diff options
26 files changed, 424 insertions, 105 deletions
diff --git a/ceph-storage.yaml b/ceph-storage.yaml index 15092bae..5f9f5373 100644 --- a/ceph-storage.yaml +++ b/ceph-storage.yaml @@ -42,6 +42,18 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. Note + that CephStorageExtraConfig takes precedence over ExtraConfig. + type: json + CephStorageExtraConfig: + default: {} + description: | + Role specific additional configuration to inject into the cluster. + type: json + resources: CephStorage: diff --git a/cinder-storage.yaml b/cinder-storage.yaml index be088d66..f65d9289 100644 --- a/cinder-storage.yaml +++ b/cinder-storage.yaml @@ -62,6 +62,11 @@ parameters: } } type: json + BlockStorageExtraConfig: + default: {} + description: | + Role specific additional configuration to inject into the cluster. + type: json Flavor: description: Flavor for block storage nodes to request when deploying. type: string diff --git a/compute.yaml b/compute.yaml index d51aa358..933639ce 100644 --- a/compute.yaml +++ b/compute.yaml @@ -25,6 +25,10 @@ parameters: description: The password for the ceilometer service account. type: string hidden: true + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean Debug: default: '' description: Set to True to enable debugging on all services. diff --git a/controller.yaml b/controller.yaml index ae60e910..7ee837f5 100644 --- a/controller.yaml +++ b/controller.yaml @@ -28,6 +28,10 @@ parameters: description: The password for the ceilometer service and db account. type: string hidden: true + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean CinderEnableIscsiBackend: default: true description: Whether to enable or not the Iscsi backend for Cinder @@ -44,6 +48,18 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderNfsMountOptions: + default: '' + description: > + Mount options for NFS mounts used by Cinder NFS backend. Effective + when CinderEnableNfsBackend is true. + type: string + CinderNfsServers: + default: '' + description: > + NFS servers used by Cinder NFS backend. Effective when + CinderEnableNfsBackend is true. + type: comma_delimited_list CinderPassword: default: unset description: The password for the cinder service and db account, used by cinder-api. diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml new file mode 100644 index 00000000..535ec6fe --- /dev/null +++ b/environments/storage-environment.yaml @@ -0,0 +1,57 @@ +## A Heat environment file which can be used to set up storage +## backends. Defaults to Ceph used as a backend for Cinder, Glance and +## Nova ephemeral storage. +parameters: + + #### BACKEND SELECTION #### + + ## Whether to enable iscsi backend for Cinder. + CinderEnableIscsiBackend: false + ## Whether to enable rbd (Ceph) backend for Cinder. + CinderEnableRbdBackend: true + ## Whether to enable NFS backend for Cinder. + # CinderEnableNfsBackend: false + ## Whether to enable rbd (Ceph) backend for Nova ephemeral storage. + NovaEnableRbdBackend: true + ## Glance backend can be either 'rbd' (Ceph), 'swift' or 'file'. + GlanceBackend: rbd + + + #### CINDER NFS SETTINGS #### + + ## NFS mount options + # CinderNfsMountOptions: '' + ## NFS mount point, e.g. '192.168.122.1:/export/cinder' + # CinderNfsServers: '' + + + #### GLANCE FILE BACKEND PACEMAKER SETTINGS (used for mounting NFS) #### + + ## Whether to make Glance 'file' backend a mount managed by Pacemaker + # GlanceFilePcmkManage: false + ## File system type of the mount + # GlanceFilePcmkFstype: nfs + ## Pacemaker mount point, e.g. '192.168.122.1:/export/glance' for NFS + # GlanceFilePcmkDevice: '' + ## Options for the mount managed by Pacemaker + # GlanceFilePcmkOptions: '' + + + #### CEPH SETTINGS #### + + ## Whether to deploy Ceph OSDs on the controller nodes. By default + ## OSDs are deployed on dedicated ceph-storage nodes only. + # ControllerEnableCephStorage: false + + ## When deploying Ceph through the oscplugin CLI, the following + ## parameters are set automatically by the CLI. When deploying via + ## heat stack-create, they need to be provided manually. + + ## Number of Ceph storage nodes to deploy + # CephStorageCount: 0 + ## Ceph FSID, e.g. '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + # CephClusterFSID: '' + ## Ceph monitor key, e.g. 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + # CephMonKey: '' + ## Ceph admin key, e.g. 