aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--environments/cinder-netapp-config.yaml2
-rw-r--r--environments/debug.yaml5
-rw-r--r--environments/logging-environment.yaml2
-rw-r--r--environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml7
-rw-r--r--environments/major-upgrade-pacemaker-converge.yaml4
-rw-r--r--environments/major-upgrade-remove-sahara.yaml6
-rw-r--r--environments/manage-firewall.yaml2
-rw-r--r--environments/manila-cephfsnative-config.yaml3
-rw-r--r--environments/manila-generic-config.yaml1
-rw-r--r--environments/manila-netapp-config.yaml1
-rw-r--r--environments/monitoring-environment.yaml2
-rw-r--r--environments/neutron-opendaylight-l3.yaml4
-rw-r--r--environments/neutron-opendaylight.yaml4
-rw-r--r--extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml62
-rwxr-xr-xextraconfig/tasks/major_upgrade_ceph_mon.sh8
-rw-r--r--extraconfig/tasks/major_upgrade_ceph_storage.sh14
-rwxr-xr-xextraconfig/tasks/major_upgrade_controller_pacemaker_1.sh6
-rwxr-xr-xextraconfig/tasks/major_upgrade_controller_pacemaker_2.sh5
-rwxr-xr-xextraconfig/tasks/major_upgrade_controller_pacemaker_3.sh6
-rw-r--r--extraconfig/tasks/major_upgrade_pacemaker.yaml13
-rw-r--r--extraconfig/tasks/major_upgrade_pacemaker_migrations.sh14
-rw-r--r--extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp97
-rw-r--r--j2_excludes.yaml10
-rw-r--r--network/external.yaml5
-rw-r--r--network/external_v6.yaml5
-rw-r--r--network/internal_api.yaml1
-rw-r--r--network/internal_api_v6.yaml1
-rw-r--r--network/management.yaml7
-rw-r--r--network/ports/net_ip_list_map.yaml54
-rw-r--r--network/service_net_map.j2.yaml (renamed from network/service_net_map.yaml)21
-rw-r--r--network/storage.yaml1
-rw-r--r--network/storage_mgmt.yaml1
-rw-r--r--network/storage_mgmt_v6.yaml1
-rw-r--r--network/storage_v6.yaml1
-rw-r--r--network/tenant.yaml1
-rw-r--r--network/tenant_v6.yaml1
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml30
-rw-r--r--overcloud.j2.yaml74
-rw-r--r--puppet/all-nodes-config.yaml29
-rw-r--r--puppet/blockstorage-config.yaml41
-rw-r--r--puppet/blockstorage-role.yaml (renamed from puppet/cinder-storage.yaml)53
-rw-r--r--puppet/cephstorage-role.yaml (renamed from puppet/ceph-storage.yaml)53
-rw-r--r--puppet/compute-config.yaml41
-rw-r--r--puppet/compute-role.yaml (renamed from puppet/compute.yaml)53
-rw-r--r--puppet/config.role.j2.yaml (renamed from puppet/cephstorage-config.yaml)17
-rw-r--r--puppet/controller-config-pacemaker.yaml3
-rw-r--r--puppet/controller-config.yaml41
-rw-r--r--puppet/controller-role.yaml (renamed from puppet/controller.yaml)53
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml18
-rw-r--r--puppet/extraconfig/tls/tls-cert-inject.yaml6
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp21
-rw-r--r--puppet/manifests/overcloud_compute.pp21
-rw-r--r--puppet/manifests/overcloud_object.pp21
-rw-r--r--puppet/manifests/overcloud_role.pp (renamed from puppet/manifests/overcloud_controller.pp)9
-rw-r--r--puppet/manifests/overcloud_volume.pp21
-rw-r--r--puppet/objectstorage-config.yaml41
-rw-r--r--puppet/objectstorage-role.yaml (renamed from puppet/swift-storage.yaml)53
-rw-r--r--puppet/role.role.j2.yaml452
-rw-r--r--puppet/services/aodh-base.yaml9
-rw-r--r--puppet/services/ceilometer-agent-central.yaml9
-rw-r--r--puppet/services/ceph-base.yaml6
-rw-r--r--puppet/services/cinder-base.yaml1
-rw-r--r--puppet/services/glance-api.yaml150
-rw-r--r--puppet/services/glance-base.yaml110
-rw-r--r--puppet/services/glance-registry.yaml76
-rw-r--r--puppet/services/gnocchi-base.yaml9
-rw-r--r--puppet/services/keepalived.yaml3
-rw-r--r--puppet/services/kernel.yaml4
-rw-r--r--puppet/services/logging/fluentd-config.yaml2
-rw-r--r--puppet/services/manila-backend-cephfs.yaml6
-rw-r--r--puppet/services/manila-backend-generic.yaml4
-rw-r--r--puppet/services/manila-backend-netapp.yaml4
-rw-r--r--puppet/services/neutron-api.yaml9
-rw-r--r--puppet/services/neutron-l3.yaml3
-rw-r--r--puppet/services/neutron-ovs-agent.yaml6
-rw-r--r--puppet/services/nova-api.yaml20
-rw-r--r--puppet/services/opendaylight-api.yaml11
-rw-r--r--puppet/services/pacemaker/cinder-volume.yaml1
-rw-r--r--puppet/services/pacemaker/database/mongodb.yaml2
-rw-r--r--puppet/services/pacemaker/database/redis.yaml2
-rw-r--r--puppet/services/rabbitmq.yaml10
-rw-r--r--puppet/services/services.yaml2
-rw-r--r--puppet/services/tripleo-firewall.yaml2
-rw-r--r--roles_data.yaml5
84 files changed, 1411 insertions, 584 deletions
diff --git a/environments/cinder-netapp-config.yaml b/environments/cinder-netapp-config.yaml
index 0437cc67..b9a84342 100644
--- a/environments/cinder-netapp-config.yaml
+++ b/environments/cinder-netapp-config.yaml
@@ -25,5 +25,5 @@ parameter_defaults:
CinderNetappControllerIps: ''
CinderNetappSaPassword: ''
CinderNetappStoragePools: ''
- CinderNetappEseriesHostType: 'linux_dm_mp'
+ CinderNetappHostType: ''
CinderNetappWebservicePath: '/devmgr/v2'
diff --git a/environments/debug.yaml b/environments/debug.yaml
new file mode 100644
index 00000000..b938555c
--- /dev/null
+++ b/environments/debug.yaml
@@ -0,0 +1,5 @@
+# A Heat environment file which can be used to enable the debug
+# setting in the overcloud openstack services configuration.
+
+parameter_defaults:
+ Debug: true
diff --git a/environments/logging-environment.yaml b/environments/logging-environment.yaml
index eefa7026..c583ca79 100644
--- a/environments/logging-environment.yaml
+++ b/environments/logging-environment.yaml
@@ -4,7 +4,7 @@
resource_registry:
OS::TripleO::Services::FluentdClient: ../puppet/services/logging/fluentd-client.yaml
-parameter_defaults:
+#parameter_defaults:
## Simple configuration
#
diff --git a/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml
new file mode 100644
index 00000000..6798c255
--- /dev/null
+++ b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml
@@ -0,0 +1,7 @@
+resource_registry:
+
+ # This initiates the upgrades for ceilometer api to run under apache wsgi
+ OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml
+
+ # no-op the rest
+ OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/major-upgrade-pacemaker-converge.yaml b/environments/major-upgrade-pacemaker-converge.yaml
index f023cb32..e9a5f9be 100644
--- a/environments/major-upgrade-pacemaker-converge.yaml
+++ b/environments/major-upgrade-pacemaker-converge.yaml
@@ -1,2 +1,6 @@
parameter_defaults:
UpgradeLevelNovaCompute: ''
+
+resource_registry:
+ OS::TripleO::Services::SaharaApi: ../puppet/services/sahara-api.yaml
+ OS::TripleO::Services::SaharaEngine: ../puppet/services/sahara-engine.yaml
diff --git a/environments/major-upgrade-remove-sahara.yaml b/environments/major-upgrade-remove-sahara.yaml
new file mode 100644
index 00000000..e0aaf130
--- /dev/null
+++ b/environments/major-upgrade-remove-sahara.yaml
@@ -0,0 +1,6 @@
+parameter_defaults:
+ KeepSaharaServicesOnUpgrade: false
+resource_registry:
+ OS::TripleO::Services::SaharaApi: OS::Heat::None
+ OS::TripleO::Services::SaharaEngine: OS::Heat::None
+
diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml
deleted file mode 100644
index 5d48698e..00000000
--- a/environments/manage-firewall.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-parameter_defaults:
- ManageFirewall: true
diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml
index 4115d8b2..825a5066 100644
--- a/environments/manila-cephfsnative-config.yaml
+++ b/environments/manila-cephfsnative-config.yaml
@@ -9,10 +9,9 @@ resource_registry:
parameter_defaults:
- ManilaCephFSNativeEnableBackend: true
ManilaCephFSNativeBackendName: cephfsnative
ManilaCephFSNativeDriverHandlesShareServers: false
- ManilaCephFSNativeCephFSConfPath: '/etc/ceph/cephfs.conf'
+ ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf'
ManilaCephFSNativeCephFSAuthId: 'manila'
ManilaCephFSNativeCephFSClusterName: 'ceph'
ManilaCephFSNativeCephFSEnableSnapshots: true
diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml
index a847a02b..9344bc6e 100644
--- a/environments/manila-generic-config.yaml
+++ b/environments/manila-generic-config.yaml
@@ -11,7 +11,6 @@ parameter_defaults:
ManilaServiceInstancePassword: ''
ManilaServiceInstanceFlavorId: 2
ManilaServiceNetworkCidr: '172.16.0.0/16'
- ManilaGenericEnableBackend: true
ManilaGenericBackendName: tripleo_generic
ManilaGenericDriverHandlesShareServers: true
ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf'
diff --git a/environments/manila-netapp-config.yaml b/environments/manila-netapp-config.yaml
index 98de6adf..3dadfe5d 100644
--- a/environments/manila-netapp-config.yaml
+++ b/environments/manila-netapp-config.yaml
@@ -7,7 +7,6 @@ resource_registry:
OS::Tripleo::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml
parameter_defaults:
- ManilaNetappEnableBackend: true
ManilaNetappBackendName: tripleo_netapp
ManilaNetappDriverHandlesShareServers: true
ManilaNetappLogin: ''
diff --git a/environments/monitoring-environment.yaml b/environments/monitoring-environment.yaml
index a8ad2084..62ab06dc 100644
--- a/environments/monitoring-environment.yaml
+++ b/environments/monitoring-environment.yaml
@@ -4,7 +4,7 @@
resource_registry:
OS::TripleO::Services::SensuClient: ../puppet/services/monitoring/sensu-client.yaml
-parameter_defaults:
+#parameter_defaults:
#### Sensu settings ####
##MonitoringRabbitHost: 10.10.10.10
##MonitoringRabbitPort: 5672
diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml
index d61270b2..0e8fb9aa 100644
--- a/environments/neutron-opendaylight-l3.yaml
+++ b/environments/neutron-opendaylight-l3.yaml
@@ -2,8 +2,8 @@
resource_registry:
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml
- OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml
+ OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
+ OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
parameter_defaults:
diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml
index 8fa2e542..a0fe4514 100644
--- a/environments/neutron-opendaylight.yaml
+++ b/environments/neutron-opendaylight.yaml
@@ -2,8 +2,8 @@
resource_registry:
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml
- OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml
+ OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
+ OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
parameter_defaults:
EnableOpenDaylightOnController: true
diff --git a/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml b/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml
new file mode 100644
index 00000000..c87e6824
--- /dev/null
+++ b/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml
@@ -0,0 +1,62 @@
+heat_template_version: 2014-10-16
+
+description: >
+ Software-config for ceilometer configuration under httpd during upgrades
+
+parameters:
+ servers:
+ type: json
+ input_values:
+ type: json
+ description: input values for the software deployments
+resources:
+ CeilometerWsgiMitakaNewtonPreUpgradeConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: puppet
+ config:
+ get_file: mitaka_to_newton_ceilometer_wsgi_upgrade.pp
+
+ CeilometerWsgiMitakaNewtonUpgradeConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - "#!/bin/bash\n\nset -e\n\n"
+ - get_file: pacemaker_common_functions.sh
+ - get_file: major_upgrade_pacemaker_migrations.sh
+ - "disable_standalone_ceilometer_api\n\n"
+
+ CeilometerWsgiMitakaNewtonPostUpgradeConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ set -e
+ /usr/bin/systemctl reload httpd
+
+ CeilometerWsgiMitakaNewtonPreUpgradeDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ name: CeilometerWsgiMitakaNewtonPreUpgradeDeployment
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: CeilometerWsgiMitakaNewtonPreUpgradeConfig}
+
+ CeilometerWsgiMitakaNewtonUpgradeConfigDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ depends_on: CeilometerWsgiMitakaNewtonPreUpgradeDeployment
+ properties:
+ name: CeilometerWsgiMitakaNewtonUpgradeConfigDeployment
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: CeilometerWsgiMitakaNewtonUpgradeConfig}
+
+ CeilometerWsgiMitakaNewtonPostUpgradeDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ depends_on: CeilometerWsgiMitakaNewtonUpgradeConfigDeployment
+ properties:
+ name: CeilometerWsgiMitakaNewtonPostUpgradeDeployment
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: CeilometerWsgiMitakaNewtonPostUpgradeConfig}
diff --git a/extraconfig/tasks/major_upgrade_ceph_mon.sh b/extraconfig/tasks/major_upgrade_ceph_mon.sh
index b633e658..e0d160f1 100755
--- a/extraconfig/tasks/major_upgrade_ceph_mon.sh
+++ b/extraconfig/tasks/major_upgrade_ceph_mon.sh
@@ -5,7 +5,7 @@ set -o pipefail
echo INFO: starting $(basename "$0")
# Exit if not running
-if ! pidof ceph-mon; then
+if ! pidof ceph-mon &> /dev/null; then
echo INFO: ceph-mon is not running, skipping
exit 0
fi
@@ -54,7 +54,7 @@ if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then
elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
# RPM could own some of these but we can't take risks on the pre-existing files
for d in /var/lib/ceph/mon /var/log/ceph /var/run/ceph /etc/ceph; do
- chown -R ceph:ceph $d || echo WARNING: chown of $d failed
+ chown -L -R ceph:ceph $d || echo WARNING: chown of $d failed
done
# Replay udev events with newer rules
@@ -71,6 +71,10 @@ elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
sleep 10;
done"
+ # if tunables become legacy, cluster status will be HEALTH_WARN causing
+ # upgrade to fail on following node
+ ceph osd crush tunables default
+
echo INFO: Ceph was upgraded to Jewel
else
echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention
diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh
index dc80a724..56b54e22 100644
--- a/extraconfig/tasks/major_upgrade_ceph_storage.sh
+++ b/extraconfig/tasks/major_upgrade_ceph_storage.sh
@@ -18,7 +18,7 @@ set -eu
echo INFO: starting $(basename "$0")
# Exit if not running
-if ! pidof ceph-osd; then
+if ! pidof ceph-osd &> /dev/null; then
echo INFO: ceph-osd is not running, skipping
exit 0
fi
@@ -63,12 +63,22 @@ if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then
elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
# RPM could own some of these but we can't take risks on the pre-existing files
for d in /var/lib/ceph/osd /var/log/ceph /var/run/ceph /etc/ceph; do
- chown -R ceph:ceph $d || echo WARNING: chown of $d failed
+ chown -L -R ceph:ceph $d || echo WARNING: chown of $d failed
done
# Replay udev events with newer rules
udevadm trigger && udevadm settle
+ # If on ext4, we need to enforce lower values for name and namespace len
+ # or ceph-osd will refuse to start, see: http://tracker.ceph.com/issues/16187
+ for OSD_ID in $OSD_IDS; do
+ OSD_FS=$(findmnt -n -o FSTYPE -T /var/lib/ceph/osd/ceph-${OSD_ID})
+ if [ ${OSD_FS} = ext4 ]; then
+ crudini --set /etc/ceph/ceph.conf global osd_max_object_name_len 256
+ crudini --set /etc/ceph/ceph.conf global osd_max_object_namespace_len 64
+ fi
+ done
+
# Enable systemd unit
systemctl enable ceph-osd.target
for OSD_ID in $OSD_IDS; do
diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
index d4200e5f..23074fcb 100755
--- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
+++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
@@ -20,9 +20,13 @@ check_disk_for_mysql_dump
STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }')
pcs property set stonith-enabled=false
-# Migrate to HA NG
+# Migrate to HA NG and fix up rabbitmq queues
+# We fix up the rabbitmq ha queues after the migration because it will
+# restart the rabbitmq resource. Doing it after the migration means no other
+# services will be restart as there are no other constraints
if [[ -n $(is_bootstrap_node) ]]; then
migrate_full_to_ng_ha
+ rabbitmq_mitaka_newton_upgrade
fi
# After migrating the cluster to HA-NG the services not under pacemaker's control
diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh
index fc365939..b3a0098c 100755
--- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh
+++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh
@@ -33,7 +33,7 @@ fi
start_or_enable_service galera
check_resource galera started 600
start_or_enable_service redis
-check_resource galera started 600
+check_resource redis started 600
# We need mongod which is now a systemd service up and running before calling
# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes
# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely
@@ -65,6 +65,5 @@ if [[ -n $(is_bootstrap_node) ]]; then
nova-manage api_db sync
nova-manage db online_data_migrations
gnocchi-upgrade
- #TODO(marios):someone from sahara needs to check this:
- # sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head
+ sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head
fi
diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh
index 4d72fbd8..b653c7c7 100755
--- a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh
+++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh
@@ -16,7 +16,11 @@ systemctl_swift start
# We need to start the systemd services we explicitely stopped at step _1.sh
# FIXME: Should we let puppet during the convergence step do the service enabling or
# should we add it here?
-for service in $(services_to_migrate); do
+services=$(services_to_migrate)
+if [[ ${keep_sahara_services_on_upgrade} =~ [Ff]alse ]] ; then
+ services=${services%%openstack-sahara*}
+fi
+for service in $services; do
manage_systemd_service start "${service%%-clone}"
check_resource_systemd "${service%%-clone}" started 600
done
diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml
index 30ae8d1e..7c78d5ad 100644
--- a/extraconfig/tasks/major_upgrade_pacemaker.yaml
+++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml
@@ -22,6 +22,11 @@ parameters:
type: boolean
default: false
description: If enabled, Ceph upgrade will be forced even though cluster or PGs status is not clean
+ KeepSaharaServicesOnUpgrade:
+ type: boolean
+ default: true
+ description: Whether to keep Sahara services when upgrading controller nodes from mitaka to newton
+
resources:
# TODO(jistr): for Mitaka->Newton upgrades and further we can use
@@ -127,7 +132,13 @@ resources:
config:
list_join:
- ''
- - - get_file: pacemaker_common_functions.sh
+ - - str_replace:
+ template: |
+ #!/bin/bash
+ keep_sahara_services_on_upgrade='KEEP_SAHARA_SERVICES_ON_UPGRADE'
+ params:
+ KEEP_SAHARA_SERVICES_ON_UPGRADE: {get_param: KeepSaharaServicesOnUpgrade}
+ - get_file: pacemaker_common_functions.sh
- get_file: major_upgrade_pacemaker_migrations.sh
- get_file: major_upgrade_controller_pacemaker_3.sh
diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
index cd78f838..7c9083a4 100644
--- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
+++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
@@ -77,7 +77,6 @@ function services_to_migrate {
openstack-aodh-evaluator-clone
openstack-aodh-listener-clone
openstack-aodh-notifier-clone
- openstack-ceilometer-api-clone
openstack-ceilometer-central-clone
openstack-ceilometer-collector-clone
openstack-ceilometer-notification-clone
@@ -154,7 +153,7 @@ function migrate_full_to_ng_ha {
fi
pcs resource delete --force "$resource"
else
- log_debug "Service $service not found as a pacemaker resource, not trying to delete."
+ log_debug "Service $resource not found as a pacemaker resource, not trying to delete."
fi
done
@@ -169,3 +168,14 @@ function migrate_full_to_ng_ha {
fi
fi
}
+
+function disable_standalone_ceilometer_api {
+ if [[ -n $(is_bootstrap_node) ]]; then
+ if [[ -n $(is_pacemaker_managed openstack-ceilometer-api) ]]; then
+ # Disable pacemaker resources for ceilometer-api
+ manage_pacemaker_service disable openstack-ceilometer-api
+ check_resource_pacemaker openstack-ceilometer-api stopped 600
+ pcs resource delete openstack-ceilometer-api --wait=600
+ fi
+ fi
+}
diff --git a/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp
new file mode 100644
index 00000000..1c376285
--- /dev/null
+++ b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp
@@ -0,0 +1,97 @@
+# Copyright 2015 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# This puppet manifest is to be used only during a Mitaka->Newton upgrade
+# It configures ceilometer to be run under httpd but it makes sure to not
+# restart any services. This snippet needs to be called before init as a
+# pre upgrade migration.
