aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/compute-post.yaml3
-rw-r--r--docker/firstboot/install_docker_agents.yaml2
-rw-r--r--docker/firstboot/start_docker_agents.sh59
-rw-r--r--environments/enable-tls.yaml3
-rw-r--r--environments/manila-generic-config.yaml26
-rw-r--r--environments/neutron-ovs-dvr.yaml24
-rw-r--r--environments/puppet-pacemaker.yaml41
-rw-r--r--network/endpoints/endpoint_data.yaml15
-rw-r--r--network/endpoints/endpoint_map.yaml121
-rw-r--r--overcloud-resource-registry-puppet.yaml10
-rw-r--r--overcloud.yaml211
-rw-r--r--puppet/all-nodes-config.yaml11
-rw-r--r--puppet/ceph-storage.yaml13
-rw-r--r--puppet/cinder-storage.yaml15
-rw-r--r--puppet/compute.yaml14
-rw-r--r--puppet/controller.yaml62
-rw-r--r--puppet/hieradata/ceph.yaml9
-rw-r--r--puppet/hieradata/common.yaml3
-rw-r--r--puppet/hieradata/compute.yaml2
-rw-r--r--puppet/hieradata/controller.yaml15
-rw-r--r--puppet/hieradata/database.yaml8
-rw-r--r--puppet/hieradata/object.yaml3
-rw-r--r--puppet/hieradata/volume.yaml2
-rw-r--r--puppet/manifests/overcloud_controller.pp34
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp159
-rw-r--r--puppet/services/aodh-api.yaml37
-rw-r--r--puppet/services/aodh-base.yaml94
-rw-r--r--puppet/services/aodh-evaluator.yaml27
-rw-r--r--puppet/services/aodh-listener.yaml27
-rw-r--r--puppet/services/aodh-notifier.yaml27
-rw-r--r--puppet/services/ceilometer-base.yaml4
-rw-r--r--puppet/services/ceph-base.yaml7
-rw-r--r--puppet/services/cinder-base.yaml2
-rw-r--r--puppet/services/glance-api.yaml3
-rw-r--r--puppet/services/glance-registry.yaml2
-rw-r--r--puppet/services/gnocchi-base.yaml8
-rw-r--r--puppet/services/heat-base.yaml2
-rw-r--r--puppet/services/keystone.yaml21
-rw-r--r--puppet/services/manila-api.yaml46
-rw-r--r--puppet/services/manila-base.yaml119
-rw-r--r--puppet/services/manila-scheduler.yaml57
-rw-r--r--puppet/services/manila-share.yaml29
-rw-r--r--puppet/services/neutron-base.yaml2
-rw-r--r--puppet/services/neutron-l3-compute-dvr.yaml37
-rw-r--r--puppet/services/neutron-l3.yaml10
-rw-r--r--puppet/services/neutron-ovs-agent.yaml6
-rw-r--r--puppet/services/neutron-plugin-plumgrid.yaml2
-rw-r--r--puppet/services/neutron-server.yaml7
-rw-r--r--puppet/services/nova-base.yaml2
-rw-r--r--puppet/services/pacemaker/haproxy.yaml1
-rw-r--r--puppet/services/pacemaker/manila-share.yaml27
-rw-r--r--puppet/services/pacemaker/sahara-api.yaml2
-rw-r--r--puppet/services/pacemaker/sahara-engine.yaml6
-rw-r--r--puppet/services/sahara-api.yaml14
-rw-r--r--puppet/services/sahara-base.yaml30
-rw-r--r--puppet/services/sahara-engine.yaml24
-rw-r--r--puppet/swift-storage.yaml15
-rw-r--r--puppet/vip-config.yaml1
58 files changed, 936 insertions, 627 deletions
diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml
index 3fc07561..60b831be 100644
--- a/docker/compute-post.yaml
+++ b/docker/compute-post.yaml
@@ -42,6 +42,9 @@ parameters:
type: string
description: Config manifests that will be used to step through the deployment.
default: ''
+ RoleData:
+ type: json
+ default: {}
resources:
diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml
index 2858552f..f6d61e2d 100644
--- a/docker/firstboot/install_docker_agents.yaml
+++ b/docker/firstboot/install_docker_agents.yaml
@@ -6,7 +6,7 @@ parameters:
default: heat-docker-agents
DockerNamespace:
type: string
- default: kollaglue
+ default: tripleoupstream
DockerNamespaceIsRegistry:
type: boolean
default: false
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index cb8b2a5d..65c4e6dc 100644
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -1,14 +1,38 @@
#!/bin/bash
set -eux
-# firstboot isn't split out by role yet so we handle it this way
-if ! hostname | grep compute &>/dev/null; then
- echo "Exiting. This script is only for the compute role."
- exit 0
+/sbin/setenforce 0
+/sbin/modprobe ebtables
+
+# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes
+chmod 666 /dev/pts/ptmx
+
+# We need hostname -f to return in a centos container for the puppet hook
+HOSTNAME=$(hostname)
+echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
+
+# update docker for local insecure registry(optional)
+# Note: This is different for different docker versions
+# For older docker versions < 1.4.x use commented line
+#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
+#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
+
+# Local docker registry 1.8
+if [ $docker_namespace_is_registry ]; then
+ /usr/bin/systemctl stop docker.service
+ # if namespace is used with local registry, trim all namespacing
+ trim_var=$docker_registry
+ registry_host="${trim_var%%/*}"
+ /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry[ ]'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker
+ /usr/bin/systemctl start --no-block docker.service
fi
+/usr/bin/docker pull $agent_image &
+DOCKER_PULL_PID=$!
+
mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container
+
# heat-docker-agents service
cat <<EOF > /etc/systemd/system/heat-docker-agents.service
@@ -22,7 +46,6 @@ User=root
Restart=on-failure
ExecStartPre=-/usr/bin/docker kill heat-agents
ExecStartPre=-/usr/bin/docker rm heat-agents
-ExecStartPre=/usr/bin/docker pull $agent_image
ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image
ExecStop=/usr/bin/docker stop heat-agents
@@ -31,30 +54,6 @@ WantedBy=multi-user.target
EOF
-# update docker for local insecure registry(optional)
-# Note: This is different for different docker versions
-# For older docker versions < 1.4.x use commented line
-#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
-#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
-
-# Local docker registry 1.8
-if [ $docker_namespace_is_registry ]; then
- # if namespace is used with local registry, trim all namespacing
- trim_var=$docker_registry
- registry_host="${trim_var%%/*}"
- /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker
-fi
-
-/sbin/setenforce 0
-/sbin/modprobe ebtables
-
-# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes
-chmod 666 /dev/pts/ptmx
-
-# We need hostname -f to return in a centos container for the puppet hook
-HOSTNAME=$(hostname)
-echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
-
# enable and start heat-docker-agents
chmod 0640 /etc/systemd/system/heat-docker-agents.service
/usr/bin/systemctl enable heat-docker-agents.service
@@ -82,3 +81,5 @@ AUTO_EXTEND_POOL=yes
POOL_AUTOEXTEND_PERCENT=30
POOL_AUTOEXTEND_THRESHOLD=70
EOF
+
+wait $DOCKER_PULL_PID
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml
index 289ec2e3..ee1f5387 100644
--- a/environments/enable-tls.yaml
+++ b/environments/enable-tls.yaml
@@ -34,6 +34,9 @@ parameter_defaults:
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
MysqlNoBracketsInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml
new file mode 100644
index 00000000..74011c66
--- /dev/null
+++ b/environments/manila-generic-config.yaml
@@ -0,0 +1,26 @@
+# A Heat environment file which can be used to enable a
+# a Manila generic driver backend.
+resource_registry:
+ OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml
+ OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+
+
+parameter_defaults:
+ ManilaGenericEnableBackend: true
+ ManilaGenericBackendName: tripleo_generic
+ ManilaGenericDriverHandlesShareServers: true
+ ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf'
+ ManilaGenericVolumeNameTemplate: 'manila-share-%s'
+ ManilaGenericVolumeSnapshotNameTemplate: 'manila-snapshot-%s'
+ ManilaGenericShareMountPath: '/shares'
+ ManilaGenericMaxTimeToCreateVolume: '180'
+ ManilaGenericMaxTimeToAttach: '120'
+ ManilaGenericServiceInstanceSmbConfigPath: '$share_mount_path/smb.conf'
+ ManilaGenericShareVolumeFsType: 'ext4'
+ ManilaGenericCinderVolumeType: ''
+ ManilaGenericServiceInstanceUser: ''
+ ManilaGenericServiceInstancePassword: ''
+ ManilaGenericServiceInstanceFlavorId: 2
+ ManilaGenericServiceNetworkCidr: '172.16.0.0/16'
diff --git a/environments/neutron-ovs-dvr.yaml b/environments/neutron-ovs-dvr.yaml
new file mode 100644
index 00000000..223c2531
--- /dev/null
+++ b/environments/neutron-ovs-dvr.yaml
@@ -0,0 +1,24 @@
+# A Heat environment file that enables DVR in the overcloud.
+# This works by configuring L3 and Metadata agents on the
+# compute nodes.
+resource_registry:
+ OS::TripleO::Services::ComputeNeutronL3Agent: ../puppet/services/neutron-l3-compute-dvr.yaml
+ OS::TripleO::Services::ComputeNeutronMetadataAgent: ../puppet/services/neutron-metadata.yaml
+
+ # With DVR enabled, the Compute nodes also need the br-ex bridge to be
+ # connected to a physical network.
