aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Gemfile4
-rw-r--r--default_passwords.yaml3
-rw-r--r--environments/enable-tls.yaml3
-rw-r--r--environments/network-environment.yaml28
-rw-r--r--environments/services/sahara.yaml4
-rw-r--r--environments/tls-endpoints-public-dns.yaml3
-rw-r--r--environments/tls-endpoints-public-ip.yaml3
-rwxr-xr-xextraconfig/tasks/major_upgrade_controller_pacemaker_1.sh2
-rw-r--r--network/config/bond-with-vlans/ceph-storage.yaml26
-rw-r--r--network/config/bond-with-vlans/cinder-storage.yaml22
-rw-r--r--network/config/bond-with-vlans/compute.yaml22
-rw-r--r--network/config/bond-with-vlans/controller-no-external.yaml16
-rw-r--r--network/config/bond-with-vlans/controller-v6.yaml21
-rw-r--r--network/config/bond-with-vlans/controller.yaml14
-rw-r--r--network/config/bond-with-vlans/swift-storage.yaml22
-rw-r--r--network/config/multiple-nics/ceph-storage.yaml18
-rw-r--r--network/config/multiple-nics/cinder-storage.yaml18
-rw-r--r--network/config/multiple-nics/compute.yaml18
-rw-r--r--network/config/multiple-nics/controller-v6.yaml21
-rw-r--r--network/config/multiple-nics/controller.yaml19
-rw-r--r--network/config/multiple-nics/swift-storage.yaml18
-rw-r--r--network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml42
-rw-r--r--network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml38
-rw-r--r--network/config/single-nic-linux-bridge-vlans/compute.yaml39
-rw-r--r--network/config/single-nic-linux-bridge-vlans/controller-v6.yaml178
-rw-r--r--network/config/single-nic-linux-bridge-vlans/controller.yaml37
-rw-r--r--network/config/single-nic-linux-bridge-vlans/swift-storage.yaml38
-rw-r--r--network/config/single-nic-vlans/ceph-storage.yaml14
-rw-r--r--network/config/single-nic-vlans/cinder-storage.yaml14
-rw-r--r--network/config/single-nic-vlans/compute.yaml14
-rw-r--r--network/config/single-nic-vlans/controller-no-external.yaml45
-rw-r--r--network/config/single-nic-vlans/controller-v6.yaml28
-rw-r--r--network/config/single-nic-vlans/controller.yaml17
-rw-r--r--network/config/single-nic-vlans/swift-storage.yaml14
-rw-r--r--overcloud.yaml17
-rw-r--r--puppet/cinder-storage.yaml2
-rw-r--r--puppet/controller.yaml140
-rw-r--r--puppet/services/database/mysql.yaml34
-rw-r--r--puppet/services/database/redis-base.yaml1
-rw-r--r--puppet/services/haproxy.yaml32
-rw-r--r--puppet/services/keepalived.yaml13
-rw-r--r--puppet/services/neutron-dhcp.yaml15
-rw-r--r--puppet/services/pacemaker/database/mysql.yaml10
-rw-r--r--puppet/services/rabbitmq.yaml20
-rw-r--r--puppet/services/swift-storage.yaml5
-rw-r--r--puppet/swift-storage.yaml13
46 files changed, 910 insertions, 215 deletions
diff --git a/Gemfile b/Gemfile
index e1cda8dc..302ef415 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,9 +1,7 @@
source 'https://rubygems.org'
group :development, :test do
- # puppetlabs_spec_helper 1.2.0 pulled in a gem with ruby >= 2.2 requirements
- # but CI has ruby 2.0.0.
