword} + nova::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index d555ed0a..f6d4be20 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -35,6 +35,13 @@ outputs: value: service_name: mysql config_settings: - get_attr: [MysqlBase, role_data, config_settings] + map_merge: + - get_attr: [MysqlBase, role_data, config_settings] + - tripleo::profile::pacemaker::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::pacemaker::database::mysql diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 8085d546..4f139b5f 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -61,11 +61,6 @@ outputs: - get_attr: [SaharaBase, role_data, config_settings] - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} sahara::service::api::api_workers: {get_param: SaharaWorkers} - sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} - sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} - sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} - sahara::keystone::auth::password: {get_param: SaharaPassword } - sahara::keystone::auth::region: {get_param: KeystoneRegion} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP @@ -79,3 +74,11 @@ outputs: - 13386 step_config: | include ::tripleo::profile::base::sahara::api + service_config_settings: + keystone: + sahara::keystone::auth::tenant: 'service' + sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} + sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} + sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} + sahara::keystone::auth::password: {get_param: SaharaPassword } + sahara::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index c1ab8e8b..c3986b77 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -85,6 +85,5 @@ outputs: - storm sahara::rpc_backend: rabbit sahara::admin_tenant_name: 'service' - sahara::keystone::auth::tenant: 'service' sahara::db::database_db_max_retries: -1 sahara::db::database_max_retries: -1 diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index c8d5642c..7b5fa40c 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -54,8 +54,8 @@ outputs: data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} monitoring_subscriptions: yaql: - expression: list($.data.subscriptions.where($ != null)) - data: {subscriptions: {get_attr: [ServiceChain, role_data, monitoring_subscription]}} + expression: list($.data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} logging_sources: # Transform the individual logging_source configuration from # each service in the chain into a global list, adding some @@ -77,7 +77,9 @@ outputs: data: sources: - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} - - {get_attr: [ServiceChain, role_data, logging_source]} + - yaql: + expression: list($.data.where($ != null).select($.get('logging_sources')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} - {get_attr: [LoggingConfiguration, LoggingExtraSources]} default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} @@ -90,12 +92,18 @@ outputs: data: groups: - [{get_attr: [LoggingConfiguration, LoggingDefaultGroups]}] - - {get_attr: [ServiceChain, role_data, logging_groups]} + - yaql: + expression: list($.data.where($ != null).select($.get('logging_groups')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} - [{get_attr: [LoggingConfiguration, LoggingExtraGroups]}] config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} global_config_settings: map_merge: yaql: - expression: list($.data.configs.where($ != null)) - data: {configs: {get_attr: [ServiceChain, role_data, global_config_settings]}} + expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + service_config_settings: + yaql: + expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) + data: {get_attr: [ServiceChain, role_data]} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index d7b0cd7c..8b990bcd 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -66,25 +66,11 @@ outputs: swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} - swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} - swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} - swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} - swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} - swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} - swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} - swift::keystone::auth::password: {get_param: SwiftPassword} - swift::keystone::auth::region: {get_param: KeystoneRegion} tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: - 8080 - 13808 - swift::keystone::auth::tenant: 'service' - swift::keystone::auth::configure_s3_endpoint: false - swift::keystone::auth::operator_roles: - - admin - - swiftoperator - - ResellerAdmin swift::proxy::keystone::operator_roles: - admin - swiftoperator @@ -113,3 +99,19 @@ outputs: swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]} step_config: | include ::tripleo::profile::base::swift::proxy + service_config_settings: + keystone: + swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} + swift::keystone::auth::password: {get_param: SwiftPassword} + swift::keystone::auth::region: {get_param: KeystoneRegion} + swift::keystone::auth::tenant: 'service' + swift::keystone::auth::configure_s3_endpoint: false + swift::keystone::auth::operator_roles: + - admin + - swiftoperator + - ResellerAdmin diff --git a/roles_data.yaml b/roles_data.yaml index e052aeef..fe98d827 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -77,6 +77,7 @@ - OS::Tripleo::Services::ManilaScheduler - OS::Tripleo::Services::ManilaBackendGeneric - OS::Tripleo::Services::ManilaBackendNetapp + - OS::Tripleo::Services::ManilaBackendCephFs - OS::Tripleo::Services::ManilaShare - OS::TripleO::Services::AodhApi - OS::TripleO::Services::AodhEvaluator |