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + # CephAdminKey: '' diff --git a/extraconfig/post_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/post_deploy/rhel-registration/scripts/rhel-registration index c2bf1894..cbbd6a1d 100644 --- a/extraconfig/post_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/post_deploy/rhel-registration/scripts/rhel-registration @@ -94,7 +94,7 @@ fi case "${REG_METHOD:-}" in portal) subscription-manager register $opts - if [ -z "${REG_AUTO_ATTACH:-}" ]; then + if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then subscription-manager attach $attach_opts fi subscription-manager $repos diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index 9d6a6810..3c19f515 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -26,9 +26,10 @@ parameters: description: IP address/subnet on the tenant network type: string BondInterfaceOvsOptions: - default: '' + default: 'bond_mode=balance-tcp lacp=active other-config:lacp-fallback-ab=true' description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. + Default wil attempt LACP, but will fall back to active-backup. type: string ExternalNetworkVlanID: default: 10 diff --git a/network/ports/ctlplane_vip.yaml b/network/ports/ctlplane_vip.yaml index d5001e43..0d2945bc 100644 --- a/network/ports/ctlplane_vip.yaml +++ b/network/ports/ctlplane_vip.yaml @@ -2,6 +2,7 @@ heat_template_version: 2015-04-30 description: > Creates a port for a VIP on the undercloud ctlplane network. + The IP address will be chosen automatically if FixedIPs is empty. parameters: NetworkName: @@ -19,15 +20,20 @@ parameters: description: The name of the undercloud Neutron control plane default: ctlplane type: string - + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json resources: - VipPort: type: OS::Neutron::Port properties: network: {get_param: ControlPlaneNetwork} name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} replacement_policy: AUTO outputs: @@ -36,7 +42,7 @@ outputs: value: {get_attr: [VipPort, fixed_ips, 0, ip_address]} ip_subnet: # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) - description: IP/Subnet CIDR for the internal API network IP + description: IP/Subnet CIDR for the ctlplane network. value: list_join: - '' diff --git a/network/ports/external.yaml b/network/ports/external.yaml index b5c1e5c9..63e3eeb3 100644 --- a/network/ports/external.yaml +++ b/network/ports/external.yaml @@ -1,7 +1,8 @@ heat_template_version: 2015-04-30 description: > - Creates a port on the external network. + Creates a port on the external network. The IP address will be chosen + automatically if FixedIPs is empty. parameters: ExternalNetName: @@ -15,6 +16,16 @@ parameters: ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json resources: @@ -23,6 +34,7 @@ resources: properties: network: {get_param: ExternalNetName} name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} replacement_policy: AUTO outputs: diff --git a/network/ports/noop.yaml b/network/ports/noop.yaml index 9e1a1276..31ee6f3c 100644 --- a/network/ports/noop.yaml +++ b/network/ports/noop.yaml @@ -19,6 +19,10 @@ parameters: description: # Here for compatability with vip.yaml default: '' type: string + FixedIPs: + description: # Here for compatibility with vip.yaml + default: [] + type: json ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. diff --git a/network/ports/vip.yaml b/network/ports/vip.yaml index ab72083d..299579dc 100644 --- a/network/ports/vip.yaml +++ b/network/ports/vip.yaml @@ -2,6 +2,7 @@ heat_template_version: 2015-04-30 description: > Creates a port for a VIP on the isolated network NetworkName. + The IP address will be chosen automatically if FixedIPs is empty. parameters: NetworkName: @@ -19,14 +20,20 @@ parameters: description: The name of the undercloud Neutron control plane default: ctlplane type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json resources: - VipPort: type: OS::Neutron::Port properties: network: {get_param: NetworkName} name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} replacement_policy: AUTO outputs: @@ -35,7 +42,7 @@ outputs: value: {get_attr: [VipPort, fixed_ips, 0, ip_address]} ip_subnet: # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) - description: IP/Subnet CIDR for the internal API network IP + description: IP/Subnet CIDR for the network associated with this IP value: list_join: - '' diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index 