+
+Service <|
+ tag == 'ceilometer-service'
+|> {
+ hasrestart => true,
+ restart => '/bin/true',
+ start => '/bin/true',
+ stop => '/bin/true',
+}
+
+if $::hostname == downcase(hiera('bootstrap_nodeid')) {
+ $pacemaker_master = true
+ $sync_db = true
+} else {
+ $pacemaker_master = false
+ $sync_db = false
+}
+
+include ::tripleo::packages
+
+
+if str2bool(hiera('mongodb::server::ipv6', false)) {
+ $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[')
+ $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
+} else {
+ $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017')
+}
+$mongodb_replset = hiera('mongodb::server::replset')
+$mongo_node_string = join($mongo_node_ips_with_port, ',')
+$database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}"
+
+include ::ceilometer
+
+class {'::ceilometer::db':
+ database_connection => $database_connection,
+}
+
+if $sync_db {
+ include ::ceilometer::db::sync
+}
+
+include ::ceilometer::config
+
+class { '::ceilometer::api':
+ enabled => true,
+ service_name => 'httpd',
+ keystone_password => hiera('ceilometer::keystone::auth::password'),
+ identity_uri => hiera('ceilometer::keystone::authtoken::auth_url'),
+ auth_uri => hiera('ceilometer::keystone::authtoken::auth_uri'),
+ keystone_tenant => hiera('ceilometer::keystone::authtoken::project_name'),
+}
+
+class { '::apache' :
+ service_enable => false,
+ service_manage => true,
+ service_restart => '/bin/true',
+ purge_configs => false,
+ purge_vhost_dir => false,
+}
+
+# To ensure existing ports are not overridden
+class { '::aodh::wsgi::apache':
+ servername => $::hostname,
+ ssl => false,
+}
+class { '::gnocchi::wsgi::apache':
+ servername => $::hostname,
+ ssl => false,
+}
+
+class { '::keystone::wsgi::apache':
+ servername => $::hostname,
+ ssl => false,
+}
+class { '::ceilometer::wsgi::apache':
+ servername => $::hostname,
+ ssl => false,
+}
diff --git a/j2_excludes.yaml b/j2_excludes.yaml
new file mode 100644
index 00000000..063e63d4
--- /dev/null
+++ b/j2_excludes.yaml
@@ -0,0 +1,10 @@
+# This template specifies which j2 rendered templates
+# should be excluded in the render process from
+# tripleo-common/tripleo_common/actions/templates.py
+
+name:
+ - puppet/controller-role.yaml
+ - puppet/compute-role.yaml
+ - puppet/blockstorage-role.yaml
+ - puppet/objectstorage-role.yaml
+ - puppet/cephstorage-role.yaml
diff --git a/network/external.yaml b/network/external.yaml
index 3b24da7e..4dfbc77e 100644
--- a/network/external.yaml
+++ b/network/external.yaml
@@ -37,6 +37,10 @@ parameters:
default: [{'start': '10.0.0.4', 'end': '10.0.0.250'}]
description: Ip allocation pool range for the external network.
type: json
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
resources:
ExternalNetwork:
@@ -55,6 +59,7 @@ resources:
name: {get_param: ExternalSubnetName}
network: {get_resource: ExternalNetwork}
allocation_pools: {get_param: ExternalAllocationPools}
+ gateway_ip: {get_param: ExternalInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/external_v6.yaml b/network/external_v6.yaml
index 3e120f24..e0736ab7 100644
--- a/network/external_v6.yaml
+++ b/network/external_v6.yaml
@@ -42,6 +42,10 @@ parameters:
default: dhcpv6-stateful
description: Neutron subnet IPv6 router advertisement mode
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '2001:db8:fd00:1000::1'
+ description: default route for the external network
+ type: string
resources:
ExternalNetwork:
@@ -62,6 +66,7 @@ resources:
name: {get_param: ExternalSubnetName}
network: {get_resource: ExternalNetwork}
allocation_pools: {get_param: ExternalAllocationPools}
+ gateway_ip: {get_param: ExternalInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/internal_api.yaml b/network/internal_api.yaml
index 6f8aa3a8..090e38f7 100644
--- a/network/internal_api.yaml
+++ b/network/internal_api.yaml
@@ -55,6 +55,7 @@ resources:
name: {get_param: InternalApiSubnetName}
network: {get_resource: InternalApiNetwork}
allocation_pools: {get_param: InternalApiAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml
index 68c14fbe..19d64b0a 100644
--- a/network/internal_api_v6.yaml
+++ b/network/internal_api_v6.yaml
@@ -62,6 +62,7 @@ resources:
name: {get_param: InternalApiSubnetName}
network: {get_resource: InternalApiNetwork}
allocation_pools: {get_param: InternalApiAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
diff --git a/network/management.yaml b/network/management.yaml
index 6878bac4..6798e11e 100644
--- a/network/management.yaml
+++ b/network/management.yaml
@@ -13,7 +13,7 @@ parameters:
ManagementNetValueSpecs:
default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'}
description: Value specs for the management network.
- type: json
+ type: json
ManagementNetAdminStateUp:
default: false
description: The admin state of the network.
@@ -38,6 +38,10 @@ parameters:
default: [{'start': '10.0.1.4', 'end': '10.0.1.250'}]
description: Ip allocation pool range for the management network.
type: json
+ ManagementInterfaceDefaultRoute:
+ default: null
+ description: The default route of the management network.
+ type: string
resources:
ManagementNetwork:
@@ -56,6 +60,7 @@ resources:
name: {get_param: ManagementSubnetName}
network: {get_resource: ManagementNetwork}
allocation_pools: {get_param: ManagementAllocationPools}
+ gateway_ip: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml
index 07e2de4c..d7863e02 100644
--- a/network/ports/net_ip_list_map.yaml
+++ b/network/ports/net_ip_list_map.yaml
@@ -31,6 +31,32 @@ parameters:
ServiceHostnameList:
default: []
type: comma_delimited_list
+ NetworkHostnameMap:
+ default: []
+ type: json
+
+resources:
+ # This adds the extra "services" on for keystone
+ # so that keystone_admin_api_network and
+ # keystone_public_api_network point to the correct
+ # network on the nodes running the "keystone" service
+ EnabledServicesValue:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
+ yaql:
+ expression: let(root => $) -> $.data.extra_services.items().where($[0] in $root.data.enabled_services).select($[1]).flatten() + $root.data.enabled_services
+ data:
+ enabled_services: {get_param: EnabledServices}
+ extra_services:
+ # If anything other than keystone needs this
+ # then we should add an extra_networks interface
+ # to the service templates role_data but for
+ # now we hard-code the keystone special case
+ keystone:
+ - keystone_admin_api
+ - keystone_public_api
outputs:
net_ip_map:
@@ -64,7 +90,7 @@ outputs:
template:
SERVICE_node_ips: SERVICE_network
for_each:
- SERVICE: {get_param: EnabledServices}
+ SERVICE: {get_attr: [EnabledServicesValue, value]}
- values: {get_param: ServiceNetMap}
- values:
ctlplane: {get_param: ControlPlaneIpList}
@@ -78,6 +104,28 @@ outputs:
description: >
Map of enabled services to a list of hostnames where they're running
value:
+ map_replace:
+ - yaql:
+ # This filters any entries where the value hasn't been substituted for
+ # a list, e.g it's still $service_network. This happens when there is
+ # no network defined for the service in the ServiceNetMap, which is OK
+ # as not all services have to be bound to a network, so we filter them
+ expression: dict($.data.map.items().where(not $[1].endsWith("_network")))
+ data:
+ map:
+ map_replace:
+ - map_merge:
+ repeat:
+ template:
+ SERVICE_node_names: SERVICE_network
+ for_each:
+ SERVICE: {get_attr: [EnabledServicesValue, value]}
+ - values: {get_param: ServiceNetMap}
+ - values: {get_param: NetworkHostnameMap}
+ short_service_hostnames:
+ description: >
+ Map of enabled services to a list of hostnames where they're running regardless of the network
+ value:
yaql:
# If ServiceHostnameList is empty the role is deployed with zero nodes
# therefore we don't want to add any *_node_names to the map
@@ -87,6 +135,6 @@ outputs:
map_merge:
repeat:
template:
- SERVICE_node_names: {get_param: ServiceHostnameList}
+ SERVICE_short_node_names: {get_param: ServiceHostnameList}
for_each:
- SERVICE: {get_param: EnabledServices}
+ SERVICE: {get_attr: [EnabledServicesValue, value]}
diff --git a/network/service_net_map.yaml b/network/service_net_map.j2.yaml
index 6e5c2449..c4d86fb9 100644
--- a/network/service_net_map.yaml
+++ b/network/service_net_map.j2.yaml
@@ -8,9 +8,17 @@ parameters:
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
+ Note that the key in this map must match the service_name
+ in the service template, e.g if the service_name is heat_api
+ the key must be either heat_api_network, or optionally
+ HeatApiNetwork (which will be internally converted to
+ transform captalization to underscores).
default: {}
type: json
+ # Note that the key in this map must match the service_name
+ # see the description above about conversion from CamelCase to
+ # snake_case - the names must still match when converted
ServiceNetMapDefaults:
default:
ApacheNetwork: internal_api
@@ -46,13 +54,14 @@ parameters:
CephClusterNetwork: storage_mgmt
CephMonNetwork: storage
CephRgwNetwork: storage
- ControllerHostnameResolveNetwork: internal_api
- ComputeHostnameResolveNetwork: internal_api
- BlockStorageHostnameResolveNetwork: internal_api
- ObjectStorageHostnameResolveNetwork: internal_api
- CephStorageHostnameResolveNetwork: storage
PublicNetwork: external
- OpenDaylightApiNetwork: internal_api
+ OpendaylightApiNetwork: internal_api
+ # We special-case the default ResolveNetwork for the CephStorage role
+ # for backwards compatibility, all other roles default to internal_api
+ CephStorageHostnameResolveNetwork: storage
+{% for role in roles if role.name != 'CephStorage' %}
+ {{role.name}}HostnameResolveNetwork: internal_api
+{% endfor %}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
diff --git a/network/storage.yaml b/network/storage.yaml
index dc9f35ea..35dae17a 100644
--- a/network/storage.yaml
+++ b/network/storage.yaml
@@ -55,6 +55,7 @@ resources:
name: {get_param: StorageSubnetName}
network: {get_resource: StorageNetwork}
allocation_pools: {get_param: StorageAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml
index 59933c8c..03cfd139 100644
--- a/network/storage_mgmt.yaml
+++ b/network/storage_mgmt.yaml
@@ -55,6 +55,7 @@ resources:
name: {get_param: StorageMgmtSubnetName}
network: {get_resource: StorageMgmtNetwork}
allocation_pools: {get_param: StorageMgmtAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml
index f05644ef..39c456db 100644
--- a/network/storage_mgmt_v6.yaml
+++ b/network/storage_mgmt_v6.yaml
@@ -62,6 +62,7 @@ resources:
name: {get_param: StorageMgmtSubnetName}
network: {get_resource: StorageMgmtNetwork}
allocation_pools: {get_param: StorageMgmtAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml
index 36a6fae8..5c8af9e5 100644
--- a/network/storage_v6.yaml
+++ b/network/storage_v6.yaml
@@ -62,6 +62,7 @@ resources:
name: {get_param: StorageSubnetName}
network: {get_resource: StorageNetwork}
allocation_pools: {get_param: StorageAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
diff --git a/network/tenant.yaml b/network/tenant.yaml
index 6fe96121..1045b81b 100644
--- a/network/tenant.yaml
+++ b/network/tenant.yaml
@@ -55,6 +55,7 @@ resources:
name: {get_param: TenantSubnetName}
network: {get_resource: TenantNetwork}
allocation_pools: {get_param: TenantAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml
index b653eaf7..bf758a50 100644
--- a/network/tenant_v6.yaml
+++ b/network/tenant_v6.yaml
@@ -62,6 +62,7 @@ resources:
name: {get_param: TenantSubnetName}
network: {get_resource: TenantNetwork}
allocation_pools: {get_param: TenantAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 5f09f522..c7f15105 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -1,17 +1,7 @@
resource_registry:
- OS::TripleO::BlockStorage: puppet/cinder-storage.yaml
- OS::TripleO::Compute: puppet/compute.yaml
+
OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment
- OS::TripleO::Controller: puppet/controller.yaml
- OS::TripleO::ObjectStorage: puppet/swift-storage.yaml
- OS::TripleO::CephStorage: puppet/ceph-storage.yaml
- # set to controller-config-pacemaker.yaml to enable pacemaker
- OS::TripleO::ControllerConfig: puppet/controller-config.yaml
OS::TripleO::PostDeploySteps: puppet/post.yaml
- OS::TripleO::ComputeConfig: puppet/compute-config.yaml
- OS::TripleO::BlockStorageConfig: puppet/blockstorage-config.yaml
- OS::TripleO::ObjectStorageConfig: puppet/objectstorage-config.yaml
- OS::TripleO::CephStorageConfig: puppet/cephstorage-config.yaml
OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
OS::TripleO::DefaultPasswords: default_passwords.yaml
@@ -20,19 +10,28 @@ resource_registry:
OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml
{% for role in roles %}
+ OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml
+ OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml
OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None
OS::TripleO::Tasks::{{role.name}}PostConfig: OS::Heat::None
-
OS::TripleO::{{role.name}}ExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
-
# Port assignments for the {{role.name}} role
+ # Note we have to special-case ObjectStorage for backwards compatibility
+ {% if role.name != 'ObjectStorage' %}
OS::TripleO::{{role.name}}::Ports::ExternalPort: network/ports/noop.yaml
OS::TripleO::{{role.name}}::Ports::InternalApiPort: network/ports/noop.yaml
OS::TripleO::{{role.name}}::Ports::StoragePort: network/ports/noop.yaml
OS::TripleO::{{role.name}}::Ports::StorageMgmtPort: network/ports/noop.yaml
OS::TripleO::{{role.name}}::Ports::TenantPort: network/ports/noop.yaml
OS::TripleO::{{role.name}}::Ports::ManagementPort: network/ports/noop.yaml
-
+ {% else %}
+ OS::TripleO::SwiftStorage::Ports::ExternalPort: network/ports/noop.yaml
+ OS::TripleO::SwiftStorage::Ports::InternalApiPort: network/ports/noop.yaml
+ OS::TripleO::SwiftStorage::Ports::StoragePort: network/ports/noop.yaml
+ OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: network/ports/noop.yaml
+ OS::TripleO::SwiftStorage::Ports::TenantPort: network/ports/noop.yaml
+ OS::TripleO::SwiftStorage::Ports::ManagementPort: network/ports/noop.yaml
+ {% endif %}
OS::TripleO::{{role.name}}::Net::SoftwareConfig: net-config-noop.yaml
{% endfor %}
@@ -109,6 +108,7 @@ resource_registry:
OS::TripleO::Services::CinderBackup: OS::Heat::None
OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml
OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml
+ OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml
OS::TripleO::Services::Core: OS::Heat::None
OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
@@ -199,7 +199,7 @@ resource_registry:
OS::TripleO::Services::NovaIronic: OS::Heat::None
OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
- OS::TripleO::Services::OpenDaylight: OS::Heat::None
+ OS::TripleO::Services::OpenDaylightApi: OS::Heat::None
OS::TripleO::Services::OpenDaylightOvs: OS::Heat::None
OS::TripleO::Services::SensuClient: OS::Heat::None
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index bd699f50..db1a78bf 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -245,6 +245,15 @@ resources:
EnabledServices: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
ServiceHostnameList: {get_attr: [{{role.name}}, hostname]}
+ NetworkHostnameMap:
+ # Note (shardy) this somewhat complex yaql may be replaced
+ # with a map_deep_merge function in ocata. It merges the
+ # list of maps, but appends to colliding lists so we can
+ # create a map of lists for all nodes for each network
+ yaql:
+ expression: dict($.data.where($ != null).flatten().selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()]))
+ data:
+ - {get_attr: [{{role.name}}, hostname_map]}
{{role.name}}:
type: OS::Heat::ResourceGroup
@@ -292,8 +301,6 @@ resources:
services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]}
- LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
- LoggingGroups: {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]}
{% endfor %}
allNodesConfig:
@@ -316,6 +323,24 @@ resources:
{% for role in roles %}
- {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
{% endfor %}
+ logging_groups:
+ yaql:
+ expression: >
+ $.data.groups.flatten()
+ data:
+ groups:
+{% for role in roles %}
+ - {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]}
+{% endfor %}
+ logging_sources:
+ yaql:
+ expression: >
+ $.data.sources.flatten()
+ data:
+ sources:
+{% for role in roles %}
+ - {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
+{% endfor %}
controller_ips: {get_attr: [Controller, ip_address]}
controller_names: {get_attr: [Controller, hostname]}
service_ips:
@@ -338,10 +363,16 @@ resources:
{% for role in roles %}
- {get_attr: [{{role.name}}IpListMap, service_hostnames]}
{% endfor %}
+ short_service_node_names:
+ yaql:
+ expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()]))
+ data:
+ l:
+{% for role in roles %}
+ - {get_attr: [{{role.name}}IpListMap, short_service_hostnames]}
+{% endfor %}
# FIXME(shardy): These require further work to move into service_ips
memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]}
- keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]}
- keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]}
NetVipMap: {get_attr: [VipMap, net_ip_map]}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
@@ -456,6 +487,10 @@ resources:
UpdateWorkflow:
type: OS::TripleO::Tasks::UpdateWorkflow
+ depends_on:
+{% for role in roles %}
+ - {{role.name}}AllNodesDeployment
+{% endfor %}
properties:
servers:
{% for role in roles %}
@@ -561,7 +596,36 @@ outputs:
The content that should be appended to your /etc/hosts if you want to get
hostname-based access to the deployed nodes (useful for testing without
setting up a DNS).
- value: {get_attr: [allNodesConfig, hosts_entries]}
+ value:
+ list_join:
+ - "\n"
+ - - {get_attr: [allNodesConfig, hosts_entries]}
+ -
+ - str_replace:
+ template: IP HOST
+ params:
+ IP: {get_attr: [VipMap, net_ip_map, external]}
+ HOST: {get_param: CloudName}
+ - str_replace:
+ template: IP HOST
+ params:
+ IP: {get_attr: [VipMap, net_ip_map, ctlplane]}
+ HOST: {get_param: CloudNameCtlplane}
+ - str_replace:
+ template: IP HOST
+ params:
+ IP: {get_attr: [VipMap, net_ip_map, internal_api]}
+ HOST: {get_param: CloudNameInternal}
+ - str_replace:
+ template: IP HOST
+ params:
+ IP: {get_attr: [VipMap, net_ip_map, storage]}
+ HOST: {get_param: CloudNameStorage}
+ - str_replace:
+ template: IP HOST
+ params:
+ IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]}
+ HOST: {get_param: CloudNameStorageManagement}
EnabledServices:
description: The services enabled on each role
value:
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 89f2705e..cae60aab 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -20,18 +20,20 @@ parameters:
type: string
controller_ips:
type: comma_delimited_list
+ logging_groups:
+ type: json
+ logging_sources:
+ type: json
service_ips:
type: json
service_node_names:
type: json
+ short_service_node_names:
+ type: json
controller_names:
type: comma_delimited_list
memcache_node_ips:
type: comma_delimited_list
- keystone_public_api_node_ips:
- type: comma_delimited_list
- keystone_admin_api_node_ips:
- type: comma_delimited_list
NetVipMap:
type: json
RedisVirtualIP:
@@ -83,6 +85,8 @@ resources:
all_nodes:
mapped_data:
map_merge:
+ - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
+ - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
- enabled_services: {get_param: enabled_services}
# This writes out a mapping of service_name_enabled: 'true'
# For any services not enabled, hiera foo_enabled will
@@ -126,6 +130,7 @@ resources:
# provides a mapping of service_name_ips to a list of IPs
- {get_param: service_ips}
- {get_param: service_node_names}
+ - {get_param: short_service_node_names}
- controller_node_ips:
list_join:
- ','
@@ -142,22 +147,6 @@ resources:
list_join:
- "]','inet6:["
- {get_param: memcache_node_ips}
- keystone_public_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: keystone_public_api_node_ips}
- keystone_admin_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: keystone_admin_api_node_ips}
deploy_identifier: {get_param: DeployIdentifier}
update_identifier: {get_param: UpdateIdentifier}
diff --git a/puppet/blockstorage-config.yaml b/puppet/blockstorage-config.yaml
deleted file mode 100644
index e455c4cb..00000000
--- a/puppet/blockstorage-config.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- A software config which runs manifests/overcloud_volume.pp
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- BlockStoragePuppetConfigImpl:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- inputs:
- - name: step
- type: Number
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_volume.pp
- - {get_param: StepConfig}
-
-outputs:
- OS::stack_id:
- description: The software config which runs overcloud_controller.pp
- value: {get_resource: BlockStoragePuppetConfigImpl}
diff --git a/puppet/cinder-storage.yaml b/puppet/blockstorage-role.yaml
index a66ea08b..8b695fff 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -96,12 +96,6 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
- LoggingSources:
- type: json
- default: []
- LoggingGroups:
- type: comma_delimited_list
- default: []
resources:
BlockStorage:
@@ -277,8 +271,6 @@ resources:
volume:
mapped_data:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
- tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -315,6 +307,51 @@ outputs:
hostname:
description: Hostname of the server
value: {get_attr: [BlockStorage, name]}
+ hostname_map:
+ description: Mapping of network names to hostnames
+ value:
+ external:
+ list_join:
+ - '.'
+ - - {get_attr: [BlockStorage, name]}
+ - external
+ - {get_param: CloudDomain}
+ internal_api:
+ list_join:
+ - '.'
+ - - {get_attr: [BlockStorage, name]}
+ - internalapi
+ - {get_param: CloudDomain}
+ storage:
+ list_join:
+ - '.'
+ - - {get_attr: [BlockStorage, name]}
+ - storage
+ - {get_param: CloudDomain}
+ storage_mgmt:
+ list_join:
+ - '.'
+ - - {get_attr: [BlockStorage, name]}
+ - storagemgmt
+ - {get_param: CloudDomain}
+ tenant:
+ list_join:
+ - '.'
+ - - {get_attr: [BlockStorage, name]}
+ - tenant
+ - {get_param: CloudDomain}
+ management:
+ list_join:
+ - '.'
+ - - {get_attr: [BlockStorage, name]}
+ - management
+ - {get_param: CloudDomain}
+ ctlplane:
+ list_join:
+ - '.'
+ - - {get_attr: [BlockStorage, name]}
+ - ctlplane
+ - {get_param: CloudDomain}
hosts_entry:
value:
str_replace:
diff --git a/puppet/ceph-storage.yaml b/puppet/cephstorage-role.yaml
index 03a53b00..55b26336 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -102,12 +102,6 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
- LoggingSources:
- type: json
- default: []
- LoggingGroups:
- type: comma_delimited_list
- default: []
resources:
CephStorage:
@@ -281,8 +275,6 @@ resources:
ceph:
mapped_data:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
- tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -325,6 +317,51 @@ outputs:
hostname:
description: Hostname of the server
value: {get_attr: [CephStorage, name]}
+ hostname_map:
+ description: Mapping of network names to hostnames
+ value:
+ external:
+ list_join:
+ - '.'
+ - - {get_attr: [CephStorage, name]}
+ - external
+ - {get_param: CloudDomain}
+ internal_api:
+ list_join:
+ - '.'
+ - - {get_attr: [CephStorage, name]}
+ - internalapi
+ - {get_param: CloudDomain}
+ storage:
+ list_join:
+ - '.'