- gem 'puppetlabs_spec_helper', '1.1.1', :require => 'false'
+ gem 'puppetlabs_spec_helper', :require => false
gem 'puppet-lint', '~> 1.1'
gem 'puppet-lint-absolute_classname-check'
diff --git a/default_passwords.yaml b/default_passwords.yaml
index a7d9c978..7a47f443 100644
--- a/default_passwords.yaml
+++ b/default_passwords.yaml
@@ -5,8 +5,6 @@ description: Passwords we manage at the top level
parameters:
DefaultMysqlRootPassword:
type: string
- DefaultMysqlClusterPassword:
- type: string
DefaultRabbitCookie:
type: string
DefaultHeatAuthEncryptionKey:
@@ -21,7 +19,6 @@ outputs:
description: Password data
value:
mysql_root_password: {get_param: DefaultMysqlRootPassword}
- mysql_cluster_password: {get_param: DefaultMysqlClusterPassword}
rabbit_cookie: {get_param: DefaultRabbitCookie}
heat_auth_encryption_key: {get_param: DefaultHeatAuthEncryptionKey}
pcsd_password: {get_param: DefaultPcsdPassword}
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml
index a3f39ebe..39ded654 100644
--- a/environments/enable-tls.yaml
+++ b/environments/enable-tls.yaml
@@ -7,3 +7,6 @@ parameter_defaults:
SSLIntermediateCertificate: ''
SSLKey: |
The contents of the private key go here
+
+resource_registry:
+ OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml
diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml
index cf94d7fc..d0fc9ec6 100644
--- a/environments/network-environment.yaml
+++ b/environments/network-environment.yaml
@@ -15,14 +15,23 @@ resource_registry:
parameter_defaults:
# This section is where deployment-specific configuration is done
+ # CIDR subnet mask length for provisioning network
+ ControlPlaneSubnetCidr: '24'
+ # Gateway router for the provisioning network (or Undercloud IP)
+ ControlPlaneDefaultRoute: 192.0.2.254
+ EC2MetadataIp: 192.0.2.1 # Generally the IP of the Undercloud
# Customize the IP subnets to match the local environment
InternalApiNetCidr: 172.17.0.0/24
StorageNetCidr: 172.18.0.0/24
StorageMgmtNetCidr: 172.19.0.0/24
TenantNetCidr: 172.16.0.0/24
ExternalNetCidr: 10.0.0.0/24
- # CIDR subnet mask length for provisioning network
- ControlPlaneSubnetCidr: '24'
+ # Customize the VLAN IDs to match the local environment
+ InternalApiNetworkVlanID: 20
+ StorageNetworkVlanID: 30
+ StorageMgmtNetworkVlanID: 40
+ TenantNetworkVlanID: 50
+ ExternalNetworkVlanID: 10
# Customize the IP ranges on each network to use for static IPs and VIPs
InternalApiAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}]
StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}]
@@ -32,18 +41,13 @@ parameter_defaults:
ExternalAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.50'}]
# Gateway router for the external network
ExternalInterfaceDefaultRoute: 10.0.0.1
- # Gateway router for the provisioning network (or Undercloud IP)
- ControlPlaneDefaultRoute: 192.0.2.254
- # Generally the IP of the Undercloud
- EC2MetadataIp: 192.0.2.1
+ # Uncomment if using the Management Network (see network-management.yaml)
+ # ManagementNetCidr: 10.0.1.0/24
+ # ManagementAllocationPools: [{'start': '10.0.1.10', 'end', '10.0.1.50'}]
+ # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates
+ # ManagementInterfaceDefaultRoute: 10.0.1.1
# Define the DNS servers (maximum 2) for the overcloud nodes
DnsServers: ["8.8.8.8","8.8.4.4"]
- # Customize the VLAN IDs to match the local environment
- InternalApiNetworkVlanID: 10
- StorageNetworkVlanID: 20
- StorageMgmtNetworkVlanID: 30
- TenantNetworkVlanID: 40
- ExternalNetworkVlanID: 50
# Set to empty string to enable multiple external networks or VLANs
NeutronExternalNetworkBridge: "''"
