aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--default_passwords.yaml25
-rw-r--r--environments/cinder-backup.yaml4
-rw-r--r--environments/enable-tls.yaml52
-rw-r--r--environments/major-upgrade-aodh-migration.yaml10
-rw-r--r--environments/network-environment.yaml28
-rw-r--r--environments/puppet-ceph-devel.yaml1
-rw-r--r--environments/puppet-ceph-external.yaml9
-rw-r--r--environments/puppet-pacemaker.yaml8
-rw-r--r--environments/services/ironic.yaml4
-rw-r--r--environments/services/sahara.yaml3
-rw-r--r--environments/storage-environment.yaml2
-rw-r--r--environments/tls-endpoints-public-dns.yaml52
-rw-r--r--environments/tls-endpoints-public-ip.yaml52
-rw-r--r--extraconfig/tasks/aodh_data_migration.sh19
-rwxr-xr-xextraconfig/tasks/major_upgrade_controller_pacemaker_1.sh2
-rw-r--r--extraconfig/tasks/major_upgrade_pacemaker_migrations.sh65
-rw-r--r--extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml33
-rw-r--r--network/config/bond-with-vlans/ceph-storage.yaml26
-rw-r--r--network/config/bond-with-vlans/cinder-storage.yaml22
-rw-r--r--network/config/bond-with-vlans/compute.yaml22
-rw-r--r--network/config/bond-with-vlans/controller-no-external.yaml16
-rw-r--r--network/config/bond-with-vlans/controller-v6.yaml21
-rw-r--r--network/config/bond-with-vlans/controller.yaml14
-rw-r--r--network/config/bond-with-vlans/swift-storage.yaml22
-rw-r--r--network/config/multiple-nics/ceph-storage.yaml18
-rw-r--r--network/config/multiple-nics/cinder-storage.yaml18
-rw-r--r--network/config/multiple-nics/compute.yaml18
-rw-r--r--network/config/multiple-nics/controller-v6.yaml21
-rw-r--r--network/config/multiple-nics/controller.yaml19
-rw-r--r--network/config/multiple-nics/swift-storage.yaml18
-rw-r--r--network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml42
-rw-r--r--network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml38
-rw-r--r--network/config/single-nic-linux-bridge-vlans/compute.yaml39
-rw-r--r--network/config/single-nic-linux-bridge-vlans/controller-v6.yaml178
-rw-r--r--network/config/single-nic-linux-bridge-vlans/controller.yaml37
-rw-r--r--network/config/single-nic-linux-bridge-vlans/swift-storage.yaml38
-rw-r--r--network/config/single-nic-vlans/ceph-storage.yaml14
-rw-r--r--network/config/single-nic-vlans/cinder-storage.yaml14
-rw-r--r--network/config/single-nic-vlans/compute.yaml14
-rw-r--r--network/config/single-nic-vlans/controller-no-external.yaml45
-rw-r--r--network/config/single-nic-vlans/controller-v6.yaml28
-rw-r--r--network/config/single-nic-vlans/controller.yaml17
-rw-r--r--network/config/single-nic-vlans/swift-storage.yaml14
-rw-r--r--network/ports/net_ip_map.yaml31
-rw-r--r--network/ports/net_vip_map_external.yaml21
-rw-r--r--network/ports/net_vip_map_external_v6.yaml21
-rw-r--r--overcloud-resource-registry-puppet.yaml20
-rw-r--r--overcloud.yaml68
-rw-r--r--puppet/all-nodes-config.yaml32
-rw-r--r--puppet/ceph-storage-post.yaml1
-rw-r--r--puppet/ceph-storage.yaml18
-rw-r--r--puppet/cinder-storage-post.yaml1
-rw-r--r--puppet/cinder-storage.yaml21
-rw-r--r--puppet/compute-post.yaml1
-rw-r--r--puppet/compute.yaml210
-rw-r--r--puppet/controller-config-pacemaker.yaml1
-rw-r--r--puppet/controller-config.yaml1
-rw-r--r--puppet/controller.yaml283
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp3
-rw-r--r--puppet/manifests/overcloud_compute.pp3
-rw-r--r--puppet/manifests/overcloud_controller.pp3
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp3
-rw-r--r--puppet/manifests/overcloud_object.pp3
-rw-r--r--puppet/manifests/overcloud_volume.pp3
-rw-r--r--puppet/services/aodh-api.yaml23
-rw-r--r--puppet/services/aodh-base.yaml16
-rw-r--r--puppet/services/aodh-evaluator.yaml11
-rw-r--r--puppet/services/aodh-listener.yaml11
-rw-r--r--puppet/services/aodh-notifier.yaml11
-rw-r--r--puppet/services/ceilometer-agent-central.yaml11
-rw-r--r--puppet/services/ceilometer-agent-compute.yaml11
-rw-r--r--puppet/services/ceilometer-agent-notification.yaml11
-rw-r--r--puppet/services/ceilometer-api.yaml19
-rw-r--r--puppet/services/ceilometer-base.yaml22
-rw-r--r--puppet/services/ceilometer-collector.yaml11
-rw-r--r--puppet/services/ceilometer-expirer.yaml11
-rw-r--r--puppet/services/ceph-base.yaml32
-rw-r--r--puppet/services/ceph-client.yaml13
-rw-r--r--puppet/services/ceph-external.yaml14
-rw-r--r--puppet/services/ceph-mon.yaml15
-rw-r--r--puppet/services/ceph-osd.yaml13
-rw-r--r--puppet/services/cinder-api.yaml17
-rw-r--r--puppet/services/cinder-backup.yaml58
-rw-r--r--puppet/services/cinder-base.yaml9
-rw-r--r--puppet/services/cinder-scheduler.yaml11
-rw-r--r--puppet/services/cinder-volume.yaml21
-rw-r--r--puppet/services/database/mongodb-base.yaml14
-rw-r--r--puppet/services/database/mongodb.yaml20
-rw-r--r--puppet/services/database/mysql.yaml43
-rw-r--r--puppet/services/database/redis-base.yaml15
-rw-r--r--puppet/services/database/redis.yaml13
-rw-r--r--puppet/services/glance-api.yaml17
-rw-r--r--puppet/services/glance-registry.yaml16
-rw-r--r--puppet/services/gnocchi-api.yaml47
-rw-r--r--puppet/services/gnocchi-base.yaml38
-rw-r--r--puppet/services/gnocchi-metricd.yaml12
-rw-r--r--puppet/services/gnocchi-statsd.yaml12
-rw-r--r--puppet/services/haproxy.yaml42
-rw-r--r--puppet/services/heat-api-cfn.yaml20
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml20
-rw-r--r--puppet/services/heat-api.yaml20
-rw-r--r--puppet/services/heat-base.yaml14
-rw-r--r--puppet/services/heat-engine.yaml27
-rw-r--r--puppet/services/horizon.yaml9
-rw-r--r--puppet/services/ironic-api.yaml32
-rw-r--r--puppet/services/ironic-base.yaml12
-rw-r--r--puppet/services/ironic-conductor.yaml21
-rw-r--r--puppet/services/keepalived.yaml22
-rw-r--r--puppet/services/kernel.yaml9
-rw-r--r--puppet/services/keystone.yaml20
-rw-r--r--puppet/services/manila-api.yaml26
-rw-r--r--puppet/services/manila-base.yaml9
-rw-r--r--puppet/services/manila-scheduler.yaml11
-rw-r--r--puppet/services/manila-share.yaml11
-rw-r--r--puppet/services/memcached.yaml9
-rw-r--r--puppet/services/neutron-api.yaml (renamed from puppet/services/neutron-server.yaml)15
-rw-r--r--puppet/services/neutron-base.yaml14
-rw-r--r--puppet/services/neutron-compute-plugin-midonet.yaml9
-rw-r--r--puppet/services/neutron-compute-plugin-nuage.yaml9
-rw-r--r--puppet/services/neutron-compute-plugin-opencontrail.yaml9
-rw-r--r--puppet/services/neutron-compute-plugin-plumgrid.yaml9
-rw-r--r--puppet/services/neutron-dhcp.yaml28
-rw-r--r--puppet/services/neutron-l3-compute-dvr.yaml13
-rw-r--r--puppet/services/neutron-l3.yaml13
-rw-r--r--puppet/services/neutron-metadata.yaml13
-rw-r--r--puppet/services/neutron-midonet.yaml9
-rw-r--r--puppet/services/neutron-ovs-agent.yaml26
-rw-r--r--puppet/services/neutron-ovs-dpdk-agent.yaml73
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml21
-rw-r--r--puppet/services/neutron-plugin-nuage.yaml13
-rw-r--r--puppet/services/neutron-plugin-opencontrail.yaml13
-rw-r--r--puppet/services/neutron-plugin-plumgrid.yaml9
-rw-r--r--puppet/services/neutron-sriov-agent.yaml58
-rw-r--r--puppet/services/nova-api.yaml16
-rw-r--r--puppet/services/nova-base.yaml27
-rw-r--r--puppet/services/nova-compute.yaml48
-rw-r--r--puppet/services/nova-conductor.yaml11
-rw-r--r--puppet/services/nova-consoleauth.yaml11
-rw-r--r--puppet/services/nova-ironic.yaml53
-rw-r--r--puppet/services/nova-libvirt.yaml17
-rw-r--r--puppet/services/nova-scheduler.yaml16
-rw-r--r--puppet/services/nova-vncproxy.yaml21
-rw-r--r--puppet/services/pacemaker.yaml9
-rw-r--r--puppet/services/pacemaker/ceilometer-agent-central.yaml11
-rw-r--r--puppet/services/pacemaker/ceilometer-agent-notification.yaml11
-rw-r--r--puppet/services/pacemaker/ceilometer-api.yaml11
-rw-r--r--puppet/services/pacemaker/ceilometer-collector.yaml11
-rw-r--r--puppet/services/pacemaker/cinder-api.yaml11
-rw-r--r--puppet/services/pacemaker/cinder-backup.yaml60
-rw-r--r--puppet/services/pacemaker/cinder-scheduler.yaml11
-rw-r--r--puppet/services/pacemaker/cinder-volume.yaml11
-rw-r--r--puppet/services/pacemaker/core.yaml9
-rw-r--r--puppet/services/pacemaker/database/mongodb.yaml13
-rw-r--r--puppet/services/pacemaker/database/mysql.yaml19
-rw-r--r--puppet/services/pacemaker/database/redis.yaml13
-rw-r--r--puppet/services/pacemaker/glance-api.yaml11
-rw-r--r--puppet/services/pacemaker/glance-registry.yaml11
-rw-r--r--puppet/services/pacemaker/gnocchi-api.yaml13
-rw-r--r--puppet/services/pacemaker/gnocchi-metricd.yaml12
-rw-r--r--puppet/services/pacemaker/gnocchi-statsd.yaml12
-rw-r--r--puppet/services/pacemaker/haproxy.yaml11
-rw-r--r--puppet/services/pacemaker/heat-api-cfn.yaml11
-rw-r--r--puppet/services/pacemaker/heat-api-cloudwatch.yaml11
-rw-r--r--puppet/services/pacemaker/heat-api.yaml11
-rw-r--r--puppet/services/pacemaker/heat-engine.yaml11
-rw-r--r--puppet/services/pacemaker/horizon.yaml11
-rw-r--r--puppet/services/pacemaker/keystone.yaml11
-rw-r--r--puppet/services/pacemaker/manila-share.yaml13
-rw-r--r--puppet/services/pacemaker/memcached.yaml13
-rw-r--r--puppet/services/pacemaker/neutron-dhcp.yaml11
-rw-r--r--puppet/services/pacemaker/neutron-l3.yaml11
-rw-r--r--puppet/services/pacemaker/neutron-metadata.yaml11
-rw-r--r--puppet/services/pacemaker/neutron-midonet.yaml11
-rw-r--r--puppet/services/pacemaker/neutron-ovs-agent.yaml13
-rw-r--r--puppet/services/pacemaker/neutron-plugin-ml2.yaml13
-rw-r--r--puppet/services/pacemaker/neutron-plugin-nuage.yaml11
-rw-r--r--puppet/services/pacemaker/neutron-plugin-opencontrail.yaml11
-rw-r--r--puppet/services/pacemaker/neutron-plugin-plumgrid.yaml11
-rw-r--r--puppet/services/pacemaker/neutron-server.yaml11
-rw-r--r--puppet/services/pacemaker/nova-api.yaml11
-rw-r--r--puppet/services/pacemaker/nova-conductor.yaml11
-rw-r--r--puppet/services/pacemaker/nova-consoleauth.yaml11
-rw-r--r--puppet/services/pacemaker/nova-scheduler.yaml11
-rw-r--r--puppet/services/pacemaker/nova-vncproxy.yaml11
-rw-r--r--puppet/services/pacemaker/rabbitmq.yaml11
-rw-r--r--puppet/services/pacemaker/sahara-api.yaml11
-rw-r--r--puppet/services/pacemaker/sahara-engine.yaml11
-rw-r--r--puppet/services/rabbitmq.yaml29
-rw-r--r--puppet/services/sahara-api.yaml11
-rw-r--r--puppet/services/sahara-base.yaml9
-rw-r--r--puppet/services/sahara-engine.yaml11
-rw-r--r--puppet/services/services.yaml13
-rw-r--r--puppet/services/snmp.yaml9
-rw-r--r--puppet/services/swift-base.yaml33
-rw-r--r--puppet/services/swift-proxy.yaml115
-rw-r--r--puppet/services/swift-ringbuilder.yaml9
-rw-r--r--puppet/services/swift-storage.yaml68
-rw-r--r--puppet/services/time/ntp.yaml9
-rw-r--r--puppet/services/time/timezone.yaml9
-rw-r--r--puppet/services/tripleo-firewall.yaml28
-rw-r--r--puppet/services/tripleo-packages.yaml34
-rw-r--r--puppet/swift-storage-post.yaml1
-rw-r--r--puppet/swift-storage.yaml56
-rwxr-xr-xtools/yaml-validate.py7
204 files changed, 3459 insertions, 972 deletions
diff --git a/default_passwords.yaml b/default_passwords.yaml
new file mode 100644
index 00000000..7a47f443
--- /dev/null
+++ b/default_passwords.yaml
@@ -0,0 +1,25 @@
+heat_template_version: 2016-10-14
+
+description: Passwords we manage at the top level
+
+parameters:
+ DefaultMysqlRootPassword:
+ type: string
+ DefaultRabbitCookie:
+ type: string
+ DefaultHeatAuthEncryptionKey:
+ type: string
+ DefaultPcsdPassword:
+ type: string
+ DefaultHorizonSecret:
+ type: string
+
+outputs:
+ passwords:
+ description: Password data
+ value:
+ mysql_root_password: {get_param: DefaultMysqlRootPassword}
+ rabbit_cookie: {get_param: DefaultRabbitCookie}
+ heat_auth_encryption_key: {get_param: DefaultHeatAuthEncryptionKey}
+ pcsd_password: {get_param: DefaultPcsdPassword}
+ horizon_secret: {get_param: DefaultHorizonSecret}
diff --git a/environments/cinder-backup.yaml b/environments/cinder-backup.yaml
new file mode 100644
index 00000000..f01fcbd9
--- /dev/null
+++ b/environments/cinder-backup.yaml
@@ -0,0 +1,4 @@
+resource_registry:
+ OS::TripleO::Services::CinderBackup: ../puppet/services/pacemaker/cinder-backup.yaml
+ # For non-pcmk managed implementation
+ # OS::TripleO::Services::CinderBackup: ../puppet/services/cinder-backup.yaml \ No newline at end of file
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml
index 290d2011..39ded654 100644
--- a/environments/enable-tls.yaml
+++ b/environments/enable-tls.yaml
@@ -1,58 +1,12 @@
+# Use this environment to pass in certificates for SSL deployments.
