summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--environments/enable-internal-tls.yaml1
-rw-r--r--environments/hyperconverged-ceph.yaml23
-rw-r--r--environments/use-dns-for-vips.yaml4
-rw-r--r--hosts-config.yaml7
-rw-r--r--net-config-bond.yaml9
-rw-r--r--net-config-bridge.yaml8
-rw-r--r--net-config-static-bridge-with-external-dhcp.yaml9
-rw-r--r--network/config/bond-with-vlans/controller-v6.yaml2
-rw-r--r--network/config/multiple-nics/compute.yaml2
-rw-r--r--network/config/multiple-nics/controller-v6.yaml4
-rw-r--r--network/config/multiple-nics/controller.yaml3
-rw-r--r--network/config/single-nic-linux-bridge-vlans/controller-v6.yaml3
-rw-r--r--network/config/single-nic-linux-bridge-vlans/controller.yaml3
-rw-r--r--network/config/single-nic-vlans/controller-v6.yaml3
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml2
-rw-r--r--overcloud.j2.yaml77
-rw-r--r--puppet/services/database/mysql-internal-tls-certmonger.yaml43
-rw-r--r--puppet/services/database/mysql.yaml88
-rw-r--r--puppet/services/monitoring/sensu-base.yaml2
-rw-r--r--puppet/services/swift-proxy.yaml5
-rw-r--r--puppet/services/vip-hosts.yaml56
-rw-r--r--roles_data.yaml5
22 files changed, 174 insertions, 185 deletions
diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml
index 7116da37..c01b4888 100644
--- a/environments/enable-internal-tls.yaml
+++ b/environments/enable-internal-tls.yaml
@@ -4,3 +4,4 @@ parameter_defaults:
EnableInternalTLS: true
resource_registry:
OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml
+ OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
index cee4ae4a..77fa5a49 100644
--- a/environments/hyperconverged-ceph.yaml
+++ b/environments/hyperconverged-ceph.yaml
@@ -5,7 +5,24 @@ resource_registry:
parameter_defaults:
ComputeServices:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephClient
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronL3Agent
+ - OS::TripleO::Services::ComputeNeutronMetadataAgent
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::CephOSD
-
-parameter_merge_strategies:
- ComputeServices: merge \ No newline at end of file
diff --git a/environments/use-dns-for-vips.yaml b/environments/use-dns-for-vips.yaml
index daf07bc7..b700312f 100644
--- a/environments/use-dns-for-vips.yaml
+++ b/environments/use-dns-for-vips.yaml
@@ -1,5 +1,5 @@
# A Heat environment file which can be used to disable the writing of the VIPs
# to the /etc/hosts file in the overcloud. Use this in case you have a working
# DNS server that you will provide for the overcloud.
-resource_registry:
- OS::TripleO::Services::VipHosts: OS::Heat::None
+parameter_defaults:
+ AddVipsToEtcHosts: False
diff --git a/hosts-config.yaml b/hosts-config.yaml
index df0addfd..b5a22b7f 100644
--- a/hosts-config.yaml
+++ b/hosts-config.yaml
@@ -3,7 +3,7 @@ description: 'All Hosts Config'
parameters:
hosts:
- type: comma_delimited_list
+ type: string
resources:
@@ -12,10 +12,7 @@ resources:
properties:
group: os-apply-config
config:
- hosts:
- list_join:
- - "\n"
- - {get_param: hosts}
+ hosts: {get_param: hosts}
outputs:
config_id:
diff --git a/net-config-bond.yaml b/net-config-bond.yaml
index ec881bdc..01f8ac1d 100644
--- a/net-config-bond.yaml
+++ b/net-config-bond.yaml
@@ -56,14 +56,6 @@ resources:
type: ovs_bridge
name: {get_input: bridge_name}
use_dhcp: true
- # Can't do this yet: https://bugs.launchpad.net/heat/+bug/1344284
- #ovs_extra:
- # - list_join:
- # - ' '
- # - - br-set-external-id
- # - {get_input: bridge_name}
- # - bridge-id
- # - {get_input: bridge_name}
members:
-
type: ovs_bond
@@ -71,7 +63,6 @@ resources:
use_dhcp: true
ovs_options: {get_param: BondInterfaceOvsOptions}
members:
- # os-net-config translates nic1 => em1 (for example)
-
type: interface
name: nic1
diff --git a/net-config-bridge.yaml b/net-config-bridge.yaml
index 4f7a19dc..318eca8a 100644
--- a/net-config-bridge.yaml
+++ b/net-config-bridge.yaml
@@ -45,14 +45,6 @@ resources:
type: ovs_bridge
name: {get_input: bridge_name}
use_dhcp: true
- # Can't do this yet: https://bugs.launchpad.net/heat/+bug/1344284
- #ovs_extra:
- # - list_join:
- # - ' '
- # - - br-set-external-id
- # - {get_input: bridge_name}
- # - bridge-id
- # - {get_input: bridge_name}
members:
-
type: interface
diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml
index 6dbe5982..3ea4e6ab 100644
--- a/net-config-static-bridge-with-external-dhcp.yaml
+++ b/net-config-static-bridge-with-external-dhcp.yaml
@@ -68,15 +68,6 @@ resources:
primary: true
-
type: interface
- # would like to do the following, but can't b/c of:
- # https://bugs.launchpad.net/heat/+bug/1344284
- # name:
- # list_join:
- # - '/'
- # - - {get_input: bridge_name}
- # - ':0'
- # So, just hardcode to br-ex:0 for now, br-ex is hardcoded in
- # controller.yaml anyway.