+ OS::TripleO::Compute::Net::SoftwareConfig: ../net-config-bridge.yaml
+
+parameter_defaults:
+
+ # DVR requires that the L2 population feature is enabled
+ NeutronMechanismDrivers: ['openvswitch', 'l2population']
+ NeutronEnableL2Pop: 'True'
+
+ # Setting NeutronEnableDVR enables distributed routing support in the
+ # ML2 plugin and agents that support this feature
+ NeutronEnableDVR: true
+
+ # We also need to set the proper agent mode for the L3 agent. This will only
+ # affect the agent on the controller node.
+ NeutronL3AgentMode: 'dvr_snat'
diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml
index 4622bc4d..74b91106 100644
--- a/environments/puppet-pacemaker.yaml
+++ b/environments/puppet-pacemaker.yaml
@@ -10,46 +10,13 @@ resource_registry:
# NOTE: For now we will need to specify overrides to all services
# which use pacemaker. In the future (with upcoming HA light work) this
# list will hopefully be much smaller however.
- OS::TripleO::Services::CinderApi: ../puppet/services/pacemaker/cinder-api.yaml
- OS::TripleO::Services::CinderScheduler: ../puppet/services/pacemaker/cinder-scheduler.yaml
OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml
- OS::TripleO::Services::Core: ../puppet/services/pacemaker/core.yaml
- OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml
- OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml
- OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml
- OS::TripleO::Services::HeatApi: ../puppet/services/pacemaker/heat-api.yaml
- OS::TripleO::Services::HeatApiCfn: ../puppet/services/pacemaker/heat-api-cfn.yaml
- OS::TripleO::Services::HeatApiCloudwatch: ../puppet/services/pacemaker/heat-api-cloudwatch.yaml
- OS::TripleO::Services::HeatEngine: ../puppet/services/pacemaker/heat-engine.yaml
- OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/pacemaker/neutron-dhcp.yaml
- OS::TripleO::Services::NeutronL3Agent: ../puppet/services/pacemaker/neutron-l3.yaml
- OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/pacemaker/neutron-metadata.yaml
- OS::TripleO::Services::NeutronServer: ../puppet/services/pacemaker/neutron-server.yaml
- OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/pacemaker/neutron-plugin-ml2.yaml
- # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin)
- OS::TripleO::Services::NeutronCorePluginPlumgrid: ../puppet/services/pacemaker/neutron-plugin-plumgrid.yaml
- OS::TripleO::Services::NeutronCorePluginNuage: ../puppet/services/pacemaker/neutron-plugin-nuage.yaml
- OS::TripleO::Services::NeutronCorePluginOpencontrail: ../puppet/services/pacemaker/neutron-plugin-opencontrail.yaml
- OS::TripleO::Services::NeutronCorePluginMidonet: ../puppet/services/pacemaker/neutron-midonet.yaml
- OS::TripleO::Services::NeutronOvsAgent: ../puppet/services/pacemaker/neutron-ovs-agent.yaml
OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml
- OS::TripleO::Services::Memcached: ../puppet/services/pacemaker/memcached.yaml
OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml
OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml
- OS::TripleO::Services::NovaConductor: ../puppet/services/pacemaker/nova-conductor.yaml
- OS::TripleO::Services::MongoDb: ../puppet/services/pacemaker/database/mongodb.yaml
- OS::TripleO::Services::NovaApi: ../puppet/services/pacemaker/nova-api.yaml
- OS::TripleO::Services::NovaScheduler: ../puppet/services/pacemaker/nova-scheduler.yaml
- OS::TripleO::Services::NovaConsoleauth: ../puppet/services/pacemaker/nova-consoleauth.yaml
- OS::TripleO::Services::NovaVncproxy: ../puppet/services/pacemaker/nova-vncproxy.yaml
- OS::TripleO::Services::CeilometerApi: ../puppet/services/pacemaker/ceilometer-api.yaml
- OS::TripleO::Services::CeilometerCollector: ../puppet/services/pacemaker/ceilometer-collector.yaml
- OS::TripleO::Services::CeilometerAgentCentral: ../puppet/services/pacemaker/ceilometer-agent-central.yaml
- OS::TripleO::Services::CeilometerAgentNotification: ../puppet/services/pacemaker/ceilometer-agent-notification.yaml
- #Gnocchi services
- OS::TripleO::Services::GnocchiApi: ../puppet/services/pacemaker/gnocchi-api.yaml
- OS::TripleO::Services::GnocchiMetricd: ../puppet/services/pacemaker/gnocchi-metricd.yaml
- OS::TripleO::Services::GnocchiStatsd: ../puppet/services/pacemaker/gnocchi-statsd.yaml
OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml
- OS::TripleO::Services::Horizon: ../puppet/services/pacemaker/horizon.yaml
+ # Services that are disabled by default (use relevant environment files):
+ OS::Tripleo::Services::ManilaShare: OS::Heat::None
+ OS::TripleO::Services::SaharaApi: ../puppet/services/pacemaker/sahara-api.yaml
+ OS::TripleO::Services::SaharaEngine: ../puppet/services/pacemaker/sahara-engine.yaml
diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml
index 5afcf5de..363950d1 100644
--- a/network/endpoints/endpoint_data.yaml
+++ b/network/endpoints/endpoint_data.yaml
@@ -133,6 +133,21 @@ Keystone:
port: 35357
port: 5000
+Manila:
+ Internal:
+ vip_param: ManilaApi
+ uri_suffixes:
+ '': /v2/%(tenant_id)s
+ Public:
+ vip_param: Public
+ uri_suffixes:
+ '': /v2/%(tenant_id)s
+ Admin:
+ vip_param: ManilaApi
+ uri_suffixes:
+ '': /v2/%(tenant_id)s
+ port: 8786
+
Neutron:
Internal:
vip_param: NeutronApi
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
index e1b8984f..98dad250 100644
--- a/network/endpoints/endpoint_map.yaml
+++ b/network/endpoints/endpoint_map.yaml
@@ -19,6 +19,7 @@ parameters:
KeystoneAdminApiVirtualIP: {type: string, default: ''}
KeystonePublicApiVirtualIP: {type: string, default: ''}
MysqlNoBracketsVirtualIP: {type: string, default: ''}
+ ManilaApiVirtualIP: {type: string, default: ''}
MysqlVirtualIP: {type: string, default: ''}
NeutronApiVirtualIP: {type: string, default: ''}
NovaApiVirtualIP: {type: string, default: ''}
@@ -57,6 +58,9 @@ parameters:
KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
+ ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS}
+ ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS}
+ ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS}
MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS}
MysqlNoBracketsInternal: {protocol: mysql+pymysql, port: '3306',
host: IP_ADDRESS}
@@ -1473,6 +1477,123 @@ outputs:
IP_ADDRESS: {get_param: PublicVirtualIP}
- ':'
- get_param: [EndpointMap, KeystonePublic, port]
+ ManilaAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ port:
+ get_param: [EndpointMap, ManilaAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ManilaAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaAdmin, port]
+ - /v2/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaAdmin, port]
+ ManilaInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ port:
+ get_param: [EndpointMap, ManilaInternal, port]
+ protocol:
+ get_param: [EndpointMap, ManilaInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaInternal, port]
+ - /v2/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: ManilaApiVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaInternal, port]
+ ManilaPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: PublicVirtualIP}
+ port:
+ get_param: [EndpointMap, ManilaPublic, port]
+ protocol:
+ get_param: [EndpointMap, ManilaPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: PublicVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaPublic, port]
+ - /v2/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME: {get_param: CloudName}
+ IP_ADDRESS: {get_param: PublicVirtualIP}
+ - ':'
+ - get_param: [EndpointMap, ManilaPublic, port]
MysqlInternal:
host:
str_replace:
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index c71ced2d..f6d76d97 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -193,6 +193,16 @@ resource_registry:
OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml
OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml
OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml
+ # Services that are disabled by default (use relevant environment files):
+ OS::Tripleo::Services::ManilaApi: OS::Heat::None
+ OS::Tripleo::Services::ManilaScheduler: OS::Heat::None
+ OS::Tripleo::Services::ManilaShare: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::AodhApi: puppet/services/aodh-api.yaml
+ OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml
+ OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml
+ OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml
parameter_defaults:
EnablePackageInstall: false
diff --git a/overcloud.yaml b/overcloud.yaml
index 86b326f3..acd9b1fa 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -16,10 +16,6 @@ parameters:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
- AodhPassword:
- description: The password for the aodh services.
- type: string
- hidden: true
CinderEnableNfsBackend:
default: false
description: Whether to enable or not the NFS backend for Cinder
@@ -36,38 +32,16 @@ parameters:
default: []
description: Should be used for arbitrary ips.
type: json
- CorosyncIPv6:
- default: false
- description: Enable IPv6 in Corosync
- type: boolean
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
- HAProxySyslogAddress:
- default: /dev/log
- description: Syslog address where HAproxy will send its log
- type: string
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
InternalApiVirtualFixedIPs:
default: []
description: >
Control the IP allocation for the InternalApiVirtualInterface port. E.g.
[{'ip_address':'1.2.3.4'}]
type: json
- KeyName:
- default: default
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- constraints:
- - custom_constraint: nova.keypair
- MemcachedIPv6:
- default: false
- description: Enable IPv6 features in Memcached.