+# For these values to take effect, one of the tls-endpoints-*.yaml environments
+# must also be used.
parameter_defaults:
SSLCertificate: |
The contents of your certificate go here
SSLIntermediateCertificate: ''
SSLKey: |
The contents of the private key go here
- EndpointMap:
- AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
- AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
- AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
- CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
- CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
- CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
- CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
- CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
- CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
- GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
- GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
- GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
- GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
- GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
- GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
- GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
- HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
- HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
- HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
- HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
- HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
- HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
- HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
- IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
- IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
- IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
- KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
- KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
- KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
- ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
- ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
- ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
- MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
- NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
- NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
- NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
- NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
- NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
- NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
- NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
- NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
- NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
- SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
- SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
- SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
- SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
resource_registry:
OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml
diff --git a/environments/major-upgrade-aodh-migration.yaml b/environments/major-upgrade-aodh-migration.yaml
new file mode 100644
index 00000000..c1dbde42
--- /dev/null
+++ b/environments/major-upgrade-aodh-migration.yaml
@@ -0,0 +1,10 @@
+resource_registry:
+ # aodh data migration
+ OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml
+
+ # no-op the rest
+ OS::TripleO::ControllerPostDeployment: OS::Heat::None
+ OS::TripleO::ComputePostDeployment: OS::Heat::None
+ OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None
+ OS::TripleO::BlockStoragePostDeployment: OS::Heat::None
+ OS::TripleO::CephStoragePostDeployment: OS::Heat::None
diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml
index cf94d7fc..d0fc9ec6 100644
--- a/environments/network-environment.yaml
+++ b/environments/network-environment.yaml
@@ -15,14 +15,23 @@ resource_registry:
parameter_defaults:
# This section is where deployment-specific configuration is done
+ # CIDR subnet mask length for provisioning network
+ ControlPlaneSubnetCidr: '24'
+ # Gateway router for the provisioning network (or Undercloud IP)
+ ControlPlaneDefaultRoute: 192.0.2.254
+ EC2MetadataIp: 192.0.2.1 # Generally the IP of the Undercloud
# Customize the IP subnets to match the local environment
InternalApiNetCidr: 172.17.0.0/24
StorageNetCidr: 172.18.0.0/24
StorageMgmtNetCidr: 172.19.0.0/24
TenantNetCidr: 172.16.0.0/24
ExternalNetCidr: 10.0.0.0/24
- # CIDR subnet mask length for provisioning network
- ControlPlaneSubnetCidr: '24'
+ # Customize the VLAN IDs to match the local environment
+ InternalApiNetworkVlanID: 20
+ StorageNetworkVlanID: 30
+ StorageMgmtNetworkVlanID: 40
+ TenantNetworkVlanID: 50
+ ExternalNetworkVlanID: 10
# Customize the IP ranges on each network to use for static IPs and VIPs
InternalApiAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}]
StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}]
@@ -32,18 +41,13 @@ parameter_defaults:
ExternalAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.50'}]
# Gateway router for the external network
ExternalInterfaceDefaultRoute: 10.0.0.1
- # Gateway router for the provisioning network (or Undercloud IP)
- ControlPlaneDefaultRoute: 192.0.2.254
- # Generally the IP of the Undercloud
- EC2MetadataIp: 192.0.2.1
+ # Uncomment if using the Management Network (see network-management.yaml)
+ # ManagementNetCidr: 10.0.1.0/24
+ # ManagementAllocationPools: [{'start': '10.0.1.10', 'end', '10.0.1.50'}]
+ # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates
+ # ManagementInterfaceDefaultRoute: 10.0.1.1
# Define the DNS servers (maximum 2) for the overcloud nodes
DnsServers: ["8.8.8.8","8.8.4.4"]
- # Customize the VLAN IDs to match the local environment
- InternalApiNetworkVlanID: 10
- StorageNetworkVlanID: 20
- StorageMgmtNetworkVlanID: 30
- TenantNetworkVlanID: 40
- ExternalNetworkVlanID: 50
# Set to empty string to enable multiple external networks or VLANs
NeutronExternalNetworkBridge: "''"
# The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling.
diff --git a/environments/puppet-ceph-devel.yaml b/environments/puppet-ceph-devel.yaml
index a9e459df..9c8abbb4 100644
--- a/environments/puppet-ceph-devel.yaml
+++ b/environments/puppet-ceph-devel.yaml
@@ -16,6 +16,7 @@ parameter_defaults:
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
+ CinderBackupBackend: ceph
GlanceBackend: rbd
GnocchiBackend: rbd
CinderEnableIscsiBackend: false
diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml
index d5e0b1b5..06e4f7aa 100644
--- a/environments/puppet-ceph-external.yaml
+++ b/environments/puppet-ceph-external.yaml
@@ -2,9 +2,12 @@
# use of an externally managed Ceph cluster.
resource_registry:
OS::TripleO::Services::CephExternal: ../puppet/services/ceph-external.yaml
+ OS::TripleO::Services::CephMon: OS::Heat::None
+ OS::TripleO::Services::CephClient: OS::Heat::None
+ OS::TripleO::Services::CephOSD: OS::Heat::None
parameter_defaults:
- # NOTE: These example parameters are required when using Ceph External
+ # NOTE: These example parameters are required when using CephExternal
#CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
#CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
#CephExternalMonHost: '172.16.1.7, 172.16.1.8'
@@ -12,6 +15,7 @@ parameter_defaults:
# the following parameters enable Ceph backends for Cinder, Glance, Gnocchi and Nova
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
+ CinderBackupBackend: ceph
GlanceBackend: rbd
GnocchiBackend: rbd
# If the Ceph pools which host VMs, Volumes and Images do not match these
@@ -25,3 +29,6 @@ parameter_defaults:
# finally we disable the Cinder LVM backend
CinderEnableIscsiBackend: false
+
+ # Backward compatibility setting, will be removed in the future
+ CephAdminKey: ''
diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml
index 74b91106..8cfbab6d 100644
--- a/environments/puppet-pacemaker.yaml
+++ b/environments/puppet-pacemaker.yaml
@@ -7,9 +7,8 @@ resource_registry:
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# custom pacemaker services
- # NOTE: For now we will need to specify overrides to all services
- # which use pacemaker. In the future (with upcoming HA light work) this
- # list will hopefully be much smaller however.
+ # NOTE: Please before adding any pacemaker-managed services, get in touch
+ # with bandini, Ng or beekhof
OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml
OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml
@@ -17,6 +16,3 @@ resource_registry:
OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml
OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml
# Services that are disabled by default (use relevant environment files):
- OS::Tripleo::Services::ManilaShare: OS::Heat::None
- OS::TripleO::Services::SaharaApi: ../puppet/services/pacemaker/sahara-api.yaml
- OS::TripleO::Services::SaharaEngine: ../puppet/services/pacemaker/sahara-engine.yaml
diff --git a/environments/services/ironic.yaml b/environments/services/ironic.yaml
new file mode 100644
index 00000000..8359f4a7
--- /dev/null
+++ b/environments/services/ironic.yaml
@@ -0,0 +1,4 @@
+resource_registry:
+ OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml
+ OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml
+ OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml
diff --git a/environments/services/sahara.yaml b/environments/services/sahara.yaml
new file mode 100644
index 00000000..82205dd1
--- /dev/null
+++ b/environments/services/sahara.yaml
@@ -0,0 +1,3 @@
+resource_registry:
+ OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml
+ OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml
diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml
index 0128cabd..8cf34622 100644
--- a/environments/storage-environment.yaml
+++ b/environments/storage-environment.yaml
@@ -14,6 +14,8 @@ parameter_defaults:
CinderEnableIscsiBackend: false
## Whether to enable rbd (Ceph) backend for Cinder.
CinderEnableRbdBackend: true
+ ## Cinder Backup backend can be either 'ceph' or 'swift'.
+ CinderBackupBackend: ceph
## Whether to enable NFS backend for Cinder.
# CinderEnableNfsBackend: false
## Whether to enable rbd (Ceph) backend for Nova ephemeral storage.
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
new file mode 100644
index 00000000..7c8e850c
--- /dev/null
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -0,0 +1,52 @@
+# Use this environment when deploying an SSL-enabled overcloud where the public
+# endpoint is a DNS name.
+parameter_defaults:
+ EndpointMap:
+ AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
+ GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
+ GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
+ HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+ NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
new file mode 100644
index 00000000..80595c6c
--- /dev/null
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -0,0 +1,52 @@
+# Use this environment when deploying an SSL-enabled overcloud where the public
+# endpoint is an IP address.
+parameter_defaults:
+ EndpointMap:
+ AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
+ GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
+ GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
+ HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
+ IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
+ NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
+ SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
diff --git a/extraconfig/tasks/aodh_data_migration.sh b/extraconfig/tasks/aodh_data_migration.sh
new file mode 100644
index 00000000..d4c29673
--- /dev/null
+++ b/extraconfig/tasks/aodh_data_migration.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# This delivers the aodh data migration script to be invoked as part of the tripleo
+# major upgrade workflow to migrate all the alarm data from mongodb to mysql.
+# This needs to run post controller node upgrades so new aodh mysql db configured and
+# running.
+#
+set -eu
+
+#Get existing mongodb connection
+MONGO_DB_CONNECTION="$(crudini --get /etc/ceilometer/ceilometer.conf database connection)"
+
+# Get the aodh database string from hiera data
+MYSQL_DB_CONNECTION="$(crudini --get /etc/aodh/aodh.conf database connection)"
+
+#Run migration
+/usr/bin/aodh-data-migration --nosql-conn $MONGO_DB_CONNECTION --sql-conn $MYSQL_DB_CONNECTION
+
+
diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
index 36d85444..d67d5a1a 100755
--- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
+++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
@@ -50,7 +50,7 @@ if [ "$mariadb_do_major_upgrade" = "auto" ]; then
DO_MYSQL_UPGRADE=0
fi
echo "mysql upgrade required: $DO_MYSQL_UPGRADE"
-elif [ "$mariadb_do_major_upgrade" = 0 ]; then
+elif [ "$mariadb_do_major_upgrade" = "no" ]; then
DO_MYSQL_UPGRADE=0
else
DO_MYSQL_UPGRADE=1
diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
index 164269dc..7ed7012d 100644
--- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
+++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
@@ -38,11 +38,11 @@ function is_mysql_upgrade_needed {
fi
local currentepoch=$(rpm -q --qf "%{epoch}" $name)
- local currentversion=$(rpm -q --qf "%{version}" $name)
+ local currentversion=$(rpm -q --qf "%{version}" $name | cut -d. -f-2)
local currentrelease=$(rpm -q --qf "%{release}" $name)
local newoutput=$(repoquery -a --pkgnarrow=updates --qf "%{epoch} %{version} %{release}\n" $name)
local newepoch=$(echo "$newoutput" | awk '{ print $1 }')
- local newversion=$(echo "$newoutput" | awk '{ print $2 }')
+ local newversion=$(echo "$newoutput" | awk '{ print $2 }' | cut -d. -f-2)
local newrelease=$(echo "$newoutput" | awk '{ print $3 }')
# With this we trigger the dump restore/path if we change either epoch or
@@ -56,64 +56,3 @@ function is_mysql_upgrade_needed {
fi
echo "1"
}
-
-function add_missing_openstack_core_constraints {
- # The CIBs are saved under /root as they might contain sensitive data
- CIB="/root/migration.cib"
- CIB_BACKUP="/root/backup.cib"
- CIB_PUSH_NEEDED=n
-
- rm -f "$CIB" "$CIB_BACKUP" || /bin/true
- pcs cluster cib "$CIB"
- cp "$CIB" "$CIB_BACKUP"
-
- if ! pcs -f "$CIB" constraint --full | grep 'start openstack-sahara-api-clone then start openstack-sahara-engine-clone'; then
- pcs -f "$CIB" constraint order start openstack-sahara-api-clone then start openstack-sahara-engine-clone
- CIB_PUSH_NEEDED=y
- fi
-
- if ! pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-ceilometer-notification-clone'; then
- pcs -f "$CIB" constraint order start openstack-core-clone then start openstack-ceilometer-notification-clone
- CIB_PUSH_NEEDED=y
- fi
-
- if ! pcs -f "$CIB" constraint --full | grep 'start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone'; then
- pcs -f "$CIB" constraint order start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone
- CIB_PUSH_NEEDED=y
- fi
-
- if pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone'; then
- CID=$(pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone' | sed -e 's/.*id\://g' -e 's/)//g')
- pcs -f "$CIB" constraint remove $CID
- CIB_PUSH_NEEDED=y
- fi
-
- if [ "$CIB_PUSH_NEEDED" = 'y' ]; then
- pcs cluster cib-push "$CIB"
- fi
-}
-
-function remove_ceilometer_alarm {
- if pcs status | grep openstack-ceilometer-alarm; then
- # Disable pacemaker resources for ceilometer-alarms
- pcs resource disable openstack-ceilometer-alarm-evaluator
- check_resource openstack-ceilometer-alarm-evaluator stopped 600
- pcs resource delete openstack-ceilometer-alarm-evaluator
- pcs resource disable openstack-ceilometer-alarm-notifier
- check_resource openstack-ceilometer-alarm-notifier stopped 600
- pcs resource delete openstack-ceilometer-alarm-notifier
-
- # remove constraints
- pcs constraint remove ceilometer-delay-then-ceilometer-alarm-evaluator-constraint
- pcs constraint remove ceilometer-alarm-evaluator-with-ceilometer-delay-colocation
- pcs constraint remove ceilometer-alarm-evaluator-then-ceilometer-alarm-notifier-constraint
- pcs constraint remove ceilometer-alarm-notifier-with-ceilometer-alarm-evaluator-colocation
- pcs constraint remove ceilometer-alarm-notifier-then-ceilometer-notification-constraint
- pcs constraint remove ceilometer-notification-with-ceilometer-alarm-notifier-colocation
-
- fi
-
- # uninstall openstack-ceilometer-alarm package
- yum -y remove openstack-ceilometer-alarm
-
-}
diff --git a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml
new file mode 100644
index 00000000..9414ac19
--- /dev/null
+++ b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml
@@ -0,0 +1,33 @@
+heat_template_version: 2014-10-16
+
+description: >
+ Software-config for performing aodh data migration
+
+parameters:
+ controller_servers:
+ type: json
+ compute_servers:
+ type: json
+ blockstorage_servers:
+ type: json
+ objectstorage_servers:
+ type: json
+ cephstorage_servers:
+ type: json
+ input_values:
+ type: json
+ description: input values for the software deployments
+resources:
+
+ AodhMysqlMigrationScriptConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: {get_file: aodh_data_migration.sh}
+
+ AodhMysqlMigrationScriptDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: controller_servers}
+ config: {get_resource: AodhMysqlMigrationScriptConfig}
+ input_values: {get_param: input_values}
diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml
index 93db8666..b414747f 100644
--- a/network/config/bond-with-vlans/ceph-storage.yaml
+++ b/network/config/bond-with-vlans/ceph-storage.yaml
@@ -38,6 +38,14 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
@@ -46,6 +54,10 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
@@ -57,6 +69,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -123,6 +143,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -130,6 +152,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml
index bea98c19..5ee9ff09 100644
--- a/network/config/bond-with-vlans/cinder-storage.yaml
+++ b/network/config/bond-with-vlans/cinder-storage.yaml
@@ -38,6 +38,10 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -50,6 +54,10 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
@@ -61,6 +69,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -134,6 +150,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -141,6 +159,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml
index 774bf02d..19c011eb 100644
--- a/network/config/bond-with-vlans/compute.yaml
+++ b/network/config/bond-with-vlans/compute.yaml
@@ -38,6 +38,10 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -46,6 +50,10 @@ parameters:
default: 30
description: Vlan ID for the storage network traffic.
type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
@@ -61,6 +69,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -134,6 +150,8 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -141,6 +159,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml
index d9532439..6242e2f8 100644
--- a/network/config/bond-with-vlans/controller-no-external.yaml
+++ b/network/config/bond-with-vlans/controller-no-external.yaml
@@ -62,10 +62,17 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -102,6 +109,9 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
-
type: ovs_bridge
name: {get_input: bridge_name}
@@ -148,6 +158,8 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -155,6 +167,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml
index 7869ebfc..71b7e1b1 100644
--- a/network/config/bond-with-vlans/controller-v6.yaml
+++ b/network/config/bond-with-vlans/controller-v6.yaml
@@ -64,10 +64,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -75,6 +71,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -106,6 +110,7 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -134,6 +139,7 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -166,6 +172,9 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: vlan
# device: bond1
@@ -173,6 +182,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml
index d3627ead..9917f073 100644
--- a/network/config/bond-with-vlans/controller.yaml
+++ b/network/config/bond-with-vlans/controller.yaml
@@ -62,10 +62,17 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -158,6 +165,9 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: vlan
# device: bond1
@@ -165,6 +175,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml
index de9121e5..4dd6628f 100644
--- a/network/config/bond-with-vlans/swift-storage.yaml
+++ b/network/config/bond-with-vlans/swift-storage.yaml
@@ -38,6 +38,10 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -50,6 +54,10 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
@@ -61,6 +69,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -134,6 +150,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -141,6 +159,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml
index 84cb0f12..c31c6e65 100644
--- a/network/config/multiple-nics/ceph-storage.yaml
+++ b/network/config/multiple-nics/ceph-storage.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -118,6 +122,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -125,6 +131,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml
index 0b0218c5..4f8b7f64 100644
--- a/network/config/multiple-nics/cinder-storage.yaml
+++ b/network/config/multiple-nics/cinder-storage.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -125,6 +129,8 @@ resources:
-
ip_netmask: {get_param: InternalApiIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -132,6 +138,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml
index 97eef52b..77514745 100644
--- a/network/config/multiple-nics/compute.yaml
+++ b/network/config/multiple-nics/compute.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -133,6 +137,8 @@ resources:
# force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -140,6 +146,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml
index b69879fb..da1f95f1 100644
--- a/network/config/multiple-nics/controller-v6.yaml
+++ b/network/config/multiple-nics/controller-v6.yaml
@@ -59,10 +59,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -70,6 +66,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -102,6 +106,7 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -150,6 +155,7 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -160,6 +166,9 @@ resources:
# force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: interface
# name: nic7
@@ -167,6 +176,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml
index 377fd116..7a1f9e5f 100644
--- a/network/config/multiple-nics/controller.yaml
+++ b/network/config/multiple-nics/controller.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -155,6 +159,9 @@ resources:
# force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: interface
# name: nic7
@@ -162,6 +169,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml
index b75bbd6e..05083105 100644
--- a/network/config/multiple-nics/swift-storage.yaml
+++ b/network/config/multiple-nics/swift-storage.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -125,6 +129,8 @@ resources:
-
ip_netmask: {get_param: InternalApiIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -132,6 +138,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
index a46d7e20..fc8e8b6f 100644
--- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
@@ -29,6 +29,18 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
@@ -37,6 +49,14 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -44,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -99,6 +127,20 @@ resources:
addresses:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: br-storage
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
index 08613a3b..6fb247ed 100644
--- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
@@ -29,6 +29,14 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -41,6 +49,14 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -48,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -110,6 +134,20 @@ resources:
addresses:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: br-storage
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml
index b6522c67..e31720d8 100644
--- a/network/config/single-nic-linux-bridge-vlans/compute.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml
@@ -29,6 +29,14 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -37,10 +45,18 @@ parameters:
default: 30
description: Vlan ID for the storage network traffic.