name: br-ex:0
addresses:
-
diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml
index 1361d969..d45ab33c 100644
--- a/network/config/bond-with-vlans/controller-v6.yaml
+++ b/network/config/bond-with-vlans/controller-v6.yaml
@@ -115,7 +115,6 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
- # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -144,7 +143,6 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
- # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml
index 77514745..2e07d45e 100644
--- a/network/config/multiple-nics/compute.yaml
+++ b/network/config/multiple-nics/compute.yaml
@@ -122,7 +122,6 @@ resources:
-
ip_netmask: {get_param: InternalApiIpSubnet}
-
- # Create a bridge which can also be used for VLAN-mode bridge mapping
type: ovs_bridge
name: br-tenant
use_dhcp: false
@@ -134,7 +133,6 @@ resources:
type: interface
name: nic5
use_dhcp: false
- # force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml
index da1f95f1..bbc89ab6 100644
--- a/network/config/multiple-nics/controller-v6.yaml
+++ b/network/config/multiple-nics/controller-v6.yaml
@@ -132,7 +132,6 @@ resources:
-
ip_netmask: {get_param: InternalApiIpSubnet}
-
- # Create a bridge which can also be used for VLAN-mode bridge mapping
type: ovs_bridge
name: br-tenant
use_dhcp: false
@@ -144,7 +143,6 @@ resources:
type: interface
name: nic5
use_dhcp: false
- # force the MAC address of the bridge to this interface
primary: true
-
type: ovs_bridge
@@ -155,7 +153,6 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
- # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -163,7 +160,6 @@ resources:
-
type: interface
name: nic6
- # force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml
index 7a1f9e5f..a0176b5b 100644
--- a/network/config/multiple-nics/controller.yaml
+++ b/network/config/multiple-nics/controller.yaml
@@ -126,7 +126,6 @@ resources:
-
ip_netmask: {get_param: InternalApiIpSubnet}
-
- # Create a bridge which can also be used for VLAN-mode bridge mapping
type: ovs_bridge
name: br-tenant
use_dhcp: false
@@ -138,7 +137,6 @@ resources:
type: interface
name: nic5
use_dhcp: false
- # force the MAC address of the bridge to this interface
primary: true
-
type: ovs_bridge
@@ -156,7 +154,6 @@ resources:
-
type: interface
name: nic6
- # force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
index 80125149..a299d23e 100644
--- a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
@@ -106,7 +106,6 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
- # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -114,7 +113,6 @@ resources:
-
type: interface
name: {get_input: interface_name}
- # force the MAC address of the bridge to this interface
primary: true
-
type: vlan
@@ -124,7 +122,6 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
- # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml
index aef5d4e3..bd97ccb0 100644
--- a/network/config/single-nic-linux-bridge-vlans/controller.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml
@@ -104,7 +104,6 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
- # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -112,7 +111,6 @@ resources:
-
type: interface
name: {get_input: interface_name}
- # force the MAC address of the bridge to this interface
primary: true
-
type: vlan
@@ -122,7 +120,6 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
- # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml
index ecbf2efb..bf5656ed 100644
--- a/network/config/single-nic-vlans/controller-v6.yaml
+++ b/network/config/single-nic-vlans/controller-v6.yaml
@@ -106,7 +106,6 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
- # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -114,7 +113,6 @@ resources:
-
type: interface
name: nic1
- # force the MAC address of the bridge to this interface
primary: true
-
type: vlan
@@ -123,7 +121,6 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
- # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 19766ad8..30b9f2b9 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -125,6 +125,7 @@ resource_registry:
OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml
OS::TripleO::Services::Kernel: puppet/services/kernel.yaml
OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml
+ OS::TripleO::Services::MySQLTLS: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
@@ -181,7 +182,6 @@ resource_registry:
OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml
OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml
OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml
- OS::TripleO::Services::VipHosts: puppet/services/vip-hosts.yaml
# Services that are disabled by default (use relevant environment files):
OS::TripleO::Services::FluentdClient: OS::Heat::None
OS::TripleO::LoggingConfiguration: puppet/services/logging/fluentd-config.yaml
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index f3a71262..ba1c6b36 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -170,9 +170,50 @@ parameters:
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
+ AddVipsToEtcHosts:
+ default: True
+ type: boolean
+ description: >
+ Set to true to append per network Vips to /etc/hosts on each node.