- type: boolean
NeutronControlPlaneID:
default: 'ctlplane'
type: string
@@ -116,10 +90,6 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
- RedisPassword:
- description: The password for Redis
- type: string
- hidden: true
StorageVirtualFixedIPs:
default: []
description: >
@@ -154,33 +124,12 @@ parameters:
description: |
Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
type: json
- controllerImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
OvercloudControlFlavor:
description: Flavor for control nodes to request when deploying.
default: baremetal
type: string
constraints:
- custom_constraint: nova.flavor
- ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
- type: string
- EnableFencing:
- default: false
- description: Whether to enable fencing in Pacemaker or not.
- type: boolean
- EnableGalera:
- default: true
- description: Whether to use Galera instead of regular MariaDB.
- type: boolean
- ControllerSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
ExtraConfig:
default: {}
description: |
@@ -188,74 +137,12 @@ parameters:
may be implementation specific, e.g puppet hieradata. Any role specific
ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig.
type: json
- FencingConfig:
- default: {}
- description: |
- Pacemaker fencing configuration. The JSON should have
- the following structure:
- {
- "devices": [
- {
- "agent": "AGENT_NAME",
- "host_mac": "HOST_MAC_ADDRESS",
- "params": {"PARAM_NAME": "PARAM_VALUE"}
- }
- ]
- }
- For instance:
- {
- "devices": [
- {
- "agent": "fence_xvm",
- "host_mac": "52:54:00:aa:bb:cc",
- "params": {
- "multicast_address": "225.0.0.12",
- "port": "baremetal_0",
- "manage_fw": true,
- "manage_key_file": true,
- "key_file": "/etc/fence_xvm.key",
- "key_file_password": "abcdef"
- }
- }
- ]
- }
- type: json
- type: string
- hidden: true
- InstanceNameTemplate:
- default: 'instance-%08x'
- description: Template string to be used to generate instance names
- type: string
- ManageFirewall:
- default: true
- description: Whether to manage IPtables rules.
- type: boolean
- PurgeFirewallRules:
- default: false
- description: Whether IPtables rules should be purged before setting up the ones.
- type: boolean
- MysqlInnodbBufferPoolSize:
- description: >
- Specifies the size of the buffer pool in megabytes. Setting to
- zero should be interpreted as "no value" and will defer to the
- lower level default.
- type: number
- default: 0
- MysqlMaxConnections:
- description: Configures MySQL max_connections config setting
- type: number
- default: 4096
- PublicVirtualInterface:
- default: 'br-ex'
- description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
- type: string
SwiftHashSuffix:
description: A random string to be used as a salt when hashing to determine mappings in the ring.
type: string
hidden: true
+
# Compute-specific params
ComputeCount:
type: number
@@ -287,19 +174,10 @@ parameters:
default: ''
description: Libvirt VIF driver configuration for the network
type: string
- NovaComputeSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
NovaEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Nova
type: boolean
- NovaImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
NovaOVSBridge:
default: 'br-int'
description: Name of integration bridge used by Open vSwitch
@@ -328,6 +206,7 @@ parameters:
IronicApiNetwork: internal_api
KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
KeystonePublicApiNetwork: internal_api
+ ManilaApiNetwork: internal_api
NeutronApiNetwork: internal_api
HeatApiNetwork: internal_api
NovaApiNetwork: internal_api
@@ -402,7 +281,15 @@ parameters:
- OS::TripleO::Services::GnocchiApi
- OS::TripleO::Services::GnocchiMetricd
- OS::TripleO::Services::GnocchiStatsd
-
+ - OS::Tripleo::Services::ManilaApi
+ - OS::Tripleo::Services::ManilaScheduler
+ - OS::Tripleo::Services::ManilaShare
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Controllers.
@@ -421,6 +308,8 @@ parameters:
- OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronL3Agent
+ - OS::TripleO::Services::ComputeNeutronMetadataAgent
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Compute Nodes.
@@ -430,9 +319,6 @@ parameters:
BlockStorageCount:
type: number
default: 0
- BlockStorageImage:
- default: overcloud-full
- type: string
OvercloudBlockStorageFlavor:
description: Flavor for block storage nodes to request when deploying.
default: baremetal
@@ -445,10 +331,6 @@ parameters:
BlockStorage specific configuration to inject into the cluster. Same
structure as ExtraConfig.
type: json
- BlockStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
BlockStorageServices:
default:
- OS::TripleO::Services::CinderVolume
@@ -471,19 +353,12 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- SwiftStorageImage:
- default: overcloud-full
- type: string
ObjectStorageExtraConfig:
default: {}
description: |
ObjectStorage specific configuration to inject into the cluster. Same
structure as ExtraConfig.
type: json
- ObjectStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
ObjectStorageServices:
default:
- OS::TripleO::Services::Kernel
@@ -503,9 +378,6 @@ parameters:
CephStorageCount:
type: number
default: 0
- CephStorageImage:
- default: overcloud-full
- type: string
OvercloudCephStorageFlavor:
default: baremetal
description: Flavor for Ceph storage nodes to request when deploying.
@@ -518,10 +390,6 @@ parameters:
CephStorage specific configuration to inject into the cluster. Same
structure as ExtraConfig.
type: json
- CephStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
CephStorageServices:
default:
- OS::TripleO::Services::CephOSD
@@ -642,6 +510,7 @@ resources:
IronicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+ ManilaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
MysqlVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
MysqlNoBracketsVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
@@ -665,59 +534,25 @@ resources:
resource_def:
type: OS::TripleO::Controller
properties:
- AdminPassword: {get_param: AdminPassword}
- AodhPassword: {get_param: AodhPassword}
- CloudDomain: {get_param: CloudDomain}
- ControlVirtualInterface: {get_param: ControlVirtualInterface}
controllerExtraConfig: {get_param: controllerExtraConfig}
- CorosyncIPv6: {get_param: CorosyncIPv6}
- Debug: {get_param: Debug}
- EnableFencing: {get_param: EnableFencing}
- ManageFirewall: {get_param: ManageFirewall}
- PurgeFirewallRules: {get_param: PurgeFirewallRules}
- EnableGalera: {get_param: EnableGalera}
- ExtraConfig: {get_param: ExtraConfig}
- FencingConfig: {get_param: FencingConfig}
Flavor: {get_param: OvercloudControlFlavor}
- HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
HorizonSecret: {get_resource: HorizonSecret}
- Image: {get_param: controllerImage}
- ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
- InstanceNameTemplate: {get_param: InstanceNameTemplate}
- KeyName: {get_param: KeyName}
- MemcachedIPv6: {get_param: MemcachedIPv6}
MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]}
- MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize}
- MysqlMaxConnections: {get_param: MysqlMaxConnections}
MysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
- NeutronPublicInterface: {get_param: NeutronPublicInterface}
- NeutronPassword: {get_param: NeutronPassword}
- NovaIPv6: {get_param: NovaIPv6}
- NovaPassword: {get_param: NovaPassword}
PcsdPassword: {get_resource: PcsdPassword}
- PublicVirtualInterface: {get_param: PublicVirtualInterface}
- RabbitPassword: {get_param: RabbitPassword}
- RabbitUserName: {get_param: RabbitUserName}
RabbitCookie: {get_attr: [RabbitCookie, value]}
- RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
- RabbitClientPort: {get_param: RabbitClientPort}
- RedisPassword: {get_param: RedisPassword}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}
- SwiftHashSuffix: {get_param: SwiftHashSuffix}
ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- UpdateIdentifier: {get_param: UpdateIdentifier}
Hostname:
str_replace:
template: {get_param: ControllerHostnameFormat}
params:
'%stackname%': {get_param: 'OS::stack_name'}
NodeIndex: '%index%'
- ServerMetadata: {get_param: ServerMetadata}
- SchedulerHints: {get_param: ControllerSchedulerHints}
ServiceConfigSettings: {get_attr: [ControllerServiceChain, role_data, config_settings]}
ServiceNames: {get_attr: [ControllerServiceChain, role_data, service_names]}
@@ -744,9 +579,6 @@ resources:
ExtraConfig: {get_param: ExtraConfig}
Flavor: {get_param: OvercloudComputeFlavor}
GlanceHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- Image: {get_param: NovaImage}
- ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
- KeyName: {get_param: KeyName}
KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
NeutronPassword: {get_param: NeutronPassword}
@@ -779,7 +611,6 @@ resources:
'%stackname%': {get_param: 'OS::stack_name'}
CloudDomain: {get_param: CloudDomain}
ServerMetadata: {get_param: ServerMetadata}
- SchedulerHints: {get_param: NovaComputeSchedulerHints}
NodeIndex: '%index%'
ServiceConfigSettings: {get_attr: [ComputeServiceChain, role_data, config_settings]}
ServiceNames: {get_attr: [ComputeServiceChain, role_data, service_names]}
@@ -799,8 +630,6 @@ resources:
resource_def:
type: OS::TripleO::BlockStorage
properties:
- Image: {get_param: BlockStorageImage}
- KeyName: {get_param: KeyName}
Flavor: {get_param: OvercloudBlockStorageFlavor}
UpdateIdentifier: {get_param: UpdateIdentifier}
Hostname:
@@ -813,7 +642,6 @@ resources:
BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig}
CloudDomain: {get_param: CloudDomain}
ServerMetadata: {get_param: ServerMetadata}
- SchedulerHints: {get_param: BlockStorageSchedulerHints}
NodeIndex: '%index%'
ServiceConfigSettings: {get_attr: [BlockStorageServiceChain, role_data, config_settings]}
ServiceNames: {get_attr: [BlockStorageServiceChain, role_data, service_names]}
@@ -833,10 +661,8 @@ resources:
resource_def:
type: OS::TripleO::ObjectStorage
properties:
- KeyName: {get_param: KeyName}
Flavor: {get_param: OvercloudSwiftStorageFlavor}
HashSuffix: {get_param: SwiftHashSuffix}
- Image: {get_param: SwiftStorageImage}
UpdateIdentifier: {get_param: UpdateIdentifier}
ServiceNetMap: {get_param: ServiceNetMap}
Hostname:
@@ -848,7 +674,6 @@ resources:
ObjectStorageExtraConfig: {get_param: ObjectStorageExtraConfig}
CloudDomain: {get_param: CloudDomain}
ServerMetadata: {get_param: ServerMetadata}
- SchedulerHints: {get_param: ObjectStorageSchedulerHints}
NodeIndex: '%index%'
ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, role_data, config_settings]}