# The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling.
diff --git a/environments/services/sahara.yaml b/environments/services/sahara.yaml
index d4be3742..82205dd1 100644
--- a/environments/services/sahara.yaml
+++ b/environments/services/sahara.yaml
@@ -1,3 +1,3 @@
resource_registry:
- OS::TripleO::Services::SaharaApi: puppet/services/sahara-api.yaml
- OS::TripleO::Services::SaharaEngine: puppet/services/sahara-engine.yaml
+ OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml
+ OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
index 3629672a..7c8e850c 100644
--- a/environments/tls-endpoints-public-dns.yaml
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -50,6 +50,3 @@ parameter_defaults:
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
-
-resource_registry:
- OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
index d3f07cda..80595c6c 100644
--- a/environments/tls-endpoints-public-ip.yaml
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -50,6 +50,3 @@ parameter_defaults:
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
-
-resource_registry:
- OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml
diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
index 36d85444..d67d5a1a 100755
--- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
+++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
@@ -50,7 +50,7 @@ if [ "$mariadb_do_major_upgrade" = "auto" ]; then
DO_MYSQL_UPGRADE=0
fi
echo "mysql upgrade required: $DO_MYSQL_UPGRADE"
-elif [ "$mariadb_do_major_upgrade" = 0 ]; then
+elif [ "$mariadb_do_major_upgrade" = "no" ]; then
DO_MYSQL_UPGRADE=0
else
DO_MYSQL_UPGRADE=1
diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml
index 93db8666..b414747f 100644
--- a/network/config/bond-with-vlans/ceph-storage.yaml
+++ b/network/config/bond-with-vlans/ceph-storage.yaml
@@ -38,6 +38,14 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
@@ -46,6 +54,10 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
@@ -57,6 +69,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -123,6 +143,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -130,6 +152,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml
index bea98c19..5ee9ff09 100644
--- a/network/config/bond-with-vlans/cinder-storage.yaml
+++ b/network/config/bond-with-vlans/cinder-storage.yaml
@@ -38,6 +38,10 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -50,6 +54,10 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
@@ -61,6 +69,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -134,6 +150,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -141,6 +159,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml
index 774bf02d..19c011eb 100644
--- a/network/config/bond-with-vlans/compute.yaml
+++ b/network/config/bond-with-vlans/compute.yaml
@@ -38,6 +38,10 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -46,6 +50,10 @@ parameters:
default: 30
description: Vlan ID for the storage network traffic.
type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
@@ -61,6 +69,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -134,6 +150,8 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -141,6 +159,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml
index d9532439..6242e2f8 100644
--- a/network/config/bond-with-vlans/controller-no-external.yaml
+++ b/network/config/bond-with-vlans/controller-no-external.yaml
@@ -62,10 +62,17 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -102,6 +109,9 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
-
type: ovs_bridge
name: {get_input: bridge_name}
@@ -148,6 +158,8 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -155,6 +167,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml
index 7869ebfc..71b7e1b1 100644
--- a/network/config/bond-with-vlans/controller-v6.yaml
+++ b/network/config/bond-with-vlans/controller-v6.yaml
@@ -64,10 +64,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -75,6 +71,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -106,6 +110,7 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -134,6 +139,7 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -166,6 +172,9 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: vlan
# device: bond1
@@ -173,6 +182,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml
index d3627ead..9917f073 100644
--- a/network/config/bond-with-vlans/controller.yaml
+++ b/network/config/bond-with-vlans/controller.yaml
@@ -62,10 +62,17 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -158,6 +165,9 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: vlan
# device: bond1
@@ -165,6 +175,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml
index de9121e5..4dd6628f 100644
--- a/network/config/bond-with-vlans/swift-storage.yaml
+++ b/network/config/bond-with-vlans/swift-storage.yaml
@@ -38,6 +38,10 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -50,6 +54,10 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
@@ -61,6 +69,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -134,6 +150,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -141,6 +159,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml
index 84cb0f12..c31c6e65 100644
--- a/network/config/multiple-nics/ceph-storage.yaml
+++ b/network/config/multiple-nics/ceph-storage.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -118,6 +122,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -125,6 +131,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml
index 0b0218c5..4f8b7f64 100644
--- a/network/config/multiple-nics/cinder-storage.yaml
+++ b/network/config/multiple-nics/cinder-storage.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -125,6 +129,8 @@ resources:
-
ip_netmask: {get_param: InternalApiIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -132,6 +138,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml
index 97eef52b..77514745 100644
--- a/network/config/multiple-nics/compute.yaml
+++ b/network/config/multiple-nics/compute.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -133,6 +137,8 @@ resources:
# force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -140,6 +146,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml
index b69879fb..da1f95f1 100644
--- a/network/config/multiple-nics/controller-v6.yaml
+++ b/network/config/multiple-nics/controller-v6.yaml
@@ -59,10 +59,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -70,6 +66,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -102,6 +106,7 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -150,6 +155,7 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -160,6 +166,9 @@ resources:
# force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: interface
# name: nic7
@@ -167,6 +176,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml
index 377fd116..7a1f9e5f 100644
--- a/network/config/multiple-nics/controller.yaml
+++ b/network/config/multiple-nics/controller.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -155,6 +159,9 @@ resources:
# force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: interface
# name: nic7
@@ -162,6 +169,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml
index b75bbd6e..05083105 100644
--- a/network/config/multiple-nics/swift-storage.yaml
+++ b/network/config/multiple-nics/swift-storage.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -125,6 +129,8 @@ resources:
-
ip_netmask: {get_param: InternalApiIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -132,6 +138,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
index a46d7e20..fc8e8b6f 100644
--- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
@@ -29,6 +29,18 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
@@ -37,6 +49,14 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -44,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -99,6 +127,20 @@ resources:
addresses:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: br-storage
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
index 08613a3b..6fb247ed 100644
--- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
@@ -29,6 +29,14 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -41,6 +49,14 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -48,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -110,6 +134,20 @@ resources:
addresses:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: br-storage
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml
index b6522c67..e31720d8 100644
--- a/network/config/single-nic-linux-bridge-vlans/compute.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml
@@ -29,6 +29,14 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -37,10 +45,18 @@ parameters:
default: 30
description: Vlan ID for the storage network traffic.
type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -48,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -81,7 +105,6 @@ resources:
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
-
- ip_netmask: 0.0.0.0/0
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
members:
@@ -111,6 +134,20 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: {get_input: bridge_name}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
new file mode 100644
index 00000000..80125149
--- /dev/null
+++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
@@ -0,0 +1,178 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config to configure VLANs for the
+ controller role with IPv6 on the External network. The IPv6 default
+ route is on the External network, and the IPv4 default route is on
+ the Control Plane.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: linux_bridge
+ name: {get_input: bridge_name}
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
+ members:
+ -
+ type: interface
+ name: {get_input: interface_name}
+ # force the MAC address of the bridge to this interface
+ primary: true
+ -
+ type: vlan
+ vlan_id: {get_param: ExternalNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: ExternalIpSubnet}
+ routes:
+ # IPv6 Default Route
+ -
+ default: true
+ next_hop: {get_param: ExternalInterfaceDefaultRoute}
+ -
+ type: vlan
+ vlan_id: {get_param: InternalApiNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: StorageNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: StorageMgmtNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageMgmtIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: TenantNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: {get_input: bridge_name}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml
index 72105481..aef5d4e3 100644
--- a/network/config/single-nic-linux-bridge-vlans/controller.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml
@@ -29,6 +29,10 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
@@ -49,10 +53,21 @@ parameters:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -64,9 +79,6 @@ parameters:
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
- ControlPlaneDefaultRoute: # Override this via parameter_defaults
- description: The default route of the control plane network.
- type: string
resources:
OsNetConfigImpl:
@@ -92,8 +104,8 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
- ip_netmask: 0.0.0.0/0
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
members:
@@ -110,8 +122,8 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
- ip_netmask: 0.0.0.0/0
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
-
@@ -142,6 +154,21 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: {get_input: bridge_name}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
index 962b9890..a5d2f966 100644
--- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
@@ -29,6 +29,14 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -41,6 +49,14 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -48,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -110,6 +134,20 @@ resources:
addresses:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: br-storage
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml
index 80bc32d3..6fa288af 100644
--- a/network/config/single-nic-vlans/ceph-storage.yaml
+++ b/network/config/single-nic-vlans/ceph-storage.yaml
@@ -52,6 +52,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -106,12 +114,18 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml
index e509443a..d1135776 100644
--- a/network/config/single-nic-vlans/cinder-storage.yaml
+++ b/network/config/single-nic-vlans/cinder-storage.yaml
@@ -56,6 +56,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -116,12 +124,18 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml
index 8cf6825d..bd3cef34 100644
--- a/network/config/single-nic-vlans/compute.yaml
+++ b/network/config/single-nic-vlans/compute.yaml
@@ -56,6 +56,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -116,12 +124,18 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml
index eb5e1e5a..8e8b0f5d 100644
--- a/network/config/single-nic-vlans/controller-no-external.yaml
+++ b/network/config/single-nic-vlans/controller-no-external.yaml
@@ -5,6 +5,10 @@ description: >
controller role. No external IP is configured.
parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
@@ -53,10 +57,28 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
resources:
OsNetConfigImpl:
@@ -69,7 +91,22 @@ resources:
-
type: ovs_bridge
name: {get_input: bridge_name}
- use_dhcp: true
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
members:
-
type: interface
@@ -101,12 +138,18 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml
index 472e539d..ecbf2efb 100644
--- a/network/config/single-nic-vlans/controller-v6.yaml
+++ b/network/config/single-nic-vlans/controller-v6.yaml
@@ -59,10 +59,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -70,6 +66,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -102,6 +106,7 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -115,9 +120,10 @@ resources:
type: vlan
vlan_id: {get_param: ExternalNetworkVlanID}
addresses:
- -
- ip_netmask: {get_param: ExternalIpSubnet}
+ -
+ ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -145,12 +151,20 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
- #- # Uncomment when including environments/network-management.yaml
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml
index a5a0745d..c5979a89 100644
--- a/network/config/single-nic-vlans/controller.yaml
+++ b/network/config/single-nic-vlans/controller.yaml
@@ -57,10 +57,17 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -137,12 +144,20 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
- #- # Uncomment when including environments/network-management.yaml
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml
index efc03393..7b06580c 100644
--- a/network/config/single-nic-vlans/swift-storage.yaml
+++ b/network/config/single-nic-vlans/swift-storage.yaml
@@ -56,6 +56,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -116,12 +124,18 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/overcloud.yaml b/overcloud.yaml
index a4f8fee1..b37426f8 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -56,6 +56,12 @@ parameters:
Control the IP allocation for the StorageMgmgVirtualInterface port. E.g.
[{'ip_address':'1.2.3.4'}]
type: json
+ RedisVirtualFixedIPs:
+ default: []
+ description: >
+ Control the IP allocation for the virtual IP used by Redis. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ type: json
CloudDomain:
default: 'localdomain'
type: string
@@ -399,15 +405,11 @@ resources:
controllerExtraConfig: {get_param: controllerExtraConfig}
HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
HorizonSecret: {get_resource: HorizonSecret}
- MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]}
- MysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
PcsdPassword: {get_resource: PcsdPassword}
- RabbitCookie: {get_attr: [RabbitCookie, value]}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
- MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MysqlNetwork]}]}
Hostname:
str_replace:
template: {get_param: ControllerHostnameFormat}
@@ -612,11 +614,6 @@ resources:
properties:
length: 10
- MysqlClusterUniquePart:
- type: OS::Heat::RandomString
- properties:
- length: 10
-
RabbitCookie:
type: OS::Heat::RandomString
properties:
@@ -627,7 +624,6 @@ resources:
type: OS::TripleO::DefaultPasswords
properties:
DefaultMysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
- DefaultMysqlClusterPassword: {get_attr: [MysqlClusterUniquePart, value]}
DefaultRabbitCookie: {get_attr: [RabbitCookie, value]}
DefaultHeatAuthEncryptionKey: {get_attr: [HeatAuthEncryptionKey, value]}
DefaultPcsdPassword: {get_attr: [PcsdPassword, value]}
@@ -655,6 +651,7 @@ resources:
PortName: redis_virtual_ip
NetworkName: {get_attr: [ServiceNetMap, service_net_map, RedisNetwork]}
ServiceName: redis
+ FixedIPs: {get_param: RedisVirtualFixedIPs}
# The public VIP is on the External net, falls back to ctlplane
PublicVirtualIP:
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index ff2c5d1c..ef3f08ff 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -106,7 +106,7 @@ resources:
properties:
image:
{get_param: BlockStorageImage}
- flavor: {get_param: Flavor}
+ flavor: {get_param: OvercloudBlockStorageFlavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 75b412aa..1b2706ea 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -4,10 +4,6 @@ description: >
OpenStack controller node configured by Puppet.
parameters:
- AdminPassword:
- description: The password for the keystone admin account, used for monitoring, querying neutron etc.