+ - - {get_attr: [CephStorage, name]}
+ - storage
+ - {get_param: CloudDomain}
+ storage_mgmt:
+ list_join:
+ - '.'
+ - - {get_attr: [CephStorage, name]}
+ - storagemgmt
+ - {get_param: CloudDomain}
+ tenant:
+ list_join:
+ - '.'
+ - - {get_attr: [CephStorage, name]}
+ - tenant
+ - {get_param: CloudDomain}
+ management:
+ list_join:
+ - '.'
+ - - {get_attr: [CephStorage, name]}
+ - management
+ - {get_param: CloudDomain}
+ ctlplane:
+ list_join:
+ - '.'
+ - - {get_attr: [CephStorage, name]}
+ - ctlplane
+ - {get_param: CloudDomain}
hosts_entry:
value:
str_replace:
diff --git a/puppet/compute-config.yaml b/puppet/compute-config.yaml
deleted file mode 100644
index 2314c47d..00000000
--- a/puppet/compute-config.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- A software config which runs manifests/overcloud_compute.pp
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- ComputePuppetConfigImpl:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- inputs:
- - name: step
- type: Number
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_compute.pp
- - {get_param: StepConfig}
-
-outputs:
- OS::stack_id:
- description: The software config which runs overcloud_controller.pp
- value: {get_resource: ComputePuppetConfigImpl}
diff --git a/puppet/compute.yaml b/puppet/compute-role.yaml
index 0205d0a6..4d77d6d3 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute-role.yaml
@@ -114,12 +114,6 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
- LoggingSources:
- type: json
- default: []
- LoggingGroups:
- type: comma_delimited_list
- default: []
resources:
@@ -295,8 +289,6 @@ resources:
compute:
mapped_data:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
- tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
NovaComputeDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -368,6 +360,51 @@ outputs:
hostname:
description: Hostname of the server
value: {get_attr: [NovaCompute, name]}
+ hostname_map:
+ description: Mapping of network names to hostnames
+ value:
+ external:
+ list_join:
+ - '.'
+ - - {get_attr: [NovaCompute, name]}
+ - external
+ - {get_param: CloudDomain}
+ internal_api:
+ list_join:
+ - '.'
+ - - {get_attr: [NovaCompute, name]}
+ - internalapi
+ - {get_param: CloudDomain}
+ storage:
+ list_join:
+ - '.'
+ - - {get_attr: [NovaCompute, name]}
+ - storage
+ - {get_param: CloudDomain}
+ storage_mgmt:
+ list_join:
+ - '.'
+ - - {get_attr: [NovaCompute, name]}
+ - storagemgmt
+ - {get_param: CloudDomain}
+ tenant:
+ list_join:
+ - '.'
+ - - {get_attr: [NovaCompute, name]}
+ - tenant
+ - {get_param: CloudDomain}
+ management:
+ list_join:
+ - '.'
+ - - {get_attr: [NovaCompute, name]}
+ - management
+ - {get_param: CloudDomain}
+ ctlplane:
+ list_join:
+ - '.'
+ - - {get_attr: [NovaCompute, name]}
+ - ctlplane
+ - {get_param: CloudDomain}
hosts_entry:
description: >
Server's IP address and hostname in the /etc/hosts format
diff --git a/puppet/cephstorage-config.yaml b/puppet/config.role.j2.yaml
index 3f428609..e59a0216 100644
--- a/puppet/cephstorage-config.yaml
+++ b/puppet/config.role.j2.yaml
@@ -1,7 +1,7 @@
heat_template_version: 2015-04-30
description: >
- A software config which runs manifests/overcloud_cephstorage.pp
+ A software config which runs puppet on the {{role}} role
parameters:
ConfigDebug:
@@ -15,7 +15,7 @@ parameters:
resources:
- CephStoragePuppetConfigImpl:
+ {{role}}PuppetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: puppet
@@ -24,18 +24,21 @@ resources:
enable_hiera: True
enable_facter: False
modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ outputs:
+ - name: result
inputs:
- name: step
type: Number
- outputs:
- - name: result
config:
list_join:
- ''
- - - get_file: manifests/overcloud_cephstorage.pp
+ - - str_replace:
+ template: {get_file: manifests/overcloud_role.pp}
+ params:
+ __ROLE__: {{role.lower()}}
- {get_param: StepConfig}
outputs:
OS::stack_id:
- description: The software config which runs overcloud_controller.pp
- value: {get_resource: CephStoragePuppetConfigImpl}
+ description: The software config which runs puppet on the {{role}} role
+ value: {get_resource: {{role}}PuppetConfigImpl}
diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml
index b313f5de..24f31dc8 100644
--- a/puppet/controller-config-pacemaker.yaml
+++ b/puppet/controller-config-pacemaker.yaml
@@ -26,6 +26,9 @@ resources:
modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
outputs:
- name: result
+ inputs:
+ - name: step
+ type: Number
config:
list_join:
- ''
diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml
deleted file mode 100644
index 99c7b26e..00000000
--- a/puppet/controller-config.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- A software config which runs manifests/overcloud_controller.pp
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- ControllerPuppetConfigImpl:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- outputs:
- - name: result
- inputs:
- - name: step
- type: Number
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_controller.pp
- - {get_param: StepConfig}
-
-outputs:
- OS::stack_id:
- description: The software config which runs overcloud_controller.pp
- value: {get_resource: ControllerPuppetConfigImpl}
diff --git a/puppet/controller.yaml b/puppet/controller-role.yaml
index ccb517f8..b1433b04 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller-role.yaml
@@ -128,12 +128,6 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
- LoggingSources:
- type: json
- default: []
- LoggingGroups:
- type: comma_delimited_list
- default: []
parameter_groups:
- label: deprecated
@@ -355,8 +349,6 @@ resources:
# Misc
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
- tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
ControllerExtraConfigPre:
@@ -411,6 +403,51 @@ outputs:
hostname:
description: Hostname of the server
value: {get_attr: [Controller, name]}
+ hostname_map:
+ description: Mapping of network names to hostnames
+ value:
+ external:
+ list_join:
+ - '.'
+ - - {get_attr: [Controller, name]}
+ - external
+ - {get_param: CloudDomain}
+ internal_api:
+ list_join:
+ - '.'
+ - - {get_attr: [Controller, name]}
+ - internalapi
+ - {get_param: CloudDomain}
+ storage:
+ list_join:
+ - '.'
+ - - {get_attr: [Controller, name]}
+ - storage
+ - {get_param: CloudDomain}
+ storage_mgmt:
+ list_join:
+ - '.'
+ - - {get_attr: [Controller, name]}
+ - storagemgmt
+ - {get_param: CloudDomain}
+ tenant:
+ list_join:
+ - '.'
+ - - {get_attr: [Controller, name]}
+ - tenant
+ - {get_param: CloudDomain}
+ management:
+ list_join:
+ - '.'
+ - - {get_attr: [Controller, name]}
+ - management
+ - {get_param: CloudDomain}
+ ctlplane:
+ list_join:
+ - '.'
+ - - {get_attr: [Controller, name]}
+ - ctlplane
+ - {get_param: CloudDomain}
hosts_entry:
description: >
Server's IP address and hostname in the /etc/hosts format
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
index 6ff90881..48446e5a 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
@@ -70,12 +70,22 @@ parameters:
CinderNetappStoragePools:
type: string
default: ''
- CinderNetappEseriesHostType:
+ CinderNetappHostType:
type: string
- default: 'linux_dm_mp'
+ default: ''
CinderNetappWebservicePath:
type: string
default: '/devmgr/v2'
+ # DEPRECATED options for compatibility with older versions
+ CinderNetappEseriesHostType:
+ type: string
+ default: 'linux_dm_mp'
+
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - CinderNetappEseriesHostType
resources:
CinderNetappConfig:
@@ -108,7 +118,7 @@ resources:
cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps}
cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword}
cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools}
- cinder::backend::netapp::netapp_eseries_host_type: {get_input: NetappEseriesHostType}
+ cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType}
cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath}
CinderNetappDeployment:
@@ -139,7 +149,7 @@ resources:
NetappControllerIps: {get_param: CinderNetappControllerIps}
NetappSaPassword: {get_param: CinderNetappSaPassword}
NetappStoragePools: {get_param: CinderNetappStoragePools}
- NetappEseriesHostType: {get_param: CinderNetappEseriesHostType}
+ NetappHostType: {get_param: CinderNetappHostType}
NetappWebservicePath: {get_param: CinderNetappWebservicePath}
outputs:
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index e281ef51..49d84574 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -64,11 +64,9 @@ resources:
| openssl md5 | cut -c 10- \
> ${heat_outputs_path}.key_modulus
# We need to reload haproxy in case the certificate changed because
- # puppet doesn't know the contents of the cert file. The pacemaker
- # case is handled separately in a pacemaker-specific resource.
- pacemaker_status=$(systemctl is-active pacemaker)
+ # puppet doesn't know the contents of the cert file.
haproxy_status=$(systemctl is-active haproxy)
- if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+ if [ "$haproxy_status" = "active" ]; then
systemctl reload haproxy
fi
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
deleted file mode 100644
index 2653badf..00000000
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright 2015 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-if hiera('step') >= 4 {
- hiera_include('ceph_classes', [])
-}
-
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_ceph', hiera('step')])
-package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
deleted file mode 100644
index f96c193c..00000000
--- a/puppet/manifests/overcloud_compute.pp
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright 2014 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-if hiera('step') >= 4 {
- hiera_include('compute_classes', [])
-}
-
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_compute', hiera('step')])
-package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
deleted file mode 100644
index 414a06ba..00000000
--- a/puppet/manifests/overcloud_object.pp
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright 2015 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-if hiera('step') >= 4 {
- hiera_include('object_classes', [])
-}
-
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_object', hiera('step')])
-package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_role.pp
index 25bdbfb2..1a59620c 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_role.pp
@@ -13,9 +13,14 @@
# License for the specific language governing permissions and limitations
# under the License.
+# The content of this file will be used to generate
+# the puppet manifests for all roles, the placeholder
+# __ROLE__ will be replaced by 'controller', 'blockstorage',
+# 'cephstorage' and all the deployed roles.
+
if hiera('step') >= 4 {
- hiera_include('controller_classes', [])
+ hiera_include('__ROLE___classes', [])
}
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])
+$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud___ROLE__', hiera('step')])
package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp
deleted file mode 100644
index e1cdadd5..00000000
--- a/puppet/manifests/overcloud_volume.pp
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright 2015 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-if hiera('step') >= 4 {
- hiera_include('volume_classes', [])
-}
-
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_volume', hiera('step')])
-package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/objectstorage-config.yaml b/puppet/objectstorage-config.yaml
deleted file mode 100644
index 33480544..00000000
--- a/puppet/objectstorage-config.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- A software config which runs manifests/overcloud_object.pp
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- ObjectStoragePuppetConfigImpl:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- inputs:
- - name: step
- type: Number
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_object.pp
- - {get_param: StepConfig}
-
-outputs:
- OS::stack_id:
- description: The software config which runs overcloud_controller.pp
- value: {get_resource: ObjectStoragePuppetConfigImpl}
diff --git a/puppet/swift-storage.yaml b/puppet/objectstorage-role.yaml
index 899ba66d..d7681d10 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -96,12 +96,6 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
- LoggingSources:
- type: json
- default: []
- LoggingGroups:
- type: comma_delimited_list
- default: []
resources:
@@ -266,8 +260,6 @@ resources:
object:
mapped_data: # data supplied directly to this deployment configuration, etc
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
- tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
SwiftStorageHieraDeploy:
@@ -314,6 +306,51 @@ outputs:
hostname:
description: Hostname of the server
value: {get_attr: [SwiftStorage, name]}
+ hostname_map:
+ description: Mapping of network names to hostnames
+ value:
+ external:
+ list_join:
+ - '.'