type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -48,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -81,7 +105,6 @@ resources:
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
-
- ip_netmask: 0.0.0.0/0
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
members:
@@ -111,6 +134,20 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: {get_input: bridge_name}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
new file mode 100644
index 00000000..80125149
--- /dev/null
+++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
@@ -0,0 +1,178 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config to configure VLANs for the
+ controller role with IPv6 on the External network. The IPv6 default
+ route is on the External network, and the IPv4 default route is on
+ the Control Plane.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: linux_bridge
+ name: {get_input: bridge_name}
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
+ members:
+ -
+ type: interface
+ name: {get_input: interface_name}
+ # force the MAC address of the bridge to this interface
+ primary: true
+ -
+ type: vlan
+ vlan_id: {get_param: ExternalNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: ExternalIpSubnet}
+ routes:
+ # IPv6 Default Route
+ -
+ default: true
+ next_hop: {get_param: ExternalInterfaceDefaultRoute}
+ -
+ type: vlan
+ vlan_id: {get_param: InternalApiNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: StorageNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: StorageMgmtNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageMgmtIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: TenantNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: {get_input: bridge_name}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml
index 72105481..aef5d4e3 100644
--- a/network/config/single-nic-linux-bridge-vlans/controller.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml
@@ -29,6 +29,10 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
@@ -49,10 +53,21 @@ parameters:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -64,9 +79,6 @@ parameters:
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
- ControlPlaneDefaultRoute: # Override this via parameter_defaults
- description: The default route of the control plane network.
- type: string
resources:
OsNetConfigImpl:
@@ -92,8 +104,8 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
- ip_netmask: 0.0.0.0/0
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
members:
@@ -110,8 +122,8 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
- ip_netmask: 0.0.0.0/0
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
-
@@ -142,6 +154,21 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: {get_input: bridge_name}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
index 962b9890..a5d2f966 100644
--- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
@@ -29,6 +29,14 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -41,6 +49,14 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -48,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -110,6 +134,20 @@ resources:
addresses:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: br-storage
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml
index 80bc32d3..6fa288af 100644
--- a/network/config/single-nic-vlans/ceph-storage.yaml
+++ b/network/config/single-nic-vlans/ceph-storage.yaml
@@ -52,6 +52,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -106,12 +114,18 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml
index e509443a..d1135776 100644
--- a/network/config/single-nic-vlans/cinder-storage.yaml
+++ b/network/config/single-nic-vlans/cinder-storage.yaml
@@ -56,6 +56,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -116,12 +124,18 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml
index 8cf6825d..bd3cef34 100644
--- a/network/config/single-nic-vlans/compute.yaml
+++ b/network/config/single-nic-vlans/compute.yaml
@@ -56,6 +56,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -116,12 +124,18 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml
index eb5e1e5a..8e8b0f5d 100644
--- a/network/config/single-nic-vlans/controller-no-external.yaml
+++ b/network/config/single-nic-vlans/controller-no-external.yaml
@@ -5,6 +5,10 @@ description: >
controller role. No external IP is configured.
parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
@@ -53,10 +57,28 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
resources:
OsNetConfigImpl:
@@ -69,7 +91,22 @@ resources:
-
type: ovs_bridge
name: {get_input: bridge_name}
- use_dhcp: true
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
members:
-
type: interface
@@ -101,12 +138,18 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml
index 472e539d..ecbf2efb 100644
--- a/network/config/single-nic-vlans/controller-v6.yaml
+++ b/network/config/single-nic-vlans/controller-v6.yaml
@@ -59,10 +59,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -70,6 +66,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -102,6 +106,7 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -115,9 +120,10 @@ resources:
type: vlan
vlan_id: {get_param: ExternalNetworkVlanID}
addresses:
- -
- ip_netmask: {get_param: ExternalIpSubnet}
+ -
+ ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -145,12 +151,20 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
- #- # Uncomment when including environments/network-management.yaml
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml
index a5a0745d..c5979a89 100644
--- a/network/config/single-nic-vlans/controller.yaml
+++ b/network/config/single-nic-vlans/controller.yaml
@@ -57,10 +57,17 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -137,12 +144,20 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
- #- # Uncomment when including environments/network-management.yaml
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml
index efc03393..7b06580c 100644
--- a/network/config/single-nic-vlans/swift-storage.yaml
+++ b/network/config/single-nic-vlans/swift-storage.yaml
@@ -56,6 +56,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -116,12 +124,18 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml
index 1ed74528..fcf2eeee 100644
--- a/network/ports/net_ip_map.yaml
+++ b/network/ports/net_ip_map.yaml
@@ -101,34 +101,3 @@ outputs:
storage_mgmt_uri: {get_param: StorageMgmtIpUri}
tenant_uri: {get_param: TenantIpUri}
management_uri: {get_param: ManagementIpUri}
- # net_ip_subnet_map is deprecated, please use *subnet from net_ip_map
- net_ip_subnet_map:
- description: >
- A Hash containing a mapping of network names to assigned IPs/CIDR
- for a specific machine.
- value:
- ctlplane:
- list_join:
- - ''
- - - {get_param: ControlPlaneIp}
- - '/'
- - {get_param: ControlPlaneSubnetCidr}
- external: {get_param: ExternalIpSubnet}
- internal_api: {get_param: InternalApiIpSubnet}
- storage: {get_param: StorageIpSubnet}
- storage_mgmt: {get_param: StorageMgmtIpSubnet}
- tenant: {get_param: TenantIpSubnet}
- management: {get_param: ManagementIpSubnet}
- # net_ip_uri_map is deprecated, please use *uri from net_ip_map
- net_ip_uri_map:
- description: >
- A Hash containing a mapping of network names to assigned IPs for a
- specific machine with brackets around IPv6 addresses for use in URLs.
- value:
- ctlplane: {get_param: ControlPlaneIp}
- external: {get_param: ExternalIpUri}
- internal_api: {get_param: InternalApiIpUri}
- storage: {get_param: StorageIpUri}
- storage_mgmt: {get_param: StorageMgmtIpUri}
- tenant: {get_param: TenantIpUri}
- management: {get_param: ManagementIpUri}
diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml
index a40a0bfc..71e6e811 100644
--- a/network/ports/net_vip_map_external.yaml
+++ b/network/ports/net_vip_map_external.yaml
@@ -45,12 +45,6 @@ parameters:
StorageMgmtIpUri:
default: ''
type: string
- TenantIp:
- default: ''
- type: string
- TenantIpUri:
- default: ''
- type: string
outputs:
net_ip_map:
@@ -63,13 +57,8 @@ outputs:
internal_api: {get_param: InternalApiNetworkVip}
storage: {get_param: StorageNetworkVip}
storage_mgmt: {get_param: StorageMgmtNetworkVip}
- net_ip_uri_map:
- description: >
- A Hash containing a mapping of netowrk names to assigned IPs for a
- specific machine with brackets around IPv6 addresses for use in URLs.
- value:
- ctlplane: {get_param: ControlPlaneIP}
- external: {get_param: ExternalNetworkVip}
- internal_api: {get_param: InternalApiNetworkVip}
- storage: {get_param: StorageNetworkVip}
- storage_mgmt: {get_param: StorageMgmtNetworkVip}
+ ctlplane_uri: {get_param: ControlPlaneIP}
+ external_uri: {get_param: ExternalNetworkVip}
+ internal_api_uri: {get_param: InternalApiNetworkVip}
+ storage_uri: {get_param: StorageNetworkVip}
+ storage_mgmt_uri: {get_param: StorageMgmtNetworkVip}
diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml
index f6d67fe8..8d054349 100644
--- a/network/ports/net_vip_map_external_v6.yaml
+++ b/network/ports/net_vip_map_external_v6.yaml
@@ -45,12 +45,6 @@ parameters:
StorageMgmtIpUri:
default: ''
type: string
- TenantIp:
- default: ''
- type: string
- TenantIpUri:
- default: ''
- type: string
outputs:
net_ip_map:
@@ -63,31 +57,26 @@ outputs:
internal_api: {get_param: InternalApiNetworkVip}
storage: {get_param: StorageNetworkVip}
storage_mgmt: {get_param: StorageMgmtNetworkVip}
- net_ip_uri_map:
- description: >
- A Hash containing a mapping of netowrk names to assigned IPs for a
- specific machine with brackets around IPv6 addresses for use in URLs.
- value:
- ctlplane: {get_param: ControlPlaneIP}
- external:
+ ctlplane_uri: {get_param: ControlPlaneIP}
+ external_uri:
list_join:
- ''
- - '['
- {get_param: ExternalNetworkVip}
- ']'
- internal_api:
+ internal_api_uri:
list_join:
- ''
- - '['
- {get_param: InternalApiNetworkVip}
- ']'
- storage:
+ storage_uri:
list_join:
- ''
- - '['
- {get_param: StorageNetworkVip}
- ']'
- storage_mgmt:
+ storage_mgmt_uri:
list_join:
- ''
- - '['
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 0ff634d4..ab4d249f 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -19,6 +19,7 @@ resource_registry:
OS::TripleO::CephStoragePostDeployment: puppet/ceph-storage-post.yaml
OS::TripleO::SwiftDevicesAndProxy::SoftwareConfig: puppet/swift-devices-and-proxy-config.yaml
OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
+ OS::TripleO::DefaultPasswords: default_passwords.yaml
# Tasks (for internal TripleO usage)
OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None
@@ -134,6 +135,7 @@ resource_registry:
OS::TripleO::Services::CephClient: OS::Heat::None
OS::TripleO::Services::CephExternal: OS::Heat::None
OS::TripleO::Services::CinderApi: puppet/services/cinder-api.yaml
+ OS::TripleO::Services::CinderBackup: OS::Heat::None
OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml
OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml
OS::TripleO::Services::Core: OS::Heat::None
@@ -144,14 +146,15 @@ resource_registry:
OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml
- OS::TripleO::Services::IronicApi: puppet/services/ironic-api.yaml
- OS::TripleO::Services::IronicConductor: puppet/services/ironic-conductor.yaml
OS::TripleO::Services::Kernel: puppet/services/kernel.yaml
OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml
OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
- OS::TripleO::Services::NeutronServer: puppet/services/neutron-server.yaml
+ # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
+ # the multinode job ControllerServices after this patch merges
+ OS::TripleO::Services::NeutronServer: puppet/services/neutron-api.yaml
+ OS::TripleO::Services::NeutronApi: puppet/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: puppet/services/neutron-plugin-ml2.yaml
# can be the same as NeutronCorePlugin but some vendors install different
# things where VMs run
@@ -162,14 +165,16 @@ resource_registry:
OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml
OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
+ # ComputeNeutronOvsAgent can be overriden to puppet/services/neutron-ovs-dpdk-agent.yaml also to enable DPDK
OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::Pacemaker: OS::Heat::None
+ OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml
OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml
OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml
OS::TripleO::Services::Memcached: puppet/services/memcached.yaml
- OS::TripleO::Services::SaharaApi: puppet/services/sahara-api.yaml
- OS::TripleO::Services::SaharaEngine: puppet/services/sahara-engine.yaml
+ OS::TripleO::Services::SaharaApi: OS::Heat::None
+ OS::TripleO::Services::SaharaEngine: OS::Heat::None
OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
@@ -209,6 +214,11 @@ resource_registry:
OS::TripleO::Services::MistralEngine: OS::Heat::None
OS::TripleO::Services::MistralApi: OS::Heat::None
OS::TripleO::Services::MistralExecutor: OS::Heat::None
+ OS::TripleO::Services::IronicApi: OS::Heat::None
+ OS::TripleO::Services::IronicConductor: OS::Heat::None
+ OS::TripleO::Services::NovaIronic: OS::Heat::None
+ OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
+ OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
parameter_defaults:
EnablePackageInstall: false
diff --git a/overcloud.yaml b/overcloud.yaml
index c8fe671e..f96f6605 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -56,6 +56,12 @@ parameters:
Control the IP allocation for the StorageMgmgVirtualInterface port. E.g.
[{'ip_address':'1.2.3.4'}]
type: json
+ RedisVirtualFixedIPs:
+ default: []
+ description: >
+ Control the IP allocation for the virtual IP used by Redis. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ type: json
CloudDomain:
default: 'localdomain'
type: string
@@ -85,11 +91,6 @@ parameters:
may be implementation specific, e.g puppet hieradata. Any role specific
ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig.
type: json
- SwiftHashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings in the ring.
- type: string
- hidden: true
-
# Compute-specific params
ComputeCount:
@@ -112,6 +113,7 @@ parameters:
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Core
@@ -127,7 +129,7 @@ parameters:
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
@@ -166,6 +168,11 @@ parameters:
- OS::TripleO::Services::AodhListener
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Controllers.
@@ -186,6 +193,9 @@ parameters:
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::NeutronSriovAgent
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Compute Nodes.
@@ -208,6 +218,8 @@ parameters:
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the BlockStorage nodes.
@@ -231,6 +243,8 @@ parameters:
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the ObjectStorage nodes.
@@ -254,6 +268,8 @@ parameters:
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the CephStorage nodes.
