diff options
25 files changed, 635 insertions, 492 deletions
diff --git a/docker/README-containers.md b/docker/README-containers.md index 0e67c183..17990b54 100644 --- a/docker/README-containers.md +++ b/docker/README-containers.md @@ -12,7 +12,7 @@ Download the fedora atomic image into glance: ``` wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 -glance image-create --name fedora-atomic --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare +glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare ``` ## Configuring TripleO diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index caf511bd..88759a5d 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -52,9 +52,10 @@ echo nameserver 8.8.8.8 > /etc/resolv.conf HOSTNAME=$(hostname) echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts -# Another hack.. we need latest docker.. +# Another hack.. we need a different docker version +# (should obviously be dropped once the atomic image contains docker 1.8.2) /usr/bin/systemctl stop docker.service -/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-latest +/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-1.8.2 /bin/mount -o remount,rw /usr /bin/rm /bin/docker /bin/cp /tmp/docker /bin/docker diff --git a/environments/docker-rdo.yaml b/environments/docker-rdo.yaml index d5791369..8a6e1018 100644 --- a/environments/docker-rdo.yaml +++ b/environments/docker-rdo.yaml @@ -5,7 +5,7 @@ resource_registry: OS::TripleO::Compute::Net::SoftwareConfig: ../net-config-bridge.yaml parameters: - NovaImage: fedora-atomic + NovaImage: atomic-image parameter_defaults: DockerComputeImage: rthallisey/centos-binary-nova-compute:liberty diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 3c7901cc..7f5b5080 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -3,7 +3,7 @@ resource_registry: OS::TripleO::CephClusterConfig::SoftwareConfig: ../puppet/extraconfig/ceph/ceph-external-config.yaml -parameters: +parameter_defaults: # NOTE: These example parameters are required when using Ceph External #CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' #CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' @@ -13,6 +13,13 @@ parameters: NovaEnableRbdBackend: true CinderEnableRbdBackend: true GlanceBackend: rbd + # If the Ceph pools which host VMs, Volumes and Images do not match these + # names OR the client keyring to use is not named 'openstack', edit the + # following as needed. + NovaRbdPoolName: vms + CinderRbdPoolName: volumes + GlanceRbdPoolName: images + CephClientUserName: openstack # finally we disable the Cinder LVM backend CinderEnableIscsiBackend: false diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index 4290be20..eb4399ea 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -30,10 +30,9 @@ parameters: description: IP address/subnet on the tenant network type: string BondInterfaceOvsOptions: - default: 'bond_mode=balance-tcp lacp=active other-config:lacp-fallback-ab=true' + default: 'bond_mode=active-backup' description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. - Default wil attempt LACP, but will fall back to active-backup. type: string ExternalNetworkVlanID: default: 10 diff --git a/network/endpoints/endpoint.yaml b/network/endpoints/endpoint.yaml new file mode 100644 index 00000000..8ffd6c4b --- /dev/null +++ b/network/endpoints/endpoint.yaml @@ -0,0 +1,55 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack Endpoint + +parameters: + EndpointName: + type: string + description: The name of the Endpoint being evaluated + EndpointMap: + type: json + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + IP: + type: string + description: The IP address of the Neutron Port that the endpoint is attached to + UriSuffix: + type: string + default: '' + description: A suffix attached to the URL + +outputs: + endpoint: + description: > + A Hash containing a mapping of service endpoints to ports, protocols, uris + assigned IPs, and hostnames for a specific endpoint + value: + port: {get_param: [EndpointMap, {get_param: EndpointName }, port] } + protocol: {get_param: [EndpointMap, {get_param: EndpointName }, protocol] } + host: + str_replace: + template: {get_param: [EndpointMap, {get_param: EndpointName }, host]} + params: {IP_ADDRESS: {get_param: IP} } + uri: + list_join: + - '' + - - {get_param: [EndpointMap, {get_param: EndpointName }, protocol] } + - '://' + - str_replace: + template: {get_param: [EndpointMap, {get_param: EndpointName }, host]} + params: {IP_ADDRESS: {get_param: IP} } + - ':' + - {get_param: [EndpointMap, {get_param: EndpointName }, port] } + - {get_param: UriSuffix } + uri_no_suffix: + list_join: + - '' + - - {get_param: [EndpointMap, {get_param: EndpointName }, protocol] } + - '://' + - str_replace: + template: {get_param: [EndpointMap, {get_param: EndpointName }, host]} + params: {IP_ADDRESS: {get_param: IP} } + - ':' + - {get_param: [EndpointMap, {get_param: EndpointName }, port] } diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml new file mode 100644 index 00000000..9c000c38 --- /dev/null +++ b/network/endpoints/endpoint_map.yaml @@ -0,0 +1,374 @@ +heat_template_version: 2015-04-30 + +description: > + A Map of OpenStack Endpoints + +parameters: + CeilometerApiVirtualIP: + type: string + default: '' + CinderApiVirtualIP: + type: string + default: '' + GlanceApiVirtualIP: + type: string + default: '' + GlanceRegistryVirtualIP: + type: string + default: '' + HeatApiVirtualIP: + type: string + default: '' + KeystoneAdminApiVirtualIP: + type: string + default: '' + KeystonePublicApiVirtualIP: + type: string + default: '' + MysqlVirtualIP: + type: string + default: '' + NeutronApiVirtualIP: + type: string + default: '' + NovaApiVirtualIP: + type: string + default: '' + PublicVirtualIP: + type: string + default: '' + SwiftProxyVirtualIP: + type: string + default: '' + EndpointMap: + type: json + default: + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaEC2Admin: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} + NovaEC2Internal: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} + NovaEC2Public: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +resources: + + CeilometerInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: CeilometerInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: CeilometerApiVirtualIP} + CeilometerPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: CeilometerPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CeilometerAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: CeilometerAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: CeilometerApiVirtualIP} + + CinderInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: CinderApiVirtualIP} + UriSuffix: '/v1/%(tenant_id)s' + CinderPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + UriSuffix: '/v1/%(tenant_id)s' + CinderAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: CinderApiVirtualIP} + UriSuffix: '/v1/%(tenant_id)s' + + CinderV2Internal: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: CinderApiVirtualIP} + UriSuffix: '/v2/%(tenant_id)s' + CinderV2Public: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + UriSuffix: '/v2/%(tenant_id)s' + CinderV2Admin: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: CinderApiVirtualIP} + UriSuffix: '/v2/%(tenant_id)s' + + GlanceInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlanceInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: GlanceApiVirtualIP} + GlancePublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlancePublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + GlanceAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlanceAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: GlanceApiVirtualIP} + + HeatInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: HeatInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: HeatApiVirtualIP} + UriSuffix: '/v1/%(tenant_id)s' + HeatPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: HeatPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + UriSuffix: '/v1/%(tenant_id)s' + HeatAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: HeatAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: HeatApiVirtualIP} + UriSuffix: '/v1/%(tenant_id)s' + + KeystoneInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: KeystoneInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: KeystonePublicApiVirtualIP} + UriSuffix: '/v2.0' + KeystonePublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: KeystonePublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + UriSuffix: '/v2.0' + KeystoneAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: KeystoneAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: KeystoneAdminApiVirtualIP} + UriSuffix: '/v2.0' + KeystoneEC2: + type: OS::TripleO::Endpoint + properties: + EndpointName: KeystoneInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: KeystonePublicApiVirtualIP} + UriSuffix: '/v2.0/ec2tokens' + + NeutronInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: NeutronInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NeutronApiVirtualIP} + NeutronPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: NeutronPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + NeutronAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: NeutronAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NeutronApiVirtualIP} + + NovaInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + UriSuffix: '/v2/%(tenant_id)s' + NovaPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + UriSuffix: '/v2/%(tenant_id)s' + NovaAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + UriSuffix: '/v2/%(tenant_id)s' + NovaV3Internal: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + UriSuffix: '/v3' + NovaV3Public: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + UriSuffix: '/v3' + NovaV3Admin: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + UriSuffix: '/v3' + + NovaEC2Internal: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaEC2Internal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + UriSuffix: '/services/Cloud' + NovaEC2Public: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaEC2Public + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + UriSuffix: '/services/Cloud' + NovaEC2Admin: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaEC2Admin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + UriSuffix: '/services/Admin' + + SwiftInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: SwiftProxyVirtualIP} + UriSuffix: '/v1/AUTH_%(tenant_id)s' + SwiftPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + UriSuffix: '/v1/AUTH_%(tenant_id)s' + SwiftAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: SwiftProxyVirtualIP} + # No Suffix for the Admin interface + SwiftS3Internal: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: SwiftProxyVirtualIP} + SwiftS3Public: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + SwiftS3Admin: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: SwiftProxyVirtualIP} + +outputs: + endpoint_map: + value: + CeilometerInternal: {get_attr: [ CeilometerInternal, endpoint] } + CeilometerPublic: {get_attr: [ CeilometerPublic, endpoint] } + CeilometerAdmin: {get_attr: [ CeilometerAdmin, endpoint] } + CinderInternal: {get_attr: [ CinderInternal, endpoint] } + CinderPublic: {get_attr: [ CinderPublic, endpoint] } + CinderAdmin: {get_attr: [ CinderAdmin, endpoint] } + CinderV2Internal: {get_attr: [ CinderV2Internal, endpoint] } + CinderV2Public: {get_attr: [ CinderV2Public, endpoint] } + CinderV2Admin: {get_attr: [ CinderV2Admin, endpoint] } + GlanceInternal: {get_attr: [ GlanceInternal, endpoint] } + GlancePublic: {get_attr: [ GlancePublic, endpoint] } + GlanceAdmin: {get_attr: [ GlanceAdmin, endpoint] } + HeatInternal: {get_attr: [ HeatInternal, endpoint] } + HeatPublic: {get_attr: [ HeatPublic, endpoint] } + HeatAdmin: {get_attr: [ HeatAdmin, endpoint] } + KeystoneInternal: {get_attr: [ KeystoneInternal, endpoint] } + KeystonePublic: {get_attr: [ KeystonePublic, endpoint] } + KeystoneAdmin: {get_attr: [ KeystoneAdmin, endpoint] } + KeystoneEC2: {get_attr: [ KeystoneEC2, endpoint] } + NeutronInternal: {get_attr: [ NeutronInternal, endpoint] } + NeutronPublic: {get_attr: [ NeutronPublic, endpoint] } + NeutronAdmin: {get_attr: [ NeutronAdmin, endpoint] } + NovaInternal: {get_attr: [ NovaInternal, endpoint] } + NovaPublic: {get_attr: [ NovaPublic, endpoint] } + NovaAdmin: {get_attr: [ NovaAdmin, endpoint] } + NovaV3Internal: {get_attr: [ NovaV3Internal, endpoint] } + NovaV3Public: {get_attr: [ NovaV3Public, endpoint] } + NovaV3Admin: {get_attr: [ NovaV3Admin, endpoint] } + NovaEC2Internal: {get_attr: [ NovaEC2Internal, endpoint] } + NovaEC2Public: {get_attr: [ NovaEC2Public, endpoint] } + NovaEC2Admin: {get_attr: [ NovaEC2Admin, endpoint] } + SwiftInternal: {get_attr: [ SwiftInternal, endpoint] } + SwiftPublic: {get_attr: [ SwiftPublic, endpoint] } + SwiftAdmin: {get_attr: [ SwiftAdmin, endpoint] } + SwiftS3Internal: {get_attr: [ SwiftS3Internal, endpoint] } + SwiftS3Public: {get_attr: [ SwiftS3Public, endpoint] } + SwiftS3Admin: {get_attr: [ SwiftS3Admin, endpoint] } diff --git a/os-apply-config/ceph-cluster-config.yaml b/os-apply-config/ceph-cluster-config.yaml index c3cf8e8a..115de085 100644 --- a/os-apply-config/ceph-cluster-config.yaml +++ b/os-apply-config/ceph-cluster-config.yaml @@ -13,7 +13,7 @@ parameters: ceph_client_key: default: '' type: string - description: Ceph key used to create the 'openstack' user keyring. + description: Ceph key used to create the client user keyring. ceph_fsid: default: '' type: string @@ -27,6 +27,18 @@ parameters: type: comma_delimited_list ceph_mon_ips: type: comma_delimited_list + NovaRbdPoolName: + default: vms + type: string + CinderRbdPoolName: + default: volumes + type: string + GlanceRbdPoolName: + default: images + type: string + CephClientUserName: + default: openstack + type: string resources: CephClusterConfigImpl: diff --git a/os-apply-config/controller.yaml b/os-apply-config/controller.yaml index f289d9b5..09ea49b8 100644 --- a/os-apply-config/controller.yaml +++ b/os-apply-config/controller.yaml @@ -673,6 +673,7 @@ resources: debug: {get_input: debug} host: {get_input: controller_virtual_ip} port: {get_input: glance_port} + uri: {get_input: glance_uri} protocol: {get_input: glance_protocol} service-password: {get_input: glance_password} swift-store-user: service:glance diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 7e65d4b1..4cfed6b4 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -89,6 +89,10 @@ resource_registry: # Port assignments for service virtual IPs for the controller role OS::TripleO::Controller::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml + # Service Endpoint Mappings + OS::TripleO::Endpoint: network/endpoints/endpoint.yaml + OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml + # validation resources OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml diff --git a/overcloud-resource-registry.yaml b/overcloud-resource-registry.yaml index d6eb97f9..ed02551b 100644 --- a/overcloud-resource-registry.yaml +++ b/overcloud-resource-registry.yaml @@ -72,5 +72,9 @@ resource_registry: # Port assignments for service virtual IPs for the controller role OS::TripleO::Controller::Ports::RedisVipPort: network/ports/noop.yaml + # Service Endpoint Mappings + OS::TripleO::Endpoint: network/endpoints/endpoint.yaml + OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml + # validation resources OS::TripleO::AllNodes::Validation: os-apply-config/all-nodes-validation.yaml diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index 9c915c4a..50589b7b 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -79,14 +79,6 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string HAProxySyslogAddress: default: /dev/log description: Syslog address where HAproxy will send its log @@ -214,7 +206,7 @@ parameters: values, use a comma separated string, like so: 'openvswitch,l2_population' type: string NeutronAllowL3AgentFailover: - default: 'True' + default: 'False' description: Allow automatic l3-agent failover type: string NeutronL3HA: @@ -223,7 +215,7 @@ parameters: type: string NeutronDhcpAgentsPerNetwork: type: number - default: 3 + default: 1 description: The number of neutron dhcp agents to schedule per network NovaPassword: default: unset @@ -231,8 +223,9 @@ parameters: type: string hidden: true NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list MongoDbNoJournal: default: false description: Should MongoDb journaling be disabled @@ -708,6 +701,12 @@ parameters: description: > Setting to a previously unused value during stack-update will trigger package update on all nodes + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. # If you want to remove a specific node from a resource group, you can pass # the node name or id as a <Group>RemovalPolicies parameter, for example: @@ -759,6 +758,22 @@ resources: properties: length: 10 + EndpointMap: + type: OS::TripleO::EndpointMap + properties: + CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} + GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} + GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} + HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} + KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} + NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} + SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} + PublicVirtualIP: {get_attr: [VipMap, net_ip_map, external]} + Controller: type: OS::Heat::ResourceGroup depends_on: Networks @@ -792,8 +807,6 @@ resources: ExtraConfig: {get_param: ExtraConfig} FencingConfig: {get_param: FencingConfig} Flavor: {get_param: OvercloudControlFlavor} - GlancePort: {get_param: GlancePort} - GlanceProtocol: {get_param: GlanceProtocol} GlancePassword: {get_param: GlancePassword} GlanceBackend: {get_param: GlanceBackend} GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy} @@ -867,6 +880,7 @@ resources: VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} # deprecated. Use per service VIP settings instead now. PublicVirtualIP: {get_attr: [PublicVirtualIP, ip_address]} ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} @@ -904,8 +918,6 @@ resources: ExtraConfig: {get_param: ExtraConfig} Flavor: {get_param: OvercloudComputeFlavor} GlanceHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - GlancePort: {get_param: GlancePort} - GlanceProtocol: {get_param: GlanceProtocol} Image: {get_param: NovaImage} ImageUpdatePolicy: {get_param: ImageUpdatePolicy} KeyName: {get_param: KeyName} @@ -948,6 +960,7 @@ resources: SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} UpdateIdentifier: {get_param: UpdateIdentifier} Hostname: str_replace: @@ -974,8 +987,6 @@ resources: KeyName: {get_param: KeyName} Flavor: {get_param: OvercloudBlockStorageFlavor} VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - GlancePort: {get_param: GlancePort} - GlanceProtocol: {get_param: GlanceProtocol} GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} RabbitPassword: {get_param: RabbitPassword} RabbitUserName: {get_param: RabbitUserName} @@ -989,6 +1000,7 @@ resources: params: '%stackname%': {get_param: 'OS::stack_name'} ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} ExtraConfig: {get_param: ExtraConfig} BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig} @@ -1374,6 +1386,7 @@ resources: NodeConfigIdentifiers: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} controller_config: {get_attr: [Controller, attributes, config_identifier]} + deployment_identifier: {get_param: DeployIdentifier} ComputeNodesPostDeployment: type: OS::TripleO::ComputePostDeployment @@ -1383,6 +1396,7 @@ resources: NodeConfigIdentifiers: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} compute_config: {get_attr: [Compute, attributes, config_identifier]} + deployment_identifier: {get_param: DeployIdentifier} ObjectStorageNodesPostDeployment: type: OS::TripleO::ObjectStoragePostDeployment @@ -1392,6 +1406,7 @@ resources: NodeConfigIdentifiers: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} objectstorage_config: {get_attr: [ObjectStorage, attributes, config_identifier]} + deployment_identifier: {get_param: DeployIdentifier} BlockStorageNodesPostDeployment: type: OS::TripleO::BlockStoragePostDeployment @@ -1401,6 +1416,7 @@ resources: NodeConfigIdentifiers: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} blockstorage_config: {get_attr: [BlockStorage, attributes, config_identifier]} + deployment_identifier: {get_param: DeployIdentifier} CephStorageNodesPostDeployment: type: OS::TripleO::CephStoragePostDeployment @@ -1410,16 +1426,12 @@ resources: NodeConfigIdentifiers: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} cephstorage_config: {get_attr: [CephStorage, attributes, config_identifier]} + deployment_identifier: {get_param: DeployIdentifier} outputs: KeystoneURL: description: URL for the Overcloud Keystone service - value: - list_join: - - '' - - - http:// - - {get_attr: [PublicVirtualIP, ip_address]} - - :5000/v2.0/ + value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]} KeystoneAdminVip: description: Keystone Admin VIP endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 99265493..96198c3f 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -13,7 +13,7 @@ parameters: ceph_client_key: default: '' type: string - description: Ceph key used to create the 'openstack' user keyring. + description: Ceph key used to create the client user keyring. ceph_fsid: default: '' type: string @@ -27,6 +27,18 @@ parameters: type: comma_delimited_list ceph_mon_ips: type: comma_delimited_list + NovaRbdPoolName: + default: vms + type: string + CinderRbdPoolName: + default: volumes + type: string + GlanceRbdPoolName: + default: images + type: string + CephClientUserName: + default: openstack + type: string resources: CephClusterConfigImpl: @@ -65,15 +77,34 @@ resources: keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', cap_mon: 'allow profile bootstrap-osd' }, - client.openstack: { + client.CLIENT_USER: { secret: 'ADMIN_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' } }" params: + CLIENT_USER: {get_param: CephClientUserName} ADMIN_KEY: {get_param: ceph_admin_key} + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} + cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + ceph_client_user_name: {get_param: CephClientUserName} + ceph_pools: + - {get_param: CinderRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} outputs: config_id: diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 75294599..0d968504 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -22,8 +22,9 @@ parameters: constraints: - custom_constraint: nova.keypair NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -133,11 +134,7 @@ resources: config: {get_resource: CephStorageConfig} server: {get_resource: CephStorage} input_values: - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 6a869219..b536418d 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -44,14 +44,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string KeyName: default: default description: Name of an existing EC2 KeyPair to enable SSH access to the instances @@ -83,8 +75,9 @@ parameters: type: string hidden: true NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -103,6 +96,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json GlanceApiVirtualIP: type: string default: '' @@ -200,23 +198,12 @@ resources: cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} cinder_iscsi_helper: {get_param: CinderISCSIHelper} cinder_iscsi_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} + glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 5df4cb37..18547732 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -51,14 +51,6 @@ parameters: GlanceHost: type: string default: '' # Has to be here because of the ignored empty value bug - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string Image: type: string default: overcloud-compute @@ -219,8 +211,9 @@ parameters: type: string default: '' # Has to be here because of the ignored empty value bug NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list RabbitHost: type: string default: '' # Has to be here because of the ignored empty value bug @@ -261,6 +254,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json UpdateIdentifier: default: '' type: string @@ -423,7 +421,7 @@ resources: neutron_physical_bridge: {get_input: neutron_physical_bridge} neutron_public_interface: {get_input: neutron_public_interface} nova::network::neutron::neutron_admin_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_url} + nova::network::neutron::neutron_url: {get_input: neutron_internal_url} nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} neutron_router_distributed: {get_input: neutron_router_distributed} neutron_agent_mode: {get_input: neutron_agent_mode} @@ -458,22 +456,10 @@ resources: ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} ceilometer_compute_agent: {get_param: CeilometerComputeAgent} - ceilometer_agent_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0' + ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceHost} - - ':' - - {get_param: GlancePort} + glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} neutron_flat_networks: {get_param: NeutronFlatNetworks} neutron_host: {get_param: NeutronHost} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} @@ -530,28 +516,14 @@ resources: - {get_param: NeutronTypeDrivers} neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronHost} - - ':9696' - neutron_admin_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/v2.0' + neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]} + neutron_admin_auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri]} admin_password: {get_param: AdminPassword} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 69690f60..ae2b66e3 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -170,14 +170,6 @@ parameters: description: The password for the glance service and db account, used by the glance services. type: string hidden: true - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string GlanceBackend: default: swift description: The short name of the Glance backend to use. Should be one @@ -458,8 +450,9 @@ parameters: description: Should MongoDb journaling be disabled type: boolean NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list PcsdPassword: type: string description: The password for the 'pcsd' user. @@ -590,6 +583,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json UpdateIdentifier: default: '' type: string @@ -727,24 +725,6 @@ resources: - - 'http://' - {get_param: HeatApiVirtualIP} - ':8000/v1/waitcondition' - heat_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8004/v1/%(tenant_id)s' - heat_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIP} - - ':8004/v1/%(tenant_id)s' - heat_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIP} - - ':8004/v1/%(tenant_id)s' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} @@ -777,43 +757,7 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/cinder' - cinder_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8776/v1/%(tenant_id)s' - cinder_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v1/%(tenant_id)s' - cinder_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v1/%(tenant_id)s' - cinder_public_url_v2: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8776/v2/%(tenant_id)s' - cinder_internal_url_v2: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v2/%(tenant_id)s' - cinder_admin_url_v2: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v2/%(tenant_id)s' - glance_port: {get_param: GlancePort} + glance_port: {get_param: [EndpointMap, GlanceInternal, port]} glance_password: {get_param: GlancePassword} glance_backend: {get_param: GlanceBackend} glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} @@ -840,7 +784,6 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/heat' - keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]} keystone_ca_certificate: {get_param: KeystoneCACertificate} keystone_signing_key: {get_param: KeystoneSigningKey} keystone_signing_certificate: {get_param: KeystoneSigningCertificate} @@ -856,36 +799,11 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/keystone' - keystone_identity_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357' - keystone_auth_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0/' - keystone_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':5000' - keystone_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000' - keystone_ec2_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0/ec2tokens' + keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] } + keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} enable_galera: {get_param: EnableGalera} enable_ceph_storage: {get_param: EnableCephStorage} @@ -965,30 +883,10 