ServiceNames: {get_attr: [ObjectStorageServiceChain, role_data, service_names]}
@@ -868,8 +693,6 @@ resources:
resource_def:
type: OS::TripleO::CephStorage
properties:
- Image: {get_param: CephStorageImage}
- KeyName: {get_param: KeyName}
Flavor: {get_param: OvercloudCephStorageFlavor}
ServiceNetMap: {get_param: ServiceNetMap}
UpdateIdentifier: {get_param: UpdateIdentifier}
@@ -882,7 +705,6 @@ resources:
CephStorageExtraConfig: {get_param: CephStorageExtraConfig}
CloudDomain: {get_param: CloudDomain}
ServerMetadata: {get_param: ServerMetadata}
- SchedulerHints: {get_param: CephStorageSchedulerHints}
NodeIndex: '%index%'
ServiceConfigSettings: {get_attr: [CephStorageServiceChain, role_data, config_settings]}
ServiceNames: {get_attr: [CephStorageServiceChain, role_data, service_names]}
@@ -935,6 +757,7 @@ resources:
glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
cinder_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
+ manila_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
neutron_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
@@ -1058,6 +881,7 @@ resources:
heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
redis_vip: {get_attr: [RedisVirtualIP, ip_address]}
+ manila_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
# direct configuration of Virtual IPs for each network
@@ -1293,6 +1117,9 @@ outputs:
KeystoneInternalVip:
description: VIP for Keystone API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+ ManilaInternalVip:
+ description: VIP for Manila API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
NeutronInternalVip:
description: VIP for Neutron API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index db8bb450..793b17dd 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -40,6 +40,8 @@ parameters:
type: comma_delimited_list
cinder_api_node_ips:
type: comma_delimited_list
+ manila_api_node_ips:
+ type: comma_delimited_list
neutron_api_node_ips:
type: comma_delimited_list
keystone_public_api_node_ips:
@@ -238,6 +240,14 @@ resources:
list_join:
- "','"
- {get_param: cinder_api_node_ips}
+ manila_api_node_ips:
+ str_replace:
+ template: "['SERVERS_LIST']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "','"
+ - {get_param: manila_api_node_ips}
neutron_api_node_ips:
str_replace:
template: "['SERVERS_LIST']"
@@ -310,6 +320,7 @@ resources:
aodh::rabbit_hosts: *rabbit_nodes_array
cinder::rabbit_hosts: *rabbit_nodes_array
glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array
+ manila::rabbit_hosts: *rabbit_nodes_array
heat::rabbit_hosts: *rabbit_nodes_array
neutron::rabbit_hosts: *rabbit_nodes_array
nova::rabbit_hosts: *rabbit_nodes_array
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index 77ca4dc6..2f007536 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -6,9 +6,9 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- Image:
+ CephStorageImage:
type: string
- default: overcloud-ceph-storage
+ default: overcloud-full
constraints:
- custom_constraint: glance.image
ImageUpdatePolicy:
@@ -81,7 +81,7 @@ parameters:
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
- SchedulerHints:
+ CephStorageSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
@@ -106,7 +106,7 @@ resources:
os-collect-config:
command: {get_param: ConfigCommand}
properties:
- image: {get_param: Image}
+ image: {get_param: CephStorageImage}
image_update_policy: {get_param: ImageUpdatePolicy}
flavor: {get_param: Flavor}
key_name: {get_param: KeyName}
@@ -120,7 +120,7 @@ resources:
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
- scheduler_hints: {get_param: SchedulerHints}
+ scheduler_hints: {get_param: CephStorageSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
@@ -256,7 +256,6 @@ resources:
- ceph
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - common
- network
merge_behavior: deeper
datafiles:
@@ -265,8 +264,6 @@ resources:
service_names: {get_param: ServiceNames}
service_configs:
mapped_data: {get_param: ServiceConfigSettings}
- common:
- raw_data: {get_file: hieradata/common.yaml}
network:
mapped_data:
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index edd81b9d..28f16866 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -1,9 +1,11 @@
heat_template_version: 2015-04-30
description: 'OpenStack cinder storage configured by Puppet'
parameters:
- Image:
- default: overcloud-cinder-volume
+ BlockStorageImage:
+ default: overcloud-full
type: string
+ constraints:
+ - custom_constraint: glance.image
ExtraConfig:
default: {}
description: |
@@ -81,7 +83,7 @@ parameters:
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
- SchedulerHints:
+ BlockStorageSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
@@ -107,7 +109,7 @@ resources:
command: {get_param: ConfigCommand}
properties:
image:
- {get_param: Image}
+ {get_param: BlockStorageImage}
flavor: {get_param: Flavor}
key_name: {get_param: KeyName}
networks:
@@ -120,7 +122,7 @@ resources:
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
- scheduler_hints: {get_param: SchedulerHints}
+ scheduler_hints: {get_param: BlockStorageSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
@@ -261,7 +263,6 @@ resources:
- volume
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - common
- network
merge_behavior: deeper
datafiles:
@@ -270,8 +271,6 @@ resources:
service_names: {get_param: ServiceNames}
service_configs:
mapped_data: {get_param: ServiceConfigSettings}
- common:
- raw_data: {get_file: hieradata/common.yaml}
network:
mapped_data:
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index 0e029162..1ae55cd3 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -48,9 +48,9 @@ parameters:
GlanceHost:
type: string
default: '' # Has to be here because of the ignored empty value bug
- Image:
+ NovaImage:
type: string
- default: overcloud-compute
+ default: overcloud-full
constraints:
- custom_constraint: glance.image
ImageUpdatePolicy:
@@ -205,7 +205,7 @@ parameters:
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
- SchedulerHints:
+ NovaComputeSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
@@ -228,8 +228,7 @@ resources:
os-collect-config:
command: {get_param: ConfigCommand}
properties:
- image:
- {get_param: Image}
+ image: {get_param: NovaImage}
image_update_policy:
get_param: ImageUpdatePolicy
flavor: {get_param: Flavor}
@@ -244,7 +243,7 @@ resources:
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
- scheduler_hints: {get_param: SchedulerHints}
+ scheduler_hints: {get_param: NovaComputeSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
@@ -371,7 +370,6 @@ resources:
- ceph
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - common
- network
- neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
@@ -389,8 +387,6 @@ resources:
mapped_data: {get_param: NovaComputeExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- common:
- raw_data: {get_file: hieradata/common.yaml}
network:
mapped_data:
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 679fd90b..93ba4760 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -117,9 +117,9 @@ parameters:
description: Secret key for Django
type: string
hidden: true
- Image:
+ controllerImage:
type: string
- default: overcloud-control
+ default: overcloud-full
constraints:
- custom_constraint: glance.image
ImageUpdatePolicy:
@@ -311,7 +311,7 @@ parameters:
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
- SchedulerHints:
+ ControllerSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
@@ -340,7 +340,7 @@ resources:
os-collect-config:
command: {get_param: ConfigCommand}
properties:
- image: {get_param: Image}
+ image: {get_param: controllerImage}
image_update_policy: {get_param: ImageUpdatePolicy}
flavor: {get_param: Flavor}
key_name: {get_param: KeyName}
@@ -354,7 +354,7 @@ resources:
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
- scheduler_hints: {get_param: SchedulerHints}
+ scheduler_hints: {get_param: ControllerSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
@@ -525,7 +525,6 @@ resources:
neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
- aodh_password: {get_param: AodhPassword}
aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
@@ -537,15 +536,6 @@ resources:
- '@'
- {get_param: RedisVirtualIPUri}
- ':6379/'
- aodh_dsn:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://aodh:'
- - {get_param: AodhPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/aodh'
gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
@@ -586,6 +576,7 @@ resources:
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
keystone_region: {get_param: KeystoneRegion}
+ manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
@@ -627,7 +618,6 @@ resources:
- service_configs
- service_names
- controller
- - database
- object
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- ceph_cluster # provided by CephClusterConfig
@@ -636,7 +626,6 @@ resources:
- all_nodes # provided by allNodesConfig
- vip_data # provided by vip-config
- '"%{::osfamily}"'
- - common
- network
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
@@ -659,8 +648,6 @@ resources:
- {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- common:
- raw_data: {get_file: hieradata/common.yaml}
network:
mapped_data:
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
@@ -672,8 +659,6 @@ resources:
ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
ceph::profile::params::public_network: {get_input: ceph_public_network}
ceph::profile::params::public_addr: {get_input: ceph_public_ip}
- database:
- raw_data: {get_file: hieradata/database.yaml}
object:
raw_data: {get_file: hieradata/object.yaml}
controller:
@@ -723,6 +708,9 @@ resources:
keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
+ # Manila
+ manila::api::bind_host: {get_input: manila_api_network}
+
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
@@ -747,36 +735,15 @@ resources:
neutron::keystone::auth::password: {get_input: neutron_password }
neutron::keystone::auth::region: {get_input: keystone_region}
+ # Aodh
+ aodh::api::host: {get_input: aodh_api_network}
+ aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
+
# Ceilometer
ceilometer::api::host: {get_input: ceilometer_api_network}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
- # Aodh
- aodh_mysql_conn_string: {get_input: aodh_dsn}
- aodh::rabbit_userid: {get_input: rabbit_username}
- aodh::rabbit_password: {get_input: rabbit_password}
- aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- aodh::rabbit_port: {get_input: rabbit_client_port}