@@ -368,7 +384,9 @@ resources:
type: OS::TripleO::Services
properties:
Services: {get_param: ControllerServices}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
+ DefaultPasswords: {get_attr: [DefaultPasswords, passwords]}
Controller:
type: OS::Heat::ResourceGroup
@@ -381,17 +399,12 @@ resources:
properties:
CloudDomain: {get_param: CloudDomain}
controllerExtraConfig: {get_param: controllerExtraConfig}
- HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
HorizonSecret: {get_resource: HorizonSecret}
- MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]}
- MysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
PcsdPassword: {get_resource: PcsdPassword}
- RabbitCookie: {get_attr: [RabbitCookie, value]}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
- MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MysqlNetwork]}]}
Hostname:
str_replace:
template: {get_param: ControllerHostnameFormat}
@@ -402,11 +415,12 @@ resources:
ServiceNames: {get_attr: [ControllerServiceChain, role_data, service_names]}
ComputeServiceChain:
-
type: OS::TripleO::Services
properties:
Services: {get_param: ComputeServices}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
+ DefaultPasswords: {get_attr: [DefaultPasswords, passwords]}
Compute:
type: OS::Heat::ResourceGroup
@@ -418,15 +432,8 @@ resources:
type: OS::TripleO::Compute
properties:
CloudDomain: {get_param: CloudDomain}
- GlanceHost: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]}
- KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]}
- KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]}
NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge}
NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface}
- # L3 HA and Failover is not relevant for Computes, should be removed
- NovaApiHost: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]}
- NovaPublicIP: {get_attr: [VipMap, net_ip_map, external]}
- RabbitHost: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, RabbitMqNetwork]}]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
Hostname:
@@ -442,7 +449,9 @@ resources:
type: OS::TripleO::Services
properties:
Services: {get_param: BlockStorageServices}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
+ DefaultPasswords: {get_attr: [DefaultPasswords, passwords]}
BlockStorage:
type: OS::Heat::ResourceGroup
@@ -472,7 +481,9 @@ resources:
type: OS::TripleO::Services
properties:
Services: {get_param: ObjectStorageServices}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
+ DefaultPasswords: {get_attr: [DefaultPasswords, passwords]}
ObjectStorage:
type: OS::Heat::ResourceGroup
@@ -483,7 +494,6 @@ resources:
resource_def:
type: OS::TripleO::ObjectStorage
properties:
- HashSuffix: {get_param: SwiftHashSuffix}
UpdateIdentifier: {get_param: UpdateIdentifier}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
Hostname:
@@ -503,7 +513,9 @@ resources:
type: OS::TripleO::Services
properties:
Services: {get_param: CephStorageServices}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
+ DefaultPasswords: {get_attr: [DefaultPasswords, passwords]}
CephStorage:
type: OS::Heat::ResourceGroup
@@ -593,17 +605,21 @@ resources:
properties:
length: 10
- MysqlClusterUniquePart:
- type: OS::Heat::RandomString
- properties:
- length: 10
-
RabbitCookie:
type: OS::Heat::RandomString
properties:
length: 20
salt: {get_param: RabbitCookieSalt}
+ DefaultPasswords:
+ type: OS::TripleO::DefaultPasswords
+ properties:
+ DefaultMysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
+ DefaultRabbitCookie: {get_attr: [RabbitCookie, value]}
+ DefaultHeatAuthEncryptionKey: {get_attr: [HeatAuthEncryptionKey, value]}
+ DefaultPcsdPassword: {get_attr: [PcsdPassword, value]}
+ DefaultHorizonSecret: {get_attr: [HorizonSecret, value]}
+
# creates the network architecture
Networks:
type: OS::TripleO::Network
@@ -626,6 +642,7 @@ resources:
PortName: redis_virtual_ip
NetworkName: {get_attr: [ServiceNetMap, service_net_map, RedisNetwork]}
ServiceName: redis
+ FixedIPs: {get_param: RedisVirtualFixedIPs}
# The public VIP is on the External net, falls back to ctlplane
PublicVirtualIP:
@@ -796,6 +813,7 @@ resources:
- {get_attr: [Controller, resource.0.storage_ip_address]}
- {get_attr: [Controller, resource.0.storage_mgmt_ip_address]}
- {get_attr: [Controller, resource.0.tenant_ip_address]}
+ - {get_attr: [Controller, resource.0.management_ip_address]}
ControllerAllNodesValidationDeployment:
type: OS::Heat::StructuredDeployments
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 6f13b74e..f1ce42b1 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -104,14 +104,6 @@ resources:
list_join:
- ','
- {get_param: controller_names}
- rabbit_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: rabbit_node_ips}
rabbitmq_node_ips: &rabbit_nodes_array
str_replace:
template: "['SERVERS_LIST']"
@@ -128,14 +120,6 @@ resources:
list_join:
- "','"
- {get_param: mongo_node_ips}
- mongo_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: mongo_node_ips}
redis_node_ips:
str_replace:
template: "['SERVERS_LIST']"
@@ -160,22 +144,6 @@ resources:
list_join:
- "]','inet6:["
- {get_param: memcache_node_ips}
- memcache_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: memcache_node_ips}
- memcache_node_ips_v6:
- str_replace:
- template: "['inet6:[SERVERS_LIST]']"
- params:
- SERVERS_LIST:
- list_join:
- - "]','inet6:["
- - {get_param: memcache_node_ips}
mysql_node_ips:
str_replace:
template: "['SERVERS_LIST']"
diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml
index 70baeb6e..a83e0cfe 100644
--- a/puppet/ceph-storage-post.yaml
+++ b/puppet/ceph-storage-post.yaml
@@ -38,6 +38,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
inputs:
- name: step
outputs:
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index 08d66f5c..829456b5 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -22,10 +22,6 @@ parameters:
default: default
constraints:
- custom_constraint: nova.keypair
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -234,10 +230,7 @@ resources:
config: {get_resource: CephStorageConfig}
server: {get_resource: CephStorage}
input_values:
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
- ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
CephStorageConfig:
type: OS::Heat::StructuredConfig
@@ -252,11 +245,8 @@ resources:
- extraconfig
- service_names
- service_configs
- - ceph_cluster # provided by CephClusterConfig
- - ceph
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - network
merge_behavior: deeper
datafiles:
service_names:
@@ -267,21 +257,13 @@ resources:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
ceph_extraconfig:
mapped_data: {get_param: CephStorageExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
ceph:
mapped_data:
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
- ceph::profile::params::public_network: {get_input: ceph_public_network}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml
index c3dd403e..6416c43e 100644
--- a/puppet/cinder-storage-post.yaml
+++ b/puppet/cinder-storage-post.yaml
@@ -37,6 +37,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
inputs:
- name: step
outputs:
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index ba84fb77..ef3f08ff 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -38,10 +38,6 @@ parameters:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
UpdateIdentifier:
default: ''
type: string
@@ -110,7 +106,7 @@ resources:
properties:
image:
{get_param: BlockStorageImage}
- flavor: {get_param: Flavor}
+ flavor: {get_param: OvercloudBlockStorageFlavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
@@ -238,12 +234,6 @@ resources:
input_values:
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- cinder_iscsi_ip_address:
- str_replace:
- template: "'IP'"
- params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
# Map heat metadata into hiera datafiles
@@ -263,7 +253,6 @@ resources:
- volume
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - network
merge_behavior: deeper
datafiles:
service_names:
@@ -274,20 +263,12 @@ resources:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
volume_extraconfig:
mapped_data: {get_param: BlockStorageExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
volume:
mapped_data:
- # Cinder
- tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address}
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml
index c1b37772..d0c6082c 100644
--- a/puppet/compute-post.yaml
+++ b/puppet/compute-post.yaml
@@ -38,6 +38,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
inputs:
- name: step
outputs:
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index 0fc5345c..1790aa0d 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -4,36 +4,6 @@ description: >
OpenStack hypervisor node configured via Puppet.
parameters:
- AdminPassword:
- description: The password for the keystone admin account, used for monitoring, querying neutron etc.
- type: string
- hidden: true
- CeilometerComputeAgent:
- description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
- type: string
- default: ''
- constraints:
- - allowed_values: ['', Present]
- CeilometerMeteringSecret:
- description: Secret shared by the ceilometer services.
- type: string
- hidden: true
- CeilometerPassword:
- description: The password for the ceilometer service account.
- type: string
- hidden: true
- CinderEnableNfsBackend:
- default: false
- description: Whether to enable or not the NFS backend for Cinder
- type: boolean
- CinderEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Cinder
- type: boolean
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
ExtraConfig:
default: {}
description: |
@@ -46,9 +16,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- GlanceHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
NovaImage:
type: string
default: overcloud-full
@@ -64,16 +31,6 @@ parameters:
default: default
constraints:
- custom_constraint: nova.keypair
- KeystoneAdminApiVirtualIP:
- type: string
- default: ''
- KeystonePublicApiVirtualIP:
- type: string
- default: ''
- NeutronPassword:
- description: The password for the neutron service account, used by neutron agents.
- type: string
- hidden: true
NeutronPhysicalBridge:
default: 'br-ex'
description: An OVS bridge to create for accessing external networks.
@@ -85,12 +42,6 @@ parameters:
NodeIndex:
type: number
default: 0
- NovaApiHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- NovaComputeDriver:
- type: string
- default: libvirt.LibvirtDriver
NovaComputeExtraConfig:
default: {}
description: |
@@ -100,65 +51,6 @@ parameters:
NovaComputeIPs:
default: {}
type: json
- NovaComputeLibvirtType:
- type: string
- default: kvm
- NovaComputeLibvirtVifDriver:
- default: ''
- description: Libvirt VIF driver configuration for the network
- type: string
- NovaEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Nova
- type: boolean
- NovaIPv6:
- default: false
- description: Enable IPv6 features in Nova
- type: boolean
- NovaPassword:
- description: The password for the nova service account, used by nova-api.
- type: string
- hidden: true
- NovaPublicIP:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- NovaOVSBridge:
- default: 'br-int'
- description: Name of integration bridge used by Open vSwitch
- type: string
- NovaSecurityGroupAPI:
- default: 'neutron'
- description: The full class name of the security API class
- type: string
- RabbitHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
- UpgradeLevelNovaCompute:
- type: string
- description: Nova Compute upgrade level
- default: ''
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -366,15 +258,14 @@ resources:
- service_names
- service_configs
- compute
- - ceph_cluster # provided by CephClusterConfig
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - network
- neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
- nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- midonet_data # Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
+ - cisco_aci_data # Optionally provided by ComputeExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
@@ -389,67 +280,8 @@ resources:
mapped_data: {get_param: NovaComputeExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
compute:
mapped_data:
- cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
- nova::use_ipv6: {get_input: nova_ipv6}
- nova::debug: {get_input: debug}
- nova::rabbit_userid: {get_input: rabbit_username}
- nova::rabbit_password: {get_input: rabbit_password}
- nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- nova::rabbit_port: {get_input: rabbit_client_port}
- nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
- nova_compute_driver: {get_input: nova_compute_driver}
- # TODO(emilien): move libvirt & migration parameters in libvirt profile
- # used to deploy libvirt/kvm dependencies:
- nova::compute::libvirt::services::libvirt_virt_type: {get_input: nova_compute_libvirt_type}
- # used to configured nova.conf:
- nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type}
- nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver}
- nova_api_host: {get_input: nova_api_host}
- nova::compute::vncproxy_host: {get_input: nova_public_ip}
- nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend}
- # TUNNELLED mode provides a security enhancement when using shared storage but is not
- # supported when not using shared storage.
- # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
- # In future versions of QEMU (2.6, mostly), Dan's native encryption
- # work will obsolete the need to use TUNNELLED transport mode.
- nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend}
- rbd_persistent_storage: {get_input: cinder_enable_rbd_backend}
- nova_password: {get_input: nova_password}
- nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address}
- nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol}
- nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host}
- nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port}
- nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge}
- nova::network::neutron::security_group_api: {get_input: nova_security_group_api}
- ceilometer::debug: {get_input: debug}
- ceilometer::rabbit_userid: {get_input: rabbit_username}
- ceilometer::rabbit_password: {get_input: rabbit_password}
- ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- ceilometer::rabbit_port: {get_input: rabbit_client_port}
- ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
- ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
- nova::glance_api_servers: {get_input: glance_api_servers}
- neutron::debug: {get_input: debug}
- neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_username}
- neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- neutron::rabbit_port: {get_input: rabbit_client_port}
- neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
-
- nova::network::neutron::neutron_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
- nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
- keystone_public_api_virtual_ip: {get_input: keystone_vip}
- admin_password: {get_input: admin_password}
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
NovaComputeDeployment:
@@ -460,46 +292,6 @@ resources:
config: {get_resource: NovaComputeConfig}
server: {get_resource: NovaCompute}
input_values:
- cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
- debug: {get_param: Debug}
- nova_compute_driver: {get_param: NovaComputeDriver}
- nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType}
- nova_compute_libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
- nova_public_ip: {get_param: NovaPublicIP}
- nova_api_host: {get_param: NovaApiHost}
- nova_password: {get_param: NovaPassword}
- nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend}
- nova_ipv6: {get_param: NovaIPv6}
- cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
- nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]}
- nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
- # Remove brackets that may come if the IP address is IPv6.
- # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value
- nova_vncproxy_host:
- str_replace:
- template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
- params:
- '[': ''
- ']': ''
- nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
- nova_ovs_bridge: {get_param: NovaOVSBridge}
- nova_security_group_api: {get_param: NovaSecurityGroupAPI}
- upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
- ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
- ceilometer_password: {get_param: CeilometerPassword}
- ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
- neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
- neutron_password: {get_param: NeutronPassword}
- neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]}
- neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]}
- keystone_vip: {get_param: KeystonePublicApiVirtualIP}
- admin_password: {get_param: AdminPassword}
- rabbit_username: {get_param: RabbitUserName}
- rabbit_password: {get_param: RabbitPassword}
- rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
- rabbit_client_port: {get_param: RabbitClientPort}
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
# Resource for site-specific injection of root certificate
diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml
index 5116cac7..b313f5de 100644
--- a/puppet/controller-config-pacemaker.yaml
+++ b/puppet/controller-config-pacemaker.yaml
@@ -23,6 +23,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
outputs:
- name: result
config:
diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml
index cadba703..811c544d 100644
--- a/puppet/controller-config.yaml
+++ b/puppet/controller-config.yaml
@@ -23,6 +23,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
outputs:
- name: result
config:
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 4591edf2..b5d3b6f8 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -4,14 +4,6 @@ description: >
OpenStack controller node configured by Puppet.
parameters:
- AdminPassword:
- description: The password for the keystone admin account, used for monitoring, querying neutron etc.
- type: string
- hidden: true
- AodhPassword:
- description: The password for the aodh services.
- type: string
- hidden: true
controllerExtraConfig:
default: {}
description: |
@@ -31,10 +23,6 @@ parameters:
...
}
type: json
- ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
- type: string
CorosyncIPv6:
default: false
description: Enable IPv6 in Corosync
@@ -47,10 +35,6 @@ parameters:
default: false
description: Whether to enable fencing in Pacemaker or not.
type: boolean
- EnableGalera:
- default: true
- description: Whether to use Galera instead of regular MariaDB.
- type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer on the Controller
@@ -99,21 +83,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- HAProxyStatsPassword:
- description: Password for HAProxy stats endpoint
- type: string
- HAProxyStatsUser:
- description: User for HAProxy stats endpoint
- default: admin
- type: string
- HAProxySyslogAddress:
- default: /dev/log
- description: Syslog address where HAproxy will send its log
- type: string
- HeatAuthEncryptionKey:
- description: Auth encryption key for heat-engine
- type: string
- hidden: true
HorizonSecret:
description: Secret key for Django
type: string
@@ -149,31 +118,6 @@ parameters:
default: false
description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean
- MysqlClusterUniquePart:
- description: A unique identifier of the MySQL cluster the controller is in.
- type: string
- default: 'unset' # Has to be here because of the ignored empty value bug
- # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
- # constraints:
- # - length: {min: 4, max: 10}
- MysqlInnodbBufferPoolSize:
- description: >
- Specifies the size of the buffer pool in megabytes. Setting to
- zero should be interpreted as "no value" and will defer to the
- lower level default.
- type: number
- default: 0
- MysqlMaxConnections:
- description: Configures MySQL max_connections config setting
- type: number
- default: 4096
- MysqlClustercheckPassword:
- type: string
- hidden: true
- MysqlRootPassword:
- type: string
- hidden: true
- default: '' # Has to be here because of the ignored empty value bug
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
@@ -203,34 +147,6 @@ parameters:
type: string
description: The password for the 'pcsd' user.
hidden: true
- PublicVirtualInterface:
- default: 'br-ex'
- description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
- type: string
- RabbitCookie:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- hidden: true
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
RedisPassword:
description: The password for Redis
type: string
@@ -242,22 +158,14 @@ parameters:
type: string
default: '' # Has to be here because of the ignored empty value bug
description: An IP address which is wrapped in brackets in case of IPv6
- SwiftHashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings
- in the ring.