5e1470f0..fd31c54d 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -42,6 +42,10 @@ parameters: default: '' description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. type: string + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean CinderEnableIscsiBackend: default: true description: Whether to enable or not the Iscsi backend for Cinder @@ -196,11 +200,6 @@ parameters: Control the IP allocation for the PublicVirtualInterface port. E.g. [{'ip_address':'1.2.3.4'}] type: json - PublicVirtualNetwork: - default: 'ctlplane' - type: string - description: > - Neutron network to allocate public virtual IP port on. RabbitCookieSalt: type: string default: unset @@ -249,6 +248,18 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderNfsMountOptions: + default: '' + description: > + Mount options for NFS mounts used by Cinder NFS backend. Effective + when CinderEnableNfsBackend is true. + type: string + CinderNfsServers: + default: '' + description: > + NFS servers used by Cinder NFS backend. Effective when + CinderEnableNfsBackend is true. + type: comma_delimited_list CinderPassword: default: unset description: The password for the cinder service account, used by cinder-api. @@ -562,6 +573,12 @@ parameters: type: string constraints: - custom_constraint: nova.flavor + BlockStorageExtraConfig: + default: {} + description: | + BlockStorage specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json # Object storage specific parameters ObjectStorageCount: @@ -575,6 +592,13 @@ parameters: SwiftStorageImage: default: overcloud-swift-storage type: string + ObjectStorageExtraConfig: + default: {} + description: | + ObjectStorage specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + # Ceph storage specific parameters CephStorageCount: @@ -589,6 +613,12 @@ parameters: type: string constraints: - custom_constraint: nova.flavor + CephStorageExtraConfig: + default: {} + description: | + CephStorage specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json # Hostname format for each role # Note %index% is translated into the index of the node, e.g 0/1/2 etc @@ -688,8 +718,11 @@ resources: CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} CeilometerPassword: {get_param: CeilometerPassword} CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} + CinderNfsMountOptions: {get_param: CinderNfsMountOptions} + CinderNfsServers: {get_param: CinderNfsServers} CinderPassword: {get_param: CinderPassword} CinderISCSIHelper: {get_param: CinderISCSIHelper} + CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} CloudName: {get_param: CloudName} @@ -768,7 +801,7 @@ resources: SwiftPassword: {get_param: SwiftPassword} SwiftReplicas: { get_param: SwiftReplicas} VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} # deprecated. Use per service VIP settings instead now. - PublicVirtualIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} # deprecated. Use per service VIP settings instead now. + PublicVirtualIP: {get_attr: [PublicVirtualIP, ip_address]} ServiceNetMap: {get_param: ServiceNetMap} HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} @@ -795,6 +828,7 @@ resources: CeilometerComputeAgent: {get_param: CeilometerComputeAgent} CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} CeilometerPassword: {get_param: CeilometerPassword} + CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} Debug: {get_param: Debug} ExtraConfig: {get_param: ExtraConfig} Flavor: {get_param: OvercloudComputeFlavor} @@ -828,7 +862,7 @@ resources: NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig} NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType} NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend} - NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} + NovaPublicIP: {get_attr: [PublicVirtualIP, ip_address]} NovaPassword: {get_param: NovaPassword} NtpServer: {get_param: NtpServer} RabbitHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} @@ -881,6 +915,8 @@ resources: '%stackname%': {get_param: 'OS::stack_name'} ServiceNetMap: {get_param: ServiceNetMap} MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + ExtraConfig: {get_param: ExtraConfig} + BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig} ObjectStorage: type: OS::Heat::ResourceGroup @@ -907,6 +943,8 @@ resources: template: {get_param: ObjectStorageHostnameFormat} params: '%stackname%': {get_param: 