+ - - {get_attr: [SwiftStorage, name]}
+ - external
+ - {get_param: CloudDomain}
+ internal_api:
+ list_join:
+ - '.'
+ - - {get_attr: [SwiftStorage, name]}
+ - internalapi
+ - {get_param: CloudDomain}
+ storage:
+ list_join:
+ - '.'
+ - - {get_attr: [SwiftStorage, name]}
+ - storage
+ - {get_param: CloudDomain}
+ storage_mgmt:
+ list_join:
+ - '.'
+ - - {get_attr: [SwiftStorage, name]}
+ - storagemgmt
+ - {get_param: CloudDomain}
+ tenant:
+ list_join:
+ - '.'
+ - - {get_attr: [SwiftStorage, name]}
+ - tenant
+ - {get_param: CloudDomain}
+ management:
+ list_join:
+ - '.'
+ - - {get_attr: [SwiftStorage, name]}
+ - management
+ - {get_param: CloudDomain}
+ ctlplane:
+ list_join:
+ - '.'
+ - - {get_attr: [SwiftStorage, name]}
+ - ctlplane
+ - {get_param: CloudDomain}
hosts_entry:
value:
str_replace:
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
new file mode 100644
index 00000000..e4307001
--- /dev/null
+++ b/puppet/role.role.j2.yaml
@@ -0,0 +1,452 @@
+heat_template_version: 2016-10-14
+description: 'OpenStack {{role}} node configured by Puppet'
+parameters:
+ Overcloud{{role}}Flavor:
+ description: Flavor for the {{role}} node.
+ default: baremetal
+ type: string
+ constraints:
+ - custom_constraint: nova.flavor
+ {{role}}Image:
+ type: string
+ default: overcloud-full
+ constraints:
+ - custom_constraint: glance.image
+ ImageUpdatePolicy:
+ default: 'REBUILD_PRESERVE_EPHEMERAL'
+ description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
+ type: string
+ KeyName:
+ description: Name of an existing Nova key pair to enable SSH access to the instances
+ type: string
+ default: default
+ constraints:
+ - custom_constraint: nova.keypair
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ UpdateIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting to a previously unused value during stack-update will trigger
+ package update on all nodes
+ Hostname:
+ type: string
+ default: '' # Defaults to Heat created hostname
+ HostnameMap:
+ type: json
+ default: {}
+ description: Optional mapping to override hostnames
+ ExtraConfig:
+ default: {}
+ description: |
+ Additional hiera configuration to inject into the cluster. Note
+ that {{role}}ExtraConfig takes precedence over ExtraConfig.
+ type: json
+ {{role}}ExtraConfig:
+ default: {}
+ description: |
+ Role specific additional hiera configuration to inject into the cluster.
+ type: json
+ {{role}}IPs:
+ default: {}
+ type: json
+ NetworkDeploymentActions:
+ type: comma_delimited_list
+ description: >
+ Heat action when to apply network configuration changes
+ default: ['CREATE']
+ SoftwareConfigTransport:
+ default: POLL_SERVER_CFN
+ description: |
+ How the server should receive the metadata required for software configuration.
+ type: string
+ constraints:
+ - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
+ CloudDomain:
+ type: string
+ description: >
+ The DNS domain used for the hosts. This should match the dhcp_domain
+ configured in the Undercloud neutron. Defaults to localdomain.
+ ServerMetadata:
+ default: {}
+ description: >
+ Extra properties or metadata passed to Nova for the created nodes in
+ the overcloud. It's accessible via the Nova metadata API.
+ type: json
+ {{role}}SchedulerHints:
+ type: json
+ description: Optional scheduler hints to pass to nova
+ default: {}
+ NodeIndex:
+ type: number
+ default: 0
+ ServiceConfigSettings:
+ type: json
+ default: {}
+ ServiceNames:
+ type: comma_delimited_list
+ default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
+ ConfigCommand:
+ type: string
+ description: Command which will be run whenever configuration data changes
+ default: os-refresh-config --timeout 14400
+ LoggingSources:
+ type: json
+ default: []
+ LoggingGroups:
+ type: comma_delimited_list
+ default: []
+
+resources:
+ {{role}}:
+ type: OS::TripleO::Server
+ metadata:
+ os-collect-config:
+ command: {get_param: ConfigCommand}
+ properties:
+ image: {get_param: {{role}}Image}
+ image_update_policy: {get_param: ImageUpdatePolicy}
+ flavor: {get_param: Overcloud{{role}}Flavor}
+ key_name: {get_param: KeyName}
+ networks:
+ - network: ctlplane
+ user_data_format: SOFTWARE_CONFIG
+ user_data: {get_resource: UserData}
+ name:
+ str_replace:
+ template: {get_param: Hostname}
+ params: {get_param: HostnameMap}
+ software_config_transport: {get_param: SoftwareConfigTransport}
+ metadata: {get_param: ServerMetadata}
+ scheduler_hints: {get_param: {{role}}SchedulerHints}
+
+ # Combine the NodeAdminUserData and NodeUserData mime archives
+ UserData:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: {get_resource: NodeAdminUserData}
+ type: multipart
+ - config: {get_resource: NodeUserData}
+ type: multipart
+
+ # Creates the "heat-admin" user if configured via the environment
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
+ NodeAdminUserData:
+ type: OS::TripleO::NodeAdminUserData
+
+ # For optional operator additional userdata
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
+ NodeUserData:
+ type: OS::TripleO::NodeUserData
+
+ ExternalPort:
+ type: OS::TripleO::{{role}}::Ports::ExternalPort
+ properties:
+ ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ IPPool: {get_param: {{role}}IPs}
+ NodeIndex: {get_param: NodeIndex}
+
+ InternalApiPort:
+ type: OS::TripleO::{{role}}::Ports::InternalApiPort
+ properties:
+ ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ IPPool: {get_param: {{role}}IPs}
+ NodeIndex: {get_param: NodeIndex}
+
+ StoragePort:
+ type: OS::TripleO::{{role}}::Ports::StoragePort
+ properties:
+ ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ IPPool: {get_param: {{role}}IPs}
+ NodeIndex: {get_param: NodeIndex}
+
+ StorageMgmtPort:
+ type: OS::TripleO::{{role}}::Ports::StorageMgmtPort
+ properties:
+ ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ IPPool: {get_param: {{role}}IPs}
+ NodeIndex: {get_param: NodeIndex}
+
+ TenantPort:
+ type: OS::TripleO::{{role}}::Ports::TenantPort
+ properties:
+ ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ IPPool: {get_param: {{role}}IPs}
+ NodeIndex: {get_param: NodeIndex}
+
+ ManagementPort:
+ type: OS::TripleO::{{role}}::Ports::ManagementPort
+ properties:
+ ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ IPPool: {get_param: {{role}}IPs}
+ NodeIndex: {get_param: NodeIndex}
+
+ NetworkConfig:
+ type: OS::TripleO::{{role}}::Net::SoftwareConfig
+ properties:
+ ControlPlaneIp: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
+ InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
+ StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
+ StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
+ TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
+ ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
+
+ NetIpMap:
+ type: OS::TripleO::Network::Ports::NetIpMap
+ properties:
+ ControlPlaneIp: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ ExternalIp: {get_attr: [ExternalPort, ip_address]}
+ ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
+ ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
+ InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
+ InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
+ InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
+ StorageIp: {get_attr: [StoragePort, ip_address]}
+ StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
+ StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
+ StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
+ StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
+ StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
+ TenantIp: {get_attr: [TenantPort, ip_address]}
+ TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
+ TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
+ ManagementIp: {get_attr: [ManagementPort, ip_address]}
+ ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
+ ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
+
+ NetworkDeployment:
+ type: OS::TripleO::SoftwareDeployment
+ properties:
+ name: NetworkDeployment
+ config: {get_resource: NetworkConfig}
+ server: {get_resource: {{role}}}
+ actions: {get_param: NetworkDeploymentActions}
+
+ {{role}}Deployment:
+ type: OS::Heat::StructuredDeployment
+ depends_on: NetworkDeployment
+ properties:
+ name: {{role}}Deployment
+ config: {get_resource: {{role}}Config}
+ server: {get_resource: {{role}}}
+ input_values:
+ enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+
+ {{role}}Config:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ hiera:
+ hierarchy:
+ - '"%{::uuid}"'
+ - heat_config_%{::deploy_config_name}
+ - {{role.lower()}}_extraconfig
+ - extraconfig
+ - service_names
+ - service_configs
+ - bootstrap_node # provided by allNodesConfig
+ - all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
+ - '"%{::osfamily}"'
+ merge_behavior: deeper
+ datafiles:
+ service_names:
+ mapped_data:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
+ service_configs:
+ mapped_data:
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
+ {{role.lower()}}_extraconfig:
+ mapped_data: {get_param: {{role}}ExtraConfig}
+ extraconfig:
+ mapped_data: {get_param: ExtraConfig}
+ {{role.lower()}}:
+ mapped_data:
+ tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
+ tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
+ tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
+
+ # Resource for site-specific injection of root certificate
+ NodeTLSCAData:
+ depends_on: {{role}}Deployment
+ type: OS::TripleO::NodeTLSCAData
+ properties:
+ server: {get_resource: {{role}}}
+
+ # Hook for site-specific additional pre-deployment config, e.g extra hieradata
+ {{role}}ExtraConfigPre:
+ depends_on: {{role}}Deployment
+ type: OS::TripleO::{{role}}ExtraConfigPre
+ properties:
+ server: {get_resource: {{role}}}
+
+ # Hook for site-specific additional pre-deployment config,
+ # applying to all nodes, e.g node registration/unregistration
+ NodeExtraConfig:
+ depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData]
+ type: OS::TripleO::NodeExtraConfig
+ properties:
+ server: {get_resource: {{role}}}
+
+ UpdateConfig:
+ type: OS::TripleO::Tasks::PackageUpdate
+
+ UpdateDeployment:
+ type: OS::Heat::SoftwareDeployment
+ properties:
+ config: {get_resource: UpdateConfig}
+ server: {get_resource: {{role}}}
+ input_values:
+ update_identifier:
+ get_param: UpdateIdentifier
+
+outputs:
+ ip_address:
+ description: IP address of the server in the ctlplane network
+ value: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ hostname:
+ description: Hostname of the server
+ value: {get_attr: [{{role}}, name]}
+ hostname_map:
+ description: Mapping of network names to hostnames
+ value:
+ external:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - external
+ - {get_param: CloudDomain}
+ internal_api:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - internalapi
+ - {get_param: CloudDomain}
+ storage:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - storage
+ - {get_param: CloudDomain}
+ storage_mgmt:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - storagemgmt
+ - {get_param: CloudDomain}
+ tenant:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - tenant
+ - {get_param: CloudDomain}
+ management:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - management
+ - {get_param: CloudDomain}
+ ctlplane:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - ctlplane
+ - {get_param: CloudDomain}
+ hosts_entry:
+ value:
+ str_replace:
+ template: |
+ PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
+ params:
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role}}HostnameResolveNetwork]}]}
+ DOMAIN: {get_param: CloudDomain}
+ PRIMARYHOST: {get_attr: [{{role}}, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - external
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - internalapi
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - storage
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - storagemgmt
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - tenant
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - management
+ CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [{{role}}, name]}
+ - ctlplane
+ nova_server_resource:
+ description: Heat resource handle for {{role}} server
+ value:
+ {get_resource: {{role}}}
+ external_ip_address:
+ description: IP address of the server in the external network
+ value: {get_attr: [ExternalPort, ip_address]}
+ internal_api_ip_address:
+ description: IP address of the server in the internal_api network
+ value: {get_attr: [InternalApiPort, ip_address]}
+ storage_ip_address:
+ description: IP address of the server in the storage network
+ value: {get_attr: [StoragePort, ip_address]}
+ storage_mgmt_ip_address:
+ description: IP address of the server in the storage_mgmt network
+ value: {get_attr: [StorageMgmtPort, ip_address]}
+ tenant_ip_address:
+ description: IP address of the server in the tenant network
+ value: {get_attr: [TenantPort, ip_address]}
+ management_ip_address:
+ description: IP address of the server in the management network
+ value: {get_attr: [ManagementPort, ip_address]}
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 950e9026..0e2410f7 100644
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -59,14 +59,7 @@ outputs:
value:
service_name: aodh_base
config_settings:
- aodh::evaluator::coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - "%{hiera('redis_vip')}"
- - ':6379/'
+ aodh_redis_password: {get_param: RedisPassword}