- type: string
- hidden: true
AodhPassword:
description: The password for the aodh services.
type: string
@@ -31,10 +27,6 @@ parameters:
...
}
type: json
- ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
- type: string
CorosyncIPv6:
default: false
description: Enable IPv6 in Corosync
@@ -47,10 +39,6 @@ parameters:
default: false
description: Whether to enable fencing in Pacemaker or not.
type: boolean
- EnableGalera:
- default: true
- description: Whether to use Galera instead of regular MariaDB.
- type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer on the Controller
@@ -99,17 +87,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- HAProxyStatsPassword:
- description: Password for HAProxy stats endpoint
- type: string
- HAProxyStatsUser:
- description: User for HAProxy stats endpoint
- default: admin
- type: string
- HAProxySyslogAddress:
- default: /dev/log
- description: Syslog address where HAproxy will send its log
- type: string
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
@@ -149,31 +126,6 @@ parameters:
default: false
description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean
- MysqlClusterUniquePart:
- description: A unique identifier of the MySQL cluster the controller is in.
- type: string
- default: 'unset' # Has to be here because of the ignored empty value bug
- # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
- # constraints:
- # - length: {min: 4, max: 10}
- MysqlInnodbBufferPoolSize:
- description: >
- Specifies the size of the buffer pool in megabytes. Setting to
- zero should be interpreted as "no value" and will defer to the
- lower level default.
- type: number
- default: 0
- MysqlMaxConnections:
- description: Configures MySQL max_connections config setting
- type: number
- default: 4096
- MysqlClustercheckPassword:
- type: string
- hidden: true
- MysqlRootPassword:
- type: string
- hidden: true
- default: '' # Has to be here because of the ignored empty value bug
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
@@ -203,34 +155,6 @@ parameters:
type: string
description: The password for the 'pcsd' user.
hidden: true
- PublicVirtualInterface:
- default: 'br-ex'
- description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
- type: string
- RabbitCookie:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- hidden: true
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
RedisPassword:
description: The password for Redis
type: string
@@ -247,13 +171,14 @@ parameters:
in the ring.
hidden: true
type: string
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
default: ''
- MysqlVirtualIP:
- type: string
- default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -480,30 +405,16 @@ resources:
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- haproxy_log_address: {get_param: HAProxySyslogAddress}
- haproxy_stats_password: {get_param: HAProxyStatsPassword}
- haproxy_stats_user: {get_param: HAProxyStatsUser}
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_secret: {get_param: HorizonSecret}
- admin_password: {get_param: AdminPassword}
debug: {get_param: Debug}
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
- enable_galera: {get_param: EnableGalera}
enable_load_balancer: {get_param: EnableLoadBalancer}
manage_firewall: {get_param: ManageFirewall}
purge_firewall_rules: {get_param: PurgeFirewallRules}
- mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
- mysql_max_connections: {get_param: MysqlMaxConnections}
- mysql_root_password: {get_param: MysqlRootPassword}
- mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
- mysql_cluster_name:
- str_replace:
- template: tripleo-CLUSTER
- params:
- CLUSTER: {get_param: MysqlClusterUniquePart}
neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
@@ -525,13 +436,6 @@ resources:
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
- rabbit_username: {get_param: RabbitUserName}
- rabbit_password: {get_param: RabbitPassword}
- rabbit_cookie: {get_param: RabbitCookie}
- rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
- rabbit_client_port: {get_param: RabbitClientPort}
- control_virtual_interface: {get_param: ControlVirtualInterface}
- public_virtual_interface: {get_param: PublicVirtualInterface}
swift_hash_suffix: {get_param: SwiftHashSuffix}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
@@ -564,13 +468,10 @@ resources:
template: "NETWORK_subnet"
params:
NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
- rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitmqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
redis_vip: {get_param: RedisVirtualIP}
sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
- mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- mysql_virtual_ip: {get_param: MysqlVirtualIP}
ceph_cluster_network:
get_attr:
- NetIpMap
@@ -680,17 +581,6 @@ resources:
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
- # MySQL
- admin_password: {get_input: admin_password}
- enable_galera: {get_input: enable_galera}
- mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
- mysql_max_connections: {get_input: mysql_max_connections}
- mysql::server::root_password: {get_input: mysql_root_password}
- mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
- mysql_cluster_name: {get_input: mysql_cluster_name}
- mysql_bind_host: {get_input: mysql_network}
- mysql_virtual_ip: {get_input: mysql_virtual_ip}
-
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
@@ -734,9 +624,6 @@ resources:
# Sahara
sahara::host: {get_input: sahara_api_network}
- # RabbitMQ
- rabbitmq::node_ip_address: {get_input: rabbitmq_network}
- rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
# Redis
redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
@@ -746,17 +633,7 @@ resources:
# Misc
memcached_ipv6: {get_input: memcached_ipv6}
memcached::listen_ip: {get_input: memcached_network}
- control_virtual_interface: {get_input: control_virtual_interface}
- public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
- tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
- tripleo::haproxy::redis_password: {get_input: redis_password}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
@@ -873,7 +750,14 @@ outputs:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
- template: 'r1z1-IP:%PORT%/d1'
+ template:
+ list_join:
+ - ','
+ - ['r1z1-IP:%PORT%/d1']
+ - repeat:
+ template: 'r1z1-IP:%PORT%/DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
params:
IP:
get_attr:
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index 8d2185f6..b0eea481 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
MySQL service deployment using puppet
@@ -19,6 +19,21 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MysqlMaxConnections:
+ description: Configures MySQL max_connections config setting
+ type: number
+ default: 4096
+ MysqlRootPassword:
+ type: string
+ hidden: true
+ default: ''
+ MysqlClustercheckPassword:
+ type: string
+ hidden: true
+ EnableGalera:
+ default: true
+ description: Whether to use Galera instead of regular MariaDB.
+ type: boolean
outputs:
role_data:
@@ -42,5 +57,22 @@ outputs:
- 4567
- 4568
- 9200
+ mysql_max_connections: {get_param: MysqlMaxConnections}
+ mysql::server::root_password:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: MysqlRootPassword}
+ - {get_param: [DefaultPasswords, mysql_root_password]}
+ mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
+ enable_galera: {get_param: EnableGalera}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
step_config: |
include ::tripleo::profile::base::database::mysql
diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml
index 301b2bb1..40711432 100644
--- a/puppet/services/database/redis-base.yaml
+++ b/puppet/services/database/redis-base.yaml
@@ -36,4 +36,3 @@ outputs:
redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"'
redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"'
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
- tripleo::loadbalancer::redis_password: {get_param: RedisPassword}
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 00574c2f..8ac669a9 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -18,6 +18,32 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyStatsPassword:
+ description: Password for HAProxy stats endpoint
+ hidden: true
+ type: string
+ HAProxyStatsUser:
+ description: User for HAProxy stats endpoint
+ default: admin
+ type: string
+ HAProxySyslogAddress:
+ default: /dev/log
+ description: Syslog address where HAproxy will send its log
+ type: string
+ RedisPassword:
+ description: The password for Redis
+ type: string
+ hidden: true
+ ControlVirtualInterface:
+ default: 'br-ex'
+ description: Interface where virtual ip will be assigned.
+ type: string
+ PublicVirtualInterface:
+ default: 'br-ex'
+ description: >
+ Specifies the interface where the public-facing virtual ip will be assigned.
+ This should be int_public when a VLAN is being used.
