diff options
30 files changed, 469 insertions, 64 deletions
diff --git a/ceph-cluster-config.yaml b/ceph-cluster-config.yaml index f44e27c1..c3cf8e8a 100644 --- a/ceph-cluster-config.yaml +++ b/ceph-cluster-config.yaml @@ -2,6 +2,18 @@ heat_template_version: 2015-04-30 description: 'Ceph Cluster config data' parameters: + ceph_storage_count: + default: 0 + type: number + description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. + ceph_external_mon_ips: + default: '' + type: string + description: List of external Ceph Mon host IPs. + ceph_client_key: + default: '' + type: string + description: Ceph key used to create the 'openstack' user keyring. ceph_fsid: default: '' type: string diff --git a/compute.yaml b/compute.yaml index 933639ce..9a2c6f17 100644 --- a/compute.yaml +++ b/compute.yaml @@ -102,7 +102,10 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - KeystoneHost: + KeystoneAdminApiVirtualIP: + type: string + default: '' + KeystonePublicApiVirtualIP: type: string default: '' NeutronBridgeMappings: @@ -129,7 +132,7 @@ parameters: NeutronNetworkType: type: string description: The tenant network type for Neutron, either gre or vxlan. - default: 'gre' + default: 'vxlan' NeutronNetworkVLANRanges: default: 'datacentre' description: > @@ -155,7 +158,7 @@ parameters: description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' - default: 'gre' + default: 'vxlan' NeutronTunnelIdRanges: description: | Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges @@ -409,7 +412,7 @@ resources: glance_host: {get_param: GlanceHost} glance_port: {get_param: GlancePort} glance_protocol: {get_param: GlanceProtocol} - keystone_host: {get_param: KeystoneHost} + keystone_host: {get_param: KeystonePublicApiVirtualIP} neutron_flat_networks: {get_param: NeutronFlatNetworks} neutron_host: {get_param: NeutronHost} neutron_local_ip: {get_attr: [NovaCompute, networks, ctlplane, 0]} diff --git a/controller.yaml b/controller.yaml index 7ee837f5..79f5ece5 100644 --- a/controller.yaml +++ b/controller.yaml @@ -255,6 +255,16 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -333,7 +343,7 @@ parameters: default: 'datacentre' description: If set, flat networks to configure in neutron plugins. NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronNetworkVLANRanges: @@ -375,7 +385,7 @@ parameters: description: If set, the public interface is a vlan with this device as the raw device. type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' @@ -505,6 +515,9 @@ parameters: MysqlVirtualIP: type: string default: '' + KeystoneAdminApiVirtualIP: + type: string + default: '' KeystonePublicApiVirtualIP: type: string default: '' diff --git a/deprecated/nova-compute-instance.yaml b/deprecated/nova-compute-instance.yaml index e68c61f9..811c0fc3 100644 --- a/deprecated/nova-compute-instance.yaml +++ b/deprecated/nova-compute-instance.yaml @@ -100,7 +100,7 @@ parameters: NeutronHost: type: string NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronNetworkVLANRanges: @@ -114,7 +114,7 @@ parameters: description: A port to add to the NeutronPhysicalBridge. type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' diff --git a/deprecated/overcloud-source.yaml b/deprecated/overcloud-source.yaml index d355c4df..0729b338 100644 --- a/deprecated/overcloud-source.yaml +++ b/deprecated/overcloud-source.yaml @@ -221,7 +221,7 @@ parameters: If set, flat networks to configure in neutron plugins. Defaults to 'datacentre' to permit external network creation. NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronNetworkVLANRanges: @@ -279,7 +279,7 @@ parameters: description: Shared secret to prevent spoofing type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml new file mode 100644 index 00000000..3c7901cc --- /dev/null +++ b/environments/puppet-ceph-external.yaml @@ -0,0 +1,18 @@ +# A Heat environment file which can be used to enable the +# use of an externally managed Ceph cluster. +resource_registry: + OS::TripleO::CephClusterConfig::SoftwareConfig: ../puppet/extraconfig/ceph/ceph-external-config.yaml + +parameters: + # NOTE: These example parameters are required when using Ceph External + #CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + #CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + #CephExternalMonHost: '172.16.1.7, 172.16.1.8' + + # the following parameters enable Ceph backends for Cinder, Glance, and Nova + NovaEnableRbdBackend: true + CinderEnableRbdBackend: true + GlanceBackend: rbd + + # finally we disable the Cinder LVM backend + CinderEnableIscsiBackend: false diff --git a/firstboot/userdata_heat_admin.yaml b/firstboot/userdata_heat_admin.yaml new file mode 100644 index 00000000..73481c63 --- /dev/null +++ b/firstboot/userdata_heat_admin.