diff options
46 files changed, 910 insertions, 215 deletions
@@ -1,9 +1,7 @@ source 'https://rubygems.org' group :development, :test do - # puppetlabs_spec_helper 1.2.0 pulled in a gem with ruby >= 2.2 requirements - # but CI has ruby 2.0.0. - gem 'puppetlabs_spec_helper', '1.1.1', :require => 'false' + gem 'puppetlabs_spec_helper', :require => false gem 'puppet-lint', '~> 1.1' gem 'puppet-lint-absolute_classname-check' diff --git a/default_passwords.yaml b/default_passwords.yaml index a7d9c978..7a47f443 100644 --- a/default_passwords.yaml +++ b/default_passwords.yaml @@ -5,8 +5,6 @@ description: Passwords we manage at the top level parameters: DefaultMysqlRootPassword: type: string - DefaultMysqlClusterPassword: - type: string DefaultRabbitCookie: type: string DefaultHeatAuthEncryptionKey: @@ -21,7 +19,6 @@ outputs: description: Password data value: mysql_root_password: {get_param: DefaultMysqlRootPassword} - mysql_cluster_password: {get_param: DefaultMysqlClusterPassword} rabbit_cookie: {get_param: DefaultRabbitCookie} heat_auth_encryption_key: {get_param: DefaultHeatAuthEncryptionKey} pcsd_password: {get_param: DefaultPcsdPassword} diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index a3f39ebe..39ded654 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -7,3 +7,6 @@ parameter_defaults: SSLIntermediateCertificate: '' SSLKey: | The contents of the private key go here + +resource_registry: + OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml index cf94d7fc..d0fc9ec6 100644 --- a/environments/network-environment.yaml +++ b/environments/network-environment.yaml @@ -15,14 +15,23 @@ resource_registry: parameter_defaults: # This section is where deployment-specific configuration is done + # CIDR subnet mask length for provisioning network + ControlPlaneSubnetCidr: '24' + # Gateway router for the provisioning network (or Undercloud IP) + ControlPlaneDefaultRoute: 192.0.2.254 + EC2MetadataIp: 192.0.2.1 # Generally the IP of the Undercloud # Customize the IP subnets to match the local environment InternalApiNetCidr: 172.17.0.0/24 StorageNetCidr: 172.18.0.0/24 StorageMgmtNetCidr: 172.19.0.0/24 TenantNetCidr: 172.16.0.0/24 ExternalNetCidr: 10.0.0.0/24 - # CIDR subnet mask length for provisioning network - ControlPlaneSubnetCidr: '24' + # Customize the VLAN IDs to match the local environment + InternalApiNetworkVlanID: 20 + StorageNetworkVlanID: 30 + StorageMgmtNetworkVlanID: 40 + TenantNetworkVlanID: 50 + ExternalNetworkVlanID: 10 # Customize the IP ranges on each network to use for static IPs and VIPs InternalApiAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}] StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}] @@ -32,18 +41,13 @@ parameter_defaults: ExternalAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.50'}] # Gateway router for the external network ExternalInterfaceDefaultRoute: 10.0.0.1 - # Gateway router for the provisioning network (or Undercloud IP) - ControlPlaneDefaultRoute: 192.0.2.254 - # Generally the IP of the Undercloud - EC2MetadataIp: 192.0.2.1 + # Uncomment if using the Management Network (see network-management.yaml) + # ManagementNetCidr: 10.0.1.0/24 + # ManagementAllocationPools: [{'start': '10.0.1.10', 'end', '10.0.1.50'}] + # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates + # ManagementInterfaceDefaultRoute: 10.0.1.1 # Define the DNS servers (maximum 2) for the overcloud nodes DnsServers: ["8.8.8.8","8.8.4.4"] - # Customize the VLAN IDs to match the local environment - InternalApiNetworkVlanID: 10 - StorageNetworkVlanID: 20 - StorageMgmtNetworkVlanID: 30 - TenantNetworkVlanID: 40 - ExternalNetworkVlanID: 50 # Set to empty string to enable multiple external networks or VLANs NeutronExternalNetworkBridge: "''" # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling. diff --git a/environments/services/sahara.yaml b/environments/services/sahara.yaml index d4be3742..82205dd1 100644 --- a/environments/services/sahara.yaml +++ b/environments/services/sahara.yaml @@ -1,3 +1,3 @@ resource_registry: - OS::TripleO::Services::SaharaApi: puppet/services/sahara-api.yaml - OS::TripleO::Services::SaharaEngine: puppet/services/sahara-engine.yaml + OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 3629672a..7c8e850c 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -50,6 +50,3 @@ parameter_defaults: SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} - -resource_registry: - OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index d3f07cda..80595c6c 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -50,6 +50,3 @@ parameter_defaults: SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} - -resource_registry: - OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index 36d85444..d67d5a1a 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -50,7 +50,7 @@ if [ "$mariadb_do_major_upgrade" = "auto" ]; then DO_MYSQL_UPGRADE=0 fi echo "mysql upgrade required: $DO_MYSQL_UPGRADE" -elif [ "$mariadb_do_major_upgrade" = 0 ]; then +elif [ "$mariadb_do_major_upgrade" = "no" ]; then DO_MYSQL_UPGRADE=0 else DO_MYSQL_UPGRADE=1 diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml index 93db8666..b414747f 100644 --- a/network/config/bond-with-vlans/ceph-storage.yaml +++ b/network/config/bond-with-vlans/ceph-storage.yaml @@ -38,6 +38,14 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number StorageNetworkVlanID: default: 30 description: Vlan ID for the storage network traffic. @@ -46,6 +54,10 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number ManagementNetworkVlanID: default: 60 description: Vlan ID for the management network traffic. @@ -57,6 +69,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -123,6 +143,8 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # device: bond1 @@ -130,6 +152,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml index bea98c19..5ee9ff09 100644 --- a/network/config/bond-with-vlans/cinder-storage.yaml +++ b/network/config/bond-with-vlans/cinder-storage.yaml @@ -38,6 +38,10 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -50,6 +54,10 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number ManagementNetworkVlanID: default: 60 description: Vlan ID for the management network traffic. @@ -61,6 +69,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -134,6 +150,8 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # device: bond1 @@ -141,6 +159,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml index 774bf02d..19c011eb 100644 --- a/network/config/bond-with-vlans/compute.yaml +++ b/network/config/bond-with-vlans/compute.yaml @@ -38,6 +38,10 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -46,6 +50,10 @@ parameters: default: 30 description: Vlan ID for the storage network traffic. type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number TenantNetworkVlanID: default: 50 description: Vlan ID for the tenant network traffic. @@ -61,6 +69,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -134,6 +150,8 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # device: bond1 @@ -141,6 +159,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml index d9532439..6242e2f8 100644 --- a/network/config/bond-with-vlans/controller-no-external.yaml +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -62,10 +62,17 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string ExternalInterfaceDefaultRoute: default: '10.0.0.1' description: default route for the external network type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -102,6 +109,9 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} - type: ovs_bridge name: {get_input: bridge_name} @@ -148,6 +158,8 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # device: bond1 @@ -155,6 +167,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml index 7869ebfc..71b7e1b1 100644 --- a/network/config/bond-with-vlans/controller-v6.yaml +++ b/network/config/bond-with-vlans/controller-v6.yaml @@ -64,10 +64,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -75,6 +71,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -106,6 +110,7 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + # IPv4 Default Route - default: true next_hop: {get_param: ControlPlaneDefaultRoute} @@ -134,6 +139,7 @@ resources: - ip_netmask: {get_param: ExternalIpSubnet} routes: + # IPv6 Default Route - default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} @@ -166,6 +172,9 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. #- # type: vlan # device: bond1 @@ -173,6 +182,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index d3627ead..9917f073 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -62,10 +62,17 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string ExternalInterfaceDefaultRoute: default: '10.0.0.1' description: default route for the external network type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -158,6 +165,9 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. #- # type: vlan # device: bond1 @@ -165,6 +175,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml index de9121e5..4dd6628f 100644 --- a/network/config/bond-with-vlans/swift-storage.yaml +++ b/network/config/bond-with-vlans/swift-storage.yaml @@ -38,6 +38,10 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -50,6 +54,10 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number ManagementNetworkVlanID: default: 60 description: Vlan ID for the management network traffic. @@ -61,6 +69,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -134,6 +150,8 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # device: bond1 @@ -141,6 +159,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml index 84cb0f12..c31c6e65 100644 --- a/network/config/multiple-nics/ceph-storage.yaml +++ b/network/config/multiple-nics/ceph-storage.yaml @@ -57,10 +57,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -68,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -118,6 +122,8 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: interface # name: nic7 @@ -125,6 +131,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml index 0b0218c5..4f8b7f64 100644 --- a/network/config/multiple-nics/cinder-storage.yaml +++ b/network/config/multiple-nics/cinder-storage.yaml @@ -57,10 +57,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -68,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -125,6 +129,8 @@ resources: - ip_netmask: {get_param: InternalApiIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: interface # name: nic7 @@ -132,6 +138,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index 