- aodh::debug: {get_input: debug}
- aodh::wsgi::apache::ssl: false
- aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
- aodh::api::service_name: 'httpd'
- aodh::api::host: {get_input: aodh_api_network}
- aodh::api::keystone_password: {get_input: aodh_password}
- aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
- aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
- aodh::auth::auth_url: {get_input: keystone_auth_uri}
- aodh::auth::auth_password: {get_input: aodh_password}
- aodh::db::mysql::password: {get_input: aodh_password}
- # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
- aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
- aodh::keystone::auth::public_url: {get_input: aodh_public_url }
- aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
- aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
- aodh::keystone::auth::password: {get_input: aodh_password }
- aodh::keystone::auth::region: {get_input: keystone_region}
-
# Gnocchi
gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
gnocchi::api::host: {get_input: gnocchi_api_network}
@@ -818,6 +785,9 @@ resources:
horizon::bind_address: {get_input: horizon_network}
horizon::keystone_url: {get_input: keystone_auth_uri}
+ # Sahara
+ sahara::host: {get_input: sahara_api_network}
+
# RabbitMQ
rabbitmq::node_ip_address: {get_input: rabbitmq_network}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml
index ccb41cc4..c8c5804b 100644
--- a/puppet/hieradata/ceph.yaml
+++ b/puppet/hieradata/ceph.yaml
@@ -1,9 +1,2 @@
-ceph::profile::params::osd_pool_default_pg_num: 32
-ceph::profile::params::osd_pool_default_pgp_num: 32
-ceph::profile::params::osd_pool_default_size: 3
-ceph::profile::params::osd_pool_default_min_size: 1
-ceph::profile::params::osds: {/srv/data: {}}
-ceph::profile::params::manage_repo: false
-ceph::profile::params::authentication_type: cephx
-
+# Do not add hieradata in this file, and use composable services.
ceph_classes: []
diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
deleted file mode 100644
index 3bda874f..00000000
--- a/puppet/hieradata/common.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-# TODO(emilien) move it to composable aodh roles later
-aodh::auth::auth_region: 'regionOne'
-aodh::auth::auth_tenant_name: 'service'
diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
index 219f0d0a..54b3d412 100644
--- a/puppet/hieradata/compute.yaml
+++ b/puppet/hieradata/compute.yaml
@@ -1,3 +1,3 @@
-# Hiera data here applies to all compute nodes
+# Do not add hieradata in this file, and use composable services.
compute_classes: []
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 71c53b47..d18e0bc9 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -1,16 +1,3 @@
-# Hiera data here applies to all controller nodes
-
-# TODO(emilien) move it to composable aodh roles later
-aodh::api::keystone_tenant: 'service'
-aodh::keystone::auth::tenant: 'service'
-
-# TODO(emilien) move it to composable roles later
-# Already WIP with https://review.openstack.org/330785
-# and https://review.openstack.org/338527
-tripleo::firewall::firewall_rules:
- '128 aodh':
- dport:
- - 8042
- - 13042
+# Do not add hieradata in this file, and use composable services.
controller_classes: []
diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml
deleted file mode 100644
index d93817e7..00000000
--- a/puppet/hieradata/database.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-# Aodh
-# TODO(emilien) move it to composable aodh roles later
-aodh::db::mysql::user: aodh
-aodh::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
-aodh::db::mysql::dbname: aodh
-aodh::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/hieradata/object.yaml b/puppet/hieradata/object.yaml
index da526e39..5aa0cfb6 100644
--- a/puppet/hieradata/object.yaml
+++ b/puppet/hieradata/object.yaml
@@ -1,2 +1,3 @@
-# Hiera data for swift storage nodes
+# Do not add hieradata in this file, and use composable services.
+
object_classes: []
diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml
index dd0582fa..42b85e1a 100644
--- a/puppet/hieradata/volume.yaml
+++ b/puppet/hieradata/volume.yaml
@@ -1,3 +1,3 @@
-# Hiera data here applies to all volume storage nodes
+# Do not add hieradata in this file, and use composable services.
volume_classes: []
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 3778271c..69e48e95 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -16,42 +16,8 @@
include ::tripleo::packages
include ::tripleo::firewall
-if hiera('step') >= 2 {
- # FIXME: this should only occur on the bootstrap host (ditto for db syncs)
- # Create all the database schemas
- include ::aodh::db::mysql
-
-} #END STEP 2
-
if hiera('step') >= 4 {
-
- $nova_ipv6 = hiera('nova::use_ipv6', false)
- if $nova_ipv6 {
- $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
- } else {
- $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211')
- }
-
- class { '::nova' :
- memcached_servers => $memcached_servers
- }
- include ::nova::config
-
- # Aodh
- class { '::aodh' :
- database_connection => hiera('aodh_mysql_conn_string'),
- }
- include ::aodh::db::sync
- include ::aodh::auth
- include ::aodh::api
- include ::aodh::wsgi::apache
- include ::aodh::evaluator
- include ::aodh::notifier
- include ::aodh::listener
- include ::aodh::client
-
hiera_include('controller_classes')
-
} #END STEP 4
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index ca24c443..0aec972d 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -13,16 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-# TODO(jistr): use pcs resource provider instead of just no-ops
-Service <|
- tag == 'aodh-service'
-|> {
- hasrestart => true,
- restart => '/bin/true',
- start => '/bin/true',
- stop => '/bin/true',
-}
-
include ::tripleo::packages
include ::tripleo::firewall
@@ -34,158 +24,9 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) {
$sync_db = false
}
-if hiera('step') >= 2 {
- if $pacemaker_master {
- class { '::aodh::db::mysql':
- require => Exec['galera-ready'],
- }
- }
-} #END STEP 2
-
if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
- $nova_ipv6 = hiera('nova::use_ipv6', false)
- if $nova_ipv6 {
- $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
- } else {
- $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211')
- }
-
- class { '::nova' :
- memcached_servers => $memcached_servers
- }
-
- include ::nova::config
-
- # Aodh
- class { '::aodh' :
- database_connection => hiera('aodh_mysql_conn_string'),
- }
- include ::aodh::config
- include ::aodh::auth
- include ::aodh::client
- include ::aodh::wsgi::apache
- class { '::aodh::api':
- manage_service => false,
- enabled => false,
- service_name => 'httpd',
- }
- class { '::aodh::evaluator':
- manage_service => false,
- enabled => false,
- }
- class { '::aodh::notifier':
- manage_service => false,
- enabled => false,
- }
- class { '::aodh::listener':
- manage_service => false,
- enabled => false,
- }
-
hiera_include('controller_classes')
-
} #END STEP 4
-if hiera('step') >= 5 {
- if $pacemaker_master {
-
- pacemaker::constraint::base { 'openstack-core-then-httpd-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::apache::params::service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::apache::params::service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
-
- # Fedora doesn't know `require-all` parameter for constraints yet
- if $::operatingsystem == 'Fedora' {
- $redis_aodh_constraint_params = undef
- } else {
- $redis_aodh_constraint_params = 'require-all=false'
- }
- pacemaker::constraint::base { 'redis-then-aodh-evaluator-constraint':
- constraint_type => 'order',
- first_resource => 'redis-master',
- second_resource => "${::aodh::params::evaluator_service_name}-clone",
- first_action => 'promote',
- second_action => 'start',
- constraint_params => $redis_aodh_constraint_params,
- require => [Pacemaker::Resource::Ocf['redis'],
- Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name]],
- }
- # Aodh
- pacemaker::resource::service { $::aodh::params::evaluator_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::aodh::params::notifier_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::aodh::params::listener_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint':
- constraint_type => 'order',
- first_resource => "${::aodh::params::evaluator_service_name}-clone",
- second_resource => "${::aodh::params::notifier_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]],
- }
- pacemaker::constraint::colocation { 'aodh-notifier-with-aodh-evaluator-colocation':
- source => "${::aodh::params::notifier_service_name}-clone",
- target => "${::aodh::params::evaluator_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]],
- }
- pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint':
- constraint_type => 'order',
- first_resource => "${::aodh::params::evaluator_service_name}-clone",
- second_resource => "${::aodh::params::listener_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
- }
- pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation':
- source => "${::aodh::params::listener_service_name}-clone",
- target => "${::aodh::params::evaluator_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
- }
-
- #VSM
- if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- pacemaker::resource::ocf { 'vsm-p' :
- ocf_agent_name => 'heartbeat:VirtualDomain',
- resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml',
- require => Class['n1k_vsm'],
- meta_params => 'resource-stickiness=INFINITY',
- }
- if str2bool(hiera('n1k_vsm::pacemaker_control', true)) {
- pacemaker::resource::ocf { 'vsm-s' :
- ocf_agent_name => 'heartbeat:VirtualDomain',
- resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml',
- require => Class['n1k_vsm'],
- meta_params => 'resource-stickiness=INFINITY',
- }
- pacemaker::constraint::colocation { 'vsm-colocation-contraint':
- source => 'vsm-p',
- target => 'vsm-s',
- score => '-INFINITY',
- require => [Pacemaker::Resource::Ocf['vsm-p'],
- Pacemaker::Resource::Ocf['vsm-s']],
- }
- }
- }
-
- }
-
-} #END STEP 5
-
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')])
package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
new file mode 100644
index 00000000..ab51212c
--- /dev/null
+++ b/puppet/services/aodh-api.yaml
@@ -0,0 +1,37 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Aodh API service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ AodhBase:
+ type: ./aodh-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh API service.