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2014-10-16 + +parameters: + # Can be overriden via parameter_defaults in the environment + node_admin_username: + type: string + default: heat-admin + +description: > + Uses cloud-init to create an additional user with a known name, in addition + to the distro-default user created by the cloud-init default. + +resources: + userdata: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: user_config} + + # Note this requires cloud-init >= 0.7.2 ref bug #1100920 + user_config: + type: OS::Heat::CloudConfig + properties: + cloud_config: + user: {get_param: node_admin_username} + +outputs: + OS::stack_id: + value: {get_resource: userdata} diff --git a/network/external.yaml b/network/external.yaml index bf4bdfe7..e8f92a5e 100644 --- a/network/external.yaml +++ b/network/external.yaml @@ -12,7 +12,7 @@ parameters: ExternalNetValueSpecs: default: {'provider:physical_network': 'external', 'provider:network_type': 'flat'} description: Value specs for the external network. - type: string + type: json ExternalNetAdminStateUp: default: false description: This admin state of of the network. diff --git a/network/internal_api.yaml b/network/internal_api.yaml index c7e822e9..69154bef 100644 --- a/network/internal_api.yaml +++ b/network/internal_api.yaml @@ -12,7 +12,7 @@ parameters: InternalApiNetValueSpecs: default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'} description: Value specs for the internal API network. - type: string + type: json InternalApiNetAdminStateUp: default: false description: This admin state of of the network. diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index 54614ead..257d3f9b 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -1,6 +1,9 @@ heat_template_version: 2015-04-30 parameters: + ControlPlaneIpList: + default: [] + type: comma_delimited_list ExternalIpList: default: [] type: comma_delimited_list @@ -23,6 +26,7 @@ outputs: A Hash containing a mapping of network names to assigned lists of IP addresses. value: + ctlplane: {get_param: ControlPlaneIpList} external: {get_param: ExternalIpList} internal_api: {get_param: InternalApiIpList} storage: {get_param: StorageIpList} diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index edc4060f..7aaed160 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -1,6 +1,9 @@ heat_template_version: 2015-04-30 parameters: + ControlPlaneIp: + default: '' + type: string ExternalIp: default: '' type: string @@ -23,6 +26,7 @@ outputs: A Hash containing a mapping of network names to assigned IPs for a specific machine. value: + ctlplane: {get_param: ControlPlaneIp} external: {get_param: ExternalIp} internal_api: {get_param: InternalApiIp} storage: {get_param: StorageIp} diff --git a/network/ports/net_ip_subnet_map.yaml b/network/ports/net_ip_subnet_map.yaml new file mode 100644 index 00000000..cf59adb3 --- /dev/null +++ b/network/ports/net_ip_subnet_map.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2015-04-30 + +parameters: + ControlPlaneIp: + default: '' + type: string + ExternalIpSubnet: + default: '' + type: string + InternalApiIpSubnet: + default: '' + type: string + StorageIpSubnet: + default: '' + type: string + StorageMgmtIpSubnet: + default: '' + type: string + TenantIpSubnet: + default: '' + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + +outputs: + net_ip_subnet_map: + description: > + A Hash containing a mapping of network names to assigned + IP/subnet mappings. + value: + ctlplane: + list_join: + - '' + - - {get_param: ControlPlaneIp} + - '/' + - {get_param: ControlPlaneSubnetCidr} + external: {get_param: ExternalIpSubnet} + internal_api: {get_param: InternalApiIpSubnet} + storage: {get_param: StorageIpSubnet} + storage_mgmt: {get_param: StorageMgmtIpSubnet} + tenant: {get_param: TenantIpSubnet} diff --git a/network/storage.yaml b/network/storage.yaml index d403f9e5..60b779e0 100644 --- a/network/storage.yaml +++ b/network/storage.yaml @@ -12,7 +12,7 @@ parameters: StorageNetValueSpecs: default: {'provider:physical_network': 'storage', 'provider:network_type': 'flat'} description: Value specs for the storage network. - type: string + type: json StorageNetAdminStateUp: default: false description: This admin state of of the network. diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml index d0c919b5..043bc87b 100644 --- a/network/storage_mgmt.yaml +++ b/network/storage_mgmt.yaml @@ -12,7 +12,7 @@ parameters: StorageMgmtNetValueSpecs: default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'} description: Value specs for the storage_mgmt network. - type: string + type: json StorageMgmtNetAdminStateUp: default: false description: This admin state of of the network. diff --git a/network/tenant.yaml b/network/tenant.yaml index 055b87b8..daf5cb75 100644 --- a/network/tenant.yaml +++ b/network/tenant.yaml @@ -12,7 +12,7 @@ parameters: TenantNetValueSpecs: default: {'provider:physical_network': 'tenant', 'provider:network_type': 'flat'} description: Value specs for the tenant network. - type: string + type: json TenantNetAdminStateUp: default: false description: This admin state of of the network. diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 523e4477..ecb1162e 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -23,6 +23,10 @@ resource_registry: OS::TripleO::BootstrapNode::SoftwareConfig: puppet/bootstrap-config.yaml OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml + # This creates the "heat-admin" user for all OS images by default + # To disable, replace with firstboot/userdata_default.yaml + OS::TripleO::NodeAdminUserData: firstboot/userdata_heat_admin.yaml + # Hooks for operator extra config # NodeUserData == Cloud-init additional user-data, e.g cloud-config # ControllerExtraConfigPre == Controller configuration pre service deployment @@ -44,6 +48,7 @@ resource_registry: OS::TripleO::Network::Tenant: network/noop.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml + OS::TripleO::Network::Ports::NetIpSubnetMap: network/ports/net_ip_subnet_map.yaml OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml # Port assignments for the controller role diff --git a/overcloud-resource-registry.yaml b/overcloud-resource-registry.yaml index 78607b51..094b3311 100644 --- a/overcloud-resource-registry.yaml +++ b/overcloud-resource-registry.yaml @@ -34,6 +34,7 @@ resource_registry: OS::TripleO::Network::Tenant: network/noop.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml + OS::TripleO::Network::Ports::NetIpSubnetMap: network/ports/net_ip_subnet_map.yaml OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml # Port assignments for the controller role diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index fd31c54d..63cce2a3 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -46,6 +46,14 @@ parameters: default: false description: Whether to enable or not the NFS backend for Cinder type: boolean + CephClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + CephExternalMonHost: + default: '' + type: string + description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. CinderEnableIscsiBackend: default: true description: Whether to enable or not the Iscsi backend for Cinder @@ -108,7 +116,7 @@ parameters: If set, flat networks to configure in neutron plugins. Defaults to 'datacentre' to permit external network creation. NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronPassword: @@ -147,7 +155,7 @@ parameters: description: Shared secret to prevent spoofing type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' @@ -399,6 +407,16 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] MysqlInnodbBufferPoolSize: description: > Specifies the size of the buffer pool in megabytes. Setting to @@ -536,7 +554,7 @@ parameters: CinderIscsiNetwork: storage GlanceApiNetwork: storage GlanceRegistryNetwork: internal_api - KeystoneAdminApiNetwork: internal_api + KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints KeystonePublicApiNetwork: internal_api NeutronApiNetwork: internal_api HeatApiNetwork: internal_api @@ -754,6 +772,8 @@ resources: KeystoneSigningKey: {get_param: KeystoneSigningKey} KeystoneSSLCertificate: {get_param: KeystoneSSLCertificate} KeystoneSSLCertificateKey: {get_param: KeystoneSSLCertificateKey} + KeystoneNotificationDriver: {get_param: KeystoneNotificationDriver} + KeystoneNotificationFormat: {get_param: KeystoneNotificationFormat} MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]} MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize} MysqlMaxConnections: {get_param: MysqlMaxConnections} @@ -806,6 +826,7 @@ resources: HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} UpdateIdentifier: {get_param: UpdateIdentifier} @@ -838,7 +859,8 @@ resources: Image: {get_param: NovaImage} ImageUpdatePolicy: {get_param: ImageUpdatePolicy} KeyName: {get_param: KeyName} - KeystoneHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} NeutronBridgeMappings: {get_param: NeutronBridgeMappings} NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} NeutronFlatNetworks: {get_param: NeutronFlatNetworks} @@ -972,6 +994,7 @@ resources: ControllerIpListMap: type: OS::TripleO::Network::Ports::NetIpListMap properties: + ControlPlaneIpList: {get_attr: [Controller, ip_address]} ExternalIpList: {get_attr: [Controller, external_ip_address]} InternalApiIpList: {get_attr: [Controller, internal_api_ip_address]} StorageIpList: {get_attr: [Controller, storage_ip_address]} @@ -1078,6 +1101,7 @@ resources: VipMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} StorageIp: {get_attr: [StorageVirtualIP, ip_address]} @@ -1168,9 +1192,12 @@ resources: CephClusterConfig: type: OS::TripleO::CephClusterConfig::SoftwareConfig