diff options
39 files changed, 872 insertions, 170 deletions
diff --git a/ceph-cluster-config.yaml b/ceph-cluster-config.yaml index f44e27c1..c3cf8e8a 100644 --- a/ceph-cluster-config.yaml +++ b/ceph-cluster-config.yaml @@ -2,6 +2,18 @@ heat_template_version: 2015-04-30 description: 'Ceph Cluster config data' parameters: + ceph_storage_count: + default: 0 + type: number + description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. + ceph_external_mon_ips: + default: '' + type: string + description: List of external Ceph Mon host IPs. + ceph_client_key: + default: '' + type: string + description: Ceph key used to create the 'openstack' user keyring. ceph_fsid: default: '' type: string diff --git a/compute.yaml b/compute.yaml index 933639ce..9a2c6f17 100644 --- a/compute.yaml +++ b/compute.yaml @@ -102,7 +102,10 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - KeystoneHost: + KeystoneAdminApiVirtualIP: + type: string + default: '' + KeystonePublicApiVirtualIP: type: string default: '' NeutronBridgeMappings: @@ -129,7 +132,7 @@ parameters: NeutronNetworkType: type: string description: The tenant network type for Neutron, either gre or vxlan. - default: 'gre' + default: 'vxlan' NeutronNetworkVLANRanges: default: 'datacentre' description: > @@ -155,7 +158,7 @@ parameters: description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' - default: 'gre' + default: 'vxlan' NeutronTunnelIdRanges: description: | Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges @@ -409,7 +412,7 @@ resources: glance_host: {get_param: GlanceHost} glance_port: {get_param: GlancePort} glance_protocol: {get_param: GlanceProtocol} - keystone_host: {get_param: KeystoneHost} + keystone_host: {get_param: KeystonePublicApiVirtualIP} neutron_flat_networks: {get_param: NeutronFlatNetworks} neutron_host: {get_param: NeutronHost} neutron_local_ip: {get_attr: [NovaCompute, networks, ctlplane, 0]} diff --git a/controller.yaml b/controller.yaml index 7ee837f5..79f5ece5 100644 --- a/controller.yaml +++ b/controller.yaml @@ -255,6 +255,16 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -333,7 +343,7 @@ parameters: default: 'datacentre' description: If set, flat networks to configure in neutron plugins. NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronNetworkVLANRanges: @@ -375,7 +385,7 @@ parameters: description: If set, the public interface is a vlan with this device as the raw device. type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' @@ -505,6 +515,9 @@ parameters: MysqlVirtualIP: type: string default: '' + KeystoneAdminApiVirtualIP: + type: string + default: '' KeystonePublicApiVirtualIP: type: string default: '' diff --git a/deprecated/nova-compute-instance.yaml b/deprecated/nova-compute-instance.yaml index e68c61f9..811c0fc3 100644 --- a/deprecated/nova-compute-instance.yaml +++ b/deprecated/nova-compute-instance.yaml @@ -100,7 +100,7 @@ parameters: NeutronHost: type: string NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronNetworkVLANRanges: @@ -114,7 +114,7 @@ parameters: description: A port to add to the NeutronPhysicalBridge. type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' diff --git a/deprecated/overcloud-source.yaml b/deprecated/overcloud-source.yaml index d355c4df..0729b338 100644 --- a/deprecated/overcloud-source.yaml +++ b/deprecated/overcloud-source.yaml @@ -221,7 +221,7 @@ parameters: If set, flat networks to configure in neutron plugins. Defaults to 'datacentre' to permit external network creation. NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronNetworkVLANRanges: @@ -279,7 +279,7 @@ parameters: description: Shared secret to prevent spoofing type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' diff --git a/environments/neutron-ml2-cisco-nexus-ucsm.yaml b/environments/neutron-ml2-cisco-nexus-ucsm.yaml new file mode 100644 index 00000000..c291634c --- /dev/null +++ b/environments/neutron-ml2-cisco-nexus-ucsm.yaml @@ -0,0 +1,26 @@ +# A Heat environment file which can be used to enable a +# a Cisco Neutron plugin. +resource_registry: + OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/network-cisco.yaml + +parameter_defaults: + NetworkUCSMIp: '127.0.0.1' + NetworkUCSMUsername: 'admin' + NetworkUCSMPassword: 'password' + NetworkUCSMHostList: 'host1:profile1, host2:profile2' + NetworkUCSMSupportedPciDevs: '' + NetworkNexusConfig: {} + NetworkNexusManagedPhysicalNetwork: '' + NetworkNexusVlanNamePrefix: 'q-' + NetworkNexusSviRoundRobin: 'false' + NetworkNexusProviderVlanNamePrefix: 'p-' + NetworkNexusPersistentSwitchConfig: 'false' + NetworkNexusSwitchHeartbeatTime: 0 + NetworkNexusSwitchReplayCount: 3 + NetworkNexusProviderVlanAutoCreate: 'true' + NetworkNexusProviderVlanAutoTrunk: 'true' + NetworkNexusVxlanGlobalConfig: 'true' + NetworkNexusHostKeyChecks: 'false' + NetworkNexusVxlanVniRanges: '0:0' + NetworkNexusVxlanMcastRanges: '0.0.0.0:0.0.0.0' + diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml new file mode 100644 index 00000000..3c7901cc --- /dev/null +++ b/environments/puppet-ceph-external.yaml @@ -0,0 +1,18 @@ +# A Heat environment file which can be used to enable the +# use of an externally managed Ceph cluster. +resource_registry: + OS::TripleO::CephClusterConfig::SoftwareConfig: ../puppet/extraconfig/ceph/ceph-external-config.yaml + +parameters: + # NOTE: These example parameters are required when using Ceph External + #CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + #CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + #CephExternalMonHost: '172.16.1.7, 172.16.1.8' + + # the following parameters enable Ceph backends for Cinder, Glance, and Nova + NovaEnableRbdBackend: true + CinderEnableRbdBackend: true + GlanceBackend: rbd + + # finally we disable the Cinder LVM backend + CinderEnableIscsiBackend: false diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml new file mode 100644 index 00000000..535ec6fe --- /dev/null +++ b/environments/storage-environment.yaml @@ -0,0 +1,57 @@ +## A Heat environment file which can be used to set up storage +## backends. Defaults to Ceph used as a backend for Cinder, Glance and +## Nova ephemeral storage. +parameters: + + #### BACKEND SELECTION #### + + ## Whether to enable iscsi backend for Cinder. + CinderEnableIscsiBackend: false + ## Whether to enable rbd (Ceph) backend for Cinder. + CinderEnableRbdBackend: true + ## Whether to enable NFS backend for Cinder. + # CinderEnableNfsBackend: false + ## Whether to enable rbd (Ceph) backend for Nova ephemeral storage. + NovaEnableRbdBackend: true + ## Glance backend can be either 'rbd' (Ceph), 'swift' or 'file'. + GlanceBackend: rbd + + + #### CINDER NFS