+ value:
+ service_name: aodh_api
+ config_settings:
+ map_merge:
+ - get_attr: [AodhBase, role_data, config_settings]
+ - aodh::wsgi::apache::ssl: false
+ aodh::api::service_name: 'httpd'
+ aodh::api::keystone_tenant: 'service'
+ - tripleo.aodh_api.firewall_rules:
+ '128 aodh-api':
+ dport:
+ - 8042
+ - 13042
+
+ step_config: |
+ include tripleo::profile::base::aodh::api
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
new file mode 100644
index 00000000..30c3f416
--- /dev/null
+++ b/puppet/services/aodh-base.yaml
@@ -0,0 +1,94 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Aodh service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ AodhPassword:
+ description: The password for the aodh services.
+ type: string
+ hidden: true
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+outputs:
+ role_data:
+ description: Role data for the Aodh role.
+ value:
+ service_name: aodh_base
+ config_settings:
+ aodh::evaluator::coordination_url:
+ list_join:
+ - ''
+ - - 'redis://:'
+ - {get_param: RedisPassword}
+ - '@'
+ - "%{hiera('redis_vip')}"
+ - ':6379/'
+ aodh::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://aodh:'
+ - {get_param: AodhPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/aodh'
+ aodh::debug: {get_param: Debug}
+ aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ aodh::rabbit_userid: {get_param: RabbitUserName}
+ aodh::rabbit_password: {get_param: RabbitPassword}
+ aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ aodh::rabbit_port: {get_param: RabbitClientPort}
+ aodh::api::keystone_password: {get_param: AodhPassword}
+ aodh::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ aodh::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ aodh::auth::auth_password: {get_param: AodhPassword}
+ aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
+ aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
+ aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
+ aodh::keystone::auth::password: {get_param: AodhPassword}
+ aodh::keystone::auth::region: {get_param: KeystoneRegion}
+ aodh::keystone::auth::tenant: 'service'
+ aodh::db::mysql::user: aodh
+ aodh::db::mysql::password: {get_param: AodhPassword}
+ aodh::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
+ aodh::db::mysql::dbname: aodh
+ aodh::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ aodh::auth::auth_region: 'regionOne'
+ aodh::auth::auth_tenant_name: 'service'
diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml
new file mode 100644
index 00000000..103f691a
--- /dev/null
+++ b/puppet/services/aodh-evaluator.yaml
@@ -0,0 +1,27 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Aodh Evaluator service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ AodhBase:
+ type: ./aodh-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh Evaluator service.
+ value:
+ service_name: aodh_evaluator
+ config_settings:
+ get_attr: [AodhBase, role_data, config_settings]
+ step_config: |
+ include tripleo::profile::base::aodh::evaluator
diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml
new file mode 100644
index 00000000..01caf8b5
--- /dev/null
+++ b/puppet/services/aodh-listener.yaml
@@ -0,0 +1,27 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Aodh Listener service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ AodhBase:
+ type: ./aodh-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh Listener service.
+ value:
+ service_name: aodh_listener
+ config_settings:
+ get_attr: [AodhBase, role_data, config_settings]
+ step_config: |
+ include tripleo::profile::base::aodh::listener
diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml
new file mode 100644
index 00000000..de07f780
--- /dev/null
+++ b/puppet/services/aodh-notifier.yaml
@@ -0,0 +1,27 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Aodh Notifier service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ AodhBase:
+ type: ./aodh-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh Notifier service.
+ value:
+ service_name: aodh_notifier
+ config_settings:
+ get_attr: [AodhBase, role_data, config_settings]
+ step_config: |
+ include tripleo::profile::base::aodh::notifier
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index db5a82b1..5342cefb 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -83,7 +83,7 @@ outputs:
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents}
- ceilometer::agent::auth::auth_region: 'regionOne'
+ ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion}
ceilometer::agent::auth::auth_tenant_name: 'service'
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
ceilometer::db::mysql::password: {get_param: CeilometerPassword}
@@ -109,3 +109,5 @@ outputs:
- '%'
- "%{hiera('mysql_bind_host')}"
ceilometer::rabbit_heartbeat_timeout_threshold: 60
+ ceilometer::db::database_db_max_retries: -1
+ ceilometer::db::database_max_retries: -1
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml
index bec4340e..bce52f36 100644
--- a/puppet/services/ceph-base.yaml
+++ b/puppet/services/ceph-base.yaml
@@ -58,6 +58,13 @@ outputs:
config_settings:
tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6}
tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
+ ceph::profile::params::osd_pool_default_pg_num: 32
+ ceph::profile::params::osd_pool_default_pgp_num: 32
+ ceph::profile::params::osd_pool_default_size: 3
+ ceph::profile::params::osd_pool_default_min_size: 1
+ ceph::profile::params::osds: {/srv/data: {}}
+ ceph::profile::params::manage_repo: false
+ ceph::profile::params::authentication_type: cephx
ceph::profile::params::fsid: {get_param: CephClusterFSID}
ceph::profile::params::client_keys:
str_replace:
diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml
index b224cd65..d923e7c6 100644
--- a/puppet/services/cinder-base.yaml
+++ b/puppet/services/cinder-base.yaml
@@ -67,3 +67,5 @@ outputs:
cinder::keystone::auth::tenant: 'service'
cinder::host: hostgroup
cinder::cron::db_purge::destination: '/dev/null'
+ cinder::db::database_db_max_retries: -1
+ cinder::db::database_max_retries: -1
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index b0eeadeb..99065789 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -85,6 +85,7 @@ outputs:
params:
REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
glance::api::keystone_password: {get_param: GlancePassword}
+ glance::api::enable_proxy_headers_parsing: true
glance::api::debug: {get_param: Debug}
glance::api::workers: {get_param: GlanceWorkers}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
@@ -105,6 +106,8 @@ outputs:
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
glance::keystone::auth::password: {get_param: GlancePassword }
+ glance::registry::db::database_db_max_retries: -1
+ glance::registry::db::database_max_retries: -1
tripleo.glance_api.firewall_rules:
'112 glance_api':
dport:
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
index 5ad4bb9a..40d18191 100644
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@@ -50,6 +50,8 @@ outputs:
glance::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ glance::registry::db::database_db_max_retries: -1
+ glance::registry::db::database_max_retries: -1
tripleo.glance_registry.firewall_rules:
'112 glance_registry':
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index 5c1e015e..a408d5d7 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -30,6 +30,10 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
outputs:
aux_parameters:
@@ -52,7 +56,7 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/gnocchi'
- gnocchi::keystone::auth::region: 'regionOne'
+ gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
gnocchi::keystone::auth::tenant: 'service'
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
@@ -90,5 +94,5 @@ outputs:
gnocchi::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
- gnocchi::auth::auth_region: 'regionOne'
+ gnocchi::auth::auth_region: {get_param: KeystoneRegion}
gnocchi::auth::auth_tenant_name: 'service'
diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml
index c40136f5..01f2a51b 100644
--- a/puppet/services/heat-base.yaml
+++ b/puppet/services/heat-base.yaml
@@ -56,3 +56,5 @@ outputs:
heat::cron::purge_deleted::age_type: 'days'
heat::cron::purge_deleted::maxdelay: 3600
heat::cron::purge_deleted::destination: '/dev/null'
+ heat::db::database_db_max_retries: -1
+ heat::db::database_max_retries: -1
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 48e74875..d45ed86e 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -4,24 +4,11 @@ description: >
OpenStack Keystone service configured with Puppet
parameters:
- KeystoneCACertificate:
- default: ''
- description: Keystone self-signed certificate authority certificate.
- type: string
KeystoneEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Keystone database.
type: boolean
- KeystoneSigningCertificate:
- default: ''
- description: Keystone certificate for verifying token validity.
- type: string
- KeystoneSigningKey:
- default: ''
- description: Keystone key for signing tokens.
- type: string
- hidden: true
KeystoneSSLCertificate:
default: ''
description: Keystone certificate for verifying token validity.