+ type: string
outputs:
role_data:
@@ -49,5 +75,11 @@ outputs:
tripleo::haproxy::heat_cloudwatch: true
tripleo::haproxy::heat_cfn: true
tripleo::haproxy::horizon: true
+ tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
+ tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
+ tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
+ tripleo::haproxy::redis_password: {get_param: RedisPassword}
+ tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface}
+ tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface}
step_config: |
include ::tripleo::profile::base::haproxy
diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml
index c8c977c6..b783345b 100644
--- a/puppet/services/keepalived.yaml
+++ b/puppet/services/keepalived.yaml
@@ -18,11 +18,24 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ControlVirtualInterface:
+ default: 'br-ex'
+ description: Interface where virtual ip will be assigned.
+ type: string
+ PublicVirtualInterface:
+ default: 'br-ex'
+ description: >
+ Specifies the interface where the public-facing virtual ip will be assigned.
+ This should be int_public when a VLAN is being used.
+ type: string
outputs:
role_data:
description: Role data for the Keepalived role.
value:
service_name: keepalived
+ config_settings:
+ tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
+ tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
step_config: |
include ::tripleo::profile::base::keepalived
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
index ed2dbd0e..513cb2d4 100644
--- a/puppet/services/neutron-dhcp.yaml
+++ b/puppet/services/neutron-dhcp.yaml
@@ -18,10 +18,19 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ NeutronEnableMetadataNetwork:
+ default: false
+ description: If True, DHCP provide metadata network. Requires either
+ IsolatedMetadata or ForceMetadata parameters to also be True.
+ type: boolean
NeutronEnableIsolatedMetadata:
- default: 'False'
+ default: false
description: If True, DHCP provide metadata route to VM.
- type: string
+ type: boolean
+ NeutronEnableForceMetadata:
+ default: false
+ description: If True, DHCP always provides metadata route to VM.
+ type: boolean
resources:
@@ -41,6 +50,8 @@ outputs:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
+ neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata}
+ neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork}
tripleo.neutron_dhcp.firewall_rules:
'115 neutron dhcp input':
proto: 'udp'
diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml
index e63a8f1e..d555ed0a 100644
--- a/puppet/services/pacemaker/database/mysql.yaml
+++ b/puppet/services/pacemaker/database/mysql.yaml
@@ -20,11 +20,21 @@ parameters:
via parameter_defaults in the resource registry.
type: json
+resources:
+
+ MysqlBase:
+ type: ../../database/mysql.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Service MySQL with Pacemaker using composable services.
value:
service_name: mysql
config_settings:
+ get_attr: [MysqlBase, role_data, config_settings]
step_config: |
include ::tripleo::profile::pacemaker::database::mysql
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 5d580648..06595b07 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
RabbitMQ service configured with Puppet
@@ -34,6 +34,10 @@ parameters:
default: false
description: Enable IPv6 in RabbitMQ
type: boolean
+ RabbitCookie:
+ type: string
+ default: ''
+ hidden: true
outputs:
role_data:
@@ -66,5 +70,19 @@ outputs:
tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
cluster_partition_handling: 'pause_minority'
loopback_users: '[]'
+ rabbitmq::erlang_cookie:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: RabbitCookie}
+ - {get_param: [DefaultPasswords, rabbit_cookie]}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]}
step_config: |
include ::tripleo::profile::base::rabbitmq
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
index 558f2752..664a701f 100644
--- a/puppet/services/swift-storage.yaml
+++ b/puppet/services/swift-storage.yaml
@@ -26,6 +26,10 @@ parameters:
default: false
description: Value of mount_check in Swift account/container/object -server.conf
type: boolean
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
@@ -69,5 +73,6 @@ outputs:
swift::storage::all::account_pipeline:
- healthcheck
- account-server
+ swift::storage::disks: {get_param: SwiftRawDisks}
step_config: |
include ::tripleo::profile::base::swift::storage
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index dc28ee76..1f3022b8 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -101,6 +101,10 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
resources:
@@ -377,7 +381,14 @@ outputs:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
- template: 'r1z1-IP:%PORT%/d1'
+ template:
+ list_join:
+ - ','
+ - ['r1z1-IP:%PORT%/d1']
+ - repeat:
+ template: 'r1z1-IP:%PORT%/DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
params:
IP:
get_attr: