diff options
24 files changed, 274 insertions, 99 deletions
@@ -4,9 +4,10 @@ group :development, :test do gem 'puppetlabs_spec_helper', :require => false gem 'puppet-lint', '~> 1.1' - gem 'puppet-lint-absolute_classname-check' gem 'puppet-lint-absolute_template_path' gem 'puppet-lint-trailing_newline-check' + # https://github.com/voxpupuli/puppet-lint-absolute_classname-check/issues/6 + gem 'puppet-lint-absolute_classname-check', '0.1.3', :require => 'false' # Puppet 4.x related lint checks gem 'puppet-lint-unquoted_string-check' diff --git a/environments/network-management-v6.yaml b/environments/network-management-v6.yaml new file mode 100644 index 00000000..812e84f3 --- /dev/null +++ b/environments/network-management-v6.yaml @@ -0,0 +1,25 @@ +# Enable the creation of an IPv6 system management network. This +# creates a Neutron network for isolated Overcloud +# system management traffic and configures each role to +# assign a port (related to that role) on that network. +# Note that the basic sample NIC configuration templates +# do not include the management network, see the +# comments in the sample network config templates in +# network/config/ for an example. +resource_registry: + OS::TripleO::Network::Management: ../network/management_v6.yaml + + # Port assignments for the controller role + OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_v6.yaml + + # Port assignments for the compute role + OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management_v6.yaml + + # Port assignments for the ceph storage role + OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml + + # Port assignments for the swift storage role + OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml + + # Port assignments for the block storage role + OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml diff --git a/environments/network-management.yaml b/environments/network-management.yaml index 2f0cff8b..041617be 100644 --- a/environments/network-management.yaml +++ b/environments/network-management.yaml @@ -4,7 +4,8 @@ # assign a port (related to that role) on that network. # Note that the basic sample NIC configuration templates # do not include the management network, see the -# single-nic-vlans-mgmt templates for an example. +# comments in the sample network config templates in +# network/config/ for an example. resource_registry: OS::TripleO::Network::Management: ../network/management.yaml diff --git a/network/management_v6.yaml b/network/management_v6.yaml new file mode 100644 index 00000000..a5e70667 --- /dev/null +++ b/network/management_v6.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2015-04-30 + +description: > + Management network. System administration, SSH, DNS, NTP, etc. This network + would usually be the default gateway for the non-controller nodes. + +parameters: + # the defaults here work for static IP assignment (IPAM) only + ManagementNetCidr: + default: 'fd00:fd00:fd00:6000::/64' + description: Cidr for the management network. + type: string + ManagementNetValueSpecs: + default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'} + description: Value specs for the management network. + type: json + ManagementNetAdminStateUp: + default: false + description: This admin state of of the network. + type: boolean + ManagementNetShared: + default: false + description: Whether this network is shared across all tenants. + type: boolean + ManagementNetName: + default: management + description: The name of the management network. + type: string + ManagementSubnetName: + default: management_subnet + description: The name of the management subnet in Neutron. + type: string + ManagementAllocationPools: + default: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}] + description: Ip allocation pool range for the management network. + type: json + IPv6AddressMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 address mode + type: string + IPv6RAMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 router advertisement mode + type: string + +resources: + ManagementNetwork: + type: OS::Neutron::Net + properties: + admin_state_up: {get_param: ManagementNetAdminStateUp} + name: {get_param: ManagementNetName} + shared: {get_param: ManagementNetShared} + value_specs: {get_param: ManagementNetValueSpecs} + + ManagementSubnet: + type: OS::Neutron::Subnet + properties: + ip_version: 6 + ipv6_address_mode: {get_param: IPv6AddressMode} + ipv6_ra_mode: {get_param: IPv6RAMode} + cidr: {get_param: ManagementNetCidr} + name: {get_param: ManagementSubnetName} + network: {get_resource: ManagementNetwork} + allocation_pools: {get_param: ManagementAllocationPools} + +outputs: + OS::stack_id: + description: Neutron management network + value: {get_resource: ManagementNetwork} diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml new file mode 100644 index 00000000..d9ac6046 --- /dev/null +++ b/network/ports/management_from_pool_v6.yaml @@ -0,0 +1,52 @@ +heat_template_version: 2015-10-15 + +description: > + Returns an IP from a network mapped list of IPs. This version is for IPv6 + addresses. The ip_address_uri output will have brackets for use in URLs. + +parameters: + ManagementNetName: + description: Name of the management network + default: management + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatability with noop.yaml + description: IP address on the control plane + default: '' + type: string + IPPool: + default: {} + description: A network mapped list of IPs + type: json + NodeIndex: + default: 0 + description: Index of the IP to get from Pool + type: number + ManagementNetCidr: + default: 'fd00:fd00:fd00:6000::/64' + description: Cidr for the management network. + type: string + +outputs: + ip_address: + description: management network IP + value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} + ip_address_uri: + description: management network IP (for compatibility with management_v6.yaml) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} + - ']' + ip_subnet: + description: IP/Subnet CIDR for the management network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} + - '/' + - {str_split: ['/', {get_attr: [ManagementPort, subnets, 0, cidr]}, 1]} diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 4911d1d6..e1d95728 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -157,6 +157,7 @@ resource_registry: OS::TripleO::Services::NovaConsoleauth: puppet/services/nova-consoleauth.yaml OS::TripleO::Services::NovaVncproxy: puppet/services/nova-vncproxy.yaml OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml + OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.yaml b/overcloud.yaml index d8955b9e..0af6ee48 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -221,6 +221,7 @@ parameters: description: The password for the nova service account, used by nova-api. type: string hidden: true + #TODO(ccamacho): Remove after landing Ntp in all roles NtpServer: default: '' description: Comma-separated list of ntp servers @@ -411,7 +412,7 @@ parameters: description: Template string to be used to generate instance names type: string ManageFirewall: - default: false + default: true description: Whether to manage IPtables rules. type: boolean PurgeFirewallRules: @@ -594,6 +595,7 @@ parameters: - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaConsoleauth - OS::TripleO::Services::NovaVncproxy + - OS::TripleO::Services::Ntp description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Controllers. @@ -602,6 +604,7 @@ parameters: ComputeServices: default: - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::Ntp description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Compute Nodes. @@ -656,7 +659,8 @@ parameters: description: Optional scheduler hints to pass to nova default: {} ObjectStorageServices: - default: [] + default: + - OS::TripleO::Services::Ntp description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the ObjectStorage nodes. @@ -688,7 +692,8 @@ parameters: description: Optional scheduler hints to pass to nova default: {} CephStorageServices: - default: [] + default: + - OS::TripleO::Services::Ntp description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the CephStorage nodes. @@ -867,7 +872,6 @@ resources: NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} NovaIPv6: {get_param: NovaIPv6} NovaPassword: {get_param: NovaPassword} - NtpServer: {get_param: NtpServer} PcsdPassword: {get_resource: PcsdPassword} PublicVirtualInterface: {get_param: PublicVirtualInterface} RabbitPassword: {get_param: RabbitPassword} @@ -975,7 +979,6 @@ resources: NovaPassword: {get_param: NovaPassword} NovaOVSBridge: {get_param: NovaOVSBridge} NovaSecurityGroupAPI: {get_param: NovaSecurityGroupAPI} - NtpServer: {get_param: NtpServer} RabbitHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} RabbitPassword: {get_param: RabbitPassword} RabbitUserName: {get_param: RabbitUserName} @@ -1064,7 +1067,6 @@ resources: Image: {get_param: SwiftStorageImage} Replicas: { get_param: SwiftReplicas} TimeZone: {get_param: TimeZone} - NtpServer: {get_param: NtpServer} UpdateIdentifier: {get_param: UpdateIdentifier} ServiceNetMap: {get_param: ServiceNetMap} Hostname: @@ -1098,7 +1100,6 @@ resources: Image: {get_param: CephStorageImage} KeyName: {get_param: KeyName} Flavor: {get_param: OvercloudCephStorageFlavor} - NtpServer: {get_param: NtpServer} ServiceNetMap: {get_param: ServiceNetMap} TimeZone: {get_param: TimeZone} UpdateIdentifier: {get_param: UpdateIdentifier} diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 245710f2..6beb751f 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -33,6 +33,9 @@ parameters: CinderRbdPoolName: default: volumes type: string + CinderBackupRbdPoolName: + default: backups + type: string GlanceRbdPoolName: default: images type: string @@ -97,7 +100,7 @@ resources: secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' } }" params: @@ -106,6 +109,7 @@ resources: ADMIN_KEY: {get_param: ceph_admin_key} NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} @@ -130,6 +134,7 @@ resources: tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} - {get_param: GnocchiRbdPoolName} diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index eedb35e4..7a71ea80 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -21,10 +21,6 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -232,7 +228,6 @@ resources: config: {get_resource: CephStorageConfig} server: {get_resource: CephStorage} input_values: - ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} @@ -274,7 +269,6 @@ resources: ceph: raw_data: {get_file: hieradata/ceph.yaml} mapped_data: - ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index d3b17784..7a863252 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -233,10 +233,6 @@ parameters: default: 'neutron' description: The full class name of the security API class type: string - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list RabbitHost: type: string default: '' # Has to be here because of the ignored empty value bug @@ -579,7 +575,6 @@ resources: neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers} keystone_public_api_virtual_ip: {get_input: keystone_vip} admin_password: {get_input: admin_password} - ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -697,7 +692,6 @@ resources: rabbit_password: {get_param: RabbitPassword} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index f12656dd..ae1ef49a 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -284,10 +284,6 @@ parameters: description: The password for the nova service and db account, used by nova-api. type: string hidden: true - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list PcsdPassword: type: string description: The password for the 'pcsd' user. @@ -694,6 +690,15 @@ resources: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' + aodh_dsn: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://aodh:' + - {get_param: AodhPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/aodh' gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } @@ -737,7 +742,6 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} @@ -960,6 +964,7 @@ resources: snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} # Aodh + aodh_mysql_conn_string: {get_input: aodh_dsn} aodh::rabbit_userid: {get_input: rabbit_username} aodh::rabbit_password: {get_input: rabbit_password} aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} @@ -972,6 +977,7 @@ resources: aodh::api::keystone_password: {get_input: aodh_password} aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri} aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri} + aodh::auth::auth_url: {get_input: keystone_auth_uri} aodh::auth::auth_password: {get_input: aodh_password} aodh::db::mysql::password: {get_input: aodh_password} # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination @@ -1051,7 +1057,6 @@ resources: # Misc memcached_ipv6: {get_input: memcached_ipv6} memcached::listen_ip: {get_input: memcached_network} - ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} control_virtual_interface: {get_input: control_virtual_interface} public_virtual_interface: {get_input: public_virtual_interface} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 7d4dc15b..7c05a5b9 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -35,6 +35,9 @@ parameters: CinderRbdPoolName: default: volumes type: string + CinderBackupRbdPoolName: + default: backups + type: string GlanceRbdPoolName: default: images type: string @@ -71,7 +74,7 @@ resources: secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' } }" params: @@ -79,6 +82,7 @@ resources: CLIENT_KEY: {get_param: ceph_client_key} NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} @@ -104,6 +108,7 @@ resources: tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} - {get_param: GnocchiRbdPoolName} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index e69656cf..7db2b5de 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -186,13 +186,13 @@ controller_classes: [] # firewall tripleo::firewall::firewall_rules: '101 mongodb_config': - port: 27019 + dport: 27019 '102 mongodb_sharding': - port: 27018 + dport: 27018 '103 mongod': - port: 27017 + dport: 27017 '104 mysql galera': - port: + dport: - 873 - 3306 - 4444 @@ -200,37 +200,37 @@ tripleo::firewall::firewall_rules: - 4568 - 9200 '105 ntp': - port: 123 + dport: 123 proto: udp '106 vrrp': proto: vrrp '107 haproxy stats': - port: 1993 + dport: 1993 '108 redis': - port: + dport: - 6379 - 26379 '109 rabbitmq': - port: + dport: - 5672 - 35672 '110 ceph': - port: + dport: - 6789 - '6800-6810' '111 keystone': - port: + dport: - 5000 - 13000 - 35357 - 13357 '112 glance': - port: + dport: - 9292 - 9191 - 13292 '113 nova': - port: + dport: - 6080 - 13080 - 8773 @@ -239,43 +239,43 @@ tripleo::firewall::firewall_rules: - 13774 - 8775 '114 neutron server': - port: + dport: - 9696 - 13696 '115 neutron dhcp input': proto: 'udp' - port: 67 + dport: 67 '116 neutron dhcp output': proto: 'udp' chain: 'OUTPUT' - port: 68 + dport: 68 '118 neutron vxlan networks': proto: 'udp' - port: 4789 + dport: 4789 '119 cinder': - port: + dport: - 8776 - 13776 '120 iscsi initiator': - port: 3260 + dport: 3260 '121 memcached': - port: 11211 + dport: 11211 '122 swift proxy': - port: + dport: - 8080 - 13808 '123 swift storage': - port: + dport: - 873 - 6000 - 6001 - 6002 '124 ceilometer': - port: + dport: - 8777 - 13777 '125 heat': - port: + dport: - 8000 - 13800 - 8003 @@ -283,17 +283,30 @@ tripleo::firewall::firewall_rules: - 8004 - 13004 '126 horizon': - port: + dport: - 80 - 443 '127 snmp': - port: 161 + dport: 161 proto: 'udp' '128 aodh': - port: + dport: - 8042 - 13042 '129 gnocchi-api': - port: + dport: - 8041 - 13041 + '130 pacemaker tcp': + proto: 'tcp' + dport: + - 2224 + - 3121 + - 21064 + '131 pacemaker udp': + proto: 'udp' + dport: 5405 + '132 sahara': + dport: + - 8386 + - 13386 diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml index 4eb199c8..f2c95de6 100644 --- a/puppet/hieradata/database.yaml +++ b/puppet/hieradata/database.yaml @@ -69,6 +69,15 @@ gnocchi::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" +# Aodh +aodh::db::mysql::user: aodh +aodh::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +aodh::db::mysql::dbname: aodh +aodh::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + + sahara::db::mysql::user: sahara sahara::db::mysql::host: "%{hiera('mysql_virtual_ip')}" sahara::db::mysql::dbname: sahara diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 4add2f02..e69353b0 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -23,10 +23,7 @@ if hiera('step') >= 1 { Exec <| tag == 'kmod::load' |> -> Sysctl <| |> include ::timezone - - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } + } if hiera('step') >= 3 { diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 30672f20..da84927e 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -20,10 +20,6 @@ create_resources(kmod::load, hiera('kernel_modules'), { }) create_resources(sysctl::value, hiera('sysctl_settings'), { }) Exec <| tag == 'kmod::load' |> -> Sysctl <| |> -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - include ::timezone if hiera('step') >= 4 { diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 94528809..628856e6 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -28,10 +28,6 @@ if hiera('step') >= 1 { if hiera('step') >= 2 { - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } - include ::timezone # MongoDB @@ -77,15 +73,13 @@ if hiera('step') >= 2 { # FIXME: this should only occur on the bootstrap host (ditto for db syncs) # Create all the database schemas - include ::nova::db::mysql - include ::nova::db::mysql_api if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { include ::gnocchi::db::mysql } if downcase(hiera('ceilometer_backend')) == 'mysql' { include ::ceilometer::db::mysql - include ::aodh::db::mysql } + include ::aodh::db::mysql $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) @@ -151,7 +145,6 @@ if hiera('step') >= 4 { memcached_servers => $memcached_servers } include ::nova::config - include ::nova::network::neutron if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { @@ -267,11 +260,9 @@ if hiera('step') >= 4 { # Aodh class { '::aodh' : - database_connection => $ceilometer_database_connection, + database_connection => hiera('aodh_mysql_conn_string'), } include ::aodh::db::sync - # To manage the upgrade: - Exec['ceilometer-dbsync'] -> Exec['aodh-db-sync'] include ::aodh::auth include ::aodh::api include ::aodh::wsgi::apache diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 13331c9e..9bb40fca 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -59,10 +59,6 @@ if hiera('step') >= 1 { include ::timezone - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } - $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) if $corosync_ipv6 { @@ -251,13 +247,6 @@ if hiera('step') >= 2 { # Create all the database schemas if $sync_db { - class { '::nova::db::mysql': - require => Exec['galera-ready'], - } - class { '::nova::db::mysql_api': - require => Exec['galera-ready'], - } - if downcase(hiera('ceilometer_backend')) == 'mysql' { class { '::ceilometer::db::mysql': require => Exec['galera-ready'], @@ -269,6 +258,10 @@ if hiera('step') >= 2 { require => Exec['galera-ready'], } } + + class { '::aodh::db::mysql': + require => Exec['galera-ready'], + } } # Ceph @@ -349,7 +342,6 @@ MYSQL_HOST=localhost\n", } include ::nova::config - include ::nova::network::neutron if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { @@ -514,7 +506,7 @@ MYSQL_HOST=localhost\n", # Aodh class { '::aodh' : - database_connection => $ceilometer_database_connection, + database_connection => hiera('aodh_mysql_conn_string'), } include ::aodh::config include ::aodh::auth diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 3585c993..4fca8f5f 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -23,9 +23,6 @@ if hiera('step') >= 1 { include ::timezone - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } } if hiera('step') >= 4 { diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 8617df27..88e27945 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -38,3 +38,9 @@ outputs: heat::rabbit_port: {get_param: RabbitClientPort} heat::debug: {get_param: Debug} heat::enable_proxy_headers_parsing: true + # We need this because the default heat policy.json no longer works on TripleO + # https://git.openstack.org/cgit/openstack/heat/commit/?id=ac86702172ddf01f5bdc3f3cd99d2e32ad9b7024 + heat::policy::policies: + context_is_admin: + key: 'context_is_admin' + value: 'role:admin' diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 435a6de0..ff13d5d8 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -106,4 +106,4 @@ outputs: TYPES: {get_param: NeutronNetworkType} step_config: | - include ::tripleo::profile::base::neutron::ml2 + include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml index ac9d2402..9091b5b9 100644 --- a/puppet/services/pacemaker/neutron-plugin-ml2.yaml +++ b/puppet/services/pacemaker/neutron-plugin-ml2.yaml @@ -25,4 +25,4 @@ outputs: - neutron::agents::ml2::ovs::enabled: false neutron::agents::ml2::ovs::manage_service: false step_config: | - include ::tripleo::profile::pacemaker::neutron::ml2 + include ::tripleo::profile::pacemaker::neutron::plugins::ml2 diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml new file mode 100644 index 00000000..dbef6f91 --- /dev/null +++ b/puppet/services/time/ntp.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + NTP service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configure NTP. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NtpServers: + default: [] + description: NTP servers + type: comma_delimited_list + +outputs: + role_data: + description: Role ntp using composable services. + value: + config_settings: + ntp::ntpservers: {get_param: NtpServers} + step_config: | + include ::ntp
\ No newline at end of file diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index ed52f928..30f7657b 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -46,10 +46,6 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -292,7 +288,6 @@ resources: swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} swift_mount_check: {get_input: swift_mount_check } tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } - ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -317,7 +312,6 @@ resources: swift_ring_build: {get_param: RingBuild} swift_part_power: {get_param: PartPower} swift_replicas: { get_param: Replicas} - ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} |