SETTINGS #### + + ## NFS mount options + # CinderNfsMountOptions: '' + ## NFS mount point, e.g. '192.168.122.1:/export/cinder' + # CinderNfsServers: '' + + + #### GLANCE FILE BACKEND PACEMAKER SETTINGS (used for mounting NFS) #### + + ## Whether to make Glance 'file' backend a mount managed by Pacemaker + # GlanceFilePcmkManage: false + ## File system type of the mount + # GlanceFilePcmkFstype: nfs + ## Pacemaker mount point, e.g. '192.168.122.1:/export/glance' for NFS + # GlanceFilePcmkDevice: '' + ## Options for the mount managed by Pacemaker + # GlanceFilePcmkOptions: '' + + + #### CEPH SETTINGS #### + + ## Whether to deploy Ceph OSDs on the controller nodes. By default + ## OSDs are deployed on dedicated ceph-storage nodes only. + # ControllerEnableCephStorage: false + + ## When deploying Ceph through the oscplugin CLI, the following + ## parameters are set automatically by the CLI. When deploying via + ## heat stack-create, they need to be provided manually. + + ## Number of Ceph storage nodes to deploy + # CephStorageCount: 0 + ## Ceph FSID, e.g. '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + # CephClusterFSID: '' + ## Ceph monitor key, e.g. 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + # CephMonKey: '' + ## Ceph admin key, e.g. 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + # CephAdminKey: '' diff --git a/extraconfig/post_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/post_deploy/rhel-registration/scripts/rhel-registration index c2bf1894..cbbd6a1d 100644 --- a/extraconfig/post_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/post_deploy/rhel-registration/scripts/rhel-registration @@ -94,7 +94,7 @@ fi case "${REG_METHOD:-}" in portal) subscription-manager register $opts - if [ -z "${REG_AUTO_ATTACH:-}" ]; then + if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then subscription-manager attach $attach_opts fi subscription-manager $repos diff --git a/firstboot/userdata_heat_admin.yaml b/firstboot/userdata_heat_admin.yaml new file mode 100644 index 00000000..73481c63 --- /dev/null +++ b/firstboot/userdata_heat_admin.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2014-10-16 + +parameters: + # Can be overriden via parameter_defaults in the environment + node_admin_username: + type: string + default: heat-admin + +description: > + Uses cloud-init to create an additional user with a known name, in addition + to the distro-default user created by the cloud-init default. + +resources: + userdata: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: user_config} + + # Note this requires cloud-init >= 0.7.2 ref bug #1100920 + user_config: + type: OS::Heat::CloudConfig + properties: + cloud_config: + user: {get_param: node_admin_username} + +outputs: + OS::stack_id: + value: {get_resource: userdata} diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml index 5105ee14..3a46a48d 100644 --- a/network/config/bond-with-vlans/compute.yaml +++ b/network/config/bond-with-vlans/compute.yaml @@ -53,7 +53,7 @@ resources: network_config: - type: ovs_bridge - name: br-bond + name: {get_input: bridge_name} members: - type: ovs_bond diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index 9d6a6810..3c19f515 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -26,9 +26,10 @@ parameters: description: IP address/subnet on the tenant network type: string BondInterfaceOvsOptions: - default: '' + default: 'bond_mode=balance-tcp lacp=active other-config:lacp-fallback-ab=true' description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. + Default wil attempt LACP, but will fall back to active-backup. type: string ExternalNetworkVlanID: default: 10 diff --git a/network/external.yaml b/network/external.yaml index bf4bdfe7..e8f92a5e 100644 --- a/network/external.yaml +++ b/network/external.yaml @@ -12,7 +12,7 @@ parameters: ExternalNetValueSpecs: default: {'provider:physical_network': 'external', 'provider:network_type': 'flat'} description: Value specs for the external network. - type: string + type: json ExternalNetAdminStateUp: default: false description: This admin state of of the network. diff --git a/network/internal_api.yaml b/network/internal_api.yaml index c7e822e9..69154bef 100644 --- a/network/internal_api.yaml +++ b/network/internal_api.yaml @@ -12,7 +12,7 @@ parameters: InternalApiNetValueSpecs: default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'} description: Value specs for the internal API network. - type: string + type: json InternalApiNetAdminStateUp: default: false description: This admin state of of the network. diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index 54614ead..257d3f9b 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -1,6 +1,9 @@ heat_template_version: 2015-04-30 parameters: + ControlPlaneIpList: + default: [] + type: comma_delimited_list ExternalIpList: default: [] type: comma_delimited_list @@ -23,6 +26,7 @@ outputs: A Hash containing a mapping of network names to assigned lists of IP addresses. value: + ctlplane: {get_param: ControlPlaneIpList} external: {get_param: ExternalIpList} internal_api: {get_param: InternalApiIpList} storage: {get_param: StorageIpList} diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index edc4060f..7aaed160 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -1,6 +1,9 @@ heat_template_version: 2015-04-30 parameters: + ControlPlaneIp: + default: '' + type: string ExternalIp: default: '' type: string @@ -23,6 +26,7 @@ outputs: A Hash containing a mapping of network names to assigned IPs for a specific machine. value: + ctlplane: {get_param: ControlPlaneIp} external: {get_param: ExternalIp} internal_api: {get_param: InternalApiIp} storage: {get_param: StorageIp} diff --git a/network/ports/net_ip_subnet_map.yaml b/network/ports/net_ip_subnet_map.yaml new file mode 100644 index 00000000..cf59adb3 --- /dev/null +++ b/network/ports/net_ip_subnet_map.