aodh::db::database_connection:
list_join:
- ''
diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml
index 2ae46d0e..c4abc307 100644
--- a/puppet/services/ceilometer-agent-central.yaml
+++ b/puppet/services/ceilometer-agent-central.yaml
@@ -51,13 +51,6 @@ outputs:
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
- - ceilometer::agent::central::coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - "%{hiera('redis_vip')}"
- - ':6379/'
+ - ceilometer_redis_password: {get_param: RedisPassword}
step_config: |
include ::tripleo::profile::base::ceilometer::agent::central
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml
index ce8d9158..adb17b26 100644
--- a/puppet/services/ceph-base.yaml
+++ b/puppet/services/ceph-base.yaml
@@ -75,6 +75,12 @@ outputs:
ceph::profile::params::manage_repo: false
ceph::profile::params::authentication_type: cephx
ceph::profile::params::fsid: {get_param: CephClusterFSID}
+ # FIXME(gfidente): we should not have to list the packages explicitly in the templates,
+ # but this has to stay until https://bugs.launchpad.net/puppet-ceph/+bug/1629933 is fixed
+ ceph::params::packages:
+ - ceph-base
+ - ceph-mon
+ - ceph-osd
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml
index 93ab1d79..59c9b844 100644
--- a/puppet/services/cinder-base.yaml
+++ b/puppet/services/cinder-base.yaml
@@ -66,7 +66,6 @@ outputs:
cinder::rabbit_password: {get_param: RabbitPassword}
cinder::rabbit_port: {get_param: RabbitClientPort}
cinder::rabbit_heartbeat_timeout_threshold: 60
- cinder::host: hostgroup
cinder::cron::db_purge::destination: '/dev/null'
cinder::db::database_db_max_retries: -1
cinder::db::database_max_retries: -1
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 80ba9aef..33abdbf9 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -18,32 +18,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- CephClientUserName:
- default: openstack
- type: string
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
- GlanceNotifierStrategy:
- description: Strategy to use for Glance notification queue
- type: string
- default: noop
- GlanceLogFile:
- description: The filepath of the file to use for logging messages from Glance.
- type: string
- default: ''
GlancePassword:
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
- GlanceBackend:
- default: swift
- description: The short name of the Glance backend to use. Should be one
- of swift, rbd, or file
- type: string
- constraints:
- - allowed_values: ['swift', 'file', 'rbd']
GlanceWorkers:
default: ''
description: |
@@ -55,31 +37,6 @@ parameters:
memory consumption. It is recommended that a suitable non-default value
be selected on such systems.
type: string
- GlanceRbdPoolName:
- default: images
- type: string
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- KeystoneRegion:
- type: string
- default: 'regionOne'
- description: Keystone region for endpoint
MonitoringSubscriptionGlanceApi:
default: 'overcloud-glance-api'
type: string
@@ -89,6 +46,14 @@ parameters:
tag: openstack.glance.api
path: /var/log/glance/api.log
+resources:
+ GlanceBase:
+ type: ./glance-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Glance API role.
@@ -99,65 +64,46 @@ outputs:
logging_groups:
- glance
config_settings:
- glance::api::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://glance:'
- - {get_param: GlancePassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/glance'
- glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
- glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- glance::api::registry_host:
- str_replace:
- template: "'REGISTRY_HOST'"
- params:
- REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
- glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] }
- glance::api::authtoken::password: {get_param: GlancePassword}
- glance::api::enable_proxy_headers_parsing: true
- glance::api::debug: {get_param: Debug}
- glance::api::workers: {get_param: GlanceWorkers}
- glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
- glance_log_file: {get_param: GlanceLogFile}
- glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::backend::swift::swift_store_user: service:glance
- glance::backend::swift::swift_store_key: {get_param: GlancePassword}
- glance::backend::swift::swift_store_create_container_on_put: true
- glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
- glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
- glance_backend: {get_param: GlanceBackend}
- glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
- glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
- glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
- glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- glance::registry::db::database_db_max_retries: -1
- glance::registry::db::database_max_retries: -1
- tripleo.glance_api.firewall_rules:
- '112 glance_api':
- dport:
- - 9292
- - 13292
- glance::api::authtoken::project_name: 'service'
- glance::api::pipeline: 'keystone'
- glance::api::show_image_direct_url: true
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
+ map_merge:
+ - get_attr: [GlanceBase, role_data, config_settings]
+ - glance::api::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://glance:'
+ - {get_param: GlancePassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/glance'
+ glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
+ glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::registry_host:
+ str_replace:
+ template: "'REGISTRY_HOST'"
+ params:
+ REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
+ glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] }
+ glance::api::authtoken::password: {get_param: GlancePassword}
+ glance::api::enable_proxy_headers_parsing: true
+ glance::api::debug: {get_param: Debug}
+ glance::api::workers: {get_param: GlanceWorkers}
+ tripleo.glance_api.firewall_rules:
+ '112 glance_api':
+ dport:
+ - 9292
+ - 13292
+ glance::api::authtoken::project_name: 'service'
+ glance::api::pipeline: 'keystone'
+ glance::api::show_image_direct_url: true
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
service_config_settings:
- keystone:
- glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
- glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
- glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
- glance::keystone::auth::password: {get_param: GlancePassword }
- glance::keystone::auth::region: {get_param: KeystoneRegion}
- glance::keystone::auth::tenant: 'service'
+ get_attr: [GlanceBase, role_data, service_config_settings]
diff --git a/puppet/services/glance-base.yaml b/puppet/services/glance-base.yaml
new file mode 100644
index 00000000..3294fc0f
--- /dev/null
+++ b/puppet/services/glance-base.yaml
@@ -0,0 +1,110 @@
+heat_template_version: 2016-10-14
+
+description: >
+ OpenStack Glance Common settings with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephClientUserName:
+ default: openstack
+ type: string
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ GlanceNotifierStrategy:
+ description: Strategy to use for Glance notification queue
+ type: string
+ default: noop
+ GlanceLogFile:
+ description: The filepath of the file to use for logging messages from Glance.
+ type: string
+ default: ''
+ GlancePassword:
+ description: The password for the glance service and db account, used by the glance services.
+ type: string
+ hidden: true
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+outputs:
+ role_data:
+ description: Role data for the Glance common role.
+ value:
+ service_name: glance_base
+ config_settings:
+ glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
+ glance_log_file: {get_param: GlanceLogFile}
+ glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::backend::swift::swift_store_user: service:glance
+ glance::backend::swift::swift_store_key: {get_param: GlancePassword}
+ glance::backend::swift::swift_store_create_container_on_put: true
+ glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
+ glance_backend: {get_param: GlanceBackend}
+ glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
+ glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
+ glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
+ glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ glance::notify::rabbitmq::notification_driver: messagingv2
+ glance::registry::db::database_db_max_retries: -1
+ glance::registry::db::database_max_retries: -1
+ service_config_settings:
+ keystone:
+ glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
+ glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
+ glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
+ glance::keystone::auth::password: {get_param: GlancePassword }
+ glance::keystone::auth::region: {get_param: KeystoneRegion}
+ glance::keystone::auth::tenant: 'service'
+ mysql:
+ glance::db::mysql::password: {get_param: GlancePassword}
+ glance::db::mysql::user: glance
+ glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ glance::db::mysql::dbname: glance
+ glance::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
index 30df67fe..c45582d4 100644
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@@ -46,6 +46,14 @@ parameters:
tag: openstack.glance.registry
path: /var/log/glance/registry.log
+resources:
+ GlanceBase:
+ type: ./glance-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Glance Registry role.
@@ -56,43 +64,37 @@ outputs:
logging_groups:
- glance
config_settings:
- glance::registry::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://glance:'
- - {get_param: GlancePassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/glance'
- glance::registry::authtoken::password: {get_param: GlancePassword}
- glance::registry::authtoken::project_name: 'service'
- glance::registry::pipeline: 'keystone'
- glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- glance::registry::debug: {get_param: Debug}
- glance::registry::workers: {get_param: GlanceWorkers}
- glance::registry::db::database_db_max_retries: -1
- glance::registry::db::database_max_retries: -1
- tripleo.glance_registry.firewall_rules:
- '112 glance_registry':
- dport:
- - 9191
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
+ map_merge:
+ - get_attr: [GlanceBase, role_data, config_settings]
+
+ - glance::registry::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://glance:'
+ - {get_param: GlancePassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/glance'
+ glance::registry::authtoken::password: {get_param: GlancePassword}
+ glance::registry::authtoken::project_name: 'service'
+ glance::registry::pipeline: 'keystone'
+ glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::registry::debug: {get_param: Debug}
+ glance::registry::workers: {get_param: GlanceWorkers}
+ tripleo.glance_registry.firewall_rules:
+ '112 glance_registry':
+ dport:
+ - 9191
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
step_config: |
include ::tripleo::profile::base::glance::registry
service_config_settings:
- mysql:
- glance::db::mysql::password: {get_param: GlancePassword}
- glance::db::mysql::user: glance
- glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- glance::db::mysql::dbname: glance
- glance::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
+ get_attr: [GlanceBase, role_data, config_settings]
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index 73889363..556baae0 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -56,6 +56,7 @@ outputs:
service_name: gnocchi_base
config_settings:
#Gnocchi engine
+ gnocchi_redis_password: {get_param: RedisPassword}
gnocchi::debug: {get_param: Debug}
gnocchi::db::database_connection:
list_join:
@@ -67,14 +68,6 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/gnocchi'
gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types'
- gnocchi::storage::coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - "%{hiera('redis_vip')}"
- - ':6379/'
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 2
gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword}
diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml
index 2b069d67..38cfbe22 100644
--- a/puppet/services/keepalived.yaml
+++ b/puppet/services/keepalived.yaml
@@ -41,5 +41,8 @@ outputs:
config_settings:
tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
+ tripleo.keepalived.firewall_rules:
+ '106 keepalived vrrp':
+ proto: vrrp
step_config: |
include ::tripleo::profile::base::keepalived
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 2f01578e..1fc88bf1 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -39,8 +39,12 @@ outputs:
net.netfilter.nf_conntrack_max:
value: 500000
# prevent neutron bridges from autoconfiguring ipv6 addresses
+ net.ipv6.conf.all.accept_ra:
+ value: 0
net.ipv6.conf.default.accept_ra:
value: 0
+ net.ipv6.conf.all.autoconf:
+ value: 0
net.ipv6.conf.default.autoconf:
value: 0
net.core.netdev_max_backlog:
diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml
index e051781e..58b423fd 100644
--- a/puppet/services/logging/fluentd-config.yaml
+++ b/puppet/services/logging/fluentd-config.yaml
@@ -70,7 +70,7 @@ parameters:
- tag_pattern: '**'
type: record_transformer
record:
- nodename: '${hostname}'
+ host: '${hostname}'
- tag_pattern: 'openstack.**'
type: record_transformer
diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml
index 89a36d21..0fc39e2a 100644
--- a/puppet/services/manila-backend-cephfs.yaml
+++ b/puppet/services/manila-backend-cephfs.yaml
@@ -19,9 +19,6 @@ parameters:
via parameter_defaults in the resource registry.
