diff options
96 files changed, 2264 insertions, 1482 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index f47eb9ad..c7816b7e 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -5,7 +5,7 @@ # root_template: identifies repository's root template # root_environment: identifies root_environment, this one is special in terms of # order in which the environments are merged before deploying. This one serves as -# a base and it's parameters/resource_registry gets overriden by other environments +# a base and it's parameters/resource_registry gets overridden by other environments # if used. # topics: @@ -21,7 +21,7 @@ # Attributes: # title: (optional) # description: (optional) -# tags: a list of tags to provide aditional information for e.g. filtering (optional) +# tags: a list of tags to provide additional information for e.g. filtering (optional) # environments: (required) # environments: diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml index e3557267..a2c7d787 100644 --- a/docker/compute-post.yaml +++ b/docker/compute-post.yaml @@ -28,7 +28,7 @@ parameters: default: "/etc/libvirt/libvirtd.conf" NovaConfig: type: string - default: "/etc/nova/nova.conf" + default: "/etc/nova/nova.conf,/etc/nova/rootwrap.conf" NeutronOpenvswitchAgentConfig: type: string default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" @@ -260,6 +260,8 @@ resources: volumes: - /run:/run - /lib/modules:/lib/modules:ro + - /dev:/dev + - /lib/udev:/lib/udev - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf @@ -317,8 +319,12 @@ resources: volumes: - /run:/run - /lib/modules:/lib/modules:ro + - /dev:/dev + - /lib/udev:/lib/udev + - /etc/iscsi:/etc/iscsi - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro + - /var/lib/etc-data/nova/rootwrap.conf:/var/lib/kolla/config_files/rootwrap.conf:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS volumes_from: diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index bb458a68..027aed40 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -48,23 +48,13 @@ fi /sbin/setenforce 0 /sbin/modprobe ebtables +# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes +chmod 666 /dev/pts/ptmx + # We need hostname -f to return in a centos container for the puppet hook HOSTNAME=$(hostname) echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts -# Another hack.. we need a different docker version -# (should obviously be dropped once the atomic image contains docker 1.8.2) -/usr/bin/systemctl stop docker.service -/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-1.8.2 -/bin/mount -o remount,rw /usr -/bin/rm /bin/docker -/bin/cp /tmp/docker /bin/docker -/bin/chmod 755 /bin/docker - -# enable and start docker -/usr/bin/systemctl enable docker.service -/usr/bin/systemctl restart --no-block docker.service - # enable and start heat-docker-agents chmod 0640 /etc/systemd/system/heat-docker-agents.service /usr/bin/systemctl enable heat-docker-agents.service diff --git a/environments/docker.yaml b/environments/docker.yaml index be21d842..a7e2504c 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -3,7 +3,7 @@ resource_registry: OS::TripleO::ComputePostDeployment: ../docker/compute-post.yaml OS::TripleO::NodeUserData: ../docker/firstboot/install_docker_agents.yaml -parameters: +parameter_defaults: NovaImage: atomic-image parameter_defaults: diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index d6328c06..e708688f 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -5,6 +5,9 @@ parameter_defaults: SSLKey: | The contents of the private key go here EndpointMap: + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} @@ -14,9 +17,10 @@ parameter_defaults: GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} - GlanceRegistryAdmin: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} - GlanceRegistryPublic: {protocol: 'https', port: '9191', host: 'IP_ADDRESS'} # Not set on the loadbalancer yet. + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} @@ -24,9 +28,6 @@ parameter_defaults: KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} - KeystoneV3Admin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} - KeystoneV3Internal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} - KeystoneV3Public: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} @@ -41,7 +42,7 @@ parameter_defaults: NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} - SaharaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} diff --git a/environments/external-loadbalancer-vip.yaml b/environments/external-loadbalancer-vip.yaml index 198892cd..8656ba1a 100644 --- a/environments/external-loadbalancer-vip.yaml +++ b/environments/external-loadbalancer-vip.yaml @@ -10,7 +10,8 @@ resource_registry: OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool.yaml OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml - OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_from_pool.yaml + # Management network is optional and disabled by default + #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_from_pool.yaml parameter_defaults: # When using an external loadbalancer set the following in parameter_defaults @@ -35,6 +36,6 @@ parameter_defaults: - 172.16.3.253 tenant: - 172.16.0.253 - management: - - 172.16.4.253 + #management: + #- 172.16.4.253 EnableLoadBalancer: false diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml index 071f4108..5d48698e 100644 --- a/environments/manage-firewall.yaml +++ b/environments/manage-firewall.yaml @@ -1,2 +1,2 @@ -parameters: +parameter_defaults: ManageFirewall: true diff --git a/environments/mongodb-nojournal.yaml b/environments/mongodb-nojournal.yaml index 1e13e452..92cef532 100644 --- a/environments/mongodb-nojournal.yaml +++ b/environments/mongodb-nojournal.yaml @@ -1,5 +1,5 @@ # A Heat environment file which can be used to disable journal in MongoDb. # Since, when journaling is enabled, MongoDb will create big journal file # it can take time. In a CI environment for example journaling is not necessary. -parameters: +parameter_defaults: MongoDbNoJournal: true diff --git a/environments/net-bond-with-vlans-no-external.yaml b/environments/net-bond-with-vlans-no-external.yaml index 0da119d9..75959a0b 100644 --- a/environments/net-bond-with-vlans-no-external.yaml +++ b/environments/net-bond-with-vlans-no-external.yaml @@ -12,7 +12,7 @@ resource_registry: # Set external ports to noop - OS::TripleO::Network::External: ../network/noop.yaml + OS::TripleO::Network::External: OS::Heat::None OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::BlockStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/cinder-storage.yaml diff --git a/environments/net-single-nic-with-vlans-no-external.yaml b/environments/net-single-nic-with-vlans-no-external.yaml index a173df4e..c7594b32 100644 --- a/environments/net-single-nic-with-vlans-no-external.yaml +++ b/environments/net-single-nic-with-vlans-no-external.yaml @@ -10,7 +10,7 @@ resource_registry: # Set external ports to noop - OS::TripleO::Network::External: ../network/noop.yaml + OS::TripleO::Network::External: OS::Heat::None OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/noop.yaml # Configure other ports as normal diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml index 005310c7..062c7bee 100644 --- a/environments/network-environment.yaml +++ b/environments/network-environment.yaml @@ -22,7 +22,7 @@ parameter_defaults: TenantNetCidr: 172.16.0.0/24 ExternalNetCidr: 10.0.0.0/24 # CIDR subnet mask length for provisioning network - ControlPlaneSubnetCidr: 24 + ControlPlaneSubnetCidr: '24' # Customize the IP ranges on each network to use for static IPs and VIPs InternalApiAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}] StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}] @@ -47,4 +47,4 @@ parameter_defaults: # Set to empty string to enable multiple external networks or VLANs NeutronExternalNetworkBridge: "''" # Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100" - BondInterfaceOvsOptions: "mode=active-backup" + BondInterfaceOvsOptions: "bond_mode=active-backup" diff --git a/environments/network-isolation-v6.yaml b/environments/network-isolation-v6.yaml index 599a08b1..11ca5b31 100644 --- a/environments/network-isolation-v6.yaml +++ b/environments/network-isolation-v6.yaml @@ -53,3 +53,5 @@ parameter_defaults: NovaIPv6: True # Enable IPv6 environment for RabbitMQ. RabbitIPv6: true + # Enable IPv6 environment for Memcached. + MemcachedIPv6: true diff --git a/environments/network-isolation.yaml b/environments/network-isolation.yaml index 87fc22f5..c0420c5c 100644 --- a/environments/network-isolation.yaml +++ b/environments/network-isolation.yaml @@ -10,7 +10,7 @@ resource_registry: OS::TripleO::Network::Storage: ../network/storage.yaml OS::TripleO::Network::Tenant: ../network/tenant.yaml # Management network is optional and disabled by default - OS::TripleO::Network::Management: ../network/noop.yaml + OS::TripleO::Network::Management: OS::Heat::None # Port assignments for the VIPs OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index 50ba8f53..6fdcf633 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -13,3 +13,12 @@ parameter_defaults: NeutronNuageBaseURIVersion: 'default_uri_version' NeutronNuageCMSId: '' UseForwardedFor: true + NeutronCorePlugin: 'neutron.plugins.nuage.plugin.NuagePlugin' + NeutronEnableDHCPAgent: false + NeutronEnableL3Agent: false + NeutronEnableMetadataAgent: false + NeutronEnableOVSAgent: false + NeutronServicePlugins: [] + NovaOVSBridge: 'alubr0' + controllerExtraConfig: + neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron/plugins/nuage/' diff --git a/environments/neutron-opencontrail.yaml b/environments/neutron-opencontrail.yaml index 4704dbc8..c9bd98bb 100644 --- a/environments/neutron-opencontrail.yaml +++ b/environments/neutron-opencontrail.yaml @@ -7,7 +7,7 @@ resource_registry: parameter_defaults: NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin - NeutronEnableDHCPAgent: false + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None NeutronEnableL3Agent: false NeutronEnableMetadataAgent: false NeutronEnableOVSAgent: false diff --git a/environments/neutron-plumgrid.yaml b/environments/neutron-plumgrid.yaml new file mode 100755 index 00000000..5a244e5b --- /dev/null +++ b/environments/neutron-plumgrid.yaml @@ -0,0 +1,29 @@ +# A Heat environment file which can be used to enable PLUMgrid +# extensions, configured via puppet +resource_registry: + OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml + +parameter_defaults: + NeutronCorePlugin: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2 + PLUMgridDirectorServer: 127.0.0.1 + PLUMgridDirectorServerPort: 443 + PLUMgridUsername: username + PLUMgridPassword: password + PLUMgridServerTimeOut: 99 + PLUMgridNovaMetadataIP: 169.254.169.254 + PLUMgridNovaMetadataPort: 8775 + PLUMgridL2GatewayVendor: vendor + PLUMgridL2GatewayUsername: username + PLUMgridL2GatewayPassword: password + PLUMgridIdentityVersion: v2.0 + PLUMgridConnectorType: distributed + + #Optional Parameters + #PLUMgridNeutronPluginVersion: present + #PLUMgridPlumlibVersion: present + + # PLUMgrid doesn't require dhcp, l3, ovs and metadata agents + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + NeutronEnableL3Agent: false + NeutronEnableMetadataAgent: false + NeutronEnableOVSAgent: false diff --git a/environments/puppet-ceph-devel.yaml b/environments/puppet-ceph-devel.yaml index d782e8d8..a2d1100f 100644 --- a/environments/puppet-ceph-devel.yaml +++ b/environments/puppet-ceph-devel.yaml @@ -1,8 +1,7 @@ # A Heat environment file which can be used to enable a Ceph -# storage cluster using the controller and 2 ceph nodes. -# Rbd backends are enabled for Cinder, Glance, and Nova. -parameters: - CephStorageCount: 2 +# storage cluster using the controller and ceph nodes. +# Rbd backends are enabled for Cinder, Glance, Gnocchi and Nova. +parameter_defaults: #NOTE: These ID's and keys should be regenerated for # a production deployment. What is here is suitable for # developer and CI testing only. @@ -12,5 +11,6 @@ parameters: NovaEnableRbdBackend: true CinderEnableRbdBackend: true GlanceBackend: rbd + GnocchiBackend: rbd CinderEnableIscsiBackend: false ControllerEnableCephStorage: true diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 7f5b5080..865e0b98 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -9,16 +9,18 @@ parameter_defaults: #CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' #CephExternalMonHost: '172.16.1.7, 172.16.1.8' - # the following parameters enable Ceph backends for Cinder, Glance, and Nova + # the following parameters enable Ceph backends for Cinder, Glance, Gnocchi and Nova NovaEnableRbdBackend: true CinderEnableRbdBackend: true GlanceBackend: rbd + GnocchiBackend: rbd # If the Ceph pools which host VMs, Volumes and Images do not match these # names OR the client keyring to use is not named 'openstack', edit the # following as needed. NovaRbdPoolName: vms CinderRbdPoolName: volumes GlanceRbdPoolName: images + GnocchiRbdPoolName: metrics CephClientUserName: openstack # finally we disable the Cinder LVM backend diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 8986e35f..48e93a0c 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -4,3 +4,12 @@ resource_registry: OS::TripleO::ControllerConfig: ../puppet/controller-config-pacemaker.yaml OS::TripleO::Tasks::ControllerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml + + # custom pacemaker services + # NOTE: For now we will need to specify overrides to all services + # which use pacemaker. In the future (with upcoming HA light work) this + # list will hopefully be much smaller however. + OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml + OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml + OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml + OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/pacemaker/neutron-dhcp.yaml diff --git a/environments/puppet-tenant-vlan.yaml b/environments/puppet-tenant-vlan.yaml index 0df63caf..ed948bc5 100644 --- a/environments/puppet-tenant-vlan.yaml +++ b/environments/puppet-tenant-vlan.yaml @@ -1,4 +1,4 @@ -parameters: +parameter_defaults: NeutronNetworkType: vlan NeutronEnableTunnelling: false - NeutronNetworkVLANRanges: datacentre:1:1000