- hidden: true
- type: string
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
default: ''
- MysqlVirtualIP:
- type: string
- default: ''
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -484,42 +392,16 @@ resources:
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- haproxy_log_address: {get_param: HAProxySyslogAddress}
- haproxy_stats_password: {get_param: HAProxyStatsPassword}
- haproxy_stats_user: {get_param: HAProxyStatsUser}
- heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_secret: {get_param: HorizonSecret}
- admin_password: {get_param: AdminPassword}
debug: {get_param: Debug}
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
- enable_galera: {get_param: EnableGalera}
enable_load_balancer: {get_param: EnableLoadBalancer}
manage_firewall: {get_param: ManageFirewall}
purge_firewall_rules: {get_param: PurgeFirewallRules}
- mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
- mysql_max_connections: {get_param: MysqlMaxConnections}
- mysql_root_password: {get_param: MysqlRootPassword}
- mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
- mysql_cluster_name:
- str_replace:
- template: tripleo-CLUSTER
- params:
- CLUSTER: {get_param: MysqlClusterUniquePart}
neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
- aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
- aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
- ceilometer_coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - {get_param: RedisVirtualIPUri}
- - ':6379/'
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
nova_ipv6: {get_param: NovaIPv6}
corosync_ipv6: {get_param: CorosyncIPv6}
@@ -529,37 +411,10 @@ resources:
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
- rabbit_username: {get_param: RabbitUserName}
- rabbit_password: {get_param: RabbitPassword}
- rabbit_cookie: {get_param: RabbitCookie}
- rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
- rabbit_client_port: {get_param: RabbitClientPort}
- control_virtual_interface: {get_param: ControlVirtualInterface}
- public_virtual_interface: {get_param: PublicVirtualInterface}
- swift_hash_suffix: {get_param: SwiftHashSuffix}
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
- cinder_iscsi_network:
- str_replace:
- template: "'IP'"
- params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
- cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
- glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
- keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
- mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongodbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
- ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
- aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
- gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
@@ -567,17 +422,18 @@ resources:
str_replace:
template: "['SUBNET']"
params:
- SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitmqNetwork]}]}
+ SUBNET:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
redis_vip: {get_param: RedisVirtualIP}
sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
- mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- mysql_virtual_ip: {get_param: MysqlVirtualIP}
- ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
- ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
- ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
# Map heat metadata into hiera datafiles
@@ -596,13 +452,10 @@ resources:
- service_names
- controller
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- - ceph_cluster # provided by CephClusterConfig
- - ceph
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by vip-config
- '"%{::osfamily}"'
- - network
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
@@ -610,6 +463,7 @@ resources:
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
+ - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
@@ -627,16 +481,6 @@ resources:
- {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
- ceph:
- mapped_data:
- ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
- ceph::profile::params::public_network: {get_input: ceph_public_network}
- ceph::profile::params::public_addr: {get_input: ceph_public_ip}
controller:
mapped_data: # data supplied directly to this deployment configuration, etc
bootstack_nodeid: {get_input: bootstack_nodeid}
@@ -648,78 +492,18 @@ resources:
corosync_ipv6: {get_input: corosync_ipv6}
tripleo::fencing::config: {get_input: fencing_config}
- # Swift
- # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
- swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
- swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
- swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
-
- # Cinder
- tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network}
- cinder::api::bind_host: {get_input: cinder_api_network}
-
- # Glance
- glance::api::bind_host: {get_input: glance_api_network}
- glance::registry::bind_host: {get_input: glance_registry_network}
-
- # Heat
- heat::api::bind_host: {get_input: heat_api_network}
- heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
- heat::api_cfn::bind_host: {get_input: heat_api_network}
- heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
-
- # Keystone
- keystone::admin_bind_host: {get_input: keystone_admin_api_network}
- keystone::public_bind_host: {get_input: keystone_public_api_network}
- keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
- keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
-
- # Manila
- manila::api::bind_host: {get_input: manila_api_network}
-
- # MongoDB
- mongodb::server::bind_ip: {get_input: mongo_db_network}
-
- # MySQL
- admin_password: {get_input: admin_password}
- enable_galera: {get_input: enable_galera}
- mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
- mysql_max_connections: {get_input: mysql_max_connections}
- mysql::server::root_password: {get_input: mysql_root_password}
- mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
- mysql_cluster_name: {get_input: mysql_cluster_name}
- mysql_bind_host: {get_input: mysql_network}
- mysql_virtual_ip: {get_input: mysql_virtual_ip}
-
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
-
- # Aodh
- aodh::api::host: {get_input: aodh_api_network}
- aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
-
- # Ceilometer
- ceilometer::api::host: {get_input: ceilometer_api_network}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
- # Gnocchi
- gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
- gnocchi::api::host: {get_input: gnocchi_api_network}
- gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
- gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
- gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
-
# Nova
nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
nova::use_ipv6: {get_input: nova_ipv6}
- nova::api::auth_uri: {get_input: keystone_auth_uri}
- nova::api::identity_uri: {get_input: keystone_identity_uri}
nova::api::api_bind_address: {get_input: nova_api_network}
nova::api::metadata_listen: {get_input: nova_metadata_network}
- nova::api::admin_password: {get_input: nova_password}
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::api::instance_name_template: {get_input: instance_name_template}
@@ -737,9 +521,6 @@ resources:
# Sahara
sahara::host: {get_input: sahara_api_network}
- # RabbitMQ
- rabbitmq::node_ip_address: {get_input: rabbitmq_network}
- rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
# Redis
redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
@@ -749,18 +530,7 @@ resources:
# Misc
memcached_ipv6: {get_input: memcached_ipv6}
memcached::listen_ip: {get_input: memcached_network}
- control_virtual_interface: {get_input: control_virtual_interface}
- public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
- tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
- tripleo::haproxy::redis_password: {get_input: redis_password}
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
@@ -877,16 +647,37 @@ outputs:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
- template: 'r1z1-IP:%PORT%/d1'
+ template:
+ list_join:
+ - ','
+ - ['r1z1-IP:%PORT%/d1']
+ - repeat:
+ template: 'r1z1-IP:%PORT%/DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
+ IP:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
swift_proxy_memcache:
description: Swift proxy-memcache value
value:
str_replace:
template: "IP:11211"
params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
+ IP:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index df83496f..2653badf 100644
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -13,9 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('ceph_classes', [])
}
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 19ec575a..f96c193c 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -13,9 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('compute_classes', [])
}
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 30e7c8d9..25bdbfb2 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -13,9 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('controller_classes', [])
}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index a782207e..d329d5fc 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -13,9 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('controller_classes', [])
}
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
index 18e90d1f..414a06ba 100644
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -13,9 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('object_classes', [])
}
diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp
index f6787719..e1cdadd5 100644
--- a/puppet/manifests/overcloud_volume.pp
+++ b/puppet/manifests/overcloud_volume.pp
@@ -13,9 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('volume_classes', [])
}
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index ab51212c..4308052b 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Aodh API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
AodhBase:
type: ./aodh-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -26,12 +37,18 @@ outputs:
- get_attr: [AodhBase, role_data, config_settings]
- aodh::wsgi::apache::ssl: false
aodh::api::service_name: 'httpd'
- aodh::api::keystone_tenant: 'service'
- - tripleo.aodh_api.firewall_rules:
+ tripleo.aodh_api.firewall_rules:
'128 aodh-api':
dport:
- 8042
- 13042
-
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]}
+ aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
step_config: |
include tripleo::profile::base::aodh::api
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 6a9f5d75..15f81953 100644
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Aodh service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -73,9 +82,10 @@ outputs:
aodh::rabbit_password: {get_param: RabbitPassword}
aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
aodh::rabbit_port: {get_param: RabbitClientPort}
- aodh::api::keystone_password: {get_param: AodhPassword}
- aodh::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- aodh::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ aodh::keystone::authtoken::project_name: 'service'
+ aodh::keystone::authtoken::password: {get_param: AodhPassword}
+ aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml
index 103f691a..3988c940 100644
--- a/puppet/services/aodh-evaluator.yaml
+++ b/puppet/services/aodh-evaluator.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Aodh Evaluator service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
AodhBase:
type: ./aodh-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml
index 01caf8b5..bc1ccde7 100644
--- a/puppet/services/aodh-listener.yaml
+++ b/puppet/services/aodh-listener.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Aodh Listener service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
AodhBase:
type: ./aodh-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml
index de07f780..66e9f3e9 100644
--- a/puppet/services/aodh-notifier.yaml
+++ b/puppet/services/aodh-notifier.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Aodh Notifier service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
AodhBase:
type: ./aodh-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml
index a51ec2df..72bad632 100644
--- a/puppet/services/ceilometer-agent-central.yaml
+++ b/puppet/services/ceilometer-agent-central.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer Central Agent service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -18,6 +27,8 @@ resources:
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml
index 181c64d2..5bfecfed 100644
--- a/puppet/services/ceilometer-agent-compute.yaml
+++ b/puppet/services/ceilometer-agent-compute.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer Compute Agent service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml
index 58e28a3d..7873706d 100644
--- a/puppet/services/ceilometer-agent-notification.yaml
+++ b/puppet/services/ceilometer-agent-notification.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer Notification Agent service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index c5c143b0..85b9aacc 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -30,6 +41,12 @@ outputs:
dport:
- 8777
- 13777
- - ceilometer::api::keystone_tenant: 'service'
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
step_config: |
include ::tripleo::profile::base::ceilometer::api
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 1398fedb..62fdd5c1 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -35,6 +44,10 @@ parameters:
default: false
description: Whether to store events in ceilometer.
type: boolean
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
KeystoneRegion:
type: string
default: 'regionOne'
@@ -64,6 +77,7 @@ outputs:
value:
service_name: ceilometer_base
config_settings:
+ ceilometer::debug: {get_param: Debug}
ceilometer::db::database_connection:
list_join:
- ''
@@ -77,9 +91,10 @@ outputs:
ceilometer::metering_secret: {get_param: CeilometerMeteringSecret}
# we include db_sync class in puppet-tripleo
ceilometer::db::sync_db: false
- ceilometer::api::keystone_password: {get_param: CeilometerPassword}
- ceilometer::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- ceilometer::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ ceilometer::keystone::authtoken::project_name: 'service'
+ ceilometer::keystone::authtoken::password: {get_param: CeilometerPassword}
+ ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents}
@@ -111,3 +126,4 @@ outputs:
ceilometer::rabbit_heartbeat_timeout_threshold: 60
ceilometer::db::database_db_max_retries: -1
ceilometer::db::database_max_retries: -1
+ ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml
index 7a7bc19d..ef7ffbd6 100644
--- a/puppet/services/ceilometer-collector.yaml
+++ b/puppet/services/ceilometer-collector.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer Collector service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml
index c960e6dc..63a6d41d 100644
--- a/puppet/services/ceilometer-expirer.yaml
+++ b/puppet/services/ceilometer-expirer.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer Expirer service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
CeilometerServiceBase:
type: ./ceilometer-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml
index 47028610..4d98546d 100644
--- a/puppet/services/ceph-base.yaml
+++ b/puppet/services/ceph-base.yaml
@@ -4,7 +4,9 @@ description: >
Ceph base service. Shared by all Ceph services.
parameters:
+ # NOTE(gfidente): needs a default to cope with external Ceph deployments were we don't pass (and need) an Admin key
CephAdminKey:
+ default: ''
description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
@@ -36,6 +38,20 @@ parameters:
NovaRbdPoolName:
default: vms
type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
# used instead, but we need client support for that first
@@ -63,6 +79,22 @@ outputs:
ceph::profile::params::manage_repo: false
ceph::profile::params::authentication_type: cephx
ceph::profile::params::fsid: {get_param: CephClusterFSID}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ceph::profile::params::cluster_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
+ ceph::profile::params::public_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]}
+ ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephPublicNetwork]}
ceph::profile::params::client_keys:
str_replace:
template: "{
diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml
index 33bbbe58..a9e4621a 100644
--- a/puppet/services/ceph-client.yaml
+++ b/puppet/services/ceph-client.yaml
@@ -4,6 +4,15 @@ description: >
Ceph Client service.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -13,6 +22,10 @@ parameters:
resources:
CephBase:
type: ./ceph-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml
index f6fe26db..959cee26 100644
--- a/puppet/services/ceph-external.yaml
+++ b/puppet/services/ceph-external.yaml
@@ -33,6 +33,20 @@ parameters:
NovaRbdPoolName:
default: vms
type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
outputs:
role_data:
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index 074d941d..f634ce8a 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -4,6 +4,15 @@ description: >
Ceph Monitor service.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -38,7 +47,7 @@ parameters:
{
"volumes": {
"size": 5,
- "pg_num: 128,
+ "pg_num": 128,
"pgp_num": 128
}
}
@@ -48,6 +57,10 @@ parameters:
resources:
CephBase:
type: ./ceph-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml
index 21cefb34..d18ccabf 100644
--- a/puppet/services/ceph-osd.yaml
+++ b/puppet/services/ceph-osd.yaml
@@ -4,6 +4,15 @@ description: >
Ceph OSD service.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -13,6 +22,10 @@ parameters:
resources:
CephBase:
type: ./ceph-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index 3568cb06..5df0739f 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -13,6 +13,15 @@ parameters:
description: The password for the cinder service account, used by cinder-api.
type: string
hidden: true
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -28,6 +37,8 @@ resources:
CinderBase:
type: ./cinder-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -67,5 +78,11 @@ outputs:
dport:
- 8776
- 13776
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
step_config: |
include ::tripleo::profile::base::cinder::api
diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml
new file mode 100644
index 00000000..f92fdfdb
--- /dev/null
+++ b/puppet/services/cinder-backup.yaml
@@ -0,0 +1,58 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Backup service configured with Puppet
+
+parameters:
+ CinderBackupBackend:
+ default: swift
+ description: The short name of the Cinder Backup backend to use.
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'ceph']
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ CinderBase:
+ type: ./cinder-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Backup role.
+ value:
+ service_name: cinder_backup
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - cinder::backup::ceph::backup_ceph_user: {get_param: CephClientUserName}
+ cinder::backup::ceph::backup_ceph_pool: {get_param: CinderBackupRbdPoolName}
+ cinder::backup::swift::backup_swift_container: volumebackups
+ step_config:
+ str_replace:
+ template: "include ::tripleo::profile::base::cinder::backup::DRIVER"
+ params:
+ DRIVER: {get_param: CinderBackupBackend}
diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml
index c554bf97..0db17189 100644
--- a/puppet/services/cinder-base.yaml
+++ b/puppet/services/cinder-base.yaml
@@ -12,6 +12,15 @@ parameters:
default: ''
description: Set to True to enable debugging on all services.
type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml
index e03090a2..129706b1 100644
--- a/puppet/services/cinder-scheduler.yaml
+++ b/puppet/services/cinder-scheduler.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Cinder Scheduler service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
CinderBase:
type: ./cinder-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
index 9f49bc06..de7e6bab 100644
--- a/puppet/services/cinder-volume.yaml
+++ b/puppet/services/cinder-volume.yaml
@@ -42,6 +42,15 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -53,6 +62,8 @@ resources:
CinderBase:
type: ./cinder-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -79,5 +90,15 @@ outputs:
tripleo.cinder_volume.firewall_rules:
'120 iscsi initiator':
dport: 3260
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
+ str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
step_config: |
include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml
index b8761320..3f4f106d 100644
--- a/puppet/services/database/mongodb-base.yaml
+++ b/puppet/services/database/mongodb-base.yaml
@@ -15,6 +15,20 @@ parameters:
MongoDbReplset:
type: string
default: "tripleo"
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
outputs:
aux_parameters:
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 6885cfd6..36962a34 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -5,6 +5,15 @@ description: >
parameters:
#Parameters not used EndpointMap
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,10 @@ parameters:
resources:
MongoDbBase:
type: ./mongodb-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -32,5 +45,12 @@ outputs:
dport: 27018
'103 mongod':
dport: 27017
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
step_config: |
include ::tripleo::profile::base::database::mongodb
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index 6f8f91b5..b0eea481 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -1,15 +1,39 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
MySQL service deployment using puppet
parameters:
#Parameters not used EndpointMap
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MysqlMaxConnections:
+ description: Configures MySQL max_connections config setting
+ type: number
+ default: 4096
+ MysqlRootPassword:
+ type: string
+ hidden: true
+ default: ''
+ MysqlClustercheckPassword:
+ type: string
+ hidden: true
+ EnableGalera:
+ default: true
+ description: Whether to use Galera instead of regular MariaDB.
+ type: boolean
outputs:
role_data:
@@ -33,5 +57,22 @@ outputs:
- 4567
- 4568
- 9200
+ mysql_max_connections: {get_param: MysqlMaxConnections}
+ mysql::server::root_password:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: MysqlRootPassword}
+ - {get_param: [DefaultPasswords, mysql_root_password]}
+ mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
+ enable_galera: {get_param: EnableGalera}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
step_config: |
include ::tripleo::profile::base::database::mysql
diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml
index fe8c0659..40711432 100644
--- a/puppet/services/database/redis-base.yaml
+++ b/puppet/services/database/redis-base.yaml
@@ -8,6 +8,20 @@ parameters:
description: The password for Redis
type: string
hidden: true
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
outputs:
role_data:
@@ -22,4 +36,3 @@ outputs:
redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"'
redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"'
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
- tripleo::loadbalancer::redis_password: {get_param: RedisPassword}
diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml
index ef005f77..1c333b97 100644
--- a/puppet/services/database/redis.yaml
+++ b/puppet/services/database/redis.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Redis service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -13,6 +22,10 @@ parameters:
resources:
RedisBase:
type: ./redis-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index bb14546f..d2376af3 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Glance API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -122,6 +131,12 @@ outputs:
glance::api::keystone_tenant: 'service'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
-
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
index ca10fd12..06ef9379 100644
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Glance Registry service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -57,5 +66,12 @@ outputs:
'112 glance_registry':
dport:
- 9191
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
step_config: |
include ::tripleo::profile::base::glance::registry
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index 265cb9f0..d21e5b2b 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -4,6 +4,15 @@ description: >
Gnocchi service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -13,6 +22,13 @@ parameters:
description: The password for the gnocchi service and db account.
type: string
hidden: true
+ GnocchiBackend:
+ default: file
+ description: The short name of the Gnocchi backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
KeystoneRegion:
type: string
default: 'regionOne'
@@ -22,6 +38,8 @@ resources:
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -37,12 +55,31 @@ outputs:
dport:
- 8041
- 13041
- gnocchi::api::keystone_tenant: 'service'
- gnocchi::keystone::auth::tenant: 'service'
- gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
+ gnocchi::api::enabled: true
+ gnocchi::api::service_name: 'httpd'
+ gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
+ gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
- gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
- gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
+ gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
+ gnocchi::keystone::auth::tenant: 'service'
+ gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
+ gnocchi::keystone::authtoken::project_name: 'service'
+ gnocchi::wsgi::apache::ssl: false
+ tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
+ gnocchi::api::host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
+
+ gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
step_config: |
include ::tripleo::profile::base::gnocchi::api
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index 3631508e..9b9cafb8 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -4,18 +4,20 @@ description: >
Gnocchi service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- GnocchiBackend:
- default: file
- description: The short name of the Gnocchi backend to use. Should be one
- of swift, rbd, or file
- type: string
- constraints:
- - allowed_values: ['swift', 'file', 'rbd']
GnocchiIndexerBackend:
default: 'mysql'
description: The short name of the Gnocchi indexer backend to use.