'OS::stack_name'} + ExtraConfig: {get_param: ExtraConfig} + ObjectStorageExtraConfig: {get_param: ObjectStorageExtraConfig} CephStorage: type: OS::Heat::ResourceGroup @@ -928,6 +966,8 @@ resources: template: {get_param: CephStorageHostnameFormat} params: '%stackname%': {get_param: 'OS::stack_name'} + ExtraConfig: {get_param: ExtraConfig} + CephStorageExtraConfig: {get_param: CephStorageExtraConfig} ControllerIpListMap: type: OS::TripleO::Network::Ports::NetIpListMap @@ -1004,15 +1044,15 @@ resources: PortName: redis_virtual_ip NetworkName: {get_param: [ServiceNetMap, RedisNetwork]} - # same as external + # The public VIP is on the External net, falls back to ctlplane PublicVirtualIP: - type: OS::Neutron::Port depends_on: Networks + type: OS::TripleO::Controller::Ports::ExternalPort properties: - name: public_virtual_ip - network: {get_param: PublicVirtualNetwork} - fixed_ips: {get_param: PublicVirtualFixedIPs} - replacement_policy: AUTO + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + ControlPlaneNetwork: {get_param: NeutronControlPlaneID} + PortName: public_virtual_ip + FixedIPs: {get_param: PublicVirtualFixedIPs} InternalApiVirtualIP: depends_on: Networks @@ -1038,7 +1078,7 @@ resources: VipMap: type: OS::TripleO::Network::Ports::NetIpMap properties: - ExternalIp: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} + ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} StorageIp: {get_attr: [StorageVirtualIP, ip_address]} StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]} @@ -1071,7 +1111,7 @@ resources: rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} # direct configuration of Virtual IPs for each network control_virtual_ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - public_virtual_ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} + public_virtual_ip: {get_attr: [PublicVirtualIP, ip_address]} internal_api_virtual_ip: {get_attr: [InternalApiVirtualIP, ip_address]} storage_virtual_ip: {get_attr: [StorageVirtualIP, ip_address]} storage_mgmt_virtual_ip: {get_attr: [StorageMgmtVirtualIP, ip_address]} @@ -1230,11 +1270,11 @@ outputs: list_join: - '' - - http:// - - {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} + - {get_attr: [PublicVirtualIP, ip_address]} - :5000/v2.0/ PublicVip: description: Controller VIP for public API endpoints - value: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} + value: {get_attr: [PublicVirtualIP, ip_address]} CeilometerInternalVip: description: VIP for Ceilometer API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} diff --git a/puppet/ceph-storage-puppet.yaml b/puppet/ceph-storage-puppet.yaml index ccbd277d..fcf4259f 100644 --- a/puppet/ceph-storage-puppet.yaml +++ b/puppet/ceph-storage-puppet.yaml @@ -42,6 +42,18 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. Note + that CephStorageExtraConfig takes precedence over ExtraConfig. + type: json + CephStorageExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. + type: json + resources: CephStorage: @@ -118,6 +130,8 @@ resources: hiera: hierarchy: - heat_config_%{::deploy_config_name} + - ceph_extraconfig + - extraconfig - ceph_cluster # provided by CephClusterConfig - ceph - '"%{::osfamily}"' @@ -125,6 +139,10 @@ resources: datafiles: common: raw_data: {get_file: hieradata/common.yaml} + ceph_extraconfig: + mapped_data: {get_param: CephStorageExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} ceph: raw_data: {get_file: hieradata/ceph.yaml} mapped_data: diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml index 77d0cee5..091d1f1b 100644 --- a/puppet/cinder-storage-puppet.yaml +++ b/puppet/cinder-storage-puppet.yaml @@ -31,40 +31,13 @@ parameters: ExtraConfig: default: {} description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } + Additional hiera configuration to inject into the cluster. Note + that BlockStorageExtraConfig takes precedence over ExtraConfig. + type: json + BlockStorageExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. type: json Flavor: description: Flavor for block storage nodes to request when deploying. @@ -235,6 +208,8 @@ resources: hiera: hierarchy: - heat_config_%{::deploy_config_name} + - volume_extraconfig + - extraconfig - volume - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' @@ -242,6 +217,10 @@ resources: datafiles: common: raw_data: {get_file: hieradata/common.yaml} + volume_extraconfig: + mapped_data: {get_param: BlockStorageExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} volume: raw_data: {get_file: hieradata/volume.yaml} mapped_data: diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml index 45c845a8..e85a96aa 100644 --- a/puppet/compute-puppet.yaml +++ b/puppet/compute-puppet.yaml @@ -25,6 +25,10 @@ parameters: description: The password for the ceilometer service account. type: string hidden: true + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean Debug: default: '' description: Set to True to enable debugging on all services. @@ -32,40 +36,8 @@ parameters: ExtraConfig: default: {} description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } + Additional hiera configuration to inject into the cluster. Note + that NovaComputeExtraConfig takes precedence over ExtraConfig. type: json Flavor: description: Flavor for the nova compute node @@ -340,6 +312,8 @@ resources: hiera: hierarchy: - heat_config_%{::deploy_config_name} + - compute_extraconfig + - extraconfig - compute - ceph_cluster # provided by CephClusterConfig - ceph @@ -347,6 +321,10 @@ resources: - '"%{::osfamily}"' - common datafiles: + compute_extraconfig: + mapped_data: {get_param: NovaComputeExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} common: raw_data: {get_file: hieradata/common.yaml} ceph: @@ -354,6 +332,7 @@ resources: compute: raw_data: {get_file: hieradata/compute.yaml} mapped_data: + cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} nova::debug: {get_input: debug} nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} @@ -415,6 +394,7 @@ resources: config: {get_resource: NovaComputeConfig} server: {get_resource: NovaCompute} input_values: + cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} debug: {get_param: Debug} nova_compute_driver: {get_param: NovaComputeDriver} nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 629fe036..291dc6e3 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -28,6 +28,10 @@ parameters: description: The password for the ceilometer service and db account. type: string hidden: true + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean CinderEnableIscsiBackend: default: true description: Whether to enable or not the Iscsi backend for Cinder @@ -44,6 +48,18 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderNfsMountOptions: + default: '' + description: > + Mount options for NFS mounts used by Cinder NFS backend. Effective + when CinderEnableNfsBackend is true. + type: string + CinderNfsServers: + default: '' + description: > + NFS servers used by Cinder NFS backend. Effective when + CinderEnableNfsBackend is true. + type: comma_delimited_list CinderPassword: default: unset description: The password for the cinder service and db account, used by cinder-api. @@ -602,7 +618,17 @@ resources: admin_token: {get_param: AdminToken} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} debug: {get_param: Debug} + cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} + cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} + cinder_nfs_servers: + str_replace: + template: "['SERVERS']" + params: + SERVERS: + list_join: + - "','" + - {get_param: CinderNfsServers} cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} cinder_password: {get_param: CinderPassword} cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} @@ -894,7 +920,10 @@ resources: tripleo::ringbuilder::build_ring: True # Cinder + cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend} + cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options} + cinder_nfs_servers: {get_input: cinder_nfs_servers} cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} cinder_iscsi_helper: {get_input: cinder_iscsi_helper} cinder_iscsi_ip_address: {get_input: cinder_iscsi_network} @@ -955,7 +984,6 @@ resources: heat::api_cloudwatch::bind_host: {get_input: heat_api_network} heat::api_cfn::bind_host: {get_input: heat_api_network} heat::database_connection: {get_input: heat_dsn} - heat::instance_user: heat-admin heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index 6eb0e671..18a48622 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -12,4 +12,6 @@ ceph_pools: - vms - images -ceph_classes: []