+
+conditions:
+ add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}
resources:
+ VipHosts:
+ type: OS::Heat::Value
+ properties:
+ type: string
+ value:
+ list_join:
+ - '\n'
+ - - str_replace:
+ template: IP HOST
+ params:
+ IP: {get_attr: [VipMap, net_ip_map, external]}
+ HOST: {get_param: CloudName}
+ - str_replace:
+ template: IP HOST
+ params:
+ IP: {get_attr: [VipMap, net_ip_map, ctlplane]}
+ HOST: {get_param: CloudNameCtlplane}
+ - str_replace:
+ template: IP HOST
+ params:
+ IP: {get_attr: [VipMap, net_ip_map, internal_api]}
+ HOST: {get_param: CloudNameInternal}
+ - str_replace:
+ template: IP HOST
+ params:
+ IP: {get_attr: [VipMap, net_ip_map, storage]}
+ HOST: {get_param: CloudNameStorage}
+ - str_replace:
+ template: IP HOST
+ params:
+ IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]}
+ HOST: {get_param: CloudNameStorageManagement}
+
HeatAuthEncryptionKey:
type: OS::Heat::RandomString
@@ -328,8 +369,15 @@ resources:
type: OS::TripleO::Hosts::SoftwareConfig
properties:
hosts:
+ list_join:
+ - '\n'
+ - - if:
+ - add_vips_to_etc_hosts
+ - {get_attr: [VipHosts, value]}
+ - ''
+ -
{% for role in roles %}
- - list_join:
+ - list_join:
- '\n'
- {get_attr: [{{role.name}}, hosts_entry]}
{% endfor %}
@@ -581,32 +629,7 @@ outputs:
list_join:
- "\n"
- - {get_attr: [hostsConfig, hosts_entries]}
- -
- - str_replace:
- template: IP HOST
- params:
- IP: {get_attr: [VipMap, net_ip_map, external]}
- HOST: {get_param: CloudName}
- - str_replace:
- template: IP HOST
- params:
- IP: {get_attr: [VipMap, net_ip_map, ctlplane]}
- HOST: {get_param: CloudNameCtlplane}
- - str_replace:
- template: IP HOST
- params:
- IP: {get_attr: [VipMap, net_ip_map, internal_api]}
- HOST: {get_param: CloudNameInternal}
- - str_replace:
- template: IP HOST
- params:
- IP: {get_attr: [VipMap, net_ip_map, storage]}
- HOST: {get_param: CloudNameStorage}
- - str_replace:
- template: IP HOST
- params:
- IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]}
- HOST: {get_param: CloudNameStorageManagement}
+ - - {get_attr: [VipHosts, value]}
EnabledServices:
description: The services enabled on each role
value:
diff --git a/puppet/services/database/mysql-internal-tls-certmonger.yaml b/puppet/services/database/mysql-internal-tls-certmonger.yaml
new file mode 100644
index 00000000..3ba51fb6
--- /dev/null
+++ b/puppet/services/database/mysql-internal-tls-certmonger.yaml
@@ -0,0 +1,43 @@
+heat_template_version: 2016-10-14
+
+description: >
+ MySQL configurations for using TLS via certmonger.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ # The following parameters are not needed by the template but are
+ # required to pass the pep8 tests
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: MySQL configurations for using TLS via certmonger.
+ value:
+ service_name: mysql_internal_tls_certmonger
+ config_settings:
+ generate_service_certificates: true
+ tripleo::profile::base::database::mysql::certificate_specs:
+ service_certificate: '/etc/pki/tls/certs/mysql.crt'
+ service_key: '/etc/pki/tls/private/mysql.key'
+ hostname:
+ str_replace:
+ template: "%{hiera('cloud_name_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ principal:
+ str_replace:
+ template: "mysql/%{hiera('cloud_name_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index 094a7c9f..651bf4b1 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -35,50 +35,60 @@ parameters:
description: Whether to use Galera instead of regular MariaDB.
type: boolean
+resources:
+
+ MySQLTLS:
+ type: OS::TripleO::Services::MySQLTLS
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+
outputs:
role_data:
description: Service MySQL using composable services.
value:
service_name: mysql
config_settings:
- # The Galera package should work in cluster and
- # non-cluster modes based on the config file.
- # We set the package name here explicitly so
- # that it matches what we pre-install
- # in tripleo-puppet-elements.