type: json
# CephFS Native backend params:
- ManilaCephFSNativeEnableBackend:
- type: boolean
- default: false
ManilaCephFSNativeBackendName:
type: string
default: cephfsnative
@@ -33,7 +30,7 @@ parameters:
default: 'cephfs'
ManilaCephFSNativeCephFSConfPath:
type: string
- default: '/etc/ceph/cephfs.conf'
+ default: '/etc/ceph/ceph.conf'
ManilaCephFSNativeCephFSAuthId:
type: string
default: 'manila'
@@ -50,7 +47,6 @@ outputs:
value:
service_name: manila_backend_cephfs
config_settings:
- manila::backend::cephfsnative::enable_backend: {get_param: ManilaCephFSNativeEnableBackend}
manila::backend::cephfsnative::title: {get_param: ManilaCephFSNativeBackendName}
manila::backend::cephfsnative::driver_handles_share_servers: {get_param: ManilaCephFSNativeDriverHandlesShareServers}
manila::backend::cephfsnative::share_backend_name: {get_param: ManilaCephFSNativeShareBackendName}
diff --git a/puppet/services/manila-backend-generic.yaml b/puppet/services/manila-backend-generic.yaml
index 5c001c82..c527666e 100644
--- a/puppet/services/manila-backend-generic.yaml
+++ b/puppet/services/manila-backend-generic.yaml
@@ -4,9 +4,6 @@ description: >
Openstack Manila generic backend.
parameters:
- ManilaGenericEnableBackend:
- type: boolean
- default: false
ManilaGenericBackendName:
type: string
default: tripleo_generic
@@ -73,7 +70,6 @@ outputs:
value:
service_name: manila_backend_generic
config_settings:
- manila_generic_enable_backend: {get_param: ManilaGenericEnableBackend}
manila::backend::generic::title: {get_param: ManilaGenericBackendName}
manila::backend::generic::driver_handles_share_servers: {get_param: ManilaGenericDriverHandlesShareServers}
manila::backend::generic::smb_template_config_path: {get_param: ManilaGenericSmbTemplateConfigPath}
diff --git a/puppet/services/manila-backend-netapp.yaml b/puppet/services/manila-backend-netapp.yaml
index c95a8da7..e6d2f250 100644
--- a/puppet/services/manila-backend-netapp.yaml
+++ b/puppet/services/manila-backend-netapp.yaml
@@ -4,9 +4,6 @@ description: >
Openstack Manila netapp backend.
parameters:
- ManilaNetappEnableBackend:
- type: boolean
- default: false
ManilaNetappDriverHandlesShareServers:
type: string
default: true
@@ -88,7 +85,6 @@ outputs:
value:
service_name: manila_backend_netapp
config_settings:
- manila_netapp_enable_backend: {get_param: ManilaNetappEnableBackend}
manila::backend::netapp::title: {get_param: ManilaNetappBackendName}
manila::backend::netapp::netapp_login: {get_param: ManilaNetappLogin}
manila::backend::netapp::driver_handles_share_servers: {get_param: ManilaNetappDriverHandlesShareServers}
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index 3b531ab3..c2b6b6f7 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -145,16 +145,11 @@ outputs:
neutron::server::notifications::password: {get_param: NovaPassword}
neutron::keystone::authtoken::project_name: 'service'
neutron::server::sync_db: true
- tripleo.neutron_server.firewall_rules:
- '114 neutron server':
+ tripleo.neutron_api.firewall_rules:
+ '114 neutron api':
dport:
- 9696
- 13696
- '118 neutron vxlan networks':
- proto: 'udp'
- dport: 4789
- '106 vrrp':
- proto: vrrp
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index 9e223374..a89e3d75 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -67,5 +67,8 @@ outputs:
- neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
neutron::agents::l3::router_delete_namespaces: True
neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode}
+ tripleo.neutron_l3.firewall_rules:
+ '106 neutron_l3 vrrp':
+ proto: vrrp
step_config: |
include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index cbe65638..cca0deee 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -117,5 +117,11 @@ outputs:
# internal_api_subnet - > IP/CIDR
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
+ tripleo.neutron_ovs_agent.firewall_rules:
+ '118 neutron vxlan networks':
+ proto: 'udp'
+ dport: 4789
+ '136 neutron gre networks':
+ proto: 'gre'
step_config: |
include ::tripleo::profile::base::neutron::ovs
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index b2ec0038..e1e1856d 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -53,6 +53,13 @@ parameters:
path: /var/log/nova/nova-api.log
resources:
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
NovaBase:
type: ./nova-base.yaml
properties:
@@ -72,8 +79,8 @@ outputs:
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- nova::api::osapi_compute_workers: {get_param: NovaWorkers}
- nova::api::metadata_workers: {get_param: NovaWorkers}
nova::cron::archive_deleted_rows::hour: '"*/12"'
nova::cron::archive_deleted_rows::destination: '"/dev/null"'
tripleo.nova_api.firewall_rules:
@@ -100,7 +107,16 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]}
- nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ nova::wsgi::apache::ssl: false
+ nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::wsgi::apache::servername:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ nova::wsgi::apache::workers: {get_param: NovaWorkers}
+ nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova::api::instance_name_template: {get_param: InstanceNameTemplate}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml
index d2ee036e..30351dfb 100644
--- a/puppet/services/opendaylight-api.yaml
+++ b/puppet/services/opendaylight-api.yaml
@@ -33,14 +33,6 @@ parameters:
description: List of features to install with ODL
type: comma_delimited_list
default: ["odl-netvirt-openstack","odl-netvirt-ui"]
- OpenDaylightConnectionProtocol:
- description: L7 protocol used for REST access
- type: string
- default: 'http'
- OpenDaylightCheckURL:
- description: URL postfix to verify ODL has finished starting up
- type: string
- default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1'
OpenDaylightApiVirtualIP:
type: string
default: ''
@@ -67,14 +59,11 @@ outputs:
config_settings:
opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
odl_on_controller: {get_param: EnableOpenDaylightOnController}
- opendaylight_check_url: {get_param: OpenDaylightCheckURL}
opendaylight::username: {get_param: OpenDaylightUsername}
opendaylight::password: {get_param: OpenDaylightPassword}
opendaylight::enable_l3: {get_param: OpenDaylightEnableL3}
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP}
- opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpenDaylightApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::opendaylight
- include tripleo::profile::base::neutron::plugins::ovs::opendaylight
diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml
index 11b9bf8f..d91a0181 100644
--- a/puppet/services/pacemaker/cinder-volume.yaml
+++ b/puppet/services/pacemaker/cinder-volume.yaml
@@ -41,5 +41,6 @@ outputs:
- get_attr: [CinderVolumeBase, role_data, config_settings]
- cinder::volume::manage_service: false
cinder::volume::enabled: false
+ cinder::host: hostgroup
step_config:
include ::tripleo::profile::pacemaker::cinder::volume
diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml
index 64ae2e91..982b6064 100644
--- a/puppet/services/pacemaker/database/mongodb.yaml
+++ b/puppet/services/pacemaker/database/mongodb.yaml
@@ -22,7 +22,7 @@ parameters:
resources:
MongoDbBase:
- type: ../../database/mongodb-base.yaml
+ type: ../../database/mongodb.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml
index d9156e67..196754eb 100644
--- a/puppet/services/pacemaker/database/redis.yaml
+++ b/puppet/services/pacemaker/database/redis.yaml
@@ -21,7 +21,7 @@ parameters:
resources:
RedisBase:
- type: ../../database/redis-base.yaml
+ type: ../../database/redis.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 52300a2f..5387529d 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -38,6 +38,13 @@ parameters:
type: string
default: ''
hidden: true
+ RabbitHAQueues:
+ description:
+ The number of HA queues to be configured in rabbit. The default is 0 which will
+ be automatically overridden to CEIL(N/2) where N is the number of nodes running
+ rabbitmq.
+ default: 0
+ type: number
MonitoringSubscriptionRabbitmq:
default: 'overcloud-rabbitmq'
type: string
@@ -73,6 +80,7 @@ outputs:
rabbitmq_config_variables:
tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
cluster_partition_handling: 'pause_minority'
+ queue_master_locator: '<<"min-masters">>'
loopback_users: '[]'
rabbitmq::erlang_cookie:
yaql:
@@ -88,5 +96,7 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+ rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
+
step_config: |
include ::tripleo::profile::base::rabbitmq
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
index 7b5fa40c..176fd235 100644
--- a/puppet/services/services.yaml
+++ b/puppet/services/services.yaml
@@ -78,7 +78,7 @@ outputs:
sources:
- {get_attr: [LoggingConfiguration, LoggingDefaultSources]}
- yaql:
- expression: list($.data.where($ != null).select($.get('logging_sources')).where($ != null))
+ expression: list($.data.where($ != null).select($.get('logging_source')).where($ != null))
data: {get_attr: [ServiceChain, role_data]}
- {get_attr: [LoggingConfiguration, LoggingExtraSources]}
default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]}
diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml
index f6ec458f..7eb39905 100644
--- a/puppet/services/tripleo-firewall.yaml
+++ b/puppet/services/tripleo-firewall.yaml
@@ -19,7 +19,7 @@ parameters:
via parameter_defaults in the resource registry.
type: json
ManageFirewall:
- default: false
+ default: true
description: Whether to manage IPtables rules.
type: boolean
PurgeFirewallRules:
diff --git a/roles_data.yaml b/roles_data.yaml
index fe98d827..86d0e4f5 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -90,7 +90,8 @@
- OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::OpenDaylight
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::VipHosts
@@ -124,7 +125,7 @@
- name: BlockStorage
ServicesDefault:
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::BlockStorageCinderVolume
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Timezone