\ No newline at end of file +ceph_classes: [] + +ceph_osd_selinux_permissive: true diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 272a6688..ab88a69a 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -27,3 +27,9 @@ sysctl_settings: value: 5 net.ipv4.tcp_keepalive_time: value: 5 + +nova::rabbit_heartbeat_timeout_threshold: 60 +neutron::rabbit_heartbeat_timeout_threshold: 60 +cinder::rabbit_heartbeat_timeout_threshold: 60 +ceilometer::rabbit_heartbeat_timeout_threshold: 60 +heat::rabbit_heartbeat_timeout_threshold: 60 diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 673c7773..bb49bb90 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -18,6 +18,8 @@ nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fs nova::config::nova_config: cinder/catalog_info: value: 'volumev2:cinderv2:internalURL' + DEFAULT/default_floating_pool: + value: 'public' ceilometer::agent::auth::auth_tenant_name: 'service' diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 3cc64971..1ae076d2 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -40,6 +40,9 @@ swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' +# keystone +keystone::cron::token_flush::maxdelay: 3600 + #swift swift::proxy::pipeline: - 'catch_errors' @@ -73,12 +76,17 @@ neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf nova::notify_on_state_change: 'vm_and_task_state' nova::api::osapi_v3: true +nova::config::nova_config: + DEFAULT/default_floating_pool: + value: 'public' + # cinder cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler # heat heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] +heat::instance_user: '' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index cf2626ac..6c5dda42 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -21,7 +21,21 @@ if count(hiera('ntp::servers')) > 0 { include ::ntp } +if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ["/usr/bin", "/usr/sbin"], + } + + exec { 'set selinux to permissive': + command => "setenforce 0", + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ["/usr/bin", "/usr/sbin"], + } -> Class['ceph::profile::osd'] +} + include ::ceph::profile::client include ::ceph::profile::osd -hiera_include('ceph_classes')
\ No newline at end of file +hiera_include('ceph_classes') diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index d36cf0b0..e6fa9471 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -53,6 +53,17 @@ if $nova_enable_rbd_backend { } } +if hiera('cinder_enable_nfs_backend', false) { + if ($::selinux != "false") { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } + + package {'nfs-utils': } -> Service['nova-compute'] +} + include ::nova::compute::libvirt include ::nova::network::neutron include ::neutron diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 0b23a632..b001d667 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -133,6 +133,20 @@ if hiera('step') >= 2 { } if str2bool(hiera('enable_ceph_storage', 'false')) { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ["/usr/bin", "/usr/sbin"], + } + + exec { 'set selinux to permissive': + command => "setenforce 0", + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ["/usr/bin", "/usr/sbin"], + } -> Class['ceph::profile::osd'] + } + include ::ceph::profile::client include ::ceph::profile::osd } @@ -193,7 +207,10 @@ if hiera('step') >= 3 { include ::glance::registry include join(['::glance::backend::', $glance_backend]) - include ::nova + class { '::nova' : + memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'), + } + include ::nova::config include ::nova::api include ::nova::cert include ::nova::conductor @@ -311,7 +328,25 @@ if hiera('step') >= 3 { } } - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend]) + if hiera('cinder_enable_nfs_backend', false) { + $cinder_nfs_backend = 'tripleo_nfs' + + if ($::selinux != "false") { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } + + package {'nfs-utils': } -> + cinder::backend::nfs { $cinder_nfs_backend : + nfs_servers => hiera('cinder_nfs_servers'), + nfs_mount_options => hiera('cinder_nfs_mount_options'), + nfs_shares_config => '/etc/cinder/shares-nfs.conf', + } + } + + $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } @@ -400,3 +435,7 @@ if hiera('step') >= 3 { hiera_include('controller_classes') } #END STEP 3 + +if hiera('step') >= 4 { + include ::keystone::cron::token_flush +} #END STEP 4 diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 6a41d16d..cfd30f13 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -74,6 +74,13 @@ if hiera('step') >= 1 { Class['tripleo::fencing'] -> Class['pacemaker::stonith'] } + # FIXME(gfidente): sets 90secs as default