- mysql::server::package_name: 'mariadb-galera-server'
- mysql::server::manage_config_file: true
- tripleo.mysql.firewall_rules:
- '104 mysql galera':
- dport:
- - 873
- - 3306
- - 4444
- - 4567
- - 4568
- - 9200
- mysql_max_connections: {get_param: MysqlMaxConnections}
- mysql::server::root_password:
- yaql:
- expression: $.data.passwords.where($ != '').first()
- data:
- passwords:
- - {get_param: MysqlRootPassword}
- - {get_param: [DefaultPasswords, mysql_root_password]}
- mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
- enable_galera: {get_param: EnableGalera}
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
- tripleo::profile::base::database::mysql::bind_address:
- str_replace:
- template:
- '"%{::fqdn_$NETWORK}"'
- params:
- $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ map_merge:
+ - get_attr: [MySQLTLS, role_data, config_settings]
+ -
+ # The Galera package should work in cluster and
+ # non-cluster modes based on the config file.
+ # We set the package name here explicitly so
+ # that it matches what we pre-install
+ # in tripleo-puppet-elements.
+ mysql::server::package_name: 'mariadb-galera-server'
+ mysql::server::manage_config_file: true
+ tripleo.mysql.firewall_rules:
+ '104 mysql galera':
+ dport:
+ - 873
+ - 3306
+ - 4444
+ - 4567
+ - 4568
+ - 9200
+ mysql_max_connections: {get_param: MysqlMaxConnections}
+ mysql::server::root_password:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: MysqlRootPassword}
+ - {get_param: [DefaultPasswords, mysql_root_password]}
+ mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
+ enable_galera: {get_param: EnableGalera}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
+ tripleo::profile::base::database::mysql::bind_address:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
step_config: |
include ::tripleo::profile::base::database::mysql
diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml
index e5762328..ea23b8b6 100644
--- a/puppet/services/monitoring/sensu-base.yaml
+++ b/puppet/services/monitoring/sensu-base.yaml
@@ -45,7 +45,7 @@ parameters:
default: '/sensu'
SensuRedactVariables:
description: Variables from Sensu configuration, which have to be redacted.
- type: array
+ type: comma_delimited_list
default:
- password
- passwd
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 129f9b10..ba184ab0 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -100,6 +100,11 @@ outputs:
- 'authtoken'
- 'keystone'
- 'staticweb'
+ - 'copy'
+ - 'container-quotas'
+ - 'account-quotas'
+ - 'slo'
+ - 'dlo'
- 'versioned_writes'
- 'ceilometer'
- 'proxy-logging'
diff --git a/puppet/services/vip-hosts.yaml b/puppet/services/vip-hosts.yaml
deleted file mode 100644
index a9d757ee..00000000
--- a/puppet/services/vip-hosts.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-heat_template_version: 2016-04-08
-
-description: >
- If the deployer doesn't have a DNS server for the overcloud nodes. This will
- populate the node-names and IPs for the VIPs of the overcloud.
-
-parameters:
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry. This
- mapping overrides those in ServiceNetMapDefaults.
- type: json
- DefaultPasswords:
- default: {}
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
-
-outputs:
- role_data:
- description: role data for the VIP hosts role
- value:
- service_name: vip_hosts
- config_settings:
- tripleo::vip_hosts::hosts_spec:
- external:
- name: "%{hiera('cloud_name_external')}"
- ip: "%{hiera('public_virtual_ip')}"
- ensure: present
- comment: FQDN of the external VIP
- internal_api:
- name: "%{hiera('cloud_name_internal_api')}"
- ip: "%{hiera('internal_api_virtual_ip')}"
- ensure: present
- comment: FQDN of the internal api VIP
- storage:
- name: "%{hiera('cloud_name_storage')}"
- ip: "%{hiera('storage_virtual_ip')}"
- ensure: present
- comment: FQDN of the storage VIP
- storage_mgmt:
- name: "%{hiera('cloud_name_storage_mgmt')}"
- ip: "%{hiera('storage_mgmt_virtual_ip')}"
- ensure: present
- comment: FQDN of the storage mgmt VIP
- ctlplane:
- name: "%{hiera('cloud_name_ctlplane')}"
- ip: "%{hiera('controller_virtual_ip')}"
- ensure: present
- comment: FQDN of the ctlplane VIP
- step_config: |
- include ::tripleo::vip_hosts
diff --git a/roles_data.yaml b/roles_data.yaml
index 0317e1b6..d7ed80c5 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -94,7 +94,6 @@
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::VipHosts
- OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::PankoApi
@@ -122,7 +121,6 @@
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::VipHosts
- name: BlockStorage
ServicesDefault:
@@ -136,7 +134,6 @@
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::VipHosts
- name: ObjectStorage
ServicesDefault:
@@ -151,7 +148,6 @@
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::VipHosts
- name: CephStorage
ServicesDefault:
@@ -165,4 +161,3 @@
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::VipHosts