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/ovs_neutron?charset=utf8' - neutron_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronApiVirtualIP} - - ':9696' - neutron_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':9696' - neutron_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronApiVirtualIP} - - ':9696' - neutron_admin_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/v2.0' + neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } + neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] } ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} @@ -1006,24 +904,6 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/ceilometer' - ceilometer_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8777' - ceilometer_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: CeilometerApiVirtualIP} - - ':8777' - ceilometer_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: CeilometerApiVirtualIP} - - ':8777' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} nova_password: {get_param: NovaPassword} @@ -1035,60 +915,6 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/nova' - nova_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8774/v2/%(tenant_id)s' - nova_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v2/%(tenant_id)s' - nova_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v2/%(tenant_id)s' - nova_v3_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8774/v3' - nova_v3_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v3' - nova_v3_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v3' - nova_ec2_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8773/services/Cloud' - nova_ec2_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8773/services/Cloud' - nova_ec2_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8773/services/Admin' fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} @@ -1105,11 +931,7 @@ resources: template: "'LIMIT'" params: LIMIT: {get_param: RabbitFDLimit} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} @@ -1118,42 +940,6 @@ resources: swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} - swift_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8080/v1/AUTH_%(tenant_id)s' - swift_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080/v1/AUTH_%(tenant_id)s' - swift_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080' - swift_public_url_s3: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8080' - swift_internal_url_s3: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080' - swift_admin_url_s3: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080' enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} @@ -1162,39 +948,8 @@ resources: cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} + glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} glance_registry_host: {get_param: GlanceRegistryVirtualIP} - glance_public_url: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: PublicVirtualIP} - - ':' - - {get_param: GlancePort} - glance_internal_url: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} - glance_admin_url: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} @@ -1281,14 +1036,6 @@ resources: tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} - swift::keystone::auth::public_url: {get_input: swift_public_url } - swift::keystone::auth::internal_url: {get_input: swift_internal_url } - swift::keystone::auth::admin_url: {get_input: swift_admin_url } - swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 } - swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 } - swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 } - swift::keystone::auth::password: {get_input: swift_password } - swift::keystone::auth::region: {get_input: keystone_region} # NOTE(dprince): build_ring support is currently not wired in. # See: https://review.openstack.org/#/c/109225/ @@ -1316,14 +1063,6 @@ resources: cinder::glance::glance_api_servers: {get_input: glance_api_servers} cinder_backend_config: {get_input: CinderBackendConfig} cinder::db::mysql::password: {get_input: cinder_password} - cinder::keystone::auth::public_url: {get_input: cinder_public_url } - cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } - cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } - cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 } - cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 } - cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 } - cinder::keystone::auth::password: {get_input: cinder_password } - cinder::keystone::auth::region: {get_input: keystone_region} # Glance glance::api::bind_port: {get_input: glance_port} @@ -1343,16 +1082,11 @@ resources: glance::registry::auth_uri: {get_input: keystone_auth_uri} glance::registry::identity_uri: {get_input: keystone_identity_uri} glance::registry::debug: {get_input: debug} - glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address} + glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri} glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_input: glance_password} glance_backend: {get_input: glance_backend} glance::db::mysql::password: {get_input: glance_password} - glance::keystone::auth::public_url: {get_input: glance_public_url } - glance::keystone::auth::internal_url: {get_input: glance_internal_url } - glance::keystone::auth::admin_url: {get_input: glance_admin_url } - glance::keystone::auth::password: {get_input: glance_password } - glance::keystone::auth::region: {get_input: keystone_region} glance_file_pcmk_device: {get_input: glance_file_pcmk_device} glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} @@ -1378,11 +1112,6 @@ resources: heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} - heat::keystone::auth::public_url: {get_input: heat_public_url } - heat::keystone::auth::internal_url: {get_input: heat_internal_url } - heat::keystone::auth::admin_url: {get_input: heat_admin_url } - heat::keystone::auth::password: {get_input: heat_password } - heat::keystone::auth::region: {get_input: keystone_region} # Keystone keystone::admin_token: {get_input: admin_token} @@ -1464,11 +1193,6 @@ resources: neutron_dsn: {get_input: neutron_dsn} neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} neutron::db::mysql::password: {get_input: neutron_password} - neutron::keystone::auth::public_url: {get_input: neutron_public_url } - neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } - neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } - neutron::keystone::auth::password: {get_input: neutron_password } - neutron::keystone::auth::region: {get_input: keystone_region} # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} @@ -1484,14 +1208,9 @@ resources: ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address} + ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} ceilometer::db::mysql::password: {get_input: ceilometer_password} - ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url } - ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url } - ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url } - ceilometer::keystone::auth::password: {get_input: ceilometer_password } - ceilometer::keystone::auth::region: {get_input: keystone_region} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -1514,17 +1233,6 @@ resources: nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova::db::mysql::password: {get_input: nova_password} - nova::keystone::auth::public_url: {get_input: nova_public_url} - nova::keystone::auth::internal_url: {get_input: nova_internal_url} - nova::keystone::auth::admin_url: {get_input: nova_admin_url} - nova::keystone::auth::public_url_v3: {get_input: nova_v3_public_url} - nova::keystone::auth::internal_url_v3: {get_input: nova_v3_internal_url} - nova::keystone::auth::admin_url_v3: {get_input: nova_v3_admin_url} - nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url} - nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url} - nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url} - nova::keystone::auth::password: {get_input: nova_password } - nova::keystone::auth::region: {get_input: keystone_region} # Horizon apache::ip: {get_input: horizon_network} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 62907104..7cefc24b 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -29,6 +29,18 @@ parameters: type: comma_delimited_list ceph_mon_ips: type: comma_delimited_list + NovaRbdPoolName: + default: vms + type: string + CinderRbdPoolName: + default: volumes + type: string + GlanceRbdPoolName: + default: images + type: string + CephClientUserName: + default: openstack + type: string resources: CephClusterConfigImpl: @@ -47,16 +59,34 @@ resources: ceph::profile::params::client_keys: str_replace: template: "{ - client.openstack: { + client.CLIENT_USER: { secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' } }" params: + CLIENT_USER: {get_param: CephClientUserName} CLIENT_KEY: {get_param: ceph_client_key} - + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} + cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + ceph_client_user_name: {get_param: CephClientUserName} + ceph_pools: + - {get_param: CinderRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} outputs: config_id: diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index 18a48622..ca6d3954 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -7,11 +7,6 @@ ceph::profile::params::osds: {/srv/data: {}} ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx -ceph_pools: - - volumes - - vms - - images - ceph_classes: [] ceph_osd_selinux_permissive: true diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 16aeb98c..173020f8 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -10,9 +10,6 @@ nova::compute::vnc_enabled: true nova::compute::libvirt::vncserver_listen: '0.0.0.0' nova::compute::libvirt::migration_support: true -nova::compute::rbd::libvirt_rbd_user: 'openstack' -nova::compute::rbd::rbd_keyring: 'client.openstack' -nova::compute::rbd::libvirt_images_rbd_pool: 'vms' nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" ceilometer::agent::auth::auth_tenant_name: 'service' diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 07bfe543..a4914c0e 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -39,13 +39,6 @@ cinder::api::keystone_tenant: 'service' swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' -glance::keystone::auth::tenant: 'service' -nova::keystone::auth::tenant: 'service' -neutron::keystone::auth::tenant: 'service' -cinder::keystone::auth::tenant: 'service' -swift::keystone::auth::tenant: 'service' -ceilometer::keystone::auth::tenant: 'service' -heat::keystone::auth::tenant: 'service' # keystone keystone::cron::token_flush::maxdelay: 3600 @@ -67,13 +60,10 @@ swift::proxy::pipeline: - 'proxy-server' swift::proxy::account_autocreate: true -swift::keystone::auth::configure_s3_endpoint: false -swift::keystone::auth::operator_roles: - - admin - - swiftoperator # glance glance::api::pipeline: 'keystone' +glance::api::show_image_direct_url: true glance::registry::pipeline: 'keystone' glance::backend::swift::swift_store_create_container_on_put: true glance::backend::rbd::rbd_store_user: 'openstack' @@ -88,7 +78,6 @@ nova::notify_on_state_change: 'vm_and_task_state' nova::api::default_floating_pool: 'public' nova::api::osapi_v3: true nova::scheduler::filter::ram_allocation_ratio: '1.0' -nova::keystone::auth::configure_ec2_endpoint: false # ceilometer ceilometer::agent::auth::auth_endpoint_type: 'internalURL' diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 4c927569..cd41cc79 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -49,8 +49,9 @@ if $rbd_ephemeral_storage or $rbd_persistent_storage { include ::ceph::profile::client $client_keys = hiera('ceph::profile::params::client_keys') + $client_user = join(['client.', hiera('ceph_client_user_name')]) class { '::nova::compute::rbd': - libvirt_rbd_secret_key => $client_keys['client.openstack']['secret'], + libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], } } diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 14044789..34be39f3 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -316,7 +316,7 @@ if hiera('step') >= 3 { $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : } - $cinder_pool_requires = [Ceph::Pool['volumes']] + $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] } else { $cinder_pool_requires = [] @@ -326,8 +326,8 @@ if hiera('step') >= 3 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : - rbd_pool => 'volumes', - rbd_user => 'openstack', + rbd_pool => hiera('cinder_rbd_pool_name'), + rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), require => $cinder_pool_requires, } @@ -381,7 +381,7 @@ if hiera('step') >= 3 { package {'nfs-utils': } -> cinder::backend::nfs { $cinder_nfs_backend : nfs_servers => hiera('cinder_nfs_servers'), - nfs_mount_options => hiera('cinder_nfs_mount_options'), + nfs_mount_options => hiera('cinder_nfs_mount_options',''), nfs_shares_config => '/etc/cinder/shares-nfs.conf', } } @@ -485,15 +485,6 @@ if hiera('step') >= 3 { if hiera('step') >= 4 { include ::keystone::cron::token_flush - - include ::ceilometer::keystone::auth - include ::cinder::keystone::auth - include ::glance::keystone::auth - include ::heat::keystone::auth - include ::neutron::keystone::auth - include ::nova::keystone::auth - include ::swift::keystone::auth - } #END STEP 4 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index adb52188..6cfa13ec 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -74,11 +74,11 @@ if hiera('step') >= 1 { Class['tripleo::fencing'] -> Class['pacemaker::stonith'] } - # FIXME(gfidente): sets 90secs as default start timeout op + # FIXME(gfidente): sets 95secs as default start timeout op # param; until we can use pcmk global defaults we'll still # need to add it to every resource which redefines op params Pacemaker::Resource::Service { - op_params => 'start timeout=90s', + op_params => 'start timeout=95s stop timeout=95s', } # Only configure RabbitMQ in this step, don't start it yet to @@ -344,7 +344,7 @@ if hiera('step') >= 2 { if downcase(hiera('ceilometer_backend')) == 'mongodb' { pacemaker::resource::service { $::mongodb::params::service_name : - op_params => 'start timeout=120s', + op_params => 'start timeout=120s stop timeout=95s', clone_params => true, require => Class['::mongodb::server'], } @@ -692,7 +692,7 @@ if hiera('step') >= 3 { $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : } - $cinder_pool_requires = [Ceph::Pool['volumes']] + $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] } else { $cinder_pool_requires = [] @@ -702,8 +702,8 @@ if hiera('step') >= 3 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : - rbd_pool => 'volumes', - rbd_user => 'openstack', + rbd_pool => hiera('cinder_rbd_pool_name'), + rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), require => $cinder_pool_requires, } @@ -757,7 +757,7 @@ if hiera('step') >= 3 { package { 'nfs-utils': } -> cinder::backend::nfs { $cinder_nfs_backend: nfs_servers => hiera('cinder_nfs_servers'), - nfs_mount_options => hiera('cinder_nfs_mount_options'), + nfs_mount_options => hiera('cinder_nfs_mount_options',''), nfs_shares_config => '/etc/cinder/shares-nfs.conf', } } @@ -1186,24 +1186,24 @@ if hiera('step') >= 4 { # Nova pacemaker::resource::service { $::nova::params::api_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=90s monitor start-delay=10s', + op_params => 'start timeout=95s stop timeout=95s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::conductor_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=90s monitor start-delay=10s', + op_params => 'start timeout=95s stop timeout=95s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::consoleauth_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=90s monitor start-delay=10s', + op_params => 'start timeout=95s stop timeout=95s monitor start-delay=10s', require => Pacemaker::Resource::Service[$::keystone::params::service_name], } pacemaker::resource::service { $::nova::params::vncproxy_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=90s monitor start-delay=10s', + op_params => 'start timeout=95s stop timeout=95s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::scheduler_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=90s monitor start-delay=10s', + op_params => 'start timeout=95s stop timeout=95s monitor start-delay=10s', } pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': @@ -1565,27 +1565,6 @@ if hiera('step') >= 5 { } -> class {'::keystone::endpoint' : require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::ceilometer::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::cinder::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::glance::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::heat::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::neutron::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::nova::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::swift::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], } } diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 22ec6096..3d9b9018 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -45,8 +45,9 @@ parameters: type: string hidden: true NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -207,11 +208,7 @@ resources: swift_min_part_hours: {get_param: MinPartHours} swift_part_power: {get_param: PartPower} swift_replicas: { get_param: Replicas} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} |