@@ -34,6 +36,10 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
outputs:
aux_parameters:
@@ -58,13 +64,14 @@ outputs:
- '/gnocchi'
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types'
- #Gnocchi API
- tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
- gnocchi::api::manage_service: false
- gnocchi::api::enabled: true
- gnocchi::api::service_name: 'httpd'
- gnocchi::api::keystone_password: {get_param: GnocchiPassword}
- gnocchi::wsgi::apache::ssl: false
+ gnocchi::storage::coordination_url:
+ list_join:
+ - ''
+ - - 'redis://:'
+ - {get_param: RedisPassword}
+ - '@'
+ - "%{hiera('redis_vip')}"
+ - ':6379/'
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 2
gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword}
@@ -78,7 +85,6 @@ outputs:
- {get_param: CephClientUserName}
- 'keyring'
#Gnocchi statsd
- gnocchi::statsd::manage_service: false
gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
@@ -90,5 +96,3 @@ outputs:
gnocchi::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
- gnocchi::auth::auth_region: {get_param: KeystoneRegion}
- gnocchi::auth::auth_tenant_name: 'service'
diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml
index 8041c6f4..205d0552 100644
--- a/puppet/services/gnocchi-metricd.yaml
+++ b/puppet/services/gnocchi-metricd.yaml
@@ -4,6 +4,15 @@ description: >
Gnocchi service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -24,6 +35,5 @@ outputs:
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- - gnocchi::metricd::manage_service: false
step_config: |
include ::tripleo::profile::base::gnocchi::metricd
diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml
index 9c8e6897..018ad2b1 100644
--- a/puppet/services/gnocchi-statsd.yaml
+++ b/puppet/services/gnocchi-statsd.yaml
@@ -4,6 +4,15 @@ description: >
Gnocchi service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -24,6 +35,5 @@ outputs:
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- - gnocchi::statsd::manage_service: false
step_config: |
include ::tripleo::profile::base::gnocchi::statsd
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 902a1c3f..c0e1c113 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -4,11 +4,46 @@ description: >
HAproxy service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyStatsPassword:
+ description: Password for HAProxy stats endpoint
+ hidden: true
+ type: string
+ HAProxyStatsUser:
+ description: User for HAProxy stats endpoint
+ default: admin
+ type: string
+ HAProxySyslogAddress:
+ default: /dev/log
+ description: Syslog address where HAproxy will send its log
+ type: string
+ RedisPassword:
+ description: The password for Redis
+ type: string
+ hidden: true
+ ControlVirtualInterface:
+ default: 'br-ex'
+ description: Interface where virtual ip will be assigned.
+ type: string
+ PublicVirtualInterface:
+ default: 'br-ex'
+ description: >
+ Specifies the interface where the public-facing virtual ip will be assigned.
+ This should be int_public when a VLAN is being used.
+ type: string
outputs:
role_data:
@@ -40,5 +75,12 @@ outputs:
tripleo::haproxy::heat_cloudwatch: true
tripleo::haproxy::heat_cfn: true
tripleo::haproxy::horizon: true
+ tripleo::haproxy::ironic: true
+ tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
+ tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
+ tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
+ tripleo::haproxy::redis_password: {get_param: RedisPassword}
+ tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface}
+ tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface}
step_config: |
include ::tripleo::profile::base::haproxy
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index c3a3b7ae..a15ea32d 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat CloudFormation API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -25,6 +34,10 @@ parameters:
resources:
HeatBase:
type: ./heat-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -46,5 +59,12 @@ outputs:
dport:
- 8000
- 13800
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cfn
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index b4669ac3..6d645ee7 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat CloudWatch API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -17,6 +26,10 @@ parameters:
resources:
HeatBase:
type: ./heat-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -32,5 +45,12 @@ outputs:
dport:
- 8003
- 13003
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index b4402a17..ec3b0e37 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -25,6 +34,10 @@ parameters:
resources:
HeatBase:
type: ./heat-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -46,5 +59,12 @@ outputs:
dport:
- 8004
- 13004
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api
diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml
index 091a4e9b..226d2a51 100644
--- a/puppet/services/heat-base.yaml
+++ b/puppet/services/heat-base.yaml
@@ -26,6 +26,20 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
outputs:
role_data:
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index 044ca880..b230ec1d 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -1,9 +1,18 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Openstack Heat Engine service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -26,10 +35,19 @@ parameters:
description: Password for heat_stack_domain_admin user.
type: string
hidden: true
+ HeatAuthEncryptionKey:
+ description: Auth encryption key for heat-engine
+ type: string
+ hidden: true
+ default: ''
resources:
HeatBase:
type: ./heat-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -63,5 +81,12 @@ outputs:
heat::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ heat::engine::auth_encryption_key:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: HeatAuthEncryptionKey}
+ - {get_param: [DefaultPasswords, heat_auth_encryption_key]}
step_config: |
include ::tripleo::profile::base::heat::engine
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 64cf450a..c5d96819 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -4,6 +4,15 @@ description: >
Horizon service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 949cdf31..d0516e1b 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ironic API configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -18,6 +27,8 @@ resources:
IronicBase:
type: ./ironic-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -34,10 +45,25 @@ outputs:
# the TFTP server IP in ironic-conductor.yaml as it should not be
# the VIP, but rather a real IP of the controller.
- ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]}
- ironic::api::admin_password: {get_param: IronicPassword}
- ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]}
- ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]}
+ ironic::api::authtoken::password: {get_param: IronicPassword}
+ ironic::api::authtoken::project_name: 'service'
+ ironic::api::authtoken::username: 'ironic'
+ ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ironic::api::host_ip: {get_input: ironic_api_network}
+ ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
+ # This is used to build links in responses
+ ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]}
+ ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]}
+ ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]}
+ ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
+ ironic::keystone::auth::tenant: 'service'
+ tripleo.ironic_api.firewall_rules:
+ '133 ironic api':
+ dport:
+ - 6385
+ - 13385
step_config: |
include ::tripleo::profile::base::ironic::api
diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml
index 508694ee..2f242da8 100644
--- a/puppet/services/ironic-base.yaml
+++ b/puppet/services/ironic-base.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ironic services configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -51,7 +60,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ironic'
- ironic::admin_tenant_name: 'service'
ironic::debug: {get_param: Debug}
ironic::rabbit_userid: {get_param: RabbitUserName}
ironic::rabbit_password: {get_param: RabbitPassword}
@@ -64,7 +72,5 @@ outputs:
ironic::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
-
- ironic::keystone::auth::tenant: 'service'
step_config: |
include ::tripleo::profile::base::ironic
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index a3bce305..27479f79 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ironic conductor configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -18,6 +27,8 @@ resources:
IronicBase:
type: ./ironic-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -28,9 +39,17 @@ outputs:
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
- - ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
+ # FIXME: I have no idea why neutron_url is in "api" manifest
+ - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+ ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+ ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
# Prevent tftp_server from defaulting to my_ip setting, which is
# controller VIP, not a real IP.
ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network}
+ tripleo.ironic_conductor.firewall_rules:
+ '134 ironic conductor TFTP':
+ dport: 69
+ proto: udp
step_config: |
include ::tripleo::profile::base::ironic::conductor
diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml
index 95a401c6..b783345b 100644
--- a/puppet/services/keepalived.yaml
+++ b/puppet/services/keepalived.yaml
@@ -4,16 +4,38 @@ description: >
Keepalived service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ControlVirtualInterface:
+ default: 'br-ex'
+ description: Interface where virtual ip will be assigned.
+ type: string
+ PublicVirtualInterface:
+ default: 'br-ex'
+ description: >
+ Specifies the interface where the public-facing virtual ip will be assigned.
+ This should be int_public when a VLAN is being used.
+ type: string
outputs:
role_data:
description: Role data for the Keepalived role.
value:
service_name: keepalived
+ config_settings:
+ tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
+ tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
step_config: |
include ::tripleo::profile::base::keepalived
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 50ebe925..2f01578e 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -4,6 +4,15 @@ description: >
Load kernel modules with kmod and configure kernel options with sysctl.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 988c80ce..c763c391 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -32,6 +32,15 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -140,5 +149,16 @@ outputs:
- 13000
- 35357
- 13357
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ # NOTE: this applies to all 4 bind IP settings below...
+ keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
step_config: |
include ::tripleo::profile::base::keystone
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index 389fa2e3..b3987747 100644
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -4,6 +4,15 @@ description: >
Manila-api service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -22,6 +31,8 @@ resources:
ManilaBase:
type: ./manila-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -32,9 +43,10 @@ outputs:
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
- - manila::api::keystone_password: {get_param: ManilaPassword}
- manila::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- manila::api::keystone_auth_host: {get_param: [EndpointMap, ManilaInternal, host]}
+ - manila::keystone::authtoken::password: {get_param: ManilaPassword}
+ manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ manila::keystone::authtoken::project_name: 'service'
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
@@ -43,7 +55,13 @@ outputs:
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
manila::keystone::auth::password: {get_param: ManilaPassword }
manila::keystone::auth::region: {get_param: KeystoneRegion }
- manila::api::keystone_tenant: 'service'
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
step_config: |
include ::tripleo::profile::base::manila::api
diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml
index 663a9345..78bf1c63 100644
--- a/puppet/services/manila-base.yaml
+++ b/puppet/services/manila-base.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Manila base service. Shared by manila-api/scheduler/share services
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml
index b1d55a05..a5122ba0 100644
--- a/puppet/services/manila-scheduler.yaml
+++ b/puppet/services/manila-scheduler.yaml
@@ -4,6 +4,15 @@ description: >
Manila-scheduler service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +35,8 @@ resources:
ManilaBase:
type: ./manila-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml
index 20f36aa3..184f3694 100644
--- a/puppet/services/manila-share.yaml
+++ b/puppet/services/manila-share.yaml
@@ -4,6 +4,15 @@ description: >
Manila-share service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
ManilaBase:
type: ./manila-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml
index ceb29b55..59c639e8 100644
--- a/puppet/services/memcached.yaml
+++ b/puppet/services/memcached.yaml
@@ -4,6 +4,15 @@ description: >
Memcached service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-api.yaml
index c40b37b0..35ac32db 100644
--- a/puppet/services/neutron-server.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Server configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -42,12 +51,16 @@ resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Neutron Server agent service.
value:
- service_name: neutron_server
+ service_name: neutron_api
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index bc8dd8d1..39ffea24 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -48,6 +48,20 @@ parameters:
description: >
Remove configuration that is not generated by TripleO. Setting
to false may result in configuration remnants after updates/upgrades.
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
outputs:
role_data:
diff --git a/puppet/services/neutron-compute-plugin-midonet.yaml b/puppet/services/neutron-compute-plugin-midonet.yaml
index 200aaa1b..26b6fa6b 100644
--- a/puppet/services/neutron-compute-plugin-midonet.yaml
+++ b/puppet/services/neutron-compute-plugin-midonet.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Compute Midonet plugin
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml
index 44aac571..c4f8ad12 100644
--- a/puppet/services/neutron-compute-plugin-nuage.yaml
+++ b/puppet/services/neutron-compute-plugin-nuage.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Compute Nuage plugin
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/puppet/services/neutron-compute-plugin-opencontrail.yaml
index fb6d640c..9f2fd13c 100644
--- a/puppet/services/neutron-compute-plugin-opencontrail.yaml
+++ b/puppet/services/neutron-compute-plugin-opencontrail.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Compute OpenContrail plugin
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/neutron-compute-plugin-plumgrid.yaml b/puppet/services/neutron-compute-plugin-plumgrid.yaml
index ad1e3465..31a0a08b 100644
--- a/puppet/services/neutron-compute-plugin-plumgrid.yaml
+++ b/puppet/services/neutron-compute-plugin-plumgrid.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Compute Plumgrid plugin
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
index 322e018d..513cb2d4 100644
--- a/puppet/services/neutron-dhcp.yaml
+++ b/puppet/services/neutron-dhcp.yaml
@@ -4,20 +4,42 @@ description: >
OpenStack Neutron DHCP agent configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ NeutronEnableMetadataNetwork:
+ default: false
+ description: If True, DHCP provide metadata network. Requires either
+ IsolatedMetadata or ForceMetadata parameters to also be True.
+ type: boolean
NeutronEnableIsolatedMetadata:
- default: 'False'
+ default: false
description: If True, DHCP provide metadata route to VM.
- type: string
+ type: boolean
+ NeutronEnableForceMetadata:
+ default: false
+ description: If True, DHCP always provides metadata route to VM.
+ type: boolean
resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -28,6 +50,8 @@ outputs:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
+ neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata}
+ neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork}
tripleo.neutron_dhcp.firewall_rules:
'115 neutron dhcp input':
proto: 'udp'
diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml
index f10b5922..0f3c2a70 100644
--- a/puppet/services/neutron-l3-compute-dvr.yaml
+++ b/puppet/services/neutron-l3-compute-dvr.yaml
@@ -5,6 +5,15 @@ description: >
configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -22,6 +31,10 @@ resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index ede41935..54beee6b 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron L3 agent configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -30,6 +39,10 @@ resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml
index 73d8c3da..b9ec277a 100644
--- a/puppet/services/neutron-metadata.yaml
+++ b/puppet/services/neutron-metadata.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Metadata agent configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +35,10 @@ resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml
index ccc0b0dd..48830d81 100644
--- a/puppet/services/neutron-midonet.yaml
+++ b/puppet/services/neutron-midonet.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Midonet plugin and services
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index d52b8a26..1b19f90f 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron OVS agent configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -39,11 +48,20 @@ parameters:
description: |
Enable support for distributed routing in the OVS Agent.
type: boolean
+ NeutronEnableARPResponder:
+ default: false
+ description: |
+ Enable ARP responder feature in the OVS Agent.
+ type: boolean
resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -55,6 +73,7 @@ outputs:
- get_attr: [NeutronBase, role_data, config_settings]
neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
+ neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
neutron::agents::ml2::ovs::bridge_mappings:
str_replace:
template: MAPPINGS
@@ -70,5 +89,12 @@ outputs:
template: AGENT_EXTENSIONS
params:
AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
step_config: |
include ::tripleo::profile::base::neutron::ovs
diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml
new file mode 100644
index 00000000..1f1e14ab
--- /dev/null
+++ b/puppet/services/neutron-ovs-dpdk-agent.yaml
@@ -0,0 +1,73 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron OVS DPDK configured with Puppet for Compute Role
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronDpdkCoreList:
+ default: ""
+ description: List of cores to be used for DPDK Poll Mode Driver
+ type: string
+ NeutronDpdkMemoryChannels:
+ default: ""
+ description: Number of memory channels to be used for DPDK
+ type: string
+ NeutronDpdkSocketMemory:
+ default: ""
+ description: Memory allocated for each socket
+ type: string
+ NeutronDpdkDriverType:
+ default: "vfio-pci"
+ description: DPDK Driver type
+ type: string
+ # below parameters has to be set in neutron agent only for compute nodes.
+ # as of now there is no other usecase for these parameters except dpdk.
+ # should be moved to compute only ovs agent in case of any other usecases.
+ NeutronDatapathType:
+ default: ""
+ description: Datapath type for ovs bridges
+ type: string
+ NeutronVhostuserSocketDir:
+ default: ""
+ description: The vhost-user socket directory for OVS
+ type: string
+
+resources:
+
+ NeutronOvsAgent:
+ type: ./neutron-ovs-agent.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron OVS DPDK Agent service.
+ value:
+ service_name: neutron_ovs_dpdk_agent
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronOvsAgent, role_data, config_settings]
+ neutron::agents::ml2::ovs::enable_dpdk: true
+ neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType}
+ neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir}
+ vswitch::dpdk::core_list: {get_param: NeutronDpdkCoreList}
+ vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels}
+ vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory}
+ vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType}
+ step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index 158122ed..5dbae3dc 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron ML2 Plugin configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -51,11 +60,20 @@ parameters:
default: 'vxlan'
description: The tenant network type for Neutron.
type: comma_delimited_list
-
+ NeutronSupportedPCIVendorDevs:
+ description: |
+ List of supported pci vendor devices in the format VendorID:ProductID.