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2015-04-30 + +parameters: + ControlPlaneIp: + default: '' + type: string + ExternalIpSubnet: + default: '' + type: string + InternalApiIpSubnet: + default: '' + type: string + StorageIpSubnet: + default: '' + type: string + StorageMgmtIpSubnet: + default: '' + type: string + TenantIpSubnet: + default: '' + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + +outputs: + net_ip_subnet_map: + description: > + A Hash containing a mapping of network names to assigned + IP/subnet mappings. + value: + ctlplane: + list_join: + - '' + - - {get_param: ControlPlaneIp} + - '/' + - {get_param: ControlPlaneSubnetCidr} + external: {get_param: ExternalIpSubnet} + internal_api: {get_param: InternalApiIpSubnet} + storage: {get_param: StorageIpSubnet} + storage_mgmt: {get_param: StorageMgmtIpSubnet} + tenant: {get_param: TenantIpSubnet} diff --git a/network/storage.yaml b/network/storage.yaml index d403f9e5..60b779e0 100644 --- a/network/storage.yaml +++ b/network/storage.yaml @@ -12,7 +12,7 @@ parameters: StorageNetValueSpecs: default: {'provider:physical_network': 'storage', 'provider:network_type': 'flat'} description: Value specs for the storage network. - type: string + type: json StorageNetAdminStateUp: default: false description: This admin state of of the network. diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml index d0c919b5..043bc87b 100644 --- a/network/storage_mgmt.yaml +++ b/network/storage_mgmt.yaml @@ -12,7 +12,7 @@ parameters: StorageMgmtNetValueSpecs: default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'} description: Value specs for the storage_mgmt network. - type: string + type: json StorageMgmtNetAdminStateUp: default: false description: This admin state of of the network. diff --git a/network/tenant.yaml b/network/tenant.yaml index 055b87b8..daf5cb75 100644 --- a/network/tenant.yaml +++ b/network/tenant.yaml @@ -12,7 +12,7 @@ parameters: TenantNetValueSpecs: default: {'provider:physical_network': 'tenant', 'provider:network_type': 'flat'} description: Value specs for the tenant network. - type: string + type: json TenantNetAdminStateUp: default: false description: This admin state of of the network. diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 91b91ced..7680192f 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -23,12 +23,17 @@ resource_registry: OS::TripleO::BootstrapNode::SoftwareConfig: puppet/bootstrap-config.yaml OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml + # This creates the "heat-admin" user for all OS images by default + # To disable, replace with firstboot/userdata_default.yaml + OS::TripleO::NodeAdminUserData: firstboot/userdata_heat_admin.yaml + # Hooks for operator extra config # NodeUserData == Cloud-init additional user-data, e.g cloud-config # ControllerExtraConfigPre == Controller configuration pre service deployment # NodeExtraConfigPost == All nodes configuration post service deployment OS::TripleO::NodeUserData: firstboot/userdata_default.yaml OS::TripleO::ControllerExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml + OS::TripleO::ComputeExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml # TripleO overcloud networks @@ -43,6 +48,7 @@ resource_registry: OS::TripleO::Network::Tenant: network/noop.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml + OS::TripleO::Network::Ports::NetIpSubnetMap: network/ports/net_ip_subnet_map.yaml OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml # Port assignments for the controller role diff --git a/overcloud-resource-registry.yaml b/overcloud-resource-registry.yaml index 76e0c431..eaedf790 100644 --- a/overcloud-resource-registry.yaml +++ b/overcloud-resource-registry.yaml @@ -34,6 +34,7 @@ resource_registry: OS::TripleO::Network::Tenant: network/noop.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml + OS::TripleO::Network::Ports::NetIpSubnetMap: network/ports/net_ip_subnet_map.yaml OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml # Port assignments for the controller role diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index 193c7909..260952b3 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -46,6 +46,14 @@ parameters: default: false description: Whether to enable or not the NFS backend for Cinder type: boolean + CephClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + CephExternalMonHost: + default: '' + type: string + description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. CinderEnableIscsiBackend: default: true description: Whether to enable or not the Iscsi backend for Cinder @@ -108,7 +116,7 @@ parameters: If set, flat networks to configure in neutron plugins. Defaults to 'datacentre' to permit external network creation. NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronPassword: @@ -147,7 +155,7 @@ parameters: description: Shared secret to prevent spoofing type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' @@ -399,6 +407,16 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] MysqlInnodbBufferPoolSize: description: > Specifies the size of the buffer pool in megabytes. Setting to @@ -536,7 +554,7 @@ parameters: CinderIscsiNetwork: storage GlanceApiNetwork: storage GlanceRegistryNetwork: internal_api - KeystoneAdminApiNetwork: internal_api + KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints KeystonePublicApiNetwork: internal_api NeutronApiNetwork: internal_api HeatApiNetwork: internal_api @@ -754,6 +772,8 @@ resources: KeystoneSigningKey: {get_param: KeystoneSigningKey} KeystoneSSLCertificate: {get_param: KeystoneSSLCertificate} KeystoneSSLCertificateKey: {get_param: KeystoneSSLCertificateKey} + KeystoneNotificationDriver: {get_param: KeystoneNotificationDriver} + KeystoneNotificationFormat: {get_param: KeystoneNotificationFormat} MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]} MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize} MysqlMaxConnections: {get_param: MysqlMaxConnections} @@ -806,6 +826,7 @@ resources: HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} UpdateIdentifier: {get_param: UpdateIdentifier} @@ -838,7 +859,8 @@ resources: Image: {get_param: NovaImage} ImageUpdatePolicy: {get_param: ImageUpdatePolicy} KeyName: {get_param: KeyName} - KeystoneHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} NeutronBridgeMappings: {get_param: NeutronBridgeMappings} NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} NeutronFlatNetworks: {get_param: NeutronFlatNetworks} @@ -972,6 +994,7 @@ resources: ControllerIpListMap: type: OS::TripleO::Network::Ports::NetIpListMap properties: + ControlPlaneIpList: {get_attr: [Controller, ip_address]} ExternalIpList: {get_attr: [Controller, external_ip_address]} InternalApiIpList: {get_attr: [Controller, internal_api_ip_address]} StorageIpList: {get_attr: [Controller, storage_ip_address]} @@ -1078,6 +1101,7 @@ resources: VipMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} StorageIp: {get_attr: [StorageVirtualIP, ip_address]} @@ -1168,9 +1192,12 @@ resources: CephClusterConfig: type: OS::TripleO::CephClusterConfig::SoftwareConfig properties: + ceph_storage_count: {get_param: CephStorageCount} ceph_fsid: {get_param: CephClusterFSID} ceph_mon_key: {get_param: CephMonKey} ceph_admin_key: {get_param: CephAdminKey} + ceph_client_key: {get_param: CephClientKey} + ceph_external_mon_ips: {get_param: CephExternalMonHost} ceph_mon_names: {get_attr: [Controller, hostname]} ceph_mon_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} @@ -1320,6 +1347,9 @@ outputs: - - http:// - {get_attr: [PublicVirtualIP, ip_address]} - :5000/v2.0/ + KeystoneAdminVip: + description: Keystone Admin VIP endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} PublicVip: description: Controller VIP for public API endpoints value: {get_attr: [PublicVirtualIP, ip_address]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 060f4c81..2bc519bb 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -238,6 +238,7 @@ resources: heat::rabbit_hosts: *rabbit_nodes_array neutron::rabbit_hosts: *rabbit_nodes_array nova::rabbit_hosts: *rabbit_nodes_array + keystone::rabbit_hosts: *rabbit_nodes_array outputs: config_id: diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 33b18574..99265493 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -2,6 +2,18 @@ heat_template_version: 2015-04-30 description: 'Ceph Cluster config data for Puppet' parameters: + ceph_storage_count: + default: 0 + type: number + description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. + ceph_external_mon_ips: + default: '' + type: string + description: List of external Ceph Mon host IPs. + ceph_client_key: + default: '' + type: string + description: Ceph key used to create the 'openstack' user keyring. ceph_fsid: default: '' type: string @@ -26,6 +38,7 @@ resources: datafiles: ceph_cluster: mapped_data: + ceph_storage_count: {get_param: ceph_storage_count} ceph_mon_initial_members: list_join: - ',' diff --git a/puppet/ceph-storage-puppet.yaml b/puppet/ceph-storage-puppet.yaml index fcf4259f..f08b83cd 100644 --- a/puppet/ceph-storage-puppet.yaml +++ b/puppet/ceph-storage-puppet.yaml @@ -66,9 +66,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -91,14 +108,16 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} StorageIp: {get_attr: [StoragePort, ip_address]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} NetIpSubnetMap: - type: OS::TripleO::Network::Ports::NetIpMap + type: OS::TripleO::Network::Ports::NetIpSubnetMap properties: - StorageIp: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]} + ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -119,8 +138,8 @@ resources: params: server: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} - ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} CephStorageConfig: type: OS::Heat::StructuredConfig diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml index 091d1f1b..d764c6f7 100644 --- a/puppet/cinder-storage-puppet.yaml +++ b/puppet/cinder-storage-puppet.yaml @@ -120,9 +120,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -151,6 +168,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml index e85a96aa..74e9b63e 100644 --- a/puppet/compute-puppet.yaml +++ b/puppet/compute-puppet.yaml @@ -70,9 +70,12 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - KeystoneHost: + KeystoneAdminApiVirtualIP: type: string default: '' + KeystonePublicApiVirtualIP: + type: string + default: '' NeutronBridgeMappings: description: > The OVS logical->physical bridge mappings to use. See the Neutron @@ -97,7 +100,7 @@ parameters: NeutronNetworkType: type: string description: The tenant network type for Neutron, either gre or vxlan. - default: 'gre' + default: 'vxlan' NeutronNetworkVLANRanges: default: 'datacentre' description: > @@ -123,7 +126,7 @@ parameters: description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' - default: 'gre' + default: 'vxlan' NeutronTunnelIdRanges: description: | Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges @@ -260,9 +263,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -284,6 +304,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} TenantIp: {get_attr: [TenantPort, ip_address]} @@ -410,7 +431,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: KeystoneHost} + - {get_param: KeystonePublicApiVirtualIP} - ':5000/v2.0' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} @@ -471,7 +492,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: NeutronHost} + - {get_param: KeystoneAdminApiVirtualIP} - ':35357/v2.0' admin_password: {get_param: AdminPassword} rabbit_username: {get_param: RabbitUserName} @@ -485,6 +506,13 @@ resources: server: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} + # Hook for site-specific additional pre-deployment config, e.g extra hieradata + ComputeExtraConfigPre: + depends_on: NovaComputeDeployment + type: OS::TripleO::ComputeExtraConfigPre + properties: + server: {get_resource: NovaCompute} + UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate @@ -528,4 +556,8 @@ outputs: {get_resource: NovaCompute} config_identifier: description: identifier which changes if the node configuration may need re-applying - value: {get_attr: [NovaComputeDeployment, deploy_stdout]} + value: + list_join: + - ',' + - - {get_attr: [NovaComputeDeployment, deploy_stdout]} + - {get_attr: [ComputeExtraConfigPre, deploy_stdout]} diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 89b35c31..f47463ab 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -227,6 +227,16 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -309,7 +319,7 @@ parameters: description: Whether to enable l3-agent HA type: string NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronNetworkVLANRanges: @@ -351,7 +361,7 @@ parameters: description: If set, the public interface is a vlan with this device as the raw device. type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' @@ -481,6 +491,9 @@ parameters: MysqlVirtualIP: type: string default: '' + KeystoneAdminApiVirtualIP: + type: string + default: '' KeystonePublicApiVirtualIP: type: string default: '' @@ -518,9 +531,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -552,6 +582,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} @@ -559,13 +590,14 @@ resources: TenantIp: {get_attr: [TenantPort, ip_address]} NetIpSubnetMap: - type: OS::TripleO::Network::Ports::NetIpMap + type: OS::TripleO::Network::Ports::NetIpSubnetMap properties: - ExternalIp: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIp: {get_attr: [InternalApiPort, ip_subnet]} - StorageIp: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIp: {get_attr: [TenantPort, ip_subnet]} + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig @@ -671,6 +703,8 @@ resources: keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone_notification_driver: {get_param: KeystoneNotificationDriver} + keystone_notification_format: {get_param: KeystoneNotificationFormat} keystone_dsn: list_join: - '' @@ -683,7 +717,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} + - {get_param: KeystoneAdminApiVirtualIP} - ':35357/' keystone_auth_uri: list_join: @@ -769,7 +803,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} + - {get_param: KeystoneAdminApiVirtualIP} - ':35357/v2.0' ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} @@ -848,8 +882,9 @@ resources: redis_vip: {get_param: RedisVirtualIP} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + mysql_virtual_ip: {get_param: MysqlVirtualIP} + ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} # Map heat metadata into hiera datafiles @@ -864,6 +899,7 @@ resources: - controller_extraconfig - extraconfig - controller + - database - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - ceph_cluster # provided by CephClusterConfig @@ -874,6 +910,7 @@ resources: - '"%{::osfamily}"' - common - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre + - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre datafiles: controller_extraconfig: mapped_data: {get_param: ControllerExtraConfig} @@ -887,6 +924,8 @@ resources: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} ceph::mon::public_addr: {get_input: ceph_public_ip} + database: + raw_data: {get_file: hieradata/database.yaml} object: raw_data: {get_file: hieradata/object.yaml} controller: @@ -936,6 +975,7 @@ resources: cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} cinder::glance::glance_api_servers: {get_input: glance_api_servers} cinder_backend_config: {get_input: CinderBackendConfig} + cinder::db::mysql::password: {get_input: cinder_password} # Glance glance::api::bind_port: {get_input: glance_port} @@ -959,6 +999,7 @@ resources: glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_input: glance_password} glance_backend: {get_input: glance_backend} + glance::db::mysql::password: {get_input: glance_password} # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} @@ -979,6 +1020,7 @@ resources: heat::api_cfn::bind_host: {get_input: heat_api_network} heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} + heat::db::mysql::password: {get_input: heat_password} # Keystone keystone::admin_token: {get_input: admin_token} @@ -991,6 +1033,13 @@ resources: keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::debug: {get_input: debug} + keystone::db::mysql::password: {get_input: admin_token} + keystone::rabbit_userid: {get_input: rabbit_username} + keystone::rabbit_password: {get_input: rabbit_password} + keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + keystone::rabbit_port: {get_input: rabbit_client_port} + keystone::notification_driver: {get_input: keystone_notification_driver} + keystone::notification_format: {get_input: keystone_notification_format} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} @@ -1004,6 +1053,7 @@ resources: mysql::server::root_password: {get_input: mysql_root_password} mysql_cluster_name: {get_input: mysql_cluster_name} mysql_bind_host: {get_input: mysql_network} + mysql_virtual_ip: {get_input: mysql_virtual_ip} # Neutron neutron::bind_host: {get_input: neutron_api_network} @@ -1042,6 +1092,7 @@ resources: neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} neutron_dsn: {get_input: neutron_dsn} neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} + neutron::db::mysql::password: {get_input: neutron_password} # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} @@ -1059,6 +1110,7 @@ resources: ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} + ceilometer::db::mysql::password: {get_input: ceilometer_password} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -1080,6 +1132,7 @@ resources: nova::network::neutron::neutron_url: {get_input: neutron_url} nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} nova::vncproxy::host: {get_input: nova_api_network} + nova::db::mysql::password: {get_input: nova_password} # Horizon apache::ip: {get_input: horizon_network} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml new file mode 100644 index 00000000..62907104 --- /dev/null +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -0,0 +1,65 @@ +heat_template_version: 2015-04-30 +description: 'Configure parameters for an external Ceph cluster via Puppet.' + +parameters: + ceph_storage_count: + default: 0 + type: number + description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. + ceph_external_mon_ips: + default: '' + type: string + description: List of external Ceph Mon host IPs. + ceph_client_key: + default: '' + type: string + description: Ceph key used to create the 'openstack' user keyring. + ceph_fsid: + default: '' + type: string + # The following parameters are unused for external Ceph clusters and + # are here and exist for compatibility + ceph_admin_key: + default: '' + type: string + ceph_mon_key: + default: '' + type: string + ceph_mon_names: + type: comma_delimited_list + ceph_mon_ips: + type: comma_delimited_list + +resources: + CephClusterConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + ceph_cluster: + mapped_data: + ceph_storage_count: {get_param: ceph_storage_count} + enable_external_ceph: true + ceph::profile::params::mon_host: {get_param: ceph_external_mon_ips} + ceph::profile::params::fsid: {get_param: ceph_fsid} + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.openstack: { + secret: 'CLIENT_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images' + } + }" + params: + CLIENT_KEY: {get_param: ceph_client_key} + + +outputs: + config_id: + description: The ID of the CephClusterConfigImpl resource. + value: + {get_resource: CephClusterConfigImpl} diff --git a/puppet/extraconfig/pre_deploy/controller/network-cisco.yaml b/puppet/extraconfig/pre_deploy/controller/network-cisco.yaml new file mode 100644 index 00000000..ed3bf291 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/network-cisco.yaml @@ -0,0 +1,141 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Network Cisco configuration + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + + NetworkUCSMIp: + type: string + description: Cisco UCSM IP + default: 127.0.0.1 + NetworkUCSMUsername: + type: string + description: Cisco UCSM username + default: admin + NetworkUCSMPassword: + type: string + description: Cisco UCSM password + default: password + NetworkUCSMHostList: + type: string + description: Cisco UCSM hostname + default: 127.0.0.1 + NetworkUCSMSupportedPciDevs: + type: string + description: Cisco UCSM SR-IOV and VM-FEX vendors supported + default: '' + NetworkNexusConfig: + type: json + description: Nexus switch configuration + default: {} + NetworkNexusManagedPhysicalNetwork: + type: string + description: The name of the physical_network + default: '' + NetworkNexusVlanNamePrefix: + type: string + description: A short prefix to