start timeout op + # param; until we can use pcmk global defaults we'll still + # need to add it to every resource which redefines op params + Pacemaker::Resource::Service { + op_params => 'start timeout=90s', + } + # Only configure RabbitMQ in this step, don't start it yet to # avoid races where non-master nodes attempt to start without # config (eg. binding on 0.0.0.0) @@ -442,6 +449,20 @@ MYSQL_HOST=localhost\n", } if str2bool(hiera('enable_ceph_storage', 'false')) { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ["/usr/bin", "/usr/sbin"], + } + + exec { 'set selinux to permissive': + command => "setenforce 0", + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ["/usr/bin", "/usr/sbin"], + } -> Class['ceph::profile::osd'] + } + include ::ceph::profile::client include ::ceph::profile::osd } @@ -513,7 +534,11 @@ if hiera('step') >= 3 { } include join(['::glance::backend::', $glance_backend]) - include ::nova + class { '::nova' : + memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'), + } + + include ::nova::config class { '::nova::api' : sync_db => $sync_db, @@ -670,7 +695,25 @@ if hiera('step') >= 3 { } } - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend]) + if hiera('cinder_enable_nfs_backend', false) { + $cinder_nfs_backend = 'tripleo_nfs' + + if ($::selinux != "false") { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } + + package {'nfs-utils': } -> + cinder::backend::nfs { $cinder_nfs_backend: + nfs_servers => hiera('cinder_nfs_servers'), + nfs_mount_options => hiera('cinder_nfs_mount_options'), + nfs_shares_config => '/etc/cinder/shares-nfs.conf', + } + } + + $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } @@ -816,6 +859,8 @@ if hiera('step') >= 3 { } #END STEP 3 if hiera('step') >= 4 { + include ::keystone::cron::token_flush + if $pacemaker_master { # Keystone @@ -1044,24 +1089,24 @@ if hiera('step') >= 4 { # Nova pacemaker::resource::service { $::nova::params::api_service_name : clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + op_params => "start timeout=90s monitor start-delay=10s", } pacemaker::resource::service { $::nova::params::conductor_service_name : clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + op_params => "start timeout=90s monitor start-delay=10s", } pacemaker::resource::service { $::nova::params::consoleauth_service_name : clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + op_params => "start timeout=90s monitor start-delay=10s", require => Pacemaker::Resource::Service[$::keystone::params::service_name], } pacemaker::resource::service { $::nova::params::vncproxy_service_name : clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + op_params => "start timeout=90s monitor start-delay=10s", } pacemaker::resource::service { $::nova::params::scheduler_service_name : clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + op_params => "start timeout=90s monitor start-delay=10s", } pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': diff --git a/puppet/swift-storage-puppet.yaml b/puppet/swift-storage-puppet.yaml index dc6ff899..b3579429 100644 --- a/puppet/swift-storage-puppet.yaml +++ b/puppet/swift-storage-puppet.yaml @@ -65,6 +65,18 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. Note + that ObjectStorageExtraConfig takes precedence over ExtraConfig. + type: json + ObjectStorageExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. + type: json + resources: @@ -126,6 +138,8 @@ resources: hiera: hierarchy: - heat_config_%{::deploy_config_name} + - object_extraconfig + - extraconfig - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - all_nodes # provided by allNodesConfig @@ -134,6 +148,10 @@ resources: datafiles: common: raw_data: {get_file: hieradata/common.yaml} + object_extraconfig: + mapped_data: {get_param: ObjectStorageExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} object: raw_data: {get_file: hieradata/object.yaml} mapped_data: # data supplied directly to this deployment configuration, etc diff --git a/swift-storage.yaml b/swift-storage.yaml index e4cacf3c..1a2967fa 100644 --- a/swift-storage.yaml +++ b/swift-storage.yaml @@ -39,6 +39,11 @@ parameters: } } type: json + ObjectStorageExtraConfig: + default: {} + description: | + Role specific additional configuration to inject into the cluster. + type: json Flavor: description: Flavor for Swift storage nodes to request when deploying. type: string |