+ By default Intel & Mellanox SR-IOV capable NICs are supported.
+ type: comma_delimited_list
+ default: ['15b3:1004','8086:10ca']
resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -105,6 +123,7 @@ outputs:
template: TYPES
params:
TYPES: {get_param: NeutronNetworkType}
+ neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml
index 5f228f96..838ec5ea 100644
--- a/puppet/services/neutron-plugin-nuage.yaml
+++ b/puppet/services/neutron-plugin-nuage.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Nuage plugin
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -54,6 +63,10 @@ resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml
index ed6a2c04..4e294965 100644
--- a/puppet/services/neutron-plugin-opencontrail.yaml
+++ b/puppet/services/neutron-plugin-opencontrail.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Opencontrail plugin
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -37,6 +46,10 @@ resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml
index 5488bed7..30af8a3f 100644
--- a/puppet/services/neutron-plugin-plumgrid.yaml
+++ b/puppet/services/neutron-plugin-plumgrid.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Plumgrid plugin
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml
new file mode 100644
index 00000000..559500df
--- /dev/null
+++ b/puppet/services/neutron-sriov-agent.yaml
@@ -0,0 +1,58 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron SR-IOV nic agent configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: >
+ Mapping of service_name -> network name. Typically set via
+ parameter_defaults in the resource registry. This mapping overrides those
+ in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ NeutronPhysicalDevMappings:
+ description: >
+ List of <physical_network>:<physical device>
+ All physical networks listed in network_vlan_ranges
+ on the server should have mappings to appropriate
+ interfaces on each agent.
+ type: comma_delimited_list
+ default: ""
+ NeutronExcludeDevices:
+ description: >
+ List of <network_device>:<excluded_devices> mapping
+ network_device to the agent's node-specific list of virtual functions
+ that should not be used for virtual networking. excluded_devices is a
+ semicolon separated list of virtual functions to exclude from
+ network_device. The network_device in the mapping should appear in the
+ physical_device_mappings list.
+ type: comma_delimited_list
+ default: ""
+ NeutronSriovNumVFs:
+ description: >
+ Provide the list of VFs to be reserved for each SR-IOV interface.
+ Format "<interface_name1>:<numvfs1>","<interface_name2>:<numvfs2>"
+ Example "eth1:4096","eth2:128"
+ type: comma_delimited_list
+ default: ""
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Neutron SR-IOV nic agent service.
+ value:
+ service_name: neutron_sriov_agent
+ config_settings:
+ neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings}
+ neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices}
+ neutron::agents::ml2::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs}
+ step_config: |
+ include ::tripleo::profile::base::neutron::sriov
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index d560edb4..c2bd395e 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +35,8 @@ resources:
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -50,7 +61,10 @@ outputs:
- 8774
- 13774
- 8775
- nova::api::admin_tenant_name: 'service'
+ nova::keystone::authtoken::project_name: 'service'
+ nova::keystone::authtoken::password: {get_param: NovaPassword}
+ nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
nova::api::enabled: true
nova::api::default_floating_pool: 'public'
nova::api::sync_db_api: true
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index ef7eaaf3..471ece34 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova base service. Shared for all Nova services.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -17,6 +26,10 @@ parameters:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
+ NovaOVSBridge:
+ default: 'br-int'
+ description: Name of integration bridge used by Open vSwitch
+ type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
@@ -45,6 +58,14 @@ parameters:
description: >
Remove configuration that is not generated by TripleO. Setting
to false may result in configuration remnants after updates/upgrades.
+ NovaIPv6:
+ default: false
+ description: Enable IPv6 features in Nova
+ type: boolean
+ UpgradeLevelNovaCompute:
+ type: string
+ description: Nova Compute upgrade level
+ default: ''
outputs:
role_data:
@@ -53,7 +74,7 @@ outputs:
service_name: nova_base
config_settings:
nova::rabbit_password: {get_param: RabbitPassword}
- nova::rabbit_user: {get_param: RabbitUserName}
+ nova::rabbit_userid: {get_param: RabbitUserName}
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
nova::rabbit_port: {get_param: RabbitClientPort}
nova::database_connection:
@@ -116,3 +137,7 @@ outputs:
- "%{hiera('mysql_bind_host')}"
nova::db::database_db_max_retries: -1
nova::db::database_max_retries: -1
+ nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+ nova::use_ipv6: {get_param: NovaIPv6}
+ nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute}
+ nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge}
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index bcc3a232..dc962297 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova Compute service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,11 +24,29 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ CinderEnableNfsBackend:
+ default: false
+ description: Whether to enable or not the NFS backend for Cinder
+ type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
+ NovaComputeLibvirtVifDriver:
+ default: ''
+ description: Libvirt VIF driver configuration for the network
+ type: string
resources:
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -37,6 +64,8 @@ outputs:
tripleo::profile::base::nova::nova_compute_enabled: true
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
+ rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
nova::compute::rbd::rbd_keyring:
list_join:
- '.'
@@ -45,13 +74,30 @@ outputs:
nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"'
nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
+ nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend}
+ # TUNNELLED mode provides a security enhancement when using shared
+ # storage but is not supported when not using shared storage.
+ # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
+ # In future versions of QEMU (2.6, mostly), danpb's native
+ # encryption work will obsolete the need to use TUNNELLED transport
+ # mode.
+ nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend}
# Changing the default from 512MB. The current templates can not deploy
# overclouds with swap. On an idle compute node, we see ~1024MB of RAM
# used. 2048 is suggested to account for other possible operations for
# example openvswitch.
nova::compute::reserved_host_memory: 2048
+ nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
+ nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host]}
step_config: |
# TODO(emilien): figure how to deal with libvirt profile.
- # We'll probably threat it like we do with Neutron plugins.
+ # We'll probably treat it like we do with Neutron plugins.
# Until then, just include it in the default nova-compute role.
include tripleo::profile::base::nova::compute::libvirt
diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml
index 5964f883..0b6169da 100644
--- a/puppet/services/nova-conductor.yaml
+++ b/puppet/services/nova-conductor.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova Conductor service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -18,6 +27,8 @@ resources:
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml
index 5fbce1b1..67ff2ec3 100644
--- a/puppet/services/nova-consoleauth.yaml
+++ b/puppet/services/nova-consoleauth.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova Consoleauth service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml
new file mode 100644
index 00000000..bf7639dd
--- /dev/null
+++ b/puppet/services/nova-ironic.yaml
@@ -0,0 +1,53 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Compute service configured with Puppet and using Ironic
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ IronicPassword:
+ description: The password for the Ironic service and db account, used by the Ironic services
+ type: string
+ hidden: true
+
+resources:
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Compute service with Ironic.
+ value:
+ service_name: nova_ironic
+ config_settings:
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ - nova::compute::force_config_drive: true
+ nova::compute::reserved_host_memory: '0'
+ nova::compute::vnc_enabled: false
+ nova::ironic::common::admin_password: {get_param: IronicPassword}
+ nova::ironic::common::admin_tenant_name: 'service'
+ nova::ironic::common::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri]}
+ nova::ironic::common::admin_username: 'ironic'
+ nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]}
+ nova::network::neutron::dhcp_domain: ''
+ nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
+ step_config: |
+ include tripleo::profile::base::nova::compute::ironic
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 939b6a09..1ebec974 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -4,16 +4,30 @@ description: >
Libvirt service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ NovaComputeLibvirtType:
+ type: string
+ default: kvm
resources:
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -30,5 +44,8 @@ outputs:
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
tripleo::profile::base::nova::libvirt_enabled: true
+ nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+ nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+
step_config: |
include tripleo::profile::base::nova::libvirt
diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml
index bd6e5116..1e12b5ba 100644
--- a/puppet/services/nova-scheduler.yaml
+++ b/puppet/services/nova-scheduler.yaml
@@ -4,16 +4,31 @@ description: >
OpenStack Nova Scheduler service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ NovaSchedulerAvailableFilters:
+ default: []
+ description: List of scheduler available filters
+ type: comma_delimited_list
resources:
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -25,5 +40,6 @@ outputs:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::scheduler::filter::ram_allocation_ratio: '1.0'
+ nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters}
step_config: |
include tripleo::profile::base::nova::scheduler
diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml
index 0b9cef38..0a1785d8 100644
--- a/puppet/services/nova-vncproxy.yaml
+++ b/puppet/services/nova-vncproxy.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova Vncproxy service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
NovaBase:
type: ./nova-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -25,5 +36,15 @@ outputs:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::vncproxy::enabled: true
+ nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
+ # Remove brackets that may come if the IP address is IPv6.
+ # For DNS names and IPv4, this will just get NovaVNCProxyPublic
+ nova::vncproxy::common::vncproxy_host:
+ str_replace:
+ template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
+ params:
+ '[': ''
+ ']': ''
+ nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
step_config: |
include tripleo::profile::base::nova::vncproxy
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index b0ebb7d4..ac5b85c8 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -4,6 +4,15 @@ description: >
Pacemaker service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml
index 471b9f7a..ac4bdcf0 100644
--- a/puppet/services/pacemaker/ceilometer-agent-central.yaml
+++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer Central Agent service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
CeilometerServiceBase:
type: ../ceilometer-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml
index 2530848f..112dde1c 100644
--- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml
+++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer Notification Agent service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
CeilometerServiceBase:
type: ../ceilometer-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml
index f1885372..f50e4a15 100644
--- a/puppet/services/pacemaker/ceilometer-api.yaml
+++ b/puppet/services/pacemaker/ceilometer-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer API service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
CeilometerServiceBase:
type: ../ceilometer-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml
index 8d31e1aa..8d4348db 100644
--- a/puppet/services/pacemaker/ceilometer-collector.yaml
+++ b/puppet/services/pacemaker/ceilometer-collector.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Ceilometer Collector service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
CeilometerServiceBase:
type: ../ceilometer-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml
index 706a189b..7c83037d 100644
--- a/puppet/services/pacemaker/cinder-api.yaml
+++ b/puppet/services/pacemaker/cinder-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Cinder API service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
CinderApiBase:
type: ../cinder-api.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml
new file mode 100644
index 00000000..7e940c7e
--- /dev/null
+++ b/puppet/services/pacemaker/cinder-backup.yaml
@@ -0,0 +1,60 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Backup service with Pacemaker configured with Puppet
+
+parameters:
+ CinderBackupBackend:
+ default: swift
+ description: The short name of the Cinder Backup backend to use.
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'ceph']
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ CinderBackupBase:
+ type: ../cinder-backup.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ CinderBackupBackend: {get_param: CinderBackupBackend}
+ CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName}
+ CephClientUserName: {get_param: CephClientUserName}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Backup role.
+ value:
+ service_name: cinder_backup
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBackupBase, role_data, config_settings]
+ - cinder::backup::manage_service: false
+ cinder::backup::enabled: false
+ step_config:
+ list_join:
+ - "\n"
+ - - get_attr: [CinderBackupBase, role_data, step_config]
+ - "include ::tripleo::profile::pacemaker::cinder::backup"
diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml
index 350d7126..6f26b412 100644
--- a/puppet/services/pacemaker/cinder-scheduler.yaml
+++ b/puppet/services/pacemaker/cinder-scheduler.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Cinder Scheduler service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
CinderSchedulerBase:
type: ../cinder-scheduler.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml
index 7b6e9a77..ffcdb529 100644
--- a/puppet/services/pacemaker/cinder-volume.yaml
+++ b/puppet/services/pacemaker/cinder-volume.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Cinder Volume service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
CinderVolumeBase:
type: ../cinder-volume.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/core.yaml b/puppet/services/pacemaker/core.yaml
index 1c0c043c..9eca1de3 100644
--- a/puppet/services/pacemaker/core.yaml
+++ b/puppet/services/pacemaker/core.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Core (fake) service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml
index c09f93a9..64ae2e91 100644
--- a/puppet/services/pacemaker/database/mongodb.yaml
+++ b/puppet/services/pacemaker/database/mongodb.yaml
@@ -5,6 +5,15 @@ description: >
parameters:
#Parameters not used EndpointMap
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,10 @@ parameters:
resources:
MongoDbBase:
type: ../../database/mongodb-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml
index cc9dc946..d555ed0a 100644
--- a/puppet/services/pacemaker/database/mysql.yaml
+++ b/puppet/services/pacemaker/database/mysql.yaml
@@ -5,17 +5,36 @@ description: >
parameters:
#Parameters not used EndpointMap
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+resources:
+
+ MysqlBase:
+ type: ../../database/mysql.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Service MySQL with Pacemaker using composable services.