prepend to the VLAN name + default: 'q-' + NetworkNexusSviRoundRobin: + type: boolean + description: A flag to enable round robin scheduling + default: false + NetworkNexusProviderVlanNamePrefix: + type: string + description: A short prefix to prepend to the VLAN name + default: 'p-' + NetworkNexusPersistentSwitchConfig: + type: string + description: To make Nexus device persistent + default: false + NetworkNexusSwitchHeartbeatTime: + type: number + description: Time interval to check the state of the Nexus device + default: 0 + NetworkNexusSwitchReplayCount: + type: number + description: Number of times to attempt config replay + default: 3 + NetworkNexusProviderVlanAutoCreate: + type: boolean + description: A flag whether to manage the creation and removal of VLANs + default: true + NetworkNexusProviderVlanAutoTrunk: + type: boolean + description: A flag whether to manage the trunk ports on the Nexus + default: true + NetworkNexusVxlanGlobalConfig: + type: boolean + description: A flag whether to manage the VXLAN global settings + default: true + NetworkNexusHostKeyChecks: + type: boolean + description: enable strict host key checks when connecting to Nexus switches + default: false + NetworkNexusVxlanVniRanges: + type: string + description: VXLAN Network IDs that are available for tenant network + default: '' + NetworkNexusVxlanMcastRanges: + type: string + description: Multicast groups for the VXLAN interface. + default: '' + +resources: + NetworkCiscoConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_cisco_data: + mapped_data: + neutron::plugins::ml2::cisco::ucsm::ucsm_ip: {get_input: UCSM_ip} + neutron::plugins::ml2::cisco::ucsm::ucsm_username: {get_input: UCSM_username} + neutron::plugins::ml2::cisco::ucsm::ucsm_password: {get_input: UCSM_password} + neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: {get_input: UCSM_host_list} + neutron::plugins::ml2::cisco::ucsm::supported_pci_devs: {get_input: UCSMSupportedPciDevs} + neutron::plugins::ml2::cisco::nexus::nexus_config: {get_input: NexusConfig} + neutron::plugins::ml2::cisco::nexus::managed_physical_network: {get_input: NexusManagedPhysicalNetwork} + neutron::plugins::ml2::cisco::nexus::vlan_name_prefix: {get_input: NexusVlanNamePrefix} + neutron::plugins::ml2::cisco::nexus::svi_round_robin: {get_input: NexusSviRoundRobin} + neutron::plugins::ml2::cisco::nexus::provider_vlan_name_prefix: {get_input: NexusProviderVlanNamePrefix} + neutron::plugins::ml2::cisco::nexus::persistent_switch_config: {get_input: NexusPersistentSwitchConfig} + neutron::plugins::ml2::cisco::nexus::switch_heartbeat_time: {get_input: NexusSwitchHeartbeatTime} + neutron::plugins::ml2::cisco::nexus::switch_replay_count: {get_input: NexusSwitchReplayCount} + neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_create: {get_input: NexusProviderVlanAutoCreate} + neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_trunk: {get_input: NexusProviderVlanAutoTrunk} + neutron::plugins::ml2::cisco::nexus::vxlan_global_config: {get_input: NexusVxlanGlobalConfig} + neutron::plugins::ml2::cisco::nexus::host_key_checks: {get_input: NexusHostKeyChecks} + neutron::plugins::ml2::cisco::type_nexus_vxlan::vni_ranges: {get_input: NexusVxlanVniRanges} + neutron::plugins::ml2::cisco::type_nexus_vxlan::mcast_ranges: {get_input: NexusVxlanMcastRanges} + + NetworkCiscoDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: NetworkCiscoConfig} + server: {get_param: server} + input_values: + UCSM_ip: {get_param: NetworkUCSMIp} + UCSM_username: {get_param: NetworkUCSMUsername} + UCSM_password: {get_param: NetworkUCSMPassword} + UCSM_host_list: {get_param: NetworkUCSMHostList} + UCSMSupportedPciDevs: {get_param: NetworkUCSMSupportedPciDevs} + NexusConfig: {get_param: NetworkNexusConfig} + NexusManagedPhysicalNetwork: {get_param: NetworkNexusManagedPhysicalNetwork} + NexusVlanNamePrefix: {get_param: NetworkNexusVlanNamePrefix} + NexusSviRoundRobin: {get_param: NetworkNexusSviRoundRobin} + NexusProviderVlanNamePrefix: {get_param: NetworkNexusProviderVlanNamePrefix} + NexusPersistentSwitchConfig: {get_param: NetworkNexusPersistentSwitchConfig} + NexusSwitchHeartbeatTime: {get_param: NetworkNexusSwitchHeartbeatTime} + NexusSwitchReplayCount: {get_param: NetworkNexusSwitchReplayCount} + NexusProviderVlanAutoCreate: {get_param: NetworkNexusProviderVlanAutoCreate} + NexusProviderVlanAutoTrunk: {get_param: NetworkNexusProviderVlanAutoTrunk} + NexusVxlanGlobalConfig: {get_param: NetworkNexusVxlanGlobalConfig} + NexusHostKeyChecks: {get_param: NetworkNexusHostKeyChecks} + NexusVxlanVniRanges: {get_param: NetworkNexusVxlanVniRanges} + NexusVxlanMcastRanges: {get_param: NetworkNexusVxlanMcastRanges} diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 272a6688..455f7f22 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -27,3 +27,10 @@ sysctl_settings: value: 5 net.ipv4.tcp_keepalive_time: value: 5 + +nova::rabbit_heartbeat_timeout_threshold: 60 +neutron::rabbit_heartbeat_timeout_threshold: 60 +cinder::rabbit_heartbeat_timeout_threshold: 60 +ceilometer::rabbit_heartbeat_timeout_threshold: 60 +heat::rabbit_heartbeat_timeout_threshold: 60 +keystone::rabbit_heartbeat_timeout_threshold: 60 diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 25719709..9929cfa6 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -40,6 +40,9 @@ swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' +# keystone +keystone::cron::token_flush::maxdelay: 3600 + #swift swift::proxy::pipeline: - 'catch_errors' @@ -72,6 +75,7 @@ neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf # nova nova::notify_on_state_change: 'vm_and_task_state' nova::api::osapi_v3: true +nova::scheduler::filter::ram_allocation_ratio: '1.0' nova::config::nova_config: DEFAULT/default_floating_pool: @@ -88,6 +92,8 @@ heat::instance_user: '' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' pacemaker::corosync::manage_fw: false +pacemaker::resource_defaults::defaults: + resource-stickiness: { value: INFINITY } # horizon horizon::allowed_hosts: '*' @@ -95,6 +101,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache' # mysql mysql::server::manage_config_file: true +mysql::server::remove_default_accounts: true tripleo::loadbalancer::keystone_admin: true diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml new file mode 100644 index 00000000..7e925d90 --- /dev/null +++ b/puppet/hieradata/database.yaml @@ -0,0 +1,55 @@ +# Nova +nova::db::mysql::user: nova +nova::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +nova::db::mysql::dbname: nova +nova::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Glance +glance::db::mysql::user: glance +glance::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +glance::db::mysql::dbname: glance +glance::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Keystone +keystone::db::mysql::user: keystone +keystone::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +keystone::db::mysql::dbname: keystone +keystone::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Neutron +neutron::db::mysql::user: neutron +neutron::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +neutron::db::mysql::dbname: ovs_neutron +neutron::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Cinder +cinder::db::mysql::user: cinder +cinder::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +cinder::db::mysql::dbname: cinder +cinder::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Heat +heat::db::mysql::user: heat +heat::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +heat::db::mysql::dbname: heat +heat::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Ceilometer +ceilometer::db::mysql::user: ceilometer +ceilometer::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +ceilometer::db::mysql::dbname: ceilometer +ceilometer::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 09edef50..b98c3a40 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -89,65 +89,14 @@ if hiera('step') >= 2 { # FIXME: this should only occur on the bootstrap host (ditto for db syncs) # Create all the database schemas - # Example DSN format: mysql://user:password@host/dbname - $allowed_hosts = ['%',hiera('mysql_bind_host')] - $keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]') - class { 'keystone::db::mysql': - user => $keystone_dsn[3], - password => $keystone_dsn[4], - host => $keystone_dsn[5], - dbname => $keystone_dsn[6], - allowed_hosts => $allowed_hosts, - } - $glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]') - class { 'glance::db::mysql': - user => $glance_dsn[3], - password => $glance_dsn[4], - host => $glance_dsn[5], - dbname => $glance_dsn[6], - allowed_hosts => $allowed_hosts, - } - $nova_dsn = split(hiera('nova::database_connection'), '[@:/?]') - class { 'nova::db::mysql': - user => $nova_dsn[3], - password => $nova_dsn[4], - host => $nova_dsn[5], - dbname => $nova_dsn[6], - allowed_hosts => $allowed_hosts, - } - $neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]') - class { 'neutron::db::mysql': - user => $neutron_dsn[3], - password => $neutron_dsn[4], - host => $neutron_dsn[5], - dbname => $neutron_dsn[6], - allowed_hosts => $allowed_hosts, - } - $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]') - class { 'cinder::db::mysql': - user => $cinder_dsn[3], - password => $cinder_dsn[4], - host => $cinder_dsn[5], - dbname => $cinder_dsn[6], - allowed_hosts => $allowed_hosts, - } - $heat_dsn = split(hiera('heat::database_connection'), '[@:/?]') - class { 'heat::db::mysql': - user => $heat_dsn[3], - password => $heat_dsn[4], - host => $heat_dsn[5], - dbname => $heat_dsn[6], - allowed_hosts => $allowed_hosts, - } + include ::keystone::db::mysql + include ::glance::db::mysql + include ::nova::db::mysql + include ::neutron::db::mysql + include ::cinder::db::mysql + include ::heat::db::mysql if downcase(hiera('ceilometer_backend')) == 'mysql' { - $ceilometer_dsn = split(hiera('ceilometer_mysql_conn_string'), '[@:/?]') - class { 'ceilometer::db::mysql': - user => $ceilometer_dsn[3], - password => $ceilometer_dsn[4], - host => $ceilometer_dsn[5], - dbname => $ceilometer_dsn[6], - allowed_hosts => $allowed_hosts, - } + include ::ceilometer::db::mysql } $rabbit_nodes = hiera('rabbit_node_ips') @@ -173,8 +122,7 @@ if hiera('step') >= 2 { # pre-install swift here so we can build rings include ::swift - $cinder_enable_rbd_backend = hiera('cinder_enable_rbd_backend', false) - $enable_ceph = $cinder_enable_rbd_backend + $enable_ceph = hiera('ceph_storage_count', 0) > 0 if $enable_ceph { class { 'ceph::profile::params': @@ -198,10 +146,13 @@ if hiera('step') >= 2 { } -> Class['ceph::profile::osd'] } - include ::ceph::profile::client include ::ceph::profile::osd } + if str2bool(hiera('enable_external_ceph', 'false')) { + include ::ceph::profile::client + } + } #END STEP 2 if hiera('step') >= 3 { @@ -269,6 +220,7 @@ if hiera('step') >= 3 { include ::nova::network::neutron include ::nova::vncproxy include ::nova::scheduler + include ::nova::scheduler::filter include ::neutron include ::neutron::server @@ -287,12 +239,21 @@ if hiera('step') >= 3 { class { 'neutron::plugins::ml2': flat_networks => split(hiera('neutron_flat_networks'), ','), tenant_network_types => [hiera('neutron_tenant_network_type')], + mechanism_drivers => [hiera('neutron_mechanism_drivers')], } class { 'neutron::agents::ml2::ovs': bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), tunnel_types => split(hiera('neutron_tunnel_types'), ','), } + if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::ucsm + } + if 'cisco_nexus' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::nexus + include ::neutron::plugins::ml2::cisco::type_nexus_vxlan + } + Service['neutron-server'] -> Service['neutron-dhcp-service'] Service['neutron-server'] -> Service['neutron-l3'] Service['neutron-server'] -> Service['neutron-ovs-agent-service'] @@ -327,20 +288,21 @@ if hiera('step') >= 3 { $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : } + + $cinder_pool_requires = [Ceph::Pool['volumes']] + + } else { + $cinder_pool_requires = [] } - if $cinder_enable_rbd_backend { + if hiera('cinder_enable_rbd_backend', false) { $cinder_rbd_backend = 'tripleo_ceph' - cinder_config { - "${cinder_rbd_backend}/host": value => 'hostgroup'; - } - cinder::backend::rbd { $cinder_rbd_backend : rbd_pool => 'volumes', rbd_user => 'openstack', rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => Ceph::Pool['volumes'], + require => $cinder_pool_requires, } } @@ -486,3 +448,7 @@ if hiera('step') >= 3 { hiera_include('controller_classes') } #END STEP 3 + +if hiera('step') >= 4 { + include ::keystone::cron::token_flush +} #END STEP 4 diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index a3eb6e5d..3a311655 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -177,6 +177,8 @@ if hiera('step') >= 2 { if $pacemaker_master { + include pacemaker::resource_defaults + # FIXME: we should not have to access tripleo::loadbalancer class # parameters here to configure pacemaker VIPs. The configuration # of pacemaker VIPs could move into puppet-tripleo or we should @@ -407,71 +409,28 @@ MYSQL_HOST=localhost\n", } # Create all the database schemas - # Example DSN format: mysql://user:password@host/dbname if $sync_db { - $allowed_hosts = ['%',hiera('mysql_bind_host')] - $keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]') class { 'keystone::db::mysql': - user => $keystone_dsn[3], - password => $keystone_dsn[4], - host => $keystone_dsn[5], - dbname => $keystone_dsn[6], - allowed_hosts => $allowed_hosts, require => Exec['galera-ready'], } - $glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]') class { 'glance::db::mysql': - user => $glance_dsn[3], - password => $glance_dsn[4], - host => $glance_dsn[5], - dbname => $glance_dsn[6], - allowed_hosts => $allowed_hosts, require => Exec['galera-ready'], } - $nova_dsn = split(hiera('nova::database_connection'), '[@:/?]') class { 'nova::db::mysql': - user => $nova_dsn[3], - password => $nova_dsn[4], - host => $nova_dsn[5], - dbname => $nova_dsn[6], - allowed_hosts => $allowed_hosts, require => Exec['galera-ready'], } - $neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]') class { 'neutron::db::mysql': - user => $neutron_dsn[3], - password => $neutron_dsn[4], - host => $neutron_dsn[5], - dbname => $neutron_dsn[6], - allowed_hosts => $allowed_hosts, require => Exec['galera-ready'], } - $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]') class { 'cinder::db::mysql': - user => $cinder_dsn[3], - password => $cinder_dsn[4], - host => $cinder_dsn[5], - dbname => $cinder_dsn[6], - allowed_hosts => $allowed_hosts, require => Exec['galera-ready'], } - $heat_dsn = split(hiera('heat::database_connection'), '[@:/?]') class { 'heat::db::mysql': - user => $heat_dsn[3], - password => $heat_dsn[4], - host => $heat_dsn[5], - dbname => $heat_dsn[6], - allowed_hosts => $allowed_hosts, require => Exec['galera-ready'], } + if downcase(hiera('ceilometer_backend')) == 'mysql' { - $ceilometer_dsn = split(hiera('ceilometer_mysql_conn_string'), '[@:/?]') class { 'ceilometer::db::mysql': - user => $ceilometer_dsn[3], - password => $ceilometer_dsn[4], - host => $ceilometer_dsn[5], - dbname => $ceilometer_dsn[6], - allowed_hosts => $allowed_hosts, require => Exec['galera-ready'], } } @@ -481,8 +440,7 @@ MYSQL_HOST=localhost\n", include ::swift # Ceph - $cinder_enable_rbd_backend = hiera('cinder_enable_rbd_backend', false) - $enable_ceph = $cinder_enable_rbd_backend + $enable_ceph = hiera('ceph_storage_count', 0) > 0 if $enable_ceph { class { 'ceph::profile::params': @@ -506,10 +464,13 @@ MYSQL_HOST=localhost\n", } -> Class['ceph::profile::osd'] } - include ::ceph::profile::client include ::ceph::profile::osd } + if str2bool(hiera('enable_external_ceph', 'false')) { + include ::ceph::profile::client + } + } #END STEP 2 @@ -604,6 +565,7 @@ if hiera('step') >= 3 { manage_service => false, enabled => false, } + include ::nova::scheduler::filter class { '::nova::scheduler' : manage_service => false, enabled => false, @@ -639,6 +601,7 @@ if hiera('step') >= 3 { class { 'neutron::plugins::ml2': flat_networks => split(hiera('neutron_flat_networks'), ','), tenant_network_types => [hiera('neutron_tenant_network_type')], + mechanism_drivers => [hiera('neutron_mechanism_drivers')], } class { 'neutron::agents::ml2::ovs': manage_service => false, @@ -647,6 +610,14 @@ if hiera('step') >= 3 { tunnel_types => split(hiera('neutron_tunnel_types'), ','), } + if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::ucsm + } + if 'cisco_nexus' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::nexus + include ::neutron::plugins::ml2::cisco::type_nexus_vxlan + } + include ::cinder class { '::cinder::api': sync_db => $sync_db, @@ -686,20 +657,21 @@ if hiera('step') >= 3 { $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : } + + $cinder_pool_requires = [Ceph::Pool['volumes']] + + } else { + $cinder_pool_requires = [] } - if $cinder_enable_rbd_backend { + if hiera('cinder_enable_rbd_backend', false) { $cinder_rbd_backend = 'tripleo_ceph' - cinder_config { - "${cinder_rbd_backend}/host": value => 'hostgroup'; - } - cinder::backend::rbd { $cinder_rbd_backend : rbd_pool => 'volumes', rbd_user => 'openstack', rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => Ceph::Pool['volumes'], + require => $cinder_pool_requires, } } @@ -902,6 +874,8 @@ if hiera('step') >= 3 { } #END STEP 3 if hiera('step') >= 4 { + include ::keystone::cron::token_flush + if $pacemaker_master { # Keystone @@ -909,6 +883,43 @@ if hiera('step') >= 4 { clone_params => "interleave=true", } + pacemaker::constraint::base { 'haproxy-then-keystone-constraint': + constraint_type => 'order', + first_resource => "haproxy-clone", + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint': + constraint_type => 'order', + first_resource => "rabbitmq-clone", + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Ocf['rabbitmq'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + pacemaker::constraint::base { 'memcached-then-keystone-constraint': + constraint_type => 'order', + first_resource => "memcached-clone", + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service['memcached'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + pacemaker::constraint::base { 'galera-then-keystone-constraint': + constraint_type => 'order', + first_resource => "galera-master", + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'promote', + second_action => 'start', + require => [Pacemaker::Resource::Ocf['galera'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + # Cinder pacemaker::resource::service { $::cinder::params::api_service : clone_params => "interleave=true", diff --git a/puppet/swift-storage-puppet.yaml b/puppet/swift-storage-puppet.yaml index b3579429..5c4ff5a1 100644 --- a/puppet/swift-storage-puppet.yaml +++ b/puppet/swift-storage-puppet.yaml @@ -89,9 +89,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -120,6 +137,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py new file mode 100755 index 00000000..cb5669a7 --- /dev/null +++ b/tools/yaml-validate.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import os +import sys +import traceback +import yaml + +base_path = sys.argv[1] +exit_val = 0 +failed_files = [] + +def validate(filename): + try: + yaml.load(open(filename).read()) + except Exception: + print(traceback.format_exc()) + return 1 + return 0 + +for subdir, dirs, files in os.walk(base_path): + for f in files: + if f.endswith('.yaml'): + file_path = os.path.join(subdir, f) + failed = validate(file_path) + if failed: + failed_files.append(file_path) + exit_val |= failed + +if failed_files: + print('Validation failed on:') + for f in failed_files: + print(f) +else: + print('Validation successful!') +sys.exit(exit_val) @@ -9,3 +9,6 @@ deps = -r{toxinidir}/requirements.txt [testenv:venv] commands = {posargs} + +[testenv:validate] +commands = python ./tools/yaml-validate.py .
\ No newline at end of file |