diff options
| -rw-r--r-- | block-storage-nfs.yaml | 3 | ||||
| -rw-r--r-- | block-storage.yaml | 3 | ||||
| -rw-r--r-- | cinder-storage.yaml | 3 | ||||
| -rw-r--r-- | compute-config.yaml | 6 | ||||
| -rw-r--r-- | compute.yaml | 31 | ||||
| -rw-r--r-- | controller.yaml | 63 | ||||
| -rw-r--r-- | nova-compute-instance.yaml | 3 | ||||
| -rw-r--r-- | overcloud-source.yaml | 15 | ||||
| -rw-r--r-- | overcloud-without-mergepy.yaml | 76 | ||||
| -rw-r--r-- | swift-storage-source.yaml | 3 | ||||
| -rw-r--r-- | swift-storage.yaml | 3 | ||||
| -rw-r--r-- | undercloud-source.yaml | 3 |
12 files changed, 184 insertions, 28 deletions
diff --git a/block-storage-nfs.yaml b/block-storage-nfs.yaml index 49473167..b87ef4e5 100644 --- a/block-storage-nfs.yaml +++ b/block-storage-nfs.yaml @@ -5,9 +5,10 @@ parameters: type: string default: overcloud-cinder-volume OvercloudBlockStorageFlavor: - default: baremetal description: Flavor for block storage nodes to request when deploying. type: string + constraints: + - custom_constraint: nova.flavor resources: BlockStorageAccessPolicy: type: OS::Heat::AccessPolicy diff --git a/block-storage.yaml b/block-storage.yaml index 172944aa..c288044a 100644 --- a/block-storage.yaml +++ b/block-storage.yaml @@ -5,9 +5,10 @@ parameters: type: string default: overcloud-cinder-volume OvercloudBlockStorageFlavor: - default: baremetal description: Flavor for block storage nodes to request when deploying. type: string + constraints: + - custom_constraint: nova.flavor BlockStorageExtraConfig: default: {} description: | diff --git a/cinder-storage.yaml b/cinder-storage.yaml index d7145010..b30dcdb6 100644 --- a/cinder-storage.yaml +++ b/cinder-storage.yaml @@ -62,9 +62,10 @@ parameters: } type: json Flavor: - default: baremetal description: Flavor for block storage nodes to request when deploying. type: string + constraints: + - custom_constraint: nova.flavor GlancePort: default: "9292" description: Glance port. diff --git a/compute-config.yaml b/compute-config.yaml index 5f075bd6..a5bfab34 100644 --- a/compute-config.yaml +++ b/compute-config.yaml @@ -39,7 +39,12 @@ resources: debug: {get_input: debug} flat-networks: {get_input: neutron_flat_networks} host: {get_input: neutron_host} + router_distributed: {get_input: neutron_router_distributed} + agent_mode: {get_input: neutron_agent_mode} ovs_db: {get_input: neutron_dsn} + metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + mechanism_drivers: {get_input: neutron_mechanism_drivers} + allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} ovs: local_ip: {get_input: neutron_local_ip} tenant_network_type: {get_input: neutron_tenant_network_type} @@ -49,6 +54,7 @@ resources: enable_tunneling: {get_input: neutron_enable_tunneling} physical_bridge: {get_input: neutron_physical_bridge} public_interface: {get_input: neutron_public_interface} + public_interface_raw_device: {get_input: neutron_public_interface_raw_device} service-password: {get_input: neutron_password} admin-password: {get_input: admin_password} rabbit: diff --git a/compute.yaml b/compute.yaml index 184c5cb8..ae02fef5 100644 --- a/compute.yaml +++ b/compute.yaml @@ -72,7 +72,6 @@ parameters: Flavor: description: Flavor for the nova compute node type: string - default: baremetal constraints: - custom_constraint: nova.flavor GlanceHost: @@ -157,6 +156,30 @@ parameters: The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' default: 'gre' + NeutronPublicInterfaceRawDevice: + default: '' + type: string + NeutronDVR: + default: 'False' + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string NovaApiHost: type: string default: '' # Has to be here because of the ignored empty value bug @@ -262,6 +285,12 @@ resources: neutron_physical_bridge: {get_param: NeutronPhysicalBridge} neutron_public_interface: {get_param: NeutronPublicInterface} neutron_password: {get_param: NeutronPassword} + neutron_agent_mode: {get_param: NeutronAgentMode} + neutron_router_distributed: {get_param: NeutronDVR} + neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} + neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} admin_password: {get_param: AdminPassword} rabbit_host: {get_param: RabbitHost} rabbit_username: {get_param: RabbitUserName} diff --git a/controller.yaml b/controller.yaml index e25c8337..9b3745dc 100644 --- a/controller.yaml +++ b/controller.yaml @@ -94,7 +94,6 @@ parameters: } type: json Flavor: - default: baremetal description: Flavor for control nodes to request when deploying. type: string constraints: @@ -158,6 +157,15 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -189,6 +197,28 @@ parameters: default: 'dhcp-option-force=26,1400' description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string NeutronEnableTunnelling: type: string default: "True" @@ -274,6 +304,16 @@ parameters: default: guest description: The username for RabbitMQ type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -416,6 +456,9 @@ resources: ca_certificate: {get_param: KeystoneCACertificate} signing_key: {get_param: KeystoneSigningKey} signing_certificate: {get_param: KeystoneSigningCertificate} + ssl: + certificate: {get_param: KeystoneSSLCertificate} + certificate_key: {get_param: KeystoneSSLCertificateKey} mysql: innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} local_bind: true @@ -429,7 +472,11 @@ resources: debug: {get_param: Debug} flat-networks: {get_param: NeutronFlatNetworks} host: {get_input: controller_virtual_ip} - metadata_proxy_shared_secret: unset + metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + agent_mode: {get_param: NeutronAgentMode} + router_distributed: {get_param: NeutronDVR} + mechanism_drivers: {get_param: NeutronMechanismDrivers} + allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} ovs: enable_tunneling: {get_input: neutron_enable_tunneling} local_ip: {get_input: controller_host} @@ -482,6 +529,8 @@ resources: username: {get_param: RabbitUserName} password: {get_param: RabbitPassword} cookie: {get_param: RabbitCookie} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_port: {get_param: RabbitClientPort} ntp: servers: - {server: {get_param: NtpServer}, fudge: "stratum 0"} @@ -519,6 +568,8 @@ resources: haproxy: net_binds: - ip: {get_param: VirtualIP} + options: + - option httpchk GET / services: - name: keystone_admin port: 35357 @@ -543,6 +594,7 @@ resources: - name: glance_registry port: 9191 net_binds: *public_binds + options: # overwrite options as glace_reg needs auth for http req - name: heat_api port: 8004 net_binds: *public_binds @@ -567,17 +619,24 @@ resources: - name: nova_metadata port: 8775 net_binds: *public_binds + - name: nova_novncproxy + port: 6080 + net_binds: *public_binds - name: ceilometer port: 8777 net_binds: *public_binds + options: # overwrite options as ceil needs auth for http req - name: swift_proxy_server port: 8080 net_binds: *public_binds + options: + - option httpchk GET /info - name: rabbitmq port: 5672 options: - timeout client 0 - timeout server 0 + - maxconn 1500 ControllerPassthroughConfig: type: OS::Heat::StructuredConfig diff --git a/nova-compute-instance.yaml b/nova-compute-instance.yaml index 1b73e812..2d8168a8 100644 --- a/nova-compute-instance.yaml +++ b/nova-compute-instance.yaml @@ -171,7 +171,8 @@ parameters: OvercloudComputeFlavor: description: Use this flavor type: string - default: baremetal + constraints: + - custom_constraint: nova.flavor RabbitHost: type: string RabbitUserName: diff --git a/overcloud-source.yaml b/overcloud-source.yaml index 9de6b7f9..66c782cd 100644 --- a/overcloud-source.yaml +++ b/overcloud-source.yaml @@ -259,10 +259,6 @@ parameters: overcloud.yaml to include the deployment of VLAN ports to the control plane. type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string NeutronComputeAgentMode: default: 'dvr' description: Agent mode for the neutron-l3-agent on the compute hosts @@ -279,10 +275,6 @@ parameters: default: 'unset' description: Shared secret to prevent spoofing type: string - NeutronNetworkType: - default: 'gre' - description: The tenant network type for Neutron, either gre or vxlan. - type: string NeutronTunnelTypes: default: 'gre' description: | @@ -325,13 +317,11 @@ parameters: type: string default: '' OvercloudComputeFlavor: - default: baremetal description: Flavor for compute nodes to request when deploying. type: string constraints: - custom_constraint: nova.flavor OvercloudControlFlavor: - default: baremetal description: Flavor for control nodes to request when deploying. type: string constraints: @@ -814,6 +804,7 @@ resources: options: - timeout client 0 - timeout server 0 + - maxconn 1500 controllerPassthrough: type: OS::Heat::StructuredConfig properties: @@ -938,6 +929,10 @@ resources: - Merge::Map: controller0: {get_attr: [controller0, name]} + sysctl: + net.ipv4.tcp_keepalive_time: 5 + net.ipv4.tcp_keepalive_probes: 5 + net.ipv4.tcp_keepalive_intvl: 1 controller0SSLDeployment: type: OS::Heat::StructuredDeployment properties: diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index 8cb041b7..094332e2 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -107,12 +107,38 @@ parameters: overcloud.yaml to include the deployment of VLAN ports to the control plane. type: string + NeutronComputeAgentMode: + default: 'dvr' + description: Agent mode for the neutron-l3-agent on the compute hosts + type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string NeutronTunnelTypes: default: 'gre' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string NovaPassword: default: unset description: The password for the nova service account, used by nova-api. @@ -145,6 +171,16 @@ parameters: description: The password for RabbitMQ type: string hidden: true + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -190,7 +226,6 @@ parameters: constraints: - custom_constraint: glance.image OvercloudControlFlavor: - default: baremetal description: Flavor for control nodes to request when deploying. type: string constraints: @@ -273,6 +308,15 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true MysqlInnodbBufferPoolSize: description: > Specifies the size