value:
service_name: mysql
config_settings:
+ get_attr: [MysqlBase, role_data, config_settings]
step_config: |
include ::tripleo::profile::pacemaker::database::mysql
diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml
index 3cd8d168..d9156e67 100644
--- a/puppet/services/pacemaker/database/redis.yaml
+++ b/puppet/services/pacemaker/database/redis.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Redis service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -13,6 +22,10 @@ parameters:
resources:
RedisBase:
type: ../../database/redis-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml
index 0fc17b22..ef4ba79a 100644
--- a/puppet/services/pacemaker/glance-api.yaml
+++ b/puppet/services/pacemaker/glance-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Glance API service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -39,6 +48,8 @@ resources:
GlanceApiBase:
type: ../glance-api.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml
index ae7aa307..e417f09f 100644
--- a/puppet/services/pacemaker/glance-registry.yaml
+++ b/puppet/services/pacemaker/glance-registry.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Glance Registry service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
GlanceRegistryBase:
type: ../glance-registry.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml
index bcd73e61..50bd3fa7 100644
--- a/puppet/services/pacemaker/gnocchi-api.yaml
+++ b/puppet/services/pacemaker/gnocchi-api.yaml
@@ -4,6 +4,15 @@ description: >
Gnocchi service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
GnocchiServiceBase:
type: ../gnocchi-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -24,5 +35,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
+ - gnocchi::metricd::manage_service: false
+ gnocchi::metricd::enabled: false
step_config: |
include ::tripleo::profile::pacemaker::gnocchi::api
diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml
index ec487e89..0a6b03ea 100644
--- a/puppet/services/pacemaker/gnocchi-metricd.yaml
+++ b/puppet/services/pacemaker/gnocchi-metricd.yaml
@@ -4,6 +4,15 @@ description: >
Gnocchi service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
GnocchiServiceBase:
type: ../gnocchi-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -25,6 +36,7 @@ outputs:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- gnocchi::metricd::manage_service: false
+ gnocchi::metricd::enabled: false
tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]}
step_config: |
diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml
index d1106524..12256d32 100644
--- a/puppet/services/pacemaker/gnocchi-statsd.yaml
+++ b/puppet/services/pacemaker/gnocchi-statsd.yaml
@@ -4,6 +4,15 @@ description: >
Gnocchi service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
GnocchiServiceBase:
type: ../gnocchi-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
@@ -25,6 +36,7 @@ outputs:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- gnocchi::statsd::manage_service: false
+ gnocchi::statsd::enabled: false
tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]}
step_config: |
include ::tripleo::profile::pacemaker::gnocchi::statsd
diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml
index c450530b..de028339 100644
--- a/puppet/services/pacemaker/haproxy.yaml
+++ b/puppet/services/pacemaker/haproxy.yaml
@@ -4,6 +4,15 @@ description: >
HAproxy service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
LoadbalancerServiceBase:
type: ../haproxy.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml
index 8f2c561a..155a35ec 100644
--- a/puppet/services/pacemaker/heat-api-cfn.yaml
+++ b/puppet/services/pacemaker/heat-api-cfn.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat CloudFormation API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
HeatApiCfnBase:
type: ../heat-api-cfn.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml
index a08e0262..85927650 100644
--- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml
+++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat CloudWatch API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
HeatApiCloudwatchBase:
type: ../heat-api-cloudwatch.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml
index 5cf25516..d7220619 100644
--- a/puppet/services/pacemaker/heat-api.yaml
+++ b/puppet/services/pacemaker/heat-api.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
HeatApiBase:
type: ../heat-api.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml
index 4d41cbe4..579f5f10 100644
--- a/puppet/services/pacemaker/heat-engine.yaml
+++ b/puppet/services/pacemaker/heat-engine.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat Engine service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
HeatEngineBase:
type: ../heat-engine.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
diff --git a/puppet/services/pacemaker/horizon.yaml b/puppet/services/pacemaker/horizon.yaml
index f8b5ad0c..bd1ff046 100644
--- a/puppet/services/pacemaker/horizon.yaml
+++ b/puppet/services/pacemaker/horizon.yaml
@@ -4,6 +4,15 @@ description: >
Horizon service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
HorizonBase:
type: ../horizon.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml
index f5f136d3..701f01f1 100644
--- a/puppet/services/pacemaker/keystone.yaml
+++ b/puppet/services/pacemaker/keystone.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Keystone service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
KeystoneServiceBase:
type: ../keystone.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml
index 0f88e89c..7479eb08 100644
--- a/puppet/services/pacemaker/manila-share.yaml
+++ b/puppet/services/pacemaker/manila-share.yaml
@@ -4,6 +4,15 @@ description: >
The manila-share service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,10 @@ resources:
ManilaShareBase:
type: ../manila-share.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/pacemaker/memcached.yaml b/puppet/services/pacemaker/memcached.yaml
index 43cd528e..e612d775 100644
--- a/puppet/services/pacemaker/memcached.yaml
+++ b/puppet/services/pacemaker/memcached.yaml
@@ -4,6 +4,15 @@ description: >
Mecached service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,10 @@ resources:
MemcachedServiceBase:
type: ../memcached.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml
index 3a5ada47..f5f785e3 100644
--- a/puppet/services/pacemaker/neutron-dhcp.yaml
+++ b/puppet/services/pacemaker/neutron-dhcp.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron DHCP service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NeutronDhcpBase:
type: ../neutron-dhcp.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml
index a4f2c0e1..87176632 100644
--- a/puppet/services/pacemaker/neutron-l3.yaml
+++ b/puppet/services/pacemaker/neutron-l3.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron L3 service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NeutronL3Base:
type: ../neutron-l3.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml
index 9b322f22..e00c2424 100644
--- a/puppet/services/pacemaker/neutron-metadata.yaml
+++ b/puppet/services/pacemaker/neutron-metadata.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Metadata service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NeutronMetadataBase:
type: ../neutron-metadata.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml
index e93ed661..fb39ea44 100644
--- a/puppet/services/pacemaker/neutron-midonet.yaml
+++ b/puppet/services/pacemaker/neutron-midonet.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Midonet with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NeutronMidonetBase:
type: ../neutron-midonet.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml
index b2260de9..353c2958 100644
--- a/puppet/services/pacemaker/neutron-ovs-agent.yaml
+++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron OVS agent with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,10 @@ resources:
NeutronOvsBase:
type: ../neutron-ovs-agent.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml
index dc10d093..234f116e 100644
--- a/puppet/services/pacemaker/neutron-plugin-ml2.yaml
+++ b/puppet/services/pacemaker/neutron-plugin-ml2.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron ML2 Plugin with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,10 @@ resources:
NeutronMl2Base:
type: ../neutron-plugin-ml2.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
diff --git a/puppet/services/pacemaker/neutron-plugin-nuage.yaml b/puppet/services/pacemaker/neutron-plugin-nuage.yaml
index 414c046c..9fca2cc3 100644
--- a/puppet/services/pacemaker/neutron-plugin-nuage.yaml
+++ b/puppet/services/pacemaker/neutron-plugin-nuage.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Nuage Plugin with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NeutronPluginNuageBase:
type: ../neutron-plugin-nuage.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml
index 1d385d83..80d6ed92 100644
--- a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml
+++ b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron OpenContrail Plugin with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NeutronPluginOpenContrail:
type: ../neutron-plugin-nuage.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml
index 69f5fd27..5dd4e588 100644
--- a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml
+++ b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron PLUMgrid Plugin with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NeutronPluginPlumgridBase:
type: ../neutron-plugin-ml2.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml
index b0f739dc..fc04e5ee 100644
--- a/puppet/services/pacemaker/neutron-server.yaml
+++ b/puppet/services/pacemaker/neutron-server.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Server with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -19,6 +28,8 @@ resources:
NeutronServerBase:
type: ../neutron-server.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml
index 2d497ab5..709761e7 100644
--- a/puppet/services/pacemaker/nova-api.yaml
+++ b/puppet/services/pacemaker/nova-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova API service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NovaApiBase:
type: ../nova-api.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml
index 1f57cf08..7a2313c7 100644
--- a/puppet/services/pacemaker/nova-conductor.yaml
+++ b/puppet/services/pacemaker/nova-conductor.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova Conductor service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NovaConductorBase:
type: ../nova-conductor.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml
index bbab8bea..77550c80 100644
--- a/puppet/services/pacemaker/nova-consoleauth.yaml
+++ b/puppet/services/pacemaker/nova-consoleauth.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova Consoleauth service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NovaConsoleauthBase:
type: ../nova-consoleauth.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml
index bf2c62bc..2571ec43 100644
--- a/puppet/services/pacemaker/nova-scheduler.yaml
+++ b/puppet/services/pacemaker/nova-scheduler.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova Scheduler service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NovaSchedulerBase:
type: ../nova-scheduler.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/nova-vncproxy.yaml b/puppet/services/pacemaker/nova-vncproxy.yaml
index 0353d924..e536826e 100644
--- a/puppet/services/pacemaker/nova-vncproxy.yaml
+++ b/puppet/services/pacemaker/nova-vncproxy.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Nova Vncproxy service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
NovaVncproxyBase:
type: ../nova-vncproxy.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml
index b01caeea..3eb01398 100644
--- a/puppet/services/pacemaker/rabbitmq.yaml
+++ b/puppet/services/pacemaker/rabbitmq.yaml
@@ -4,6 +4,15 @@ description: >
RabbitMQ service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
RabbitMQServiceBase:
type: ../rabbitmq.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml
index a06afb2d..e20b7a08 100644
--- a/puppet/services/pacemaker/sahara-api.yaml
+++ b/puppet/services/pacemaker/sahara-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Sahara API service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
SaharaApiBase:
type: ../sahara-api.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml
index a1191f87..07de74ca 100644
--- a/puppet/services/pacemaker/sahara-engine.yaml
+++ b/puppet/services/pacemaker/sahara-engine.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Sahara Engine service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,6 +24,8 @@ resources:
SaharaEngineBase:
type: ../sahara-engine.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 4c02f359..06595b07 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -1,9 +1,18 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
RabbitMQ service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -25,6 +34,10 @@ parameters:
default: false
description: Enable IPv6 in RabbitMQ
type: boolean
+ RabbitCookie:
+ type: string
+ default: ''
+ hidden: true
outputs:
role_data:
@@ -57,5 +70,19 @@ outputs:
tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
cluster_partition_handling: 'pause_minority'
loopback_users: '[]'
+ rabbitmq::erlang_cookie:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: RabbitCookie}
+ - {get_param: [DefaultPasswords, rabbit_cookie]}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]}
step_config: |
include ::tripleo::profile::base::rabbitmq
diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml
index 85324312..5715a8c3 100644
--- a/puppet/services/sahara-api.yaml
+++ b/puppet/services/sahara-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Sahara API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +35,8 @@ resources:
SaharaBase:
type: ./sahara-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
index cac89e32..c1ab8e8b 100644
--- a/puppet/services/sahara-base.yaml
+++ b/puppet/services/sahara-base.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Sahara base service. Shared for all Sahara services.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml
index de2ac7ef..fcf4d485 100644
--- a/puppet/services/sahara-engine.yaml
+++ b/puppet/services/sahara-engine.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Sahara Engine service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
SaharaBase:
type: ./sahara-base.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
index c9a952a5..bb40001a 100644
--- a/puppet/services/services.yaml
+++ b/puppet/services/services.yaml
@@ -10,11 +10,22 @@ parameters:
description: |
List nested stack service templates.
type: comma_delimited_list
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ DefaultPasswords:
+ default: {}
+ description: Mapping of service -> default password. Used to help
+ pass top level passwords managed by Heat into services.
+ type: json
resources:
@@ -24,7 +35,9 @@ resources:
resources: {get_param: Services}
concurrent: true
resource_properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_param: EndpointMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
outputs:
role_data:
diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml
index 458f444b..e38ccf42 100644
--- a/puppet/services/snmp.yaml
+++ b/puppet/services/snmp.yaml
@@ -6,6 +6,15 @@ description: >
monitoring.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/swift-base.yaml b/puppet/services/swift-base.yaml
new file mode 100644
index 00000000..741adb4d
--- /dev/null
+++ b/puppet/services/swift-base.yaml
@@ -0,0 +1,33 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Swift Proxy service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SwiftHashSuffix:
+ description: A random string to be used as a salt when hashing to determine mappings
+ in the ring.
+ hidden: true
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Swift common swift settings.
+ value:
+ service_name: swift_base
+ config_settings:
+ swift::swift_hash_path_suffix: {get_param: SwiftHashSuffix}
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 99af7499..cba08090 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Swift Proxy service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -30,6 +39,13 @@ parameters:
default: 'regionOne'
description: Keystone region for endpoint
+resources:
+ SwiftBase:
+ type: ./swift-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -37,50 +53,59 @@ outputs:
value:
service_name: swift_proxy
config_settings:
- # Swift
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
- swift::proxy::authtoken::admin_tenant_name: 'service'
- swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
- swift::proxy::workers: {get_param: SwiftWorkers}
- swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
- swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
- swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
- swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
- swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
- swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
- swift::keystone::auth::password: {get_param: SwiftPassword}
- swift::keystone::auth::region: {get_param: KeystoneRegion}
- tripleo.swift_proxy.firewall_rules:
- '122 swift proxy':
- dport:
- - 8080
- - 13808
- swift::keystone::auth::tenant: 'service'
- swift::keystone::auth::configure_s3_endpoint: false
- swift::keystone::auth::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
- swift::proxy::keystone::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
- swift::proxy::pipeline:
- - 'catch_errors'
- - 'healthcheck'
- - 'proxy-logging'
- - 'cache'
- - 'ratelimit'
- - 'bulk'
- - 'tempurl'
- - 'formpost'
- - 'authtoken'
- - 'keystone'
- - 'staticweb'
- - 'proxy-logging'
- - 'proxy-server'
- swift::proxy::account_autocreate: true
+ map_merge:
+ - get_attr: [SwiftBase, role_data, config_settings]
+
+ - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
+ swift::proxy::authtoken::admin_tenant_name: 'service'
+ swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
+ swift::proxy::workers: {get_param: SwiftWorkers}
+ swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+ swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+ swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+ swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+ swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+ swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
+ swift::keystone::auth::password: {get_param: SwiftPassword}
+ swift::keystone::auth::region: {get_param: KeystoneRegion}
+ tripleo.swift_proxy.firewall_rules:
+ '122 swift proxy':
+ dport:
+ - 8080
+ - 13808
+ swift::keystone::auth::tenant: 'service'
+ swift::keystone::auth::configure_s3_endpoint: false
+ swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ swift::proxy::keystone::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ swift::proxy::pipeline:
+ - 'catch_errors'
+ - 'healthcheck'
+ - 'proxy-logging'
+ - 'cache'
+ - 'ratelimit'
+ - 'bulk'
+ - 'tempurl'
+ - 'formpost'
+ - 'authtoken'
+ - 'keystone'
+ - 'staticweb'
+ - 'proxy-logging'
+ - 'proxy-server'
+ swift::proxy::account_autocreate: true
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml
index 0b17c73c..f41228e7 100644
--- a/puppet/services/swift-ringbuilder.yaml
+++ b/puppet/services/swift-ringbuilder.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Swift Ringbuilder
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
index 74679231..6c7c3c7a 100644
--- a/puppet/services/swift-storage.yaml
+++ b/puppet/services/swift-storage.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Swift Storage service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -17,6 +26,10 @@ parameters:
default: false
description: Value of mount_check in Swift account/container/object -server.conf
type: boolean
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
@@ -32,33 +45,44 @@ parameter_groups:
parameters:
- ControllerEnableSwiftStorage
+resources:
+ SwiftBase:
+ type: ./swift-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Swift Proxy role.
value:
service_name: swift_storage
config_settings:
- # Swift
- swift::storage::all::mount_check: {get_param: SwiftMountCheck}
- tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
- tripleo.swift_storage.firewall_rules:
- '123 swift storage':
- dport:
- - 873
- - 6000
- - 6001
- - 6002
- swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
- swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
- swift::storage::all::object_pipeline:
- - healthcheck
- - recon
- - object-server
- swift::storage::all::container_pipeline:
- - healthcheck
- - container-server
- swift::storage::all::account_pipeline:
- - healthcheck
- - account-server
+ map_merge:
+ - get_attr: [SwiftBase, role_data, config_settings]
+ - swift::storage::all::mount_check: {get_param: SwiftMountCheck}
+ tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
+ tripleo.swift_storage.firewall_rules:
+ '123 swift storage':
+ dport:
+ - 873
+ - 6000
+ - 6001
+ - 6002
+ swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+ swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+ swift::storage::all::object_pipeline:
+ - healthcheck
+ - recon
+ - object-server
+ swift::storage::all::container_pipeline:
+ - healthcheck
+ - container-server
+ swift::storage::all::account_pipeline:
+ - healthcheck
+ - account-server
+ swift::storage::disks: {get_param: SwiftRawDisks}
+ swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
step_config: |
include ::tripleo::profile::base::swift::storage
diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml
index 59d25dd2..7aa3706f 100644
--- a/puppet/services/time/ntp.yaml
+++ b/puppet/services/time/ntp.yaml
@@ -7,6 +7,15 @@ description: >
and configure NTP.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/time/timezone.yaml b/puppet/services/time/timezone.yaml
index 805c9050..384b5191 100644
--- a/puppet/services/time/timezone.yaml
+++ b/puppet/services/time/timezone.yaml
@@ -4,6 +4,15 @@ description: >
Composable Timezone service
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml
new file mode 100644
index 00000000..14965b4f
--- /dev/null
+++ b/puppet/services/tripleo-firewall.yaml
@@ -0,0 +1,28 @@
+heat_template_version: 2016-04-08
+
+description: >
+ TripleO Firewall settings
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the TripleO firewall settings
+ value:
+ service_name: tripleo_firewall
+ step_config: |
+ include ::tripleo::firewall
diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml
new file mode 100644
index 00000000..124f5fe8
--- /dev/null
+++ b/puppet/services/tripleo-packages.yaml
@@ -0,0 +1,34 @@
+heat_template_version: 2016-04-08
+
+description: >
+ TripleO Package installation settings
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ EnablePackageInstall:
+ default: 'false'
+ description: Set to true to enable package installation via Puppet
+ type: boolean
+
+outputs:
+ role_data:
+ description: Role data for the TripleO package settings
+ value:
+ service_name: tripleo_packages
+ config_settings:
+ tripleo::packages::enable_install: {get_param: EnablePackageInstall}
+ step_config: |
+ include ::tripleo::packages
diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml
index 306a4d6e..859fad2c 100644
--- a/puppet/swift-storage-post.yaml
+++ b/puppet/swift-storage-post.yaml
@@ -36,6 +36,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
inputs:
- name: step
outputs:
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index 1d451ab2..b933c542 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -7,11 +7,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- HashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings
- in the ring.
- hidden: true
- type: string
SwiftStorageImage:
default: overcloud-full
type: string
@@ -21,18 +16,6 @@ parameters:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
- SnmpdReadonlyUserName:
- default: ro_snmp_user
- description: The user name for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- SnmpdReadonlyUserPassword:
- description: The user password for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- hidden: true
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
UpdateIdentifier:
default: ''
type: string
@@ -105,6 +88,10 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
resources:
@@ -250,7 +237,6 @@ resources:
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - network
merge_behavior: deeper
datafiles:
service_names:
@@ -261,22 +247,12 @@ resources:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
object_extraconfig:
mapped_data: {get_param: ObjectStorageExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
object:
mapped_data: # data supplied directly to this deployment configuration, etc
- swift::swift_hash_path_suffix: { get_input: swift_hash_suffix }
- swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -288,13 +264,7 @@ resources:
server: {get_resource: SwiftStorage}
config: {get_resource: SwiftStorageHieraConfig}
input_values:
- local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- swift_hash_suffix: {get_param: HashSuffix}
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -389,9 +359,23 @@ outputs:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
- template: 'r1z1-IP:%PORT%/d1'
+ template:
+ list_join:
+ - ','
+ - ['r1z1-IP:%PORT%/d1']
+ - repeat:
+ template: 'r1z1-IP:%PORT%/DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
+ IP:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index c93c84bc..d75aeb4f 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -39,6 +39,13 @@ def validate_service(filename, tpl):
print('ERROR: service_name should match file name for service: %s.'
% filename)
return 1
+ if 'parameters' in tpl:
+ required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords']
+ for param in required_params:
+ if param not in tpl['parameters']:
+ print('ERROR: parameter %s is required for %s.'
+ % (param, filename))
+ return 1
return 0