97eef52b..77514745 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -57,10 +57,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -68,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -133,6 +137,8 @@ resources: # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: interface # name: nic7 @@ -140,6 +146,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml index b69879fb..da1f95f1 100644 --- a/network/config/multiple-nics/controller-v6.yaml +++ b/network/config/multiple-nics/controller-v6.yaml @@ -59,10 +59,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -70,6 +66,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -102,6 +106,7 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + # IPv4 Default Route - default: true next_hop: {get_param: ControlPlaneDefaultRoute} @@ -150,6 +155,7 @@ resources: - ip_netmask: {get_param: ExternalIpSubnet} routes: + # IPv6 Default Route - default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} @@ -160,6 +166,9 @@ resources: # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. #- # type: interface # name: nic7 @@ -167,6 +176,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml index 377fd116..7a1f9e5f 100644 --- a/network/config/multiple-nics/controller.yaml +++ b/network/config/multiple-nics/controller.yaml @@ -57,10 +57,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -68,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -155,6 +159,9 @@ resources: # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. #- # type: interface # name: nic7 @@ -162,6 +169,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml index b75bbd6e..05083105 100644 --- a/network/config/multiple-nics/swift-storage.yaml +++ b/network/config/multiple-nics/swift-storage.yaml @@ -57,10 +57,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -68,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -125,6 +129,8 @@ resources: - ip_netmask: {get_param: InternalApiIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: interface # name: nic7 @@ -132,6 +138,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml index a46d7e20..fc8e8b6f 100644 --- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml @@ -29,6 +29,18 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number StorageNetworkVlanID: default: 30 description: Vlan ID for the storage network traffic. @@ -37,6 +49,14 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -44,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -99,6 +127,20 @@ resources: addresses: - ip_netmask: {get_param: StorageMgmtIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: br-storage + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml index 08613a3b..6fb247ed 100644 --- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml @@ -29,6 +29,14 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -41,6 +49,14 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -48,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -110,6 +134,20 @@ resources: addresses: - ip_netmask: {get_param: StorageMgmtIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: br-storage + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml index b6522c67..e31720d8 100644 --- a/network/config/single-nic-linux-bridge-vlans/compute.yaml +++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml @@ -29,6 +29,14 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -37,10 +45,18 @@ parameters: default: 30 description: Vlan ID for the storage network traffic. type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number TenantNetworkVlanID: default: 50 description: Vlan ID for the tenant network traffic. type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -48,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -81,7 +105,6 @@ resources: ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} - - ip_netmask: 0.0.0.0/0 default: true next_hop: {get_param: ControlPlaneDefaultRoute} members: @@ -111,6 +134,20 @@ resources: addresses: - ip_netmask: {get_param: TenantIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: {get_input: bridge_name} + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml new file mode 100644 index 00000000..80125149 --- /dev/null +++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml @@ -0,0 +1,178 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config to configure VLANs for the + controller role with IPv6 on the External network. The IPv6 default + route is on the External network, and the IPv4 default route is on + the Control Plane. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: linux_bridge + name: {get_input: bridge_name} + use_dhcp: false + dns_servers: {get_param: DnsServers} + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + # IPv4 Default Route + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} + members: + - + type: interface + name: {get_input: interface_name} + # force the MAC address of the bridge to this interface + primary: true + - + type: vlan + vlan_id: {get_param: ExternalNetworkVlanID} + device: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: ExternalIpSubnet} + routes: + # IPv6 Default Route + - + default: true + next_hop: {get_param: ExternalInterfaceDefaultRoute} + - + type: vlan + vlan_id: {get_param: InternalApiNetworkVlanID} + device: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: InternalApiIpSubnet} + - + type: vlan + vlan_id: {get_param: StorageNetworkVlanID} + device: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: StorageIpSubnet} + - + type: vlan + vlan_id: {get_param: StorageMgmtNetworkVlanID} + device: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: StorageMgmtIpSubnet} + - + type: vlan + vlan_id: {get_param: TenantNetworkVlanID} + device: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: TenantIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: {get_input: bridge_name} + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml index 72105481..aef5d4e3 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml @@ -29,6 +29,10 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -49,10 +53,21 @@ parameters: default: 50 description: Vlan ID for the tenant network traffic. type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string ExternalInterfaceDefaultRoute: default: '10.0.0.1' description: default route for the external network type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -64,9 +79,6 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - ControlPlaneDefaultRoute: # Override this via parameter_defaults - description: The default route of the control plane network. - type: string resources: OsNetConfigImpl: @@ -92,8 +104,8 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + # IPv4 Default Route - - ip_netmask: 0.0.0.0/0 default: true next_hop: {get_param: ControlPlaneDefaultRoute} members: @@ -110,8 +122,8 @@ resources: - ip_netmask: {get_param: ExternalIpSubnet} routes: + # IPv6 Default Route - - ip_netmask: 0.0.0.0/0 default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} - @@ -142,6 +154,21 @@ resources: addresses: - ip_netmask: {get_param: TenantIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: {get_input: bridge_name} + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml index 962b9890..a5d2f966 100644 --- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml @@ -29,6 +29,14 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -41,6 +49,14 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -48,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -110,6 +134,20 @@ resources: addresses: - ip_netmask: {get_param: StorageMgmtIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: br-storage + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml index 80bc32d3..6fa288af 100644 --- a/network/config/single-nic-vlans/ceph-storage.yaml +++ b/network/config/single-nic-vlans/ceph-storage.yaml @@ -52,6 +52,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -106,12 +114,18 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml index e509443a..d1135776 100644 --- a/network/config/single-nic-vlans/cinder-storage.yaml +++ b/network/config/single-nic-vlans/cinder-storage.yaml @@ -56,6 +56,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -116,12 +124,18 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml index 8cf6825d..bd3cef34 100644 --- a/network/config/single-nic-vlans/compute.yaml +++ b/network/config/single-nic-vlans/compute.yaml @@ -56,6 +56,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -116,12 +124,18 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml index eb5e1e5a..8e8b0f5d 100644 --- a/network/config/single-nic-vlans/controller-no-external.yaml +++ b/network/config/single-nic-vlans/controller-no-external.yaml @@ -5,6 +5,10 @@ description: > controller role. No external IP is configured. parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string ExternalIpSubnet: default: '' description: IP address/subnet on the external network @@ -53,10 +57,28 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string ExternalInterfaceDefaultRoute: default: '10.0.0.1' description: default route for the external network type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string resources: OsNetConfigImpl: @@ -69,7 +91,22 @@ resources: - type: ovs_bridge name: {get_input: bridge_name} - use_dhcp: true + use_dhcp: false + dns_servers: {get_param: DnsServers} + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} members: - type: interface @@ -101,12 +138,18 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml index 472e539d..ecbf2efb 100644 --- a/network/config/single-nic-vlans/controller-v6.yaml +++ b/network/config/single-nic-vlans/controller-v6.yaml @@ -59,10 +59,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -70,6 +66,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -102,6 +106,7 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + # IPv4 Default Route - default: true next_hop: {get_param: ControlPlaneDefaultRoute} @@ -115,9 +120,10 @@ resources: type: vlan vlan_id: {get_param: ExternalNetworkVlanID} addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - + ip_netmask: {get_param: ExternalIpSubnet} routes: + # IPv6 Default Route - default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} @@ -145,12 +151,20 @@ resources: addresses: - ip_netmask: {get_param: TenantIpSubnet} - #- # Uncomment when including environments/network-management.yaml + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml index a5a0745d..c5979a89 100644 --- a/network/config/single-nic-vlans/controller.yaml +++ b/network/config/single-nic-vlans/controller.yaml @@ -57,10 +57,17 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string ExternalInterfaceDefaultRoute: default: '10.0.0.1' description: default route for the external network type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -137,12 +144,20 @@ resources: addresses: - ip_netmask: {get_param: TenantIpSubnet} - #- # Uncomment when including environments/network-management.yaml + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml index efc03393..7b06580c 100644 --- a/network/config/single-nic-vlans/swift-storage.yaml +++ b/network/config/single-nic-vlans/swift-storage.yaml @@ -56,6 +56,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -116,12 +124,18 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/overcloud.yaml b/overcloud.yaml index a4f8fee1..b37426f8 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -56,6 +56,12 @@ parameters: Control the IP allocation for the StorageMgmgVirtualInterface port. E.g. [{'ip_address':'1.2.3.4'}] type: json + RedisVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the virtual IP used by Redis. E.g. + [{'ip_address':'1.2.3.4'}] + type: json CloudDomain: default: 'localdomain' type: string @@ -399,15 +405,11 @@ resources: controllerExtraConfig: {get_param: controllerExtraConfig} HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} HorizonSecret: {get_resource: HorizonSecret} - MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]} - MysqlRootPassword: {get_attr: [MysqlRootPassword, value]} PcsdPassword: {get_resource: PcsdPassword} - RabbitCookie: {get_attr: [RabbitCookie, value]} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MysqlNetwork]}]} Hostname: str_replace: template: {get_param: ControllerHostnameFormat} @@ -612,11 +614,6 @@ resources: properties: length: 10 - MysqlClusterUniquePart: - type: OS::Heat::RandomString - properties: - length: 10 - RabbitCookie: type: OS::Heat::RandomString properties: @@ -627,7 +624,6 @@ resources: type: OS::TripleO::DefaultPasswords properties: DefaultMysqlRootPassword: {get_attr: [MysqlRootPassword, value]} - DefaultMysqlClusterPassword: {get_attr: [MysqlClusterUniquePart, value]} DefaultRabbitCookie: {get_attr: [RabbitCookie, value]} DefaultHeatAuthEncryptionKey: {get_attr: [HeatAuthEncryptionKey, value]} DefaultPcsdPassword: {get_attr: [PcsdPassword, value]} @@ -655,6 +651,7 @@ resources: PortName: redis_virtual_ip NetworkName: {get_attr: [ServiceNetMap, service_net_map, RedisNetwork]} ServiceName: redis + FixedIPs: {get_param: RedisVirtualFixedIPs} # The public VIP is on the External net, falls back to ctlplane PublicVirtualIP: diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index ff2c5d1c..ef3f08ff 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -106,7 +106,7 @@ resources: properties: image: {get_param: BlockStorageImage} - flavor: {get_param: Flavor} + flavor: {get_param: OvercloudBlockStorageFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 75b412aa..1b2706ea 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -4,10 +4,6 @@ description: > OpenStack controller node configured by Puppet. parameters: - AdminPassword: - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true AodhPassword: description: The password for the aodh services. type: string @@ -31,10 +27,6 @@ parameters: ... } type: json - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string CorosyncIPv6: default: false description: Enable IPv6 in Corosync @@ -47,10 +39,6 @@ parameters: default: false description: Whether to enable fencing in Pacemaker or not. type: boolean - EnableGalera: - default: true - description: Whether to use Galera instead of regular MariaDB. - type: boolean EnableLoadBalancer: default: true description: Whether to deploy a LoadBalancer on the Controller @@ -99,17 +87,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - HAProxyStatsPassword: - description: Password for HAProxy stats endpoint - type: string - HAProxyStatsUser: - description: User for HAProxy stats endpoint - default: admin - type: string - HAProxySyslogAddress: - default: /dev/log - description: Syslog address where HAproxy will send its log - type: string HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string @@ -149,31 +126,6 @@ parameters: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - MysqlClusterUniquePart: - description: A unique identifier of the MySQL cluster the controller is in. - type: string - default: 'unset' # Has to be here because of the ignored empty value bug - # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 - # constraints: - # - length: {min: 4, max: 10} - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - MysqlMaxConnections: - description: Configures MySQL max_connections config setting - type: number - default: 4096 - MysqlClustercheckPassword: - type: string - hidden: true - MysqlRootPassword: - type: string - hidden: true - default: '' # Has to be here because of the ignored empty value bug NeutronMetadataProxySharedSecret: description: Shared secret to prevent spoofing type: string @@ -203,34 +155,6 @@ parameters: type: string description: The password for the 'pcsd' user. hidden: true - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - RabbitCookie: - type: string - default: '' # Has to be here because of the ignored empty value bug - hidden: true - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number RedisPassword: description: The password for Redis type: string @@ -247,13 +171,14 @@ parameters: in the ring. hidden: true type: string + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level default: '' - MysqlVirtualIP: - type: string - default: '' ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -480,30 +405,16 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} - haproxy_log_address: {get_param: HAProxySyslogAddress} - haproxy_stats_password: {get_param: HAProxyStatsPassword} - haproxy_stats_user: {get_param: HAProxyStatsUser} heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} horizon_secret: {get_param: HorizonSecret} - admin_password: {get_param: AdminPassword} debug: {get_param: Debug} keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} - enable_galera: {get_param: EnableGalera} enable_load_balancer: {get_param: EnableLoadBalancer} manage_firewall: {get_param: ManageFirewall} purge_firewall_rules: {get_param: PurgeFirewallRules} - mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - mysql_max_connections: {get_param: MysqlMaxConnections} - mysql_root_password: {get_param: MysqlRootPassword} - mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} - mysql_cluster_name: - str_replace: - template: tripleo-CLUSTER - params: - CLUSTER: {get_param: MysqlClusterUniquePart} neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } @@ -525,13 +436,6 @@ resources: instance_name_template: {get_param: InstanceNameTemplate} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_cookie: {get_param: RabbitCookie} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - control_virtual_interface: {get_param: ControlVirtualInterface} - public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} @@ -564,13 +468,10 @@ resources: template: "NETWORK_subnet" params: NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} - rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitmqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} - mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - mysql_virtual_ip: {get_param: MysqlVirtualIP} ceph_cluster_network: get_attr: - NetIpMap @@ -680,17 +581,6 @@ resources: # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} - # MySQL - admin_password: {get_input: admin_password} - enable_galera: {get_input: enable_galera} - mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} - mysql_max_connections: {get_input: mysql_max_connections} - mysql::server::root_password: {get_input: mysql_root_password} - mysql_clustercheck_password: {get_input: mysql_clustercheck_password} - mysql_cluster_name: {get_input: mysql_cluster_name} - mysql_bind_host: {get_input: mysql_network} - mysql_virtual_ip: {get_input: mysql_virtual_ip} - # Neutron neutron::bind_host: {get_input: neutron_api_network} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} @@ -734,9 +624,6 @@ resources: # Sahara sahara::host: {get_input: sahara_api_network} - # RabbitMQ - rabbitmq::node_ip_address: {get_input: rabbitmq_network} - rabbitmq::erlang_cookie: {get_input: rabbit_cookie} # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} @@ -746,17 +633,7 @@ resources: # Misc memcached_ipv6: {get_input: memcached_ipv6} memcached::listen_ip: {get_input: memcached_network} - control_virtual_interface: {get_input: control_virtual_interface} - public_virtual_interface: {get_input: public_virtual_interface} - tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address} tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user} - tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password} - tripleo::haproxy::redis_password: {get_input: redis_password} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} # Hook for site-specific additional pre-deployment config, e.g extra hieradata @@ -873,7 +750,14 @@ outputs: description: Swift device formatted for swift-ring-builder value: str_replace: - template: 'r1z1-IP:%PORT%/d1' + template: + list_join: + - ',' + - ['r1z1-IP:%PORT%/d1'] + - repeat: + template: 'r1z1-IP:%PORT%/DEVICE' + for_each: + DEVICE: {get_param: SwiftRawDisks} params: IP: get_attr: diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 8d2185f6..b0eea481 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > MySQL service deployment using puppet @@ -19,6 +19,21 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MysqlMaxConnections: + description: Configures MySQL max_connections config setting + type: number + default: 4096 + MysqlRootPassword: + type: string + hidden: true + default: '' + MysqlClustercheckPassword: + type: string + hidden: true + EnableGalera: + default: true + description: Whether to use Galera instead of regular MariaDB. + type: boolean outputs: role_data: @@ -42,5 +57,22 @@ outputs: - 4567 - 4568 - 9200 + mysql_max_connections: {get_param: MysqlMaxConnections} + mysql::server::root_password: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} + enable_galera: {get_param: EnableGalera} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 301b2bb1..40711432 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -36,4 +36,3 @@ outputs: redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"' redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"' redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' - tripleo::loadbalancer::redis_password: {get_param: RedisPassword} diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 00574c2f..8ac669a9 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -18,6 +18,32 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyStatsPassword: + description: Password for HAProxy stats endpoint + hidden: true + type: string + HAProxyStatsUser: + description: User for HAProxy stats endpoint + default: admin + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string + RedisPassword: + description: The password for Redis + type: string + hidden: true + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string outputs: role_data: @@ -49,5 +75,11 @@ outputs: tripleo::haproxy::heat_cloudwatch: true tripleo::haproxy::heat_cfn: true tripleo::haproxy::horizon: true + tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} + tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} + tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} + tripleo::haproxy::redis_password: {get_param: RedisPassword} + tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface} + tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface} step_config: | include ::tripleo::profile::base::haproxy diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index c8c977c6..b783345b 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -18,11 +18,24 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string outputs: role_data: description: Role data for the Keepalived role. value: service_name: keepalived + config_settings: + tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} + tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} step_config: | include ::tripleo::profile::base::keepalived diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index ed2dbd0e..513cb2d4 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -18,10 +18,19 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + NeutronEnableMetadataNetwork: + default: false + description: If True, DHCP provide metadata network. Requires either + IsolatedMetadata or ForceMetadata parameters to also be True. + type: boolean NeutronEnableIsolatedMetadata: - default: 'False' + default: false description: If True, DHCP provide metadata route to VM. - type: string + type: boolean + NeutronEnableForceMetadata: + default: false + description: If True, DHCP always provides metadata route to VM. + type: boolean resources: @@ -41,6 +50,8 @@ outputs: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata} + neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork} tripleo.neutron_dhcp.firewall_rules: '115 neutron dhcp input': proto: 'udp' diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index e63a8f1e..d555ed0a 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -20,11 +20,21 @@ parameters: via parameter_defaults in the resource registry. type: json +resources: + + MysqlBase: + type: ../../database/mysql.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Service MySQL with Pacemaker using composable services. value: service_name: mysql config_settings: + get_attr: [MysqlBase, role_data, config_settings] step_config: | include ::tripleo::profile::pacemaker::database::mysql diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 5d580648..06595b07 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > RabbitMQ service configured with Puppet @@ -34,6 +34,10 @@ parameters: default: false description: Enable IPv6 in RabbitMQ type: boolean + RabbitCookie: + type: string + default: '' + hidden: true outputs: role_data: @@ -66,5 +70,19 @@ outputs: tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' cluster_partition_handling: 'pause_minority' loopback_users: '[]' + rabbitmq::erlang_cookie: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} step_config: | include ::tripleo::profile::base::rabbitmq diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 558f2752..664a701f 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -26,6 +26,10 @@ parameters: default: false description: Value of mount_check in Swift account/container/object -server.conf type: boolean + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json # DEPRECATED options for compatibility with overcloud.yaml # This should be removed and manipulation of the ControllerServices list @@ -69,5 +73,6 @@ outputs: swift::storage::all::account_pipeline: - healthcheck - account-server + swift::storage::disks: {get_param: SwiftRawDisks} step_config: | include ::tripleo::profile::base::swift::storage diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index dc28ee76..1f3022b8 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -101,6 +101,10 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json resources: @@ -377,7 +381,14 @@ outputs: description: Swift device formatted for swift-ring-builder value: str_replace: - template: 'r1z1-IP:%PORT%/d1' + template: + list_join: + - ',' + - ['r1z1-IP:%PORT%/d1'] + - repeat: + template: 'r1z1-IP:%PORT%/DEVICE' + for_each: + DEVICE: {get_param: SwiftRawDisks} params: IP: get_attr: |