properties: + ceph_storage_count: {get_param: CephStorageCount} ceph_fsid: {get_param: CephClusterFSID} ceph_mon_key: {get_param: CephMonKey} ceph_admin_key: {get_param: CephAdminKey} + ceph_client_key: {get_param: CephClientKey} + ceph_external_mon_ips: {get_param: CephExternalMonHost} ceph_mon_names: {get_attr: [Controller, hostname]} ceph_mon_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} @@ -1272,6 +1299,9 @@ outputs: - - http:// - {get_attr: [PublicVirtualIP, ip_address]} - :5000/v2.0/ + KeystoneAdminVip: + description: Keystone Admin VIP endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} PublicVip: description: Controller VIP for public API endpoints value: {get_attr: [PublicVirtualIP, ip_address]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 060f4c81..2bc519bb 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -238,6 +238,7 @@ resources: heat::rabbit_hosts: *rabbit_nodes_array neutron::rabbit_hosts: *rabbit_nodes_array nova::rabbit_hosts: *rabbit_nodes_array + keystone::rabbit_hosts: *rabbit_nodes_array outputs: config_id: diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 33b18574..99265493 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -2,6 +2,18 @@ heat_template_version: 2015-04-30 description: 'Ceph Cluster config data for Puppet' parameters: + ceph_storage_count: + default: 0 + type: number + description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. + ceph_external_mon_ips: + default: '' + type: string + description: List of external Ceph Mon host IPs. + ceph_client_key: + default: '' + type: string + description: Ceph key used to create the 'openstack' user keyring. ceph_fsid: default: '' type: string @@ -26,6 +38,7 @@ resources: datafiles: ceph_cluster: mapped_data: + ceph_storage_count: {get_param: ceph_storage_count} ceph_mon_initial_members: list_join: - ',' diff --git a/puppet/ceph-storage-puppet.yaml b/puppet/ceph-storage-puppet.yaml index fcf4259f..f08b83cd 100644 --- a/puppet/ceph-storage-puppet.yaml +++ b/puppet/ceph-storage-puppet.yaml @@ -66,9 +66,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -91,14 +108,16 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} StorageIp: {get_attr: [StoragePort, ip_address]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} NetIpSubnetMap: - type: OS::TripleO::Network::Ports::NetIpMap + type: OS::TripleO::Network::Ports::NetIpSubnetMap properties: - StorageIp: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]} + ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -119,8 +138,8 @@ resources: params: server: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} - ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} CephStorageConfig: type: OS::Heat::StructuredConfig diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml index 091d1f1b..d764c6f7 100644 --- a/puppet/cinder-storage-puppet.yaml +++ b/puppet/cinder-storage-puppet.yaml @@ -120,9 +120,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -151,6 +168,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml index 7966fd48..74e9b63e 100644 --- a/puppet/compute-puppet.yaml +++ b/puppet/compute-puppet.yaml @@ -70,9 +70,12 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - KeystoneHost: + KeystoneAdminApiVirtualIP: type: string default: '' + KeystonePublicApiVirtualIP: + type: string + default: '' NeutronBridgeMappings: description: > The OVS logical->physical bridge mappings to use. See the Neutron @@ -97,7 +100,7 @@ parameters: NeutronNetworkType: type: string description: The tenant network type for Neutron, either gre or vxlan. - default: 'gre' + default: 'vxlan' NeutronNetworkVLANRanges: default: 'datacentre' description: > @@ -123,7 +126,7 @@ parameters: description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' - default: 'gre' + default: 'vxlan' NeutronTunnelIdRanges: description: | Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges @@ -260,9 +263,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -284,6 +304,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} TenantIp: {get_attr: [TenantPort, ip_address]} @@ -410,7 +431,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: KeystoneHost} + - {get_param: KeystonePublicApiVirtualIP} - ':5000/v2.0' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} @@ -471,7 +492,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: NeutronHost} + - {get_param: KeystoneAdminApiVirtualIP} - ':35357/v2.0' admin_password: {get_param: AdminPassword} rabbit_username: {get_param: RabbitUserName} diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 30090ff3..f47463ab 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -227,6 +227,16 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -309,7 +319,7 @@ parameters: description: Whether to enable l3-agent HA type: string NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronNetworkVLANRanges: @@ -351,7 +361,7 @@ parameters: description: If set, the public interface is a vlan with this device as the raw device. type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' @@ -481,6 +491,9 @@ parameters: MysqlVirtualIP: type: string default: '' + KeystoneAdminApiVirtualIP: + type: string + default: '' KeystonePublicApiVirtualIP: type: string default: '' @@ -518,9 +531,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -552,6 +582,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} @@ -559,13 +590,14 @@ resources: TenantIp: {get_attr: [TenantPort, ip_address]} NetIpSubnetMap: - type: OS::TripleO::Network::Ports::NetIpMap + type: OS::TripleO::Network::Ports::NetIpSubnetMap properties: - ExternalIp: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIp: {get_attr: [InternalApiPort, ip_subnet]} - StorageIp: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIp: {get_attr: [TenantPort, ip_subnet]} + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig @@ -671,6 +703,8 @@ resources: keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone_notification_driver: {get_param: KeystoneNotificationDriver} + keystone_notification_format: {get_param: KeystoneNotificationFormat} keystone_dsn: list_join: - '' @@ -683,7 +717,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} + - {get_param: KeystoneAdminApiVirtualIP} - ':35357/' keystone_auth_uri: list_join: @@ -769,7 +803,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} + - {get_param: KeystoneAdminApiVirtualIP} - ':35357/v2.0' ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} @@ -849,8 +883,8 @@ resources: memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} mysql_virtual_ip: {get_param: MysqlVirtualIP} - ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} # Map heat metadata into hiera datafiles @@ -1000,6 +1034,12 @@ resources: keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::debug: {get_input: debug} keystone::db::mysql::password: {get_input: admin_token} + keystone::rabbit_userid: {get_input: rabbit_username} + keystone::rabbit_password: {get_input: rabbit_password} + keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + keystone::rabbit_port: {get_input: rabbit_client_port} + keystone::notification_driver: {get_input: keystone_notification_driver} + keystone::notification_format: {get_input: keystone_notification_format} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml new file mode 100644 index 00000000..62907104 --- /dev/null +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -0,0 +1,65 @@ +heat_template_version: 2015-04-30 +description: 'Configure parameters for an external Ceph cluster via Puppet.' + +parameters: + ceph_storage_count: + default: 0 + type: number + description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. + ceph_external_mon_ips: + default: '' + type: string + description: List of external Ceph Mon host IPs. + ceph_client_key: + default: '' + type: string + description: Ceph key used to create the 'openstack' user keyring. + ceph_fsid: + default: '' + type: string + # The following parameters are unused for external Ceph clusters and + # are here and exist for compatibility + ceph_admin_key: + default: '' + type: string + ceph_mon_key: + default: '' + type: string + ceph_mon_names: + type: comma_delimited_list + ceph_mon_ips: + type: comma_delimited_list + +resources: + CephClusterConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + ceph_cluster: + mapped_data: + ceph_storage_count: {get_param: ceph_storage_count} + enable_external_ceph: true + ceph::profile::params::mon_host: {get_param: ceph_external_mon_ips} + ceph::profile::params::fsid: {get_param: ceph_fsid} + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.openstack: { + secret: 'CLIENT_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images' + } + }" + params: + CLIENT_KEY: {get_param: ceph_client_key} + + +outputs: + config_id: + description: The ID of the CephClusterConfigImpl resource. + value: + {get_resource: CephClusterConfigImpl} diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index ab88a69a..455f7f22 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -33,3 +33,4 @@ neutron::rabbit_heartbeat_timeout_threshold: 60 cinder::rabbit_heartbeat_timeout_threshold: 60 ceilometer::rabbit_heartbeat_timeout_threshold: 60 heat::rabbit_heartbeat_timeout_threshold: 60 +keystone::rabbit_heartbeat_timeout_threshold: 60 diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 1ae076d2..48def44d 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -75,6 +75,7 @@ neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf # nova nova::notify_on_state_change: 'vm_and_task_state' nova::api::osapi_v3: true +nova::scheduler::filter::ram_allocation_ratio: '1.0' nova::config::nova_config: DEFAULT/default_floating_pool: @@ -98,6 +99,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache' # mysql mysql::server::manage_config_file: true +mysql::server::remove_default_accounts: true tripleo::loadbalancer::keystone_admin: true diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 8bb5148e..b98c3a40 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -122,8 +122,7 @@ if hiera('step') >= 2 { # pre-install swift here so we can build rings include ::swift - $cinder_enable_rbd_backend = hiera('cinder_enable_rbd_backend', false) - $enable_ceph = $cinder_enable_rbd_backend + $enable_ceph = hiera('ceph_storage_count', 0) > 0 if $enable_ceph { class { 'ceph::profile::params': @@ -147,10 +146,13 @@ if hiera('step') >= 2 { } -> Class['ceph::profile::osd'] } - include ::ceph::profile::client include ::ceph::profile::osd } + if str2bool(hiera('enable_external_ceph', 'false')) { + include ::ceph::profile::client + } + } #END STEP 2 if hiera('step') >= 3 { @@ -218,6 +220,7 @@ if hiera('step') >= 3 { include ::nova::network::neutron include ::nova::vncproxy include ::nova::scheduler + include ::nova::scheduler::filter include ::neutron include ::neutron::server @@ -285,20 +288,21 @@ if hiera('step') >= 3 { $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : } + + $cinder_pool_requires = [Ceph::Pool['volumes']] + + } else { + $cinder_pool_requires = [] } - if $cinder_enable_rbd_backend { + if hiera('cinder_enable_rbd_backend', false) { $cinder_rbd_backend = 'tripleo_ceph' - cinder_config { - "${cinder_rbd_backend}/host": value => 'hostgroup'; - } - cinder::backend::rbd { $cinder_rbd_backend : rbd_pool => 'volumes', rbd_user => 'openstack', rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => Ceph::Pool['volumes'], + require => $cinder_pool_requires, } } diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index a3c464a4..862c7bdb 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -438,8 +438,7 @@ MYSQL_HOST=localhost\n", include ::swift # Ceph - $cinder_enable_rbd_backend = hiera('cinder_enable_rbd_backend', false) - $enable_ceph = $cinder_enable_rbd_backend + $enable_ceph = hiera('ceph_storage_count', 0) > 0 if $enable_ceph { class { 'ceph::profile::params': @@ -463,10 +462,13 @@ MYSQL_HOST=localhost\n", } -> Class['ceph::profile::osd'] } - include ::ceph::profile::client include ::ceph::profile::osd } + if str2bool(hiera('enable_external_ceph', 'false')) { + include ::ceph::profile::client + } + } #END STEP 2 @@ -561,6 +563,7 @@ if hiera('step') >= 3 { manage_service => false, enabled => false, } + include ::nova::scheduler::filter class { '::nova::scheduler' : manage_service => false, enabled => false, @@ -652,20 +655,21 @@ if hiera('step') >= 3 { $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : } + + $cinder_pool_requires = [Ceph::Pool['volumes']] + + } else { + $cinder_pool_requires = [] } - if $cinder_enable_rbd_backend { + if hiera('cinder_enable_rbd_backend', false) { $cinder_rbd_backend = 'tripleo_ceph' - cinder_config { - "${cinder_rbd_backend}/host": value => 'hostgroup'; - } - cinder::backend::rbd { $cinder_rbd_backend : rbd_pool => 'volumes', rbd_user => 'openstack', rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => Ceph::Pool['volumes'], + require => $cinder_pool_requires, } } @@ -877,6 +881,43 @@ if hiera('step') >= 4 { clone_params => "interleave=true", } + pacemaker::constraint::base { 'haproxy-then-keystone-constraint': + constraint_type => 'order', + first_resource => "haproxy-clone", + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint': + constraint_type => 'order', + first_resource => "rabbitmq-clone", + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Ocf['rabbitmq'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + pacemaker::constraint::base { 'memcached-then-keystone-constraint': + constraint_type => 'order', + first_resource => "memcached-clone", + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service['memcached'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + pacemaker::constraint::base { 'galera-then-keystone-constraint': + constraint_type => 'order', + first_resource => "galera-master", + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'promote', + second_action => 'start', + require => [Pacemaker::Resource::Ocf['galera'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + # Cinder pacemaker::resource::service { $::cinder::params::api_service : clone_params => "interleave=true", diff --git a/puppet/swift-storage-puppet.yaml b/puppet/swift-storage-puppet.yaml index b3579429..5c4ff5a1 100644 --- a/puppet/swift-storage-puppet.yaml +++ b/puppet/swift-storage-puppet.yaml @@ -89,9 +89,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -120,6 +137,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} |