@@ -105,11 +92,9 @@ outputs:
- '/keystone'
keystone::admin_token: {get_param: AdminToken}
keystone::roles::admin::password: {get_param: AdminPassword}
- keystone_ca_certificate: {get_param: KeystoneCACertificate}
- keystone_signing_key: {get_param: KeystoneSigningKey}
- keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::enable_proxy_headers_parsing: true
keystone::debug: {get_param: Debug}
keystone::db::mysql::password: {get_param: AdminToken}
keystone::rabbit_userid: {get_param: RabbitUserName}
@@ -138,8 +123,6 @@ outputs:
keystone::roles::admin::admin_tenant: 'admin'
keystone::cron::token_flush::destination: '/dev/null'
keystone::config::keystone_config:
- DEFAULT/secure_proxy_ssl_header:
- value: 'HTTP_X_FORWARDED_PROTO'
ec2/driver:
value: 'keystone.contrib.ec2.backends.sql.Ec2'
keystone::service_name: 'httpd'
@@ -148,6 +131,8 @@ outputs:
keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
# override via extraconfig:
keystone::wsgi::apache::threads: 1
+ keystone::db::database_db_max_retries: -1
+ keystone::db::database_max_retries: -1
tripleo.keystone.firewall_rules:
'111 keystone':
dport:
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
new file mode 100644
index 00000000..ccae4467
--- /dev/null
+++ b/puppet/services/manila-api.yaml
@@ -0,0 +1,46 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Manila-api service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ManilaPassword:
+ description: The password for the manila service account.
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+resources:
+ ManilaBase:
+ type: ./manila-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Manila-api role.
+ value:
+ service_name: manila_api
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - manila::api::keystone_password: {get_param: ManilaPassword}
+ manila::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::api::keystone_auth_host: {get_param: [EndpointMap, ManilaInternal, host]}
+ manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaPublic, uri]}
+ manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaInternal, uri]}
+ manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaAdmin, uri]}
+ manila::keystone::auth::password: {get_param: ManilaPassword }
+ manila::keystone::auth::region: {get_param: KeystoneRegion }
+ manila::api::keystone_tenant: 'service'
+ step_config: |
+ include ::tripleo::profile::base::manila::api
+
diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml
new file mode 100644
index 00000000..c156379b
--- /dev/null
+++ b/puppet/services/manila-base.yaml
@@ -0,0 +1,119 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Manila base service. Shared by manila-api/scheduler/share services
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ # Config specific parameters, to be provided via parameter_defaults
+ ManilaGenericEnableBackend:
+ type: boolean
+ default: true
+ ManilaGenericBackendName:
+ type: string
+ default: tripleo_generic
+ ManilaGenericDriverHandlesShareServers:
+ type: string
+ default: true
+ ManilaGenericSmbTemplateConfigPath:
+ type: string
+ default: '$state_path/smb.conf'
+ ManilaGenericVolumeNameTemplate:
+ type: string
+ default: 'manila-share-%s'
+ ManilaGenericVolumeSnapshotNameTemplate:
+ type: string
+ default: 'manila-snapshot-%s'
+ ManilaGenericShareMountPath:
+ type: string
+ default: '/shares'
+ ManilaGenericMaxTimeToCreateVolume:
+ type: string
+ default: '180'
+ ManilaGenericMaxTimeToAttach:
+ type: string
+ default: '120'
+ ManilaGenericServiceInstanceSmbConfigPath:
+ type: string
+ default: '$share_mount_path/smb.conf'
+ ManilaGenericShareVolumeFsType:
+ type: string
+ default: 'ext4'
+ ManilaGenericCinderVolumeType:
+ type: string
+ default: ''
+ ManilaGenericServiceInstanceUser:
+ type: string
+ default: ''
+ ManilaGenericServiceInstancePassword: #SET THIS via parameter_defaults
+ type: string
+ hidden: true
+ ManilaGenericServiceInstanceFlavorId:
+ type: number
+ default: 1
+ ManilaGenericServiceNetworkCidr:
+ type: string
+ default: '172.16.0.0/16'
+
+outputs:
+ role_data:
+ description: Role data for the Manila Base service.
+ value:
+ service_name: manila_base
+ config_settings:
+ manila::rabbit_userid: {get_param: RabbitUserName}
+ manila::rabbit_password: {get_param: RabbitPassword}
+ manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ manila::rabbit_port: {get_param: RabbitClientPort}
+ manila::debug: {get_param: Debug}
+ manila::db::mysql::user: manila
+ manila::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
+ manila::db::mysql::dbname: manila
+ manila::db::database_db_max_retries: -1
+ manila::db::database_max_retries: -1
+ manila_generic_enable_backend: {get_param: ManilaGenericEnableBackend}
+ manila::backend::generic::title: {get_param: ManilaGenericBackendName}
+ manila::backend::generic::driver_handles_share_servers: {get_param: ManilaGenericDriverHandlesShareServers}
+ manila::backend::generic::smb_template_config_path: {get_param: ManilaGenericSmbTemplateConfigPath}
+ manila::backend::generic::volume_name_template: {get_param: ManilaGenericVolumeNameTemplate}
+ manila::backend::generic::volume_snapshot_name_template: {get_param: ManilaGenericVolumeSnapshotNameTemplate}
+ manila::backend::generic::share_mount_path: {get_param: ManilaGenericShareMountPath}
+ manila::backend::generic::max_time_to_create_volume: {get_param: ManilaGenericMaxTimeToCreateVolume}
+ manila::backend::generic::max_time_to_attach: {get_param: ManilaGenericMaxTimeToAttach}
+ manila::backend::generic::service_instance_smb_config_path: {get_param: ManilaGenericServiceInstanceSmbConfigPath}
+ manila::backend::generic::share_volume_fstype: {get_param: ManilaGenericShareVolumeFsType}
+ manila::backend::generic::cinder_volume_type: {get_param: ManilaGenericCinderVolumeType}
+ manila::service_instance::service_instance_user: {get_param: ManilaGenericServiceInstanceUser}
+ manila::service_instance::service_instance_password: {get_param: ManilaGenericServiceInstancePassword}
+ manila::service_instance::service_instance_flavor_id: {get_param: ManilaGenericServiceInstanceFlavorId}
+ manila::service_instance::service_network_cidr: {get_param: ManilaGenericServiceNetworkCidr}
+ manila::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+
diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml
new file mode 100644
index 00000000..b1d55a05
--- /dev/null
+++ b/puppet/services/manila-scheduler.yaml
@@ -0,0 +1,57 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Manila-scheduler service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaPassword:
+ type: string
+ description: The password for the nova service and db account, used by nova-api.
+ hidden: true
+ NeutronPassword:
+ description: The password for the neutron service and db account, used by neutron agents.
+ type: string
+ hidden: true
+ ManilaPassword:
+ description: The password for the manila service account.
+ type: string
+ hidden: true
+
+resources:
+ ManilaBase:
+ type: ./manila-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Manila-scheduler role.
+ value:
+ service_name: manila_scheduler
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::compute::nova::nova_admin_password: {get_param: NovaPassword}
+ manila::compute::nova::nova_admin_tenant_name: 'service'
+ manila::db::mysql::password: {get_param: ManilaPassword}
+ manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]}
+ manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword}
+ manila::sql_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://manila:'
+ - {get_param: ManilaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/manila'
+ step_config: |
+ include ::tripleo::profile::base::manila::scheduler
+
diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml
new file mode 100644
index 00000000..20f36aa3
--- /dev/null
+++ b/puppet/services/manila-share.yaml
@@ -0,0 +1,29 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Manila-share service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ ManilaBase:
+ type: ./manila-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Manila-share role.
+ value:
+ service_name: manila_share
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - manila::volume::cinder::cinder_admin_tenant_name: 'service'
+ step_config: |
+ include ::tripleo::profile::base::manila::share
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index c1134824..3f8ac7e8 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -65,3 +65,5 @@ outputs:
neutron::rabbit_heartbeat_timeout_threshold: 60
neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed
neutron::keystone::auth::tenant: 'service'
+ neutron::db::database_db_max_retries: -1
+ neutron::db::database_max_retries: -1
diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml
new file mode 100644
index 00000000..f10b5922
--- /dev/null
+++ b/puppet/services/neutron-l3-compute-dvr.yaml
@@ -0,0 +1,37 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron L3 agent for DVR enabled compute nodes
+ configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ Debug:
+ type: string
+ default: ''
+ NeutronExternalNetworkBridge:
+ description: Name of bridge used for external network traffic.
+ type: string
+ default: 'br-ex'
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+
+outputs:
+ role_data:
+ description: Role data for DVR L3 Agent on Compute Nodes
+ value:
+ service_name: neutron_l3_compute_dvr
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
+ neutron::agents::l3::agent_mode : 'dvr'
+ step_config: |
+ include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index a7232a39..ede41935 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -16,6 +16,15 @@ parameters:
description: Name of bridge used for external network traffic.
type: string
default: 'br-ex'
+ NeutronL3AgentMode:
+ description: |
+ Agent mode for L3 agent. Must be one of legacy or dvr_snat.
+ default: 'legacy'
+ type: string
+ constraints:
+ - allowed_values:
+ - legacy
+ - dvr_snat
resources:
@@ -32,5 +41,6 @@ outputs:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
neutron::agents::l3::router_delete_namespaces: True
+ neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode}
step_config: |
include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index d8679f2e..7a97cd84 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -37,6 +37,11 @@ parameters:
description: |
Comma-separated list of extensions enabled for the Neutron agents.
type: comma_delimited_list
+ NeutronEnableDVR:
+ default: False
+ description: |
+ Enable support for distributed routing in the OVS Agent.
