diff options
58 files changed, 936 insertions, 627 deletions
diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml index 3fc07561..60b831be 100644 --- a/docker/compute-post.yaml +++ b/docker/compute-post.yaml @@ -42,6 +42,9 @@ parameters: type: string description: Config manifests that will be used to step through the deployment. default: '' + RoleData: + type: json + default: {} resources: diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml index 2858552f..f6d61e2d 100644 --- a/docker/firstboot/install_docker_agents.yaml +++ b/docker/firstboot/install_docker_agents.yaml @@ -6,7 +6,7 @@ parameters: default: heat-docker-agents DockerNamespace: type: string - default: kollaglue + default: tripleoupstream DockerNamespaceIsRegistry: type: boolean default: false diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index cb8b2a5d..65c4e6dc 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -1,14 +1,38 @@ #!/bin/bash set -eux -# firstboot isn't split out by role yet so we handle it this way -if ! hostname | grep compute &>/dev/null; then - echo "Exiting. This script is only for the compute role." - exit 0 +/sbin/setenforce 0 +/sbin/modprobe ebtables + +# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes +chmod 666 /dev/pts/ptmx + +# We need hostname -f to return in a centos container for the puppet hook +HOSTNAME=$(hostname) +echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts + +# update docker for local insecure registry(optional) +# Note: This is different for different docker versions +# For older docker versions < 1.4.x use commented line +#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker +#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker + +# Local docker registry 1.8 +if [ $docker_namespace_is_registry ]; then + /usr/bin/systemctl stop docker.service + # if namespace is used with local registry, trim all namespacing + trim_var=$docker_registry + registry_host="${trim_var%%/*}" + /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry[ ]'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker + /usr/bin/systemctl start --no-block docker.service fi +/usr/bin/docker pull $agent_image & +DOCKER_PULL_PID=$! + mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container + # heat-docker-agents service cat <<EOF > /etc/systemd/system/heat-docker-agents.service @@ -22,7 +46,6 @@ User=root Restart=on-failure ExecStartPre=-/usr/bin/docker kill heat-agents ExecStartPre=-/usr/bin/docker rm heat-agents -ExecStartPre=/usr/bin/docker pull $agent_image ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image ExecStop=/usr/bin/docker stop heat-agents @@ -31,30 +54,6 @@ WantedBy=multi-user.target EOF -# update docker for local insecure registry(optional) -# Note: This is different for different docker versions -# For older docker versions < 1.4.x use commented line -#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker -#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker - -# Local docker registry 1.8 -if [ $docker_namespace_is_registry ]; then - # if namespace is used with local registry, trim all namespacing - trim_var=$docker_registry - registry_host="${trim_var%%/*}" - /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker -fi - -/sbin/setenforce 0 -/sbin/modprobe ebtables - -# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes -chmod 666 /dev/pts/ptmx - -# We need hostname -f to return in a centos container for the puppet hook -HOSTNAME=$(hostname) -echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts - # enable and start heat-docker-agents chmod 0640 /etc/systemd/system/heat-docker-agents.service /usr/bin/systemctl enable heat-docker-agents.service @@ -82,3 +81,5 @@ AUTO_EXTEND_POOL=yes POOL_AUTOEXTEND_PERCENT=30 POOL_AUTOEXTEND_THRESHOLD=70 EOF + +wait $DOCKER_PULL_PID diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 289ec2e3..ee1f5387 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -34,6 +34,9 @@ parameter_defaults: KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} MysqlNoBracketsInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml new file mode 100644 index 00000000..74011c66 --- /dev/null +++ b/environments/manila-generic-config.yaml @@ -0,0 +1,26 @@ +# A Heat environment file which can be used to enable a +# a Manila generic driver backend. +resource_registry: + OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + + +parameter_defaults: + ManilaGenericEnableBackend: true + ManilaGenericBackendName: tripleo_generic + ManilaGenericDriverHandlesShareServers: true + ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf' + ManilaGenericVolumeNameTemplate: 'manila-share-%s' + ManilaGenericVolumeSnapshotNameTemplate: 'manila-snapshot-%s' + ManilaGenericShareMountPath: '/shares' + ManilaGenericMaxTimeToCreateVolume: '180' + ManilaGenericMaxTimeToAttach: '120' + ManilaGenericServiceInstanceSmbConfigPath: '$share_mount_path/smb.conf' + ManilaGenericShareVolumeFsType: 'ext4' + ManilaGenericCinderVolumeType: '' + ManilaGenericServiceInstanceUser: '' + ManilaGenericServiceInstancePassword: '' + ManilaGenericServiceInstanceFlavorId: 2 + ManilaGenericServiceNetworkCidr: '172.16.0.0/16' diff --git a/environments/neutron-ovs-dvr.yaml b/environments/neutron-ovs-dvr.yaml new file mode 100644 index 00000000..223c2531 --- /dev/null +++ b/environments/neutron-ovs-dvr.yaml @@ -0,0 +1,24 @@ +# A Heat environment file that enables DVR in the overcloud. +# This works by configuring L3 and Metadata agents on the +# compute nodes. +resource_registry: + OS::TripleO::Services::ComputeNeutronL3Agent: ../puppet/services/neutron-l3-compute-dvr.yaml + OS::TripleO::Services::ComputeNeutronMetadataAgent: ../puppet/services/neutron-metadata.yaml + + # With DVR enabled, the Compute nodes also need the br-ex bridge to be + # connected to a physical network. + OS::TripleO::Compute::Net::SoftwareConfig: ../net-config-bridge.yaml + +parameter_defaults: + + # DVR requires that the L2 population feature is enabled + NeutronMechanismDrivers: ['openvswitch', 'l2population'] + NeutronEnableL2Pop: 'True' + + # Setting NeutronEnableDVR enables distributed routing support in the + # ML2 plugin and agents that support this feature + NeutronEnableDVR: true + + # We also need to set the proper agent mode for the L3 agent. This will only + # affect the agent on the controller node. + NeutronL3AgentMode: 'dvr_snat' diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 4622bc4d..74b91106 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -10,46 +10,13 @@ resource_registry: # NOTE: For now we will need to specify overrides to all services # which use pacemaker. In the future (with upcoming HA light work) this # list will hopefully be much smaller however. - OS::TripleO::Services::CinderApi: ../puppet/services/pacemaker/cinder-api.yaml - OS::TripleO::Services::CinderScheduler: ../puppet/services/pacemaker/cinder-scheduler.yaml OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml - OS::TripleO::Services::Core: ../puppet/services/pacemaker/core.yaml - OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml - OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml - OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml - OS::TripleO::Services::HeatApi: ../puppet/services/pacemaker/heat-api.yaml - OS::TripleO::Services::HeatApiCfn: ../puppet/services/pacemaker/heat-api-cfn.yaml - OS::TripleO::Services::HeatApiCloudwatch: ../puppet/services/pacemaker/heat-api-cloudwatch.yaml - OS::TripleO::Services::HeatEngine: ../puppet/services/pacemaker/heat-engine.yaml - OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/pacemaker/neutron-dhcp.yaml - OS::TripleO::Services::NeutronL3Agent: ../puppet/services/pacemaker/neutron-l3.yaml - OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/pacemaker/neutron-metadata.yaml - OS::TripleO::Services::NeutronServer: ../puppet/services/pacemaker/neutron-server.yaml - OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/pacemaker/neutron-plugin-ml2.yaml - # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin) - OS::TripleO::Services::NeutronCorePluginPlumgrid: ../puppet/services/pacemaker/neutron-plugin-plumgrid.yaml - OS::TripleO::Services::NeutronCorePluginNuage: ../puppet/services/pacemaker/neutron-plugin-nuage.yaml - OS::TripleO::Services::NeutronCorePluginOpencontrail: ../puppet/services/pacemaker/neutron-plugin-opencontrail.yaml - OS::TripleO::Services::NeutronCorePluginMidonet: ../puppet/services/pacemaker/neutron-midonet.yaml - OS::TripleO::Services::NeutronOvsAgent: ../puppet/services/pacemaker/neutron-ovs-agent.yaml OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml - OS::TripleO::Services::Memcached: ../puppet/services/pacemaker/memcached.yaml OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml - OS::TripleO::Services::NovaConductor: ../puppet/services/pacemaker/nova-conductor.yaml - OS::TripleO::Services::MongoDb: ../puppet/services/pacemaker/database/mongodb.yaml - OS::TripleO::Services::NovaApi: ../puppet/services/pacemaker/nova-api.yaml - OS::TripleO::Services::NovaScheduler: ../puppet/services/pacemaker/nova-scheduler.yaml - OS::TripleO::Services::NovaConsoleauth: ../puppet/services/pacemaker/nova-consoleauth.yaml - OS::TripleO::Services::NovaVncproxy: ../puppet/services/pacemaker/nova-vncproxy.yaml - OS::TripleO::Services::CeilometerApi: ../puppet/services/pacemaker/ceilometer-api.yaml - OS::TripleO::Services::CeilometerCollector: ../puppet/services/pacemaker/ceilometer-collector.yaml - OS::TripleO::Services::CeilometerAgentCentral: ../puppet/services/pacemaker/ceilometer-agent-central.yaml - OS::TripleO::Services::CeilometerAgentNotification: ../puppet/services/pacemaker/ceilometer-agent-notification.yaml - #Gnocchi services - OS::TripleO::Services::GnocchiApi: ../puppet/services/pacemaker/gnocchi-api.yaml - OS::TripleO::Services::GnocchiMetricd: ../puppet/services/pacemaker/gnocchi-metricd.yaml - OS::TripleO::Services::GnocchiStatsd: ../puppet/services/pacemaker/gnocchi-statsd.yaml OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml - OS::TripleO::Services::Horizon: ../puppet/services/pacemaker/horizon.yaml + # Services that are disabled by default (use relevant environment files): + OS::Tripleo::Services::ManilaShare: OS::Heat::None + OS::TripleO::Services::SaharaApi: ../puppet/services/pacemaker/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../puppet/services/pacemaker/sahara-engine.yaml diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 5afcf5de..363950d1 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -133,6 +133,21 @@ Keystone: port: 35357 port: 5000 +Manila: + Internal: + vip_param: ManilaApi + uri_suffixes: + '': /v2/%(tenant_id)s + Public: + vip_param: Public + uri_suffixes: + '': /v2/%(tenant_id)s + Admin: + vip_param: ManilaApi + uri_suffixes: + '': /v2/%(tenant_id)s + port: 8786 + Neutron: Internal: vip_param: NeutronApi diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index e1b8984f..98dad250 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -19,6 +19,7 @@ parameters: KeystoneAdminApiVirtualIP: {type: string, default: ''} KeystonePublicApiVirtualIP: {type: string, default: ''} MysqlNoBracketsVirtualIP: {type: string, default: ''} + ManilaApiVirtualIP: {type: string, default: ''} MysqlVirtualIP: {type: string, default: ''} NeutronApiVirtualIP: {type: string, default: ''} NovaApiVirtualIP: {type: string, default: ''} @@ -57,6 +58,9 @@ parameters: KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} + ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} MysqlNoBracketsInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} @@ -1473,6 +1477,123 @@ outputs: IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - get_param: [EndpointMap, KeystonePublic, port] + ManilaAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + port: + get_param: [EndpointMap, ManilaAdmin, port] + protocol: + get_param: [EndpointMap, ManilaAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaAdmin, port] + - /v2/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaAdmin, port] + ManilaInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + port: + get_param: [EndpointMap, ManilaInternal, port] + protocol: + get_param: [EndpointMap, ManilaInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaInternal, port] + - /v2/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: ManilaApiVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaInternal, port] + ManilaPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + port: + get_param: [EndpointMap, ManilaPublic, port] + protocol: + get_param: [EndpointMap, ManilaPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaPublic, port] + - /v2/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + - ':' + - get_param: [EndpointMap, ManilaPublic, port] MysqlInternal: host: str_replace: diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index c71ced2d..f6d76d97 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -193,6 +193,16 @@ resource_registry: OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml + # Services that are disabled by default (use relevant environment files): + OS::Tripleo::Services::ManilaApi: OS::Heat::None + OS::Tripleo::Services::ManilaScheduler: OS::Heat::None + OS::Tripleo::Services::ManilaShare: OS::Heat::None + OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::AodhApi: puppet/services/aodh-api.yaml + OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml + OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml + OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.yaml b/overcloud.yaml index e80cb244..e3d0bdf0 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -16,10 +16,6 @@ parameters: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true - AodhPassword: - description: The password for the aodh services. - type: string - hidden: true CinderEnableNfsBackend: default: false description: Whether to enable or not the NFS backend for Cinder @@ -36,38 +32,16 @@ parameters: default: [] description: Should be used for arbitrary ips. type: json - CorosyncIPv6: - default: false - description: Enable IPv6 in Corosync - type: boolean Debug: default: '' description: Set to True to enable debugging on all services. type: string - HAProxySyslogAddress: - default: /dev/log - description: Syslog address where HAproxy will send its log - type: string - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string InternalApiVirtualFixedIPs: default: [] description: > Control the IP allocation for the InternalApiVirtualInterface port. E.g. [{'ip_address':'1.2.3.4'}] type: json - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - MemcachedIPv6: - default: false - description: Enable IPv6 features in Memcached. - type: boolean NeutronControlPlaneID: default: 'ctlplane' type: string @@ -116,10 +90,6 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number - RedisPassword: - description: The password for Redis - type: string - hidden: true StorageVirtualFixedIPs: default: [] description: > @@ -154,33 +124,12 @@ parameters: description: | Deprecated. Use ControllerExtraConfig via parameter_defaults instead. type: json - controllerImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image OvercloudControlFlavor: description: Flavor for control nodes to request when deploying. default: baremetal type: string constraints: - custom_constraint: nova.flavor - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - EnableFencing: - default: false - description: Whether to enable fencing in Pacemaker or not. - type: boolean - EnableGalera: - default: true - description: Whether to use Galera instead of regular MariaDB. - type: boolean - ControllerSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} ExtraConfig: default: {} description: | @@ -188,74 +137,12 @@ parameters: may be implementation specific, e.g puppet hieradata. Any role specific ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig. type: json - FencingConfig: - default: {} - description: | - Pacemaker fencing configuration. The JSON should have - the following structure: - { - "devices": [ - { - "agent": "AGENT_NAME", - "host_mac": "HOST_MAC_ADDRESS", - "params": {"PARAM_NAME": "PARAM_VALUE"} - } - ] - } - For instance: - { - "devices": [ - { - "agent": "fence_xvm", - "host_mac": "52:54:00:aa:bb:cc", - "params": { - "multicast_address": "225.0.0.12", - "port": "baremetal_0", - "manage_fw": true, - "manage_key_file": true, - "key_file": "/etc/fence_xvm.key", - "key_file_password": "abcdef" - } - } - ] - } - type: json - type: string - hidden: true - InstanceNameTemplate: - default: 'instance-%08x' - description: Template string to be used to generate instance names - type: string - ManageFirewall: - default: true - description: Whether to manage IPtables rules. - type: boolean - PurgeFirewallRules: - default: false - description: Whether IPtables rules should be purged before setting up the ones. - type: boolean - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - MysqlMaxConnections: - description: Configures MySQL max_connections config setting - type: number - default: 4096 - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string SwiftHashSuffix: description: A random string to be used as a salt when hashing to determine mappings in the ring. type: string hidden: true + # Compute-specific params ComputeCount: type: number @@ -287,19 +174,10 @@ parameters: default: '' description: Libvirt VIF driver configuration for the network type: string - NovaComputeSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} NovaEnableRbdBackend: default: false description: Whether to enable or not the Rbd backend for Nova type: boolean - NovaImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image NovaOVSBridge: default: 'br-int' description: Name of integration bridge used by Open vSwitch @@ -328,6 +206,7 @@ parameters: IronicApiNetwork: internal_api KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints KeystonePublicApiNetwork: internal_api + ManilaApiNetwork: internal_api NeutronApiNetwork: internal_api HeatApiNetwork: internal_api NovaApiNetwork: internal_api @@ -402,7 +281,15 @@ parameters: - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd - + - OS::Tripleo::Services::ManilaApi + - OS::Tripleo::Services::ManilaScheduler + - OS::Tripleo::Services::ManilaShare + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Controllers. @@ -421,6 +308,8 @@ parameters: - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Compute Nodes. @@ -430,9 +319,6 @@ parameters: BlockStorageCount: type: number default: 0 - BlockStorageImage: - default: overcloud-full - type: string OvercloudBlockStorageFlavor: description: Flavor for block storage nodes to request when deploying. default: baremetal @@ -445,10 +331,6 @@ parameters: BlockStorage specific configuration to inject into the cluster. Same structure as ExtraConfig. type: json - BlockStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} BlockStorageServices: default: - OS::TripleO::Services::CinderVolume @@ -471,19 +353,12 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - SwiftStorageImage: - default: overcloud-full - type: string ObjectStorageExtraConfig: default: {} description: | ObjectStorage specific configuration to inject into the cluster. Same structure as ExtraConfig. type: json - ObjectStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} ObjectStorageServices: default: - OS::TripleO::Services::Kernel @@ -503,9 +378,6 @@ parameters: CephStorageCount: type: number default: 0 - CephStorageImage: - default: overcloud-full - type: string OvercloudCephStorageFlavor: default: baremetal description: Flavor for Ceph storage nodes to request when deploying. @@ -518,10 +390,6 @@ parameters: CephStorage specific configuration to inject into the cluster. Same structure as ExtraConfig. type: json - CephStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} CephStorageServices: default: - OS::TripleO::Services::CephOSD @@ -642,6 +510,7 @@ resources: IronicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]} KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + ManilaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} MysqlVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} MysqlNoBracketsVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} @@ -665,59 +534,25 @@ resources: resource_def: type: OS::TripleO::Controller properties: - AdminPassword: {get_param: AdminPassword} - AodhPassword: {get_param: AodhPassword} - CloudDomain: {get_param: CloudDomain} - ControlVirtualInterface: {get_param: ControlVirtualInterface} controllerExtraConfig: {get_param: controllerExtraConfig} - CorosyncIPv6: {get_param: CorosyncIPv6} - Debug: {get_param: Debug} - EnableFencing: {get_param: EnableFencing} - ManageFirewall: {get_param: ManageFirewall} - PurgeFirewallRules: {get_param: PurgeFirewallRules} - EnableGalera: {get_param: EnableGalera} - ExtraConfig: {get_param: ExtraConfig} - FencingConfig: {get_param: FencingConfig} Flavor: {get_param: OvercloudControlFlavor} - HAProxySyslogAddress: {get_param: HAProxySyslogAddress} HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} HorizonSecret: {get_resource: HorizonSecret} - Image: {get_param: controllerImage} - ImageUpdatePolicy: {get_param: ImageUpdatePolicy} - InstanceNameTemplate: {get_param: InstanceNameTemplate} - KeyName: {get_param: KeyName} - MemcachedIPv6: {get_param: MemcachedIPv6} MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]} - MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize} - MysqlMaxConnections: {get_param: MysqlMaxConnections} MysqlRootPassword: {get_attr: [MysqlRootPassword, value]} - NeutronPublicInterface: {get_param: NeutronPublicInterface} - NeutronPassword: {get_param: NeutronPassword} - NovaIPv6: {get_param: NovaIPv6} - NovaPassword: {get_param: NovaPassword} PcsdPassword: {get_resource: PcsdPassword} - PublicVirtualInterface: {get_param: PublicVirtualInterface} - RabbitPassword: {get_param: RabbitPassword} - RabbitUserName: {get_param: RabbitUserName} RabbitCookie: {get_attr: [RabbitCookie, value]} - RabbitClientUseSSL: {get_param: RabbitClientUseSSL} - RabbitClientPort: {get_param: RabbitClientPort} - RedisPassword: {get_param: RedisPassword} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]} - SwiftHashSuffix: {get_param: SwiftHashSuffix} ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - UpdateIdentifier: {get_param: UpdateIdentifier} Hostname: str_replace: template: {get_param: ControllerHostnameFormat} params: '%stackname%': {get_param: 'OS::stack_name'} NodeIndex: '%index%' - ServerMetadata: {get_param: ServerMetadata} - SchedulerHints: {get_param: ControllerSchedulerHints} ServiceConfigSettings: {get_attr: [ControllerServiceChain, role_data, config_settings]} ServiceNames: {get_attr: [ControllerServiceChain, role_data, service_names]} @@ -744,9 +579,6 @@ resources: ExtraConfig: {get_param: ExtraConfig} Flavor: {get_param: OvercloudComputeFlavor} GlanceHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - Image: {get_param: NovaImage} - ImageUpdatePolicy: {get_param: ImageUpdatePolicy} - KeyName: {get_param: KeyName} KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} NeutronPassword: {get_param: NeutronPassword} @@ -779,7 +611,6 @@ resources: '%stackname%': {get_param: 'OS::stack_name'} CloudDomain: {get_param: CloudDomain} ServerMetadata: {get_param: ServerMetadata} - SchedulerHints: {get_param: NovaComputeSchedulerHints} NodeIndex: '%index%' ServiceConfigSettings: {get_attr: [ComputeServiceChain, role_data, config_settings]} ServiceNames: {get_attr: [ComputeServiceChain, role_data, service_names]} @@ -799,8 +630,6 @@ resources: resource_def: type: OS::TripleO::BlockStorage properties: - Image: {get_param: BlockStorageImage} - KeyName: {get_param: KeyName} Flavor: {get_param: OvercloudBlockStorageFlavor} UpdateIdentifier: {get_param: UpdateIdentifier} Hostname: @@ -813,7 +642,6 @@ resources: BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig} CloudDomain: {get_param: CloudDomain} ServerMetadata: {get_param: ServerMetadata} - SchedulerHints: {get_param: BlockStorageSchedulerHints} NodeIndex: '%index%' ServiceConfigSettings: {get_attr: [BlockStorageServiceChain, role_data, config_settings]} ServiceNames: {get_attr: [BlockStorageServiceChain, role_data, service_names]} @@ -833,10 +661,8 @@ resources: resource_def: type: OS::TripleO::ObjectStorage properties: - KeyName: {get_param: KeyName} Flavor: {get_param: OvercloudSwiftStorageFlavor} HashSuffix: {get_param: SwiftHashSuffix} - Image: {get_param: SwiftStorageImage} UpdateIdentifier: {get_param: UpdateIdentifier} ServiceNetMap: {get_param: ServiceNetMap} Hostname: @@ -848,7 +674,6 @@ resources: ObjectStorageExtraConfig: {get_param: ObjectStorageExtraConfig} CloudDomain: {get_param: CloudDomain} ServerMetadata: {get_param: ServerMetadata} - SchedulerHints: {get_param: ObjectStorageSchedulerHints} NodeIndex: '%index%' ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, role_data, config_settings]} ServiceNames: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} @@ -868,8 +693,6 @@ resources: resource_def: type: OS::TripleO::CephStorage properties: - Image: {get_param: CephStorageImage} - KeyName: {get_param: KeyName} Flavor: {get_param: OvercloudCephStorageFlavor} ServiceNetMap: {get_param: ServiceNetMap} UpdateIdentifier: {get_param: UpdateIdentifier} @@ -882,7 +705,6 @@ resources: CephStorageExtraConfig: {get_param: CephStorageExtraConfig} CloudDomain: {get_param: CloudDomain} ServerMetadata: {get_param: ServerMetadata} - SchedulerHints: {get_param: CephStorageSchedulerHints} NodeIndex: '%index%' ServiceConfigSettings: {get_attr: [CephStorageServiceChain, role_data, config_settings]} ServiceNames: {get_attr: [CephStorageServiceChain, role_data, service_names]} @@ -924,6 +746,7 @@ resources: glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} cinder_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} + manila_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} neutron_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} @@ -1047,6 +870,7 @@ resources: heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} redis_vip: {get_attr: [RedisVirtualIP, ip_address]} + manila_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} # direct configuration of Virtual IPs for each network @@ -1282,6 +1106,9 @@ outputs: KeystoneInternalVip: description: VIP for Keystone API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + ManilaInternalVip: + description: VIP for Manila API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} NeutronInternalVip: description: VIP for Neutron API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 803a5d49..4c9355d5 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -48,6 +48,8 @@ parameters: type: comma_delimited_list cinder_api_node_ips: type: comma_delimited_list + manila_api_node_ips: + type: comma_delimited_list neutron_api_node_ips: type: comma_delimited_list keystone_public_api_node_ips: @@ -260,6 +262,14 @@ resources: list_join: - "','" - {get_param: cinder_api_node_ips} + manila_api_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: manila_api_node_ips} neutron_api_node_ips: str_replace: template: "['SERVERS_LIST']" @@ -332,6 +342,7 @@ resources: aodh::rabbit_hosts: *rabbit_nodes_array cinder::rabbit_hosts: *rabbit_nodes_array glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array + manila::rabbit_hosts: *rabbit_nodes_array heat::rabbit_hosts: *rabbit_nodes_array neutron::rabbit_hosts: *rabbit_nodes_array nova::rabbit_hosts: *rabbit_nodes_array diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 77ca4dc6..2f007536 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -6,9 +6,9 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - Image: + CephStorageImage: type: string - default: overcloud-ceph-storage + default: overcloud-full constraints: - custom_constraint: glance.image ImageUpdatePolicy: @@ -81,7 +81,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + CephStorageSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -106,7 +106,7 @@ resources: os-collect-config: command: {get_param: ConfigCommand} properties: - image: {get_param: Image} + image: {get_param: CephStorageImage} image_update_policy: {get_param: ImageUpdatePolicy} flavor: {get_param: Flavor} key_name: {get_param: KeyName} @@ -120,7 +120,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: CephStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -256,7 +256,6 @@ resources: - ceph - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - - common - network merge_behavior: deeper datafiles: @@ -265,8 +264,6 @@ resources: service_names: {get_param: ServiceNames} service_configs: mapped_data: {get_param: ServiceConfigSettings} - common: - raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index edd81b9d..28f16866 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -1,9 +1,11 @@ heat_template_version: 2015-04-30 description: 'OpenStack cinder storage configured by Puppet' parameters: - Image: - default: overcloud-cinder-volume + BlockStorageImage: + default: overcloud-full type: string + constraints: + - custom_constraint: glance.image ExtraConfig: default: {} description: | @@ -81,7 +83,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + BlockStorageSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -107,7 +109,7 @@ resources: command: {get_param: ConfigCommand} properties: image: - {get_param: Image} + {get_param: BlockStorageImage} flavor: {get_param: Flavor} key_name: {get_param: KeyName} networks: @@ -120,7 +122,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: BlockStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -261,7 +263,6 @@ resources: - volume - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - - common - network merge_behavior: deeper datafiles: @@ -270,8 +271,6 @@ resources: service_names: {get_param: ServiceNames} service_configs: mapped_data: {get_param: ServiceConfigSettings} - common: - raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 0e029162..1ae55cd3 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -48,9 +48,9 @@ parameters: GlanceHost: type: string default: '' # Has to be here because of the ignored empty value bug - Image: + NovaImage: type: string - default: overcloud-compute + default: overcloud-full constraints: - custom_constraint: glance.image ImageUpdatePolicy: @@ -205,7 +205,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + NovaComputeSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -228,8 +228,7 @@ resources: os-collect-config: command: {get_param: ConfigCommand} properties: - image: - {get_param: Image} + image: {get_param: NovaImage} image_update_policy: get_param: ImageUpdatePolicy flavor: {get_param: Flavor} @@ -244,7 +243,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: NovaComputeSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -371,7 +370,6 @@ resources: - ceph - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - - common - network - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre @@ -389,8 +387,6 @@ resources: mapped_data: {get_param: NovaComputeExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} - common: - raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 679fd90b..93ba4760 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -117,9 +117,9 @@ parameters: description: Secret key for Django type: string hidden: true - Image: + controllerImage: type: string - default: overcloud-control + default: overcloud-full constraints: - custom_constraint: glance.image ImageUpdatePolicy: @@ -311,7 +311,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + ControllerSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -340,7 +340,7 @@ resources: os-collect-config: command: {get_param: ConfigCommand} properties: - image: {get_param: Image} + image: {get_param: controllerImage} image_update_policy: {get_param: ImageUpdatePolicy} flavor: {get_param: Flavor} key_name: {get_param: KeyName} @@ -354,7 +354,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: ControllerSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -525,7 +525,6 @@ resources: neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } - aodh_password: {get_param: AodhPassword} aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } @@ -537,15 +536,6 @@ resources: - '@' - {get_param: RedisVirtualIPUri} - ':6379/' - aodh_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://aodh:' - - {get_param: AodhPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/aodh' gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } @@ -586,6 +576,7 @@ resources: keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} keystone_region: {get_param: KeystoneRegion} + manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} @@ -627,7 +618,6 @@ resources: - service_configs - service_names - controller - - database - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - ceph_cluster # provided by CephClusterConfig @@ -636,7 +626,6 @@ resources: - all_nodes # provided by allNodesConfig - vip_data # provided by vip-config - '"%{::osfamily}"' - - common - network - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre @@ -659,8 +648,6 @@ resources: - {get_param: ControllerExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} - common: - raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} @@ -672,8 +659,6 @@ resources: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} ceph::profile::params::public_addr: {get_input: ceph_public_ip} - database: - raw_data: {get_file: hieradata/database.yaml} object: raw_data: {get_file: hieradata/object.yaml} controller: @@ -723,6 +708,9 @@ resources: keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} + # Manila + manila::api::bind_host: {get_input: manila_api_network} + # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} @@ -747,36 +735,15 @@ resources: neutron::keystone::auth::password: {get_input: neutron_password } neutron::keystone::auth::region: {get_input: keystone_region} + # Aodh + aodh::api::host: {get_input: aodh_api_network} + aodh::wsgi::apache::bind_host: {get_input: aodh_api_network} + # Ceilometer ceilometer::api::host: {get_input: ceilometer_api_network} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - # Aodh - aodh_mysql_conn_string: {get_input: aodh_dsn} - aodh::rabbit_userid: {get_input: rabbit_username} - aodh::rabbit_password: {get_input: rabbit_password} - aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - aodh::rabbit_port: {get_input: rabbit_client_port} - aodh::debug: {get_input: debug} - aodh::wsgi::apache::ssl: false - aodh::wsgi::apache::bind_host: {get_input: aodh_api_network} - aodh::api::service_name: 'httpd' - aodh::api::host: {get_input: aodh_api_network} - aodh::api::keystone_password: {get_input: aodh_password} - aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri} - aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri} - aodh::auth::auth_url: {get_input: keystone_auth_uri} - aodh::auth::auth_password: {get_input: aodh_password} - aodh::db::mysql::password: {get_input: aodh_password} - # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination - aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url} - aodh::keystone::auth::public_url: {get_input: aodh_public_url } - aodh::keystone::auth::internal_url: {get_input: aodh_internal_url } - aodh::keystone::auth::admin_url: {get_input: aodh_admin_url } - aodh::keystone::auth::password: {get_input: aodh_password } - aodh::keystone::auth::region: {get_input: keystone_region} - # Gnocchi gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network} gnocchi::api::host: {get_input: gnocchi_api_network} @@ -818,6 +785,9 @@ resources: horizon::bind_address: {get_input: horizon_network} horizon::keystone_url: {get_input: keystone_auth_uri} + # Sahara + sahara::host: {get_input: sahara_api_network} + # RabbitMQ rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index ccb41cc4..c8c5804b 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -1,9 +1,2 @@ -ceph::profile::params::osd_pool_default_pg_num: 32 -ceph::profile::params::osd_pool_default_pgp_num: 32 -ceph::profile::params::osd_pool_default_size: 3 -ceph::profile::params::osd_pool_default_min_size: 1 -ceph::profile::params::osds: {/srv/data: {}} -ceph::profile::params::manage_repo: false -ceph::profile::params::authentication_type: cephx - +# Do not add hieradata in this file, and use composable services. ceph_classes: [] diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml deleted file mode 100644 index 3bda874f..00000000 --- a/puppet/hieradata/common.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# TODO(emilien) move it to composable aodh roles later -aodh::auth::auth_region: 'regionOne' -aodh::auth::auth_tenant_name: 'service' diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 219f0d0a..54b3d412 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -1,3 +1,3 @@ -# Hiera data here applies to all compute nodes +# Do not add hieradata in this file, and use composable services. compute_classes: [] diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 71c53b47..d18e0bc9 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,16 +1,3 @@ -# Hiera data here applies to all controller nodes - -# TODO(emilien) move it to composable aodh roles later -aodh::api::keystone_tenant: 'service' -aodh::keystone::auth::tenant: 'service' - -# TODO(emilien) move it to composable roles later -# Already WIP with https://review.openstack.org/330785 -# and https://review.openstack.org/338527 -tripleo::firewall::firewall_rules: - '128 aodh': - dport: - - 8042 - - 13042 +# Do not add hieradata in this file, and use composable services. controller_classes: [] diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml deleted file mode 100644 index d93817e7..00000000 --- a/puppet/hieradata/database.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Aodh -# TODO(emilien) move it to composable aodh roles later -aodh::db::mysql::user: aodh -aodh::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -aodh::db::mysql::dbname: aodh -aodh::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" diff --git a/puppet/hieradata/object.yaml b/puppet/hieradata/object.yaml index da526e39..5aa0cfb6 100644 --- a/puppet/hieradata/object.yaml +++ b/puppet/hieradata/object.yaml @@ -1,2 +1,3 @@ -# Hiera data for swift storage nodes +# Do not add hieradata in this file, and use composable services. + object_classes: [] diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml index dd0582fa..42b85e1a 100644 --- a/puppet/hieradata/volume.yaml +++ b/puppet/hieradata/volume.yaml @@ -1,3 +1,3 @@ -# Hiera data here applies to all volume storage nodes +# Do not add hieradata in this file, and use composable services. volume_classes: [] diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 3778271c..69e48e95 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -16,42 +16,8 @@ include ::tripleo::packages include ::tripleo::firewall -if hiera('step') >= 2 { - # FIXME: this should only occur on the bootstrap host (ditto for db syncs) - # Create all the database schemas - include ::aodh::db::mysql - -} #END STEP 2 - if hiera('step') >= 4 { - - $nova_ipv6 = hiera('nova::use_ipv6', false) - if $nova_ipv6 { - $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') - } else { - $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') - } - - class { '::nova' : - memcached_servers => $memcached_servers - } - include ::nova::config - - # Aodh - class { '::aodh' : - database_connection => hiera('aodh_mysql_conn_string'), - } - include ::aodh::db::sync - include ::aodh::auth - include ::aodh::api - include ::aodh::wsgi::apache - include ::aodh::evaluator - include ::aodh::notifier - include ::aodh::listener - include ::aodh::client - hiera_include('controller_classes') - } #END STEP 4 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index ca24c443..0aec972d 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -13,16 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -# TODO(jistr): use pcs resource provider instead of just no-ops -Service <| - tag == 'aodh-service' -|> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', -} - include ::tripleo::packages include ::tripleo::firewall @@ -34,158 +24,9 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) { $sync_db = false } -if hiera('step') >= 2 { - if $pacemaker_master { - class { '::aodh::db::mysql': - require => Exec['galera-ready'], - } - } -} #END STEP 2 - if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { - $nova_ipv6 = hiera('nova::use_ipv6', false) - if $nova_ipv6 { - $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') - } else { - $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') - } - - class { '::nova' : - memcached_servers => $memcached_servers - } - - include ::nova::config - - # Aodh - class { '::aodh' : - database_connection => hiera('aodh_mysql_conn_string'), - } - include ::aodh::config - include ::aodh::auth - include ::aodh::client - include ::aodh::wsgi::apache - class { '::aodh::api': - manage_service => false, - enabled => false, - service_name => 'httpd', - } - class { '::aodh::evaluator': - manage_service => false, - enabled => false, - } - class { '::aodh::notifier': - manage_service => false, - enabled => false, - } - class { '::aodh::listener': - manage_service => false, - enabled => false, - } - hiera_include('controller_classes') - } #END STEP 4 -if hiera('step') >= 5 { - if $pacemaker_master { - - pacemaker::constraint::base { 'openstack-core-then-httpd-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::apache::params::service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::apache::params::service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - - # Fedora doesn't know `require-all` parameter for constraints yet - if $::operatingsystem == 'Fedora' { - $redis_aodh_constraint_params = undef - } else { - $redis_aodh_constraint_params = 'require-all=false' - } - pacemaker::constraint::base { 'redis-then-aodh-evaluator-constraint': - constraint_type => 'order', - first_resource => 'redis-master', - second_resource => "${::aodh::params::evaluator_service_name}-clone", - first_action => 'promote', - second_action => 'start', - constraint_params => $redis_aodh_constraint_params, - require => [Pacemaker::Resource::Ocf['redis'], - Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name]], - } - # Aodh - pacemaker::resource::service { $::aodh::params::evaluator_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::aodh::params::notifier_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::aodh::params::listener_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint': - constraint_type => 'order', - first_resource => "${::aodh::params::evaluator_service_name}-clone", - second_resource => "${::aodh::params::notifier_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], - } - pacemaker::constraint::colocation { 'aodh-notifier-with-aodh-evaluator-colocation': - source => "${::aodh::params::notifier_service_name}-clone", - target => "${::aodh::params::evaluator_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], - } - pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint': - constraint_type => 'order', - first_resource => "${::aodh::params::evaluator_service_name}-clone", - second_resource => "${::aodh::params::listener_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], - } - pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation': - source => "${::aodh::params::listener_service_name}-clone", - target => "${::aodh::params::evaluator_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], - } - - #VSM - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - pacemaker::resource::ocf { 'vsm-p' : - ocf_agent_name => 'heartbeat:VirtualDomain', - resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml', - require => Class['n1k_vsm'], - meta_params => 'resource-stickiness=INFINITY', - } - if str2bool(hiera('n1k_vsm::pacemaker_control', true)) { - pacemaker::resource::ocf { 'vsm-s' : - ocf_agent_name => 'heartbeat:VirtualDomain', - resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml', - require => Class['n1k_vsm'], - meta_params => 'resource-stickiness=INFINITY', - } - pacemaker::constraint::colocation { 'vsm-colocation-contraint': - source => 'vsm-p', - target => 'vsm-s', - score => '-INFINITY', - require => [Pacemaker::Resource::Ocf['vsm-p'], - Pacemaker::Resource::Ocf['vsm-s']], - } - } - } - - } - -} #END STEP 5 - $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml new file mode 100644 index 00000000..ab51212c --- /dev/null +++ b/puppet/services/aodh-api.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh API service. + value: + service_name: aodh_api + config_settings: + map_merge: + - get_attr: [AodhBase, role_data, config_settings] + - aodh::wsgi::apache::ssl: false + aodh::api::service_name: 'httpd' + aodh::api::keystone_tenant: 'service' + - tripleo.aodh_api.firewall_rules: + '128 aodh-api': + dport: + - 8042 + - 13042 + + step_config: | + include tripleo::profile::base::aodh::api diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml new file mode 100644 index 00000000..30c3f416 --- /dev/null +++ b/puppet/services/aodh-base.yaml @@ -0,0 +1,94 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AodhPassword: + description: The password for the aodh services. + type: string + hidden: true + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +outputs: + role_data: + description: Role data for the Aodh role. + value: + service_name: aodh_base + config_settings: + aodh::evaluator::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - "%{hiera('redis_vip')}" + - ':6379/' + aodh::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://aodh:' + - {get_param: AodhPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/aodh' + aodh::debug: {get_param: Debug} + aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] } + aodh::rabbit_userid: {get_param: RabbitUserName} + aodh::rabbit_password: {get_param: RabbitPassword} + aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + aodh::rabbit_port: {get_param: RabbitClientPort} + aodh::api::keystone_password: {get_param: AodhPassword} + aodh::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + aodh::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + aodh::auth::auth_password: {get_param: AodhPassword} + aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} + aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} + aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} + aodh::keystone::auth::password: {get_param: AodhPassword} + aodh::keystone::auth::region: {get_param: KeystoneRegion} + aodh::keystone::auth::tenant: 'service' + aodh::db::mysql::user: aodh + aodh::db::mysql::password: {get_param: AodhPassword} + aodh::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + aodh::db::mysql::dbname: aodh + aodh::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + aodh::auth::auth_region: 'regionOne' + aodh::auth::auth_tenant_name: 'service' diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml new file mode 100644 index 00000000..103f691a --- /dev/null +++ b/puppet/services/aodh-evaluator.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Evaluator service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Evaluator service. + value: + service_name: aodh_evaluator + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::evaluator diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml new file mode 100644 index 00000000..01caf8b5 --- /dev/null +++ b/puppet/services/aodh-listener.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Listener service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Listener service. + value: + service_name: aodh_listener + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::listener diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml new file mode 100644 index 00000000..de07f780 --- /dev/null +++ b/puppet/services/aodh-notifier.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Notifier service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Notifier service. + value: + service_name: aodh_notifier + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::notifier diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index db5a82b1..5342cefb 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -83,7 +83,7 @@ outputs: ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} - ceilometer::agent::auth::auth_region: 'regionOne' + ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' ceilometer::db::mysql::password: {get_param: CeilometerPassword} @@ -109,3 +109,5 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" ceilometer::rabbit_heartbeat_timeout_threshold: 60 + ceilometer::db::database_db_max_retries: -1 + ceilometer::db::database_max_retries: -1 diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index bec4340e..bce52f36 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -58,6 +58,13 @@ outputs: config_settings: tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6} tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} + ceph::profile::params::osd_pool_default_pg_num: 32 + ceph::profile::params::osd_pool_default_pgp_num: 32 + ceph::profile::params::osd_pool_default_size: 3 + ceph::profile::params::osd_pool_default_min_size: 1 + ceph::profile::params::osds: {/srv/data: {}} + ceph::profile::params::manage_repo: false + ceph::profile::params::authentication_type: cephx ceph::profile::params::fsid: {get_param: CephClusterFSID} ceph::profile::params::client_keys: str_replace: diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index b224cd65..d923e7c6 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -67,3 +67,5 @@ outputs: cinder::keystone::auth::tenant: 'service' cinder::host: hostgroup cinder::cron::db_purge::destination: '/dev/null' + cinder::db::database_db_max_retries: -1 + cinder::db::database_max_retries: -1 diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index b0eeadeb..99065789 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -85,6 +85,7 @@ outputs: params: REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} glance::api::keystone_password: {get_param: GlancePassword} + glance::api::enable_proxy_headers_parsing: true glance::api::debug: {get_param: Debug} glance::api::workers: {get_param: GlanceWorkers} glance_notifier_strategy: {get_param: GlanceNotifierStrategy} @@ -105,6 +106,8 @@ outputs: glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} glance::keystone::auth::password: {get_param: GlancePassword } + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 tripleo.glance_api.firewall_rules: '112 glance_api': dport: diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 5ad4bb9a..40d18191 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -50,6 +50,8 @@ outputs: glance::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 tripleo.glance_registry.firewall_rules: '112 glance_registry': diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 5c1e015e..a408d5d7 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -30,6 +30,10 @@ parameters: CephClientUserName: default: openstack type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint outputs: aux_parameters: @@ -52,7 +56,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - gnocchi::keystone::auth::region: 'regionOne' + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} gnocchi::keystone::auth::tenant: 'service' gnocchi::keystone::auth::password: {get_param: GnocchiPassword} gnocchi::db::mysql::password: {get_param: GnocchiPassword} @@ -90,5 +94,5 @@ outputs: gnocchi::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" - gnocchi::auth::auth_region: 'regionOne' + gnocchi::auth::auth_region: {get_param: KeystoneRegion} gnocchi::auth::auth_tenant_name: 'service' diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index c40136f5..01f2a51b 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -56,3 +56,5 @@ outputs: heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::maxdelay: 3600 heat::cron::purge_deleted::destination: '/dev/null' + heat::db::database_db_max_retries: -1 + heat::db::database_max_retries: -1 diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 48e74875..d45ed86e 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -4,24 +4,11 @@ description: > OpenStack Keystone service configured with Puppet parameters: - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string KeystoneEnableDBPurge: default: true description: | Whether to create cron job for purging soft deleted rows in Keystone database. type: boolean - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true KeystoneSSLCertificate: default: '' description: Keystone certificate for verifying token validity. @@ -105,11 +92,9 @@ outputs: - '/keystone' keystone::admin_token: {get_param: AdminToken} keystone::roles::admin::password: {get_param: AdminPassword} - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::enable_proxy_headers_parsing: true keystone::debug: {get_param: Debug} keystone::db::mysql::password: {get_param: AdminToken} keystone::rabbit_userid: {get_param: RabbitUserName} @@ -138,8 +123,6 @@ outputs: keystone::roles::admin::admin_tenant: 'admin' keystone::cron::token_flush::destination: '/dev/null' keystone::config::keystone_config: - DEFAULT/secure_proxy_ssl_header: - value: 'HTTP_X_FORWARDED_PROTO' ec2/driver: value: 'keystone.contrib.ec2.backends.sql.Ec2' keystone::service_name: 'httpd' @@ -148,6 +131,8 @@ outputs: keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} # override via extraconfig: keystone::wsgi::apache::threads: 1 + keystone::db::database_db_max_retries: -1 + keystone::db::database_max_retries: -1 tripleo.keystone.firewall_rules: '111 keystone': dport: diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml new file mode 100644 index 00000000..ccae4467 --- /dev/null +++ b/puppet/services/manila-api.yaml @@ -0,0 +1,46 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-api service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-api role. + value: + service_name: manila_api + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::api::keystone_password: {get_param: ManilaPassword} + manila::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + manila::api::keystone_auth_host: {get_param: [EndpointMap, ManilaInternal, host]} + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::password: {get_param: ManilaPassword } + manila::keystone::auth::region: {get_param: KeystoneRegion } + manila::api::keystone_tenant: 'service' + step_config: | + include ::tripleo::profile::base::manila::api + diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml new file mode 100644 index 00000000..c156379b --- /dev/null +++ b/puppet/services/manila-base.yaml @@ -0,0 +1,119 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Manila base service. Shared by manila-api/scheduler/share services + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + # Config specific parameters, to be provided via parameter_defaults + ManilaGenericEnableBackend: + type: boolean + default: true + ManilaGenericBackendName: + type: string + default: tripleo_generic + ManilaGenericDriverHandlesShareServers: + type: string + default: true + ManilaGenericSmbTemplateConfigPath: + type: string + default: '$state_path/smb.conf' + ManilaGenericVolumeNameTemplate: + type: string + default: 'manila-share-%s' + ManilaGenericVolumeSnapshotNameTemplate: + type: string + default: 'manila-snapshot-%s' + ManilaGenericShareMountPath: + type: string + default: '/shares' + ManilaGenericMaxTimeToCreateVolume: + type: string + default: '180' + ManilaGenericMaxTimeToAttach: + type: string + default: '120' + ManilaGenericServiceInstanceSmbConfigPath: + type: string + default: '$share_mount_path/smb.conf' + ManilaGenericShareVolumeFsType: + type: string + default: 'ext4' + ManilaGenericCinderVolumeType: + type: string + default: '' + ManilaGenericServiceInstanceUser: + type: string + default: '' + ManilaGenericServiceInstancePassword: #SET THIS via parameter_defaults + type: string + hidden: true + ManilaGenericServiceInstanceFlavorId: + type: number + default: 1 + ManilaGenericServiceNetworkCidr: + type: string + default: '172.16.0.0/16' + +outputs: + role_data: + description: Role data for the Manila Base service. + value: + service_name: manila_base + config_settings: + manila::rabbit_userid: {get_param: RabbitUserName} + manila::rabbit_password: {get_param: RabbitPassword} + manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + manila::rabbit_port: {get_param: RabbitClientPort} + manila::debug: {get_param: Debug} + manila::db::mysql::user: manila + manila::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + manila::db::mysql::dbname: manila + manila::db::database_db_max_retries: -1 + manila::db::database_max_retries: -1 + manila_generic_enable_backend: {get_param: ManilaGenericEnableBackend} + manila::backend::generic::title: {get_param: ManilaGenericBackendName} + manila::backend::generic::driver_handles_share_servers: {get_param: ManilaGenericDriverHandlesShareServers} + manila::backend::generic::smb_template_config_path: {get_param: ManilaGenericSmbTemplateConfigPath} + manila::backend::generic::volume_name_template: {get_param: ManilaGenericVolumeNameTemplate} + manila::backend::generic::volume_snapshot_name_template: {get_param: ManilaGenericVolumeSnapshotNameTemplate} + manila::backend::generic::share_mount_path: {get_param: ManilaGenericShareMountPath} + manila::backend::generic::max_time_to_create_volume: {get_param: ManilaGenericMaxTimeToCreateVolume} + manila::backend::generic::max_time_to_attach: {get_param: ManilaGenericMaxTimeToAttach} + manila::backend::generic::service_instance_smb_config_path: {get_param: ManilaGenericServiceInstanceSmbConfigPath} + manila::backend::generic::share_volume_fstype: {get_param: ManilaGenericShareVolumeFsType} + manila::backend::generic::cinder_volume_type: {get_param: ManilaGenericCinderVolumeType} + manila::service_instance::service_instance_user: {get_param: ManilaGenericServiceInstanceUser} + manila::service_instance::service_instance_password: {get_param: ManilaGenericServiceInstancePassword} + manila::service_instance::service_instance_flavor_id: {get_param: ManilaGenericServiceInstanceFlavorId} + manila::service_instance::service_network_cidr: {get_param: ManilaGenericServiceNetworkCidr} + manila::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml new file mode 100644 index 00000000..b1d55a05 --- /dev/null +++ b/puppet/services/manila-scheduler.yaml @@ -0,0 +1,57 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-scheduler service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaPassword: + type: string + description: The password for the nova service and db account, used by nova-api. + hidden: true + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-scheduler role. + value: + service_name: manila_scheduler + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + manila::compute::nova::nova_admin_password: {get_param: NovaPassword} + manila::compute::nova::nova_admin_tenant_name: 'service' + manila::db::mysql::password: {get_param: ManilaPassword} + manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]} + manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword} + manila::sql_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://manila:' + - {get_param: ManilaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/manila' + step_config: | + include ::tripleo::profile::base::manila::scheduler + diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml new file mode 100644 index 00000000..20f36aa3 --- /dev/null +++ b/puppet/services/manila-share.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-share service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-share role. + value: + service_name: manila_share + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::volume::cinder::cinder_admin_tenant_name: 'service' + step_config: | + include ::tripleo::profile::base::manila::share diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index c1134824..3f8ac7e8 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -65,3 +65,5 @@ outputs: neutron::rabbit_heartbeat_timeout_threshold: 60 neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed neutron::keystone::auth::tenant: 'service' + neutron::db::database_db_max_retries: -1 + neutron::db::database_max_retries: -1 diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml new file mode 100644 index 00000000..f10b5922 --- /dev/null +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron L3 agent for DVR enabled compute nodes + configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + type: string + default: '' + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. + type: string + default: 'br-ex' + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for DVR L3 Agent on Compute Nodes + value: + service_name: neutron_l3_compute_dvr + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} + neutron::agents::l3::agent_mode : 'dvr' + step_config: | + include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index a7232a39..ede41935 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -16,6 +16,15 @@ parameters: description: Name of bridge used for external network traffic. type: string default: 'br-ex' + NeutronL3AgentMode: + description: | + Agent mode for L3 agent. Must be one of legacy or dvr_snat. + default: 'legacy' + type: string + constraints: + - allowed_values: + - legacy + - dvr_snat resources: @@ -32,5 +41,6 @@ outputs: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} neutron::agents::l3::router_delete_namespaces: True + neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode} step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index d8679f2e..7a97cd84 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -37,6 +37,11 @@ parameters: description: | Comma-separated list of extensions enabled for the Neutron agents. type: comma_delimited_list + NeutronEnableDVR: + default: False + description: | + Enable support for distributed routing in the OVS Agent. + type: boolean resources: @@ -53,6 +58,7 @@ outputs: - get_attr: [NeutronBase, role_data, config_settings] neutron::agents::ml2::ovs::enable_tunneling: {get_param: NeutronEnableTunnelling} neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} + neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} neutron::agents::ml2::ovs::bridge_mappings: str_replace: template: MAPPINGS diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index 5ae699d5..5488bed7 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -90,7 +90,7 @@ outputs: - {get_param: NeutronPassword} - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - - '/ovs_neutron?charset=utf8' + - '/ovs_neutron' neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]} neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml index 017fbea4..d64fd66d 100644 --- a/puppet/services/neutron-server.yaml +++ b/puppet/services/neutron-server.yaml @@ -29,6 +29,10 @@ parameters: description: The password for the nova service and db account, used by nova-api. type: string hidden: true + NeutronEnableDVR: + description: Enable Neutron DVR. + default: false + type: boolean resources: @@ -51,7 +55,7 @@ outputs: - {get_param: NeutronPassword} - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - - '/ovs_neutron?charset=utf8' + - '/ovs_neutron' neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::auth_tenant: 'service' @@ -85,5 +89,6 @@ outputs: dport: 4789 '106 vrrp': proto: vrrp + neutron::server::router_distributed: {get_param: NeutronEnableDVR} step_config: | include tripleo::profile::base::neutron::server diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 21dbacd2..e3379821 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -101,3 +101,5 @@ outputs: nova::db::mysql_api::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + nova::db::database_db_max_retries: -1 + nova::db::database_max_retries: -1 diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index 811a6697..c450530b 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -27,5 +27,6 @@ outputs: - tripleo::haproxy::haproxy_service_manage: false tripleo::haproxy::mysql_clustercheck: true enable_keepalived: false + tripleo::haproxy::keepalived: false step_config: | include ::tripleo::profile::pacemaker::haproxy diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml new file mode 100644 index 00000000..0f88e89c --- /dev/null +++ b/puppet/services/pacemaker/manila-share.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + The manila-share service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + ManilaShareBase: + type: ../manila-share.yaml + +outputs: + role_data: + description: Role data for the manila-share pacemaker role. + value: + service_name: manila_share + config_settings: + map_merge: + - get_attr: [ManilaShareBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::manila diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index ac05a01a..a06afb2d 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -28,4 +28,4 @@ outputs: - sahara::service::api::manage_service: false sahara::service::api::enabled: false step_config: | - include ::tripleo::profile::pacemaker::sahara + include ::tripleo::profile::pacemaker::sahara::api diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index f6bd8f61..a1191f87 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -27,7 +27,5 @@ outputs: - get_attr: [SaharaEngineBase, role_data, config_settings] - sahara::service::engine::manage_service: false sahara::service::engine::enabled: false - # No puppet manifests since sahara-engine is included in - # ::tripleo::profile::pacemaker::sahara which is maintained alongside of - # pacemaker/sahara-api.yaml. - step_config: + step_config: | + include ::tripleo::profile::pacemaker::sahara::engine diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 7ca9bbd5..85324312 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -10,7 +10,6 @@ parameters: via parameter_defaults in the resource registry. type: json SaharaPassword: - default: unset description: The password for the sahara service account, used by sahara-api. type: string hidden: true @@ -18,9 +17,6 @@ parameters: default: 0 description: The number of workers for the sahara-api. type: number - SaharaApiVirtualIP: - type: string - default: '' KeystoneRegion: type: string default: 'regionOne' @@ -29,6 +25,8 @@ parameters: resources: SaharaBase: type: ./sahara-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -38,12 +36,8 @@ outputs: config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - - sahara::host: {get_param: SaharaApiVirtualIP} - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} - sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - sahara::admin_password: {get_param: SaharaPassword} - sahara::service::api::api_workers: {get_param: SaharaApiWorkers} + - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} + sahara::service::api::api_workers: {get_param: SaharaWorkers} sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 3e320128..7ec44a49 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -4,6 +4,11 @@ description: > OpenStack Sahara base service. Shared for all Sahara services. parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json RabbitPassword: description: The password for RabbitMQ type: string @@ -22,6 +27,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + SaharaPassword: + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true Debug: type: string default: '' @@ -33,11 +42,30 @@ outputs: value: service_name: sahara_base config_settings: + sahara::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://sahara:' + - {get_param: SaharaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/sahara' + sahara::db::mysql::password: {get_param: SaharaPassword} + sahara::db::mysql::user: sahara + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + sahara::db::mysql::dbname: sahara + sahara::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} sahara::rabbit_port: {get_param: RabbitClientPort} sahara::debug: {get_param: Debug} + sahara::admin_password: {get_param: SaharaPassword} + sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } sahara::use_neutron: true sahara::plugins: - cdh @@ -49,3 +77,5 @@ outputs: sahara::rpc_backend: rabbit sahara::admin_tenant_name: 'service' sahara::keystone::auth::tenant: 'service' + sahara::db::database_db_max_retries: -1 + sahara::db::database_max_retries: -1 diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 074f83c7..de2ac7ef 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -9,15 +9,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - SaharaPassword: - default: unset - description: The password for the sahara service account, used by sahara-api. - type: string - hidden: true resources: SaharaBase: type: ./sahara-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -27,22 +24,5 @@ outputs: config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - - sahara_dsn: &sahara_dsn - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://sahara:' - - {get_param: SaharaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/sahara' - sahara::database_connection: *sahara_dsn - sahara::db::mysql::password: {get_param: SaharaPassword} - sahara::db::mysql::user: sahara - sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} - sahara::db::mysql::dbname: sahara - sahara::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" step_config: | include ::tripleo::profile::base::sahara::engine diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 034592a7..5e331f44 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -11,9 +11,11 @@ parameters: in the ring. hidden: true type: string - Image: - default: overcloud-swift-storage + SwiftStorageImage: + default: overcloud-full type: string + constraints: + - custom_constraint: glance.image KeyName: default: default description: Name of an existing Nova key pair to enable SSH access to the instances @@ -86,7 +88,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + ObjectStorageSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -112,7 +114,7 @@ resources: os-collect-config: command: {get_param: ConfigCommand} properties: - image: {get_param: Image} + image: {get_param: SwiftStorageImage} flavor: {get_param: Flavor} key_name: {get_param: KeyName} networks: @@ -125,7 +127,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: ObjectStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -248,7 +250,6 @@ resources: - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - - common - network merge_behavior: deeper datafiles: @@ -257,8 +258,6 @@ resources: service_names: {get_param: ServiceNames} service_configs: mapped_data: {get_param: ServiceConfigSettings} - common: - raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index 51129053..7ce23a20 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -23,6 +23,7 @@ resources: glance_registry_vip: {get_input: glance_registry_vip} sahara_api_vip: {get_input: sahara_api_vip} swift_proxy_vip: {get_input: swift_proxy_vip} + manila_api_vip: {get_input: manila_api_vip} nova_api_vip: {get_input: nova_api_vip} nova_metadata_vip: {get_input: nova_metadata_vip} ceilometer_api_vip: {get_input: ceilometer_api_vip} |