of the buffer pool in megabytes. Setting to @@ -383,7 +427,6 @@ parameters: OvercloudComputeFlavor: description: Use this flavor type: string - default: baremetal constraints: - custom_constraint: nova.flavor @@ -395,18 +438,20 @@ parameters: default: overcloud-cinder-volume type: string OvercloudBlockStorageFlavor: - default: baremetal description: Flavor for block storage nodes to request when deploying. type: string + constraints: + - custom_constraint: nova.flavor # Object storage specific parameters ObjectStorageCount: type: number default: 0 OvercloudSwiftStorageFlavor: - default: baremetal description: Flavor for Swift storage nodes to request when deploying. type: string + constraints: + - custom_constraint: nova.flavor SwiftStorageImage: default: overcloud-swift-storage type: string @@ -445,6 +490,8 @@ resources: KeystoneCACertificate: {get_param: KeystoneCACertificate} KeystoneSigningCertificate: {get_param: KeystoneSigningCertificate} KeystoneSigningKey: {get_param: KeystoneSigningKey} + KeystoneSSLCertificate: {get_param: KeystoneSSLCertificate} + KeystoneSSLCertificateKey: {get_param: KeystoneSSLCertificateKey} MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]} MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize} MysqlRootPassword: {get_attr: [MysqlRootPassword, value]} @@ -457,12 +504,19 @@ resources: NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} NeutronPassword: {get_param: NeutronPassword} NeutronDnsmasqOptions: {get_param: NeutronDnsmasqOptions} + NeutronDVR: {get_param: NeutronDVR} + NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} + NeutronAgentMode: {get_param: NeutronAgentMode} + NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers} + NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} NovaPassword: {get_param: NovaPassword} NtpServer: {get_param: NtpServer} PublicVirtualInterface: {get_param: PublicVirtualInterface} RabbitUserName: {get_param: RabbitUserName} RabbitPassword: {get_param: RabbitPassword} RabbitCookie: {get_attr: [RabbitCookie, value]} + RabbitClientUseSSL: {get_param: RabbitClientUseSSL} + RabbitClientPort: {get_param: RabbitClientPort} SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} SSLCertificate: {get_param: SSLCertificate} @@ -505,6 +559,12 @@ resources: NeutronPassword: {get_param: NeutronPassword} NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge} NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface} + NeutronDVR: {get_param: NeutronDVR} + NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} + NeutronAgentMode: {get_param: NeutronComputeAgentMode} + NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} + NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers} + NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} NovaComputeDriver: {get_param: NovaComputeDriver} NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig} @@ -550,10 +610,6 @@ resources: CinderPassword: {get_param: CinderPassword} VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} KeyName: {get_param: KeyName} - NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} - NeutronNetworkType: {get_param: NeutronNetworkType} - NeutronPassword: {get_param: NeutronPassword} - NeutronPublicInterface: {get_param: NeutronPublicInterface} Flavor: {get_param: OvercloudBlockStorageFlavor} RabbitPassword: {get_param: RabbitPassword} RabbitUserName: {get_param: RabbitUserName} @@ -602,6 +658,10 @@ resources: list_join: - ',' - {get_attr: [Controller, hostname]} + sysctl: + net.ipv4.tcp_keepalive_time: 5 + net.ipv4.tcp_keepalive_probes: 5 + net.ipv4.tcp_keepalive_intvl: 1 MysqlRootPassword: type: OS::Heat::RandomString diff --git a/swift-storage-source.yaml b/swift-storage-source.yaml index 10155df9..176925b6 100644 --- a/swift-storage-source.yaml +++ b/swift-storage-source.yaml @@ -2,9 +2,10 @@ heat_template_version: 2013-05-23 description: 'Common Swift Storage Configuration' parameters: OvercloudSwiftStorageFlavor: - default: baremetal description: Flavor for Swift storage nodes to request when deploying. type: string + constraints: + - custom_constraint: nova.flavor SwiftReplicas: type: number default: 1 diff --git a/swift-storage.yaml b/swift-storage.yaml index 2b40e800..ea032b96 100644 --- a/swift-storage.yaml +++ b/swift-storage.yaml @@ -43,9 +43,10 @@ parameters: } type: json Flavor: - default: baremetal description: Flavor for Swift storage nodes to request when deploying. type: string + constraints: + - custom_constraint: nova.flavor HashSuffix: default: unset description: A random string to be used as a salt when hashing to determine mappings diff --git a/undercloud-source.yaml b/undercloud-source.yaml index 18527e53..0b126146 100644 --- a/undercloud-source.yaml +++ b/undercloud-source.yaml @@ -74,9 +74,10 @@ parameters: } type: json Flavor: - default: baremetal description: Flavor to request when deploying. type: string + constraints: + - custom_constraint: nova.flavor GlanceLogFile: description: The filepath of the file to use for logging messages from Glance. type: string |