+ type: boolean
resources:
@@ -53,6 +58,7 @@ outputs:
- get_attr: [NeutronBase, role_data, config_settings]
neutron::agents::ml2::ovs::enable_tunneling: {get_param: NeutronEnableTunnelling}
neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
+ neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
neutron::agents::ml2::ovs::bridge_mappings:
str_replace:
template: MAPPINGS
diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml
index 5ae699d5..5488bed7 100644
--- a/puppet/services/neutron-plugin-plumgrid.yaml
+++ b/puppet/services/neutron-plugin-plumgrid.yaml
@@ -90,7 +90,7 @@ outputs:
- {get_param: NeutronPassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- - '/ovs_neutron?charset=utf8'
+ - '/ovs_neutron'
neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]}
neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword}
neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml
index 017fbea4..d64fd66d 100644
--- a/puppet/services/neutron-server.yaml
+++ b/puppet/services/neutron-server.yaml
@@ -29,6 +29,10 @@ parameters:
description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
+ NeutronEnableDVR:
+ description: Enable Neutron DVR.
+ default: false
+ type: boolean
resources:
@@ -51,7 +55,7 @@ outputs:
- {get_param: NeutronPassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- - '/ovs_neutron?charset=utf8'
+ - '/ovs_neutron'
neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
neutron::server::auth_tenant: 'service'
@@ -85,5 +89,6 @@ outputs:
dport: 4789
'106 vrrp':
proto: vrrp
+ neutron::server::router_distributed: {get_param: NeutronEnableDVR}
step_config: |
include tripleo::profile::base::neutron::server
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index 21dbacd2..e3379821 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -101,3 +101,5 @@ outputs:
nova::db::mysql_api::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ nova::db::database_db_max_retries: -1
+ nova::db::database_max_retries: -1
diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml
index 811a6697..c450530b 100644
--- a/puppet/services/pacemaker/haproxy.yaml
+++ b/puppet/services/pacemaker/haproxy.yaml
@@ -27,5 +27,6 @@ outputs:
- tripleo::haproxy::haproxy_service_manage: false
tripleo::haproxy::mysql_clustercheck: true
enable_keepalived: false
+ tripleo::haproxy::keepalived: false
step_config: |
include ::tripleo::profile::pacemaker::haproxy
diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml
new file mode 100644
index 00000000..0f88e89c
--- /dev/null
+++ b/puppet/services/pacemaker/manila-share.yaml
@@ -0,0 +1,27 @@
+heat_template_version: 2016-04-08
+
+description: >
+ The manila-share service with Pacemaker configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ ManilaShareBase:
+ type: ../manila-share.yaml
+
+outputs:
+ role_data:
+ description: Role data for the manila-share pacemaker role.
+ value:
+ service_name: manila_share
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaShareBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::pacemaker::manila
diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml
index ac05a01a..a06afb2d 100644
--- a/puppet/services/pacemaker/sahara-api.yaml
+++ b/puppet/services/pacemaker/sahara-api.yaml
@@ -28,4 +28,4 @@ outputs:
- sahara::service::api::manage_service: false
sahara::service::api::enabled: false
step_config: |
- include ::tripleo::profile::pacemaker::sahara
+ include ::tripleo::profile::pacemaker::sahara::api
diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml
index f6bd8f61..a1191f87 100644
--- a/puppet/services/pacemaker/sahara-engine.yaml
+++ b/puppet/services/pacemaker/sahara-engine.yaml
@@ -27,7 +27,5 @@ outputs:
- get_attr: [SaharaEngineBase, role_data, config_settings]
- sahara::service::engine::manage_service: false
sahara::service::engine::enabled: false
- # No puppet manifests since sahara-engine is included in
- # ::tripleo::profile::pacemaker::sahara which is maintained alongside of
- # pacemaker/sahara-api.yaml.
- step_config:
+ step_config: |
+ include ::tripleo::profile::pacemaker::sahara::engine
diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml
index 7ca9bbd5..85324312 100644
--- a/puppet/services/sahara-api.yaml
+++ b/puppet/services/sahara-api.yaml
@@ -10,7 +10,6 @@ parameters:
via parameter_defaults in the resource registry.
type: json
SaharaPassword:
- default: unset
description: The password for the sahara service account, used by sahara-api.
type: string
hidden: true
@@ -18,9 +17,6 @@ parameters:
default: 0
description: The number of workers for the sahara-api.
type: number
- SaharaApiVirtualIP:
- type: string
- default: ''
KeystoneRegion:
type: string
default: 'regionOne'
@@ -29,6 +25,8 @@ parameters:
resources:
SaharaBase:
type: ./sahara-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -38,12 +36,8 @@ outputs:
config_settings:
map_merge:
- get_attr: [SaharaBase, role_data, config_settings]
- - sahara::host: {get_param: SaharaApiVirtualIP}
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
- sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- sahara::admin_password: {get_param: SaharaPassword}
- sahara::service::api::api_workers: {get_param: SaharaApiWorkers}
+ - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
+ sahara::service::api::api_workers: {get_param: SaharaWorkers}
sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
index 3e320128..7ec44a49 100644
--- a/puppet/services/sahara-base.yaml
+++ b/puppet/services/sahara-base.yaml
@@ -4,6 +4,11 @@ description: >
OpenStack Sahara base service. Shared for all Sahara services.
parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
RabbitPassword:
description: The password for RabbitMQ
type: string
@@ -22,6 +27,10 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ SaharaPassword:
+ description: The password for the sahara service account, used by sahara-api.
+ type: string
+ hidden: true
Debug:
type: string
default: ''
@@ -33,11 +42,30 @@ outputs:
value:
service_name: sahara_base
config_settings:
+ sahara::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://sahara:'
+ - {get_param: SaharaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/sahara'
+ sahara::db::mysql::password: {get_param: SaharaPassword}
+ sahara::db::mysql::user: sahara
+ sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
+ sahara::db::mysql::dbname: sahara
+ sahara::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
sahara::rabbit_password: {get_param: RabbitPassword}
sahara::rabbit_user: {get_param: RabbitUserName}
sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
sahara::rabbit_port: {get_param: RabbitClientPort}
sahara::debug: {get_param: Debug}
+ sahara::admin_password: {get_param: SaharaPassword}
+ sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
sahara::use_neutron: true
sahara::plugins:
- cdh
@@ -49,3 +77,5 @@ outputs:
sahara::rpc_backend: rabbit
sahara::admin_tenant_name: 'service'
sahara::keystone::auth::tenant: 'service'
+ sahara::db::database_db_max_retries: -1
+ sahara::db::database_max_retries: -1
diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml
index 074f83c7..de2ac7ef 100644
--- a/puppet/services/sahara-engine.yaml
+++ b/puppet/services/sahara-engine.yaml
@@ -9,15 +9,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- SaharaPassword:
- default: unset
- description: The password for the sahara service account, used by sahara-api.
- type: string
- hidden: true
resources:
SaharaBase:
type: ./sahara-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -27,22 +24,5 @@ outputs:
config_settings:
map_merge:
- get_attr: [SaharaBase, role_data, config_settings]
- - sahara_dsn: &sahara_dsn
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://sahara:'
- - {get_param: SaharaPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/sahara'
- sahara::database_connection: *sahara_dsn
- sahara::db::mysql::password: {get_param: SaharaPassword}
- sahara::db::mysql::user: sahara
- sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
- sahara::db::mysql::dbname: sahara
- sahara::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
step_config: |
include ::tripleo::profile::base::sahara::engine
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index 034592a7..5e331f44 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -11,9 +11,11 @@ parameters:
in the ring.
hidden: true
type: string
- Image:
- default: overcloud-swift-storage
+ SwiftStorageImage:
+ default: overcloud-full
type: string
+ constraints:
+ - custom_constraint: glance.image
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
@@ -86,7 +88,7 @@ parameters:
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
- SchedulerHints:
+ ObjectStorageSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
@@ -112,7 +114,7 @@ resources:
os-collect-config:
command: {get_param: ConfigCommand}
properties:
- image: {get_param: Image}
+ image: {get_param: SwiftStorageImage}
flavor: {get_param: Flavor}
key_name: {get_param: KeyName}
networks:
@@ -125,7 +127,7 @@ resources:
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
- scheduler_hints: {get_param: SchedulerHints}
+ scheduler_hints: {get_param: ObjectStorageSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
@@ -248,7 +250,6 @@ resources:
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - common
- network
merge_behavior: deeper
datafiles:
@@ -257,8 +258,6 @@ resources:
service_names: {get_param: ServiceNames}
service_configs:
mapped_data: {get_param: ServiceConfigSettings}
- common:
- raw_data: {get_file: hieradata/common.yaml}
network:
mapped_data:
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml
index 51129053..7ce23a20 100644
--- a/puppet/vip-config.yaml
+++ b/puppet/vip-config.yaml
@@ -23,6 +23,7 @@ resources:
glance_registry_vip: {get_input: glance_registry_vip}
sahara_api_vip: {get_input: sahara_api_vip}
swift_proxy_vip: {get_input: swift_proxy_vip}
+ manila_api_vip: {get_input: manila_api_vip}
nova_api_vip: {get_input: nova_api_vip}
nova_metadata_vip: {get_input: nova_metadata_vip}
ceilometer_api_vip: {get_input: ceilometer_api_vip}