diff options
| -rw-r--r-- | docker/services/ceph-ansible/ceph-base.yaml | 29 | ||||
| -rw-r--r-- | docker/services/ceph-ansible/ceph-rgw.yaml | 87 | ||||
| -rw-r--r-- | docker/services/database/mongodb.yaml | 4 | ||||
| -rw-r--r-- | environments/ceph-ansible/ceph-rgw.yaml | 5 | ||||
| -rw-r--r-- | environments/docker.yaml | 1 | ||||
| -rw-r--r-- | overcloud.j2.yaml | 20 | ||||
| -rw-r--r-- | puppet/all-nodes-config.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/disabled/mongodb-disabled.yaml | 4 | ||||
| -rw-r--r-- | puppet/services/haproxy-public-tls-certmonger.yaml | 17 | ||||
| -rw-r--r-- | puppet/services/neutron-plugin-nsx.yaml | 18 |
10 files changed, 147 insertions, 44 deletions
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 2a592869..18d3e6a3 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -100,6 +100,14 @@ parameters: CephClientUserName: default: openstack type: string + CephRgwClientName: + default: radosgw + type: string + CephRgwKey: + description: The cephx key for the radosgw client. Can be created + with ceph-authtool --gen-print-key. + type: string + hidden: true CephPoolDefaultSize: description: default minimum replication for RBD copies type: number @@ -115,6 +123,10 @@ parameters: CephIPv6: default: False type: boolean + SwiftPassword: + description: The password for the swift service account + type: string + hidden: true DockerCephDaemonImage: description: image type: string @@ -244,12 +256,29 @@ outputs: mds_cap: "allow *" osd_cap: "allow rw" mode: "0644" + - name: + list_join: + - '.' + - - client + - {get_param: CephRgwClientName} + key: {get_param: CephRgwKey} + mon_cap: "allow rw" + osd_cap: "allow rwx" + mode: "0644" keys: *openstack_keys pools: [] ceph_conf_overrides: global: osd_pool_default_size: {get_param: CephPoolDefaultSize} osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} + rgw_keystone_api_version: 3 + rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + rgw_keystone_accepted_roles: 'Member, _member_, admin' + rgw_keystone_admin_domain: default + rgw_keystone_admin_project: service + rgw_keystone_admin_user: swift + rgw_keystone_admin_password: {get_param: SwiftPassword} + rgw_s3_auth_use_keystone: 'true' ntp_service_enabled: false generate_fsid: false ip_version: diff --git a/docker/services/ceph-ansible/ceph-rgw.yaml b/docker/services/ceph-ansible/ceph-rgw.yaml new file mode 100644 index 00000000..4bed9b46 --- /dev/null +++ b/docker/services/ceph-ansible/ceph-rgw.yaml @@ -0,0 +1,87 @@ +heat_template_version: pike + +description: > + Ceph RadosGW service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SwiftPassword: + description: The password for the swift service account + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph RadosGW service. + value: + service_name: ceph_rgw + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + map_merge: + - tripleo.ceph_rgw.firewall_rules: + '122 ceph rgw': + dport: {get_param: [EndpointMap, CephRgwInternal, port]} + - ceph_rgw_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - radosgw_keystone: true + radosgw_keystone_ssl: false + radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]} + radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]} + service_config_settings: + keystone: + ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} + ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} + ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} + ceph::rgw::keystone::auth::roles: [ 'admin', 'Member', '_member_' ] + ceph::rgw::keystone::auth::tenant: service + ceph::rgw::keystone::auth::user: swift + ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 9b5c5b8f..d6bba20b 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -157,6 +157,10 @@ outputs: metadata_settings: get_attr: [MongodbPuppetBase, role_data, metadata_settings] upgrade_tasks: + - name: Check for mongodb service + stat: path=/usr/lib/systemd/system/mongod.service + register: mongod_service - name: Stop and disable mongodb service tags: step2 service: name=mongod state=stopped enabled=no + when: mongod_service.stat.exists diff --git a/environments/ceph-ansible/ceph-rgw.yaml b/environments/ceph-ansible/ceph-rgw.yaml new file mode 100644 index 00000000..4b09a703 --- /dev/null +++ b/environments/ceph-ansible/ceph-rgw.yaml @@ -0,0 +1,5 @@ +resource_registry: + OS::TripleO::Services::CephRgw: ../../docker/services/ceph-ansible/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None diff --git a/environments/docker.yaml b/environments/docker.yaml index dfa30b08..67e8a496 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -30,7 +30,6 @@ resource_registry: OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml - OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index d621244e..367ac5b6 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -545,6 +545,8 @@ resources: ServiceConfigSettings: {get_attr: [{{role.name}}ServiceConfigSettings, value]} ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]} MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]} + LoggingSources: {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_sources]} + LoggingGroups: {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_groups]} ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]} DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]} RoleParameters: {get_param: {{role.name}}Parameters} @@ -636,24 +638,6 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}ServiceNames, value]} {% endfor %} - logging_groups: - yaql: - expression: > - $.data.groups.flatten() - data: - groups: -{% for role in roles %} - - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_groups]} -{% endfor %} - logging_sources: - yaql: - expression: > - $.data.sources.flatten() - data: - sources: -{% for role in roles %} - - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_sources]} -{% endfor %} controller_ips: {get_attr: [{{primary_role_name}}, ip_address]} controller_names: {get_attr: [{{primary_role_name}}, hostname]} service_ips: diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 3044fe39..37c1d4e5 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -16,10 +16,6 @@ parameters: type: comma_delimited_list controller_ips: type: comma_delimited_list - logging_groups: - type: json - logging_sources: - type: json service_ips: type: json service_node_names: @@ -113,8 +109,6 @@ resources: bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip} all_nodes: map_merge: - - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources} - - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups} - enabled_services: yaql: expression: $.data.distinct() diff --git a/puppet/services/disabled/mongodb-disabled.yaml b/puppet/services/disabled/mongodb-disabled.yaml index 9e58103c..c01a91fb 100644 --- a/puppet/services/disabled/mongodb-disabled.yaml +++ b/puppet/services/disabled/mongodb-disabled.yaml @@ -37,6 +37,10 @@ outputs: value: service_name: mongodb_disabled upgrade_tasks: + - name: Check for mongodb service + stat: path=/usr/lib/systemd/system/mongod.service + register: mongod_service - name: Stop and disable mongodb service on upgrade tags: step1 service: name=mongod state=stopped enabled=no + when: mongod_service.stat.exists diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index 14d171dc..cdfc41cf 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -36,6 +36,11 @@ parameters: HAProxyInternalTLSKeysDirectory: default: '/etc/pki/tls/private/haproxy' type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string outputs: role_data: @@ -44,22 +49,14 @@ outputs: service_name: haproxy_public_tls_certmonger config_settings: generate_service_certificates: true - tripleo::haproxy::service_certificate: - list_join: - - '' - - - {get_param: HAProxyInternalTLSCertsDirectory} - - '/overcloud-haproxy-external.pem' + tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath} tripleo::certmonger::haproxy_dirs::certificate_dir: get_param: HAProxyInternalTLSCertsDirectory tripleo::certmonger::haproxy_dirs::key_dir: get_param: HAProxyInternalTLSKeysDirectory certificates_specs: haproxy-external: - service_pem: - list_join: - - '' - - - {get_param: HAProxyInternalTLSCertsDirectory} - - '/overcloud-haproxy-external.pem' + service_pem: {get_param: DeployedSSLCertificatePath} service_certificate: list_join: - '' diff --git a/puppet/services/neutron-plugin-nsx.yaml b/puppet/services/neutron-plugin-nsx.yaml index 2774b03e..26380649 100644 --- a/puppet/services/neutron-plugin-nsx.yaml +++ b/puppet/services/neutron-plugin-nsx.yaml @@ -65,14 +65,14 @@ outputs: value: service_name: neutron_plugin_nsx config_settings: - neutron::plugins::nsx_v3::default_overlay_tz: {get_param: DefaultOverlayTz} - neutron::plugins::nsx_v3::default_tier0_router: {get_param: DefaultTier0Router} - neutron::plugins::nsx_v3::nsx_api_managers: {get_param: NsxApiManagers} - neutron::plugins::nsx_v3::nsx_api_user: {get_param: NsxApiUser} - neutron::plugins::nsx_v3::nsx_api_password: {get_param: NsxApiPassword} - neutron::plugins::nsx_v3::native_dhcp_metadata: {get_param: NativeDhcpMetadata} - neutron::plugins::nsx_v3::dhcp_profile_uuid: {get_param: DhcpProfileUuid} - neutron::plugins::nsx_v3::metadata_proxy_uuid: {get_param: MetadataProxyUuid} + neutron::plugins::nsx::default_overlay_tz: {get_param: DefaultOverlayTz} + neutron::plugins::nsx::default_tier0_router: {get_param: DefaultTier0Router} + neutron::plugins::nsx::nsx_api_managers: {get_param: NsxApiManagers} + neutron::plugins::nsx::nsx_api_user: {get_param: NsxApiUser} + neutron::plugins::nsx::nsx_api_password: {get_param: NsxApiPassword} + neutron::plugins::nsx::native_dhcp_metadata: {get_param: NativeDhcpMetadata} + neutron::plugins::nsx::dhcp_profile_uuid: {get_param: DhcpProfileUuid} + neutron::plugins::nsx::metadata_proxy_uuid: {get_param: MetadataProxyUuid} step_config: | - include tripleo::profile::base::neutron::plugins::nsx_v3 + include tripleo::profile::base::neutron::plugins::nsx |