\ No newline at end of file + NeutronNetworkVLANRanges: datacentre:1:1000 diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml index bd320bd9..da33acfd 100644 --- a/environments/storage-environment.yaml +++ b/environments/storage-environment.yaml @@ -15,6 +15,8 @@ parameter_defaults: NovaEnableRbdBackend: true ## Glance backend can be either 'rbd' (Ceph), 'swift' or 'file'. GlanceBackend: rbd + ## Gnocchi backend can be either 'rbd' (Ceph), 'swift' or 'file'. + GnocchiBackend: rbd #### CINDER NFS SETTINGS #### @@ -32,6 +34,8 @@ parameter_defaults: ## File system type of the mount # GlanceFilePcmkFstype: nfs ## Pacemaker mount point, e.g. '192.168.122.1:/export/glance' for NFS + ## (If using IPv6, use both double- and single-quotes, + ## e.g. "'[fdd0::1]:/export/glance'") # GlanceFilePcmkDevice: '' ## Options for the mount managed by Pacemaker # GlanceFilePcmkOptions: '' diff --git a/environments/updates/update-from-keystone-admin-internal-api.yaml b/environments/updates/update-from-keystone-admin-internal-api.yaml index 3c71ef1b..a9fa2bea 100644 --- a/environments/updates/update-from-keystone-admin-internal-api.yaml +++ b/environments/updates/update-from-keystone-admin-internal-api.yaml @@ -1,7 +1,7 @@ # This environment file provides a default value for ServiceNetMap where # Keystone Admin API service is running on the Internal API network -parameters: +parameter_defaults: ServiceNetMap: NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api diff --git a/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml index 70437a8a..c388358a 100644 --- a/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml @@ -20,3 +20,4 @@ parameter_defaults: rhel_reg_user: "" rhel_reg_type: "" rhel_reg_method: "" + rhel_reg_sat_repo: "rhel-7-server-satellite-tools-6.1-rpms" diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index a884bdae..7c65bd8b 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -43,6 +43,8 @@ parameters: type: string rhel_reg_method: type: string + rhel_reg_sat_repo: + type: string resources: @@ -68,6 +70,7 @@ resources: - name: REG_USER - name: REG_TYPE - name: REG_METHOD + - name: REG_SAT_REPO config: {get_file: scripts/rhel-registration} RHELRegistrationDeployment: @@ -95,6 +98,7 @@ resources: REG_USER: {get_param: rhel_reg_user} REG_TYPE: {get_param: rhel_reg_type} REG_METHOD: {get_param: rhel_reg_method} + REG_SAT_REPO: {get_param: rhel_reg_sat_repo} RHELUnregistration: type: OS::Heat::SoftwareConfig diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index 76fa63b4..1c9acd2b 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -15,7 +15,7 @@ opts= attach_opts= sat5_opts= repos="repos --enable rhel-7-server-rpms" -satellite_repo="rhel-7-server-rh-common-rpms" +satellite_repo=${REG_SAT_REPO} if [ -n "${REG_AUTO_ATTACH:-}" ]; then opts="$opts --auto-attach" @@ -98,10 +98,10 @@ fi function detect_satellite_version { ping_api=$REG_SAT_URL/katello/api/ping - if curl -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then + if curl -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then echo Satellite 6 detected at $REG_SAT_URL satellite_version=6 - elif curl -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then + elif curl -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then echo Satellite 5 detected at $REG_SAT_URL satellite_version=5 else @@ -120,9 +120,10 @@ case "${REG_METHOD:-}" in ;; satellite) detect_satellite_version - if [ "satellite_version" = "6" ]; then + if [ "$satellite_version" = "6" ]; then repos="$repos --enable ${satellite_repo}" - rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true + curl -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true subscription-manager register $opts subscription-manager $repos yum install -y katello-agent || true # needed for errata reporting to satellite6 diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index bf2ee330..f5399222 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -12,10 +12,8 @@ fi if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then pcs resource disable httpd check_resource httpd stopped 1800 - if pcs status | grep openstack-keystone; then - pcs resource disable openstack-keystone - check_resource openstack-keystone stopped 1800 - fi + pcs resource disable openstack-core + check_resource openstack-core stopped 1800 pcs resource disable redis check_resource redis stopped 600 pcs resource disable mongod @@ -26,6 +24,12 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) check_resource memcached stopped 600 pcs resource disable galera check_resource galera stopped 600 + # Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address: + # https://bugzilla.redhat.com/show_bug.cgi?id=1330688 + for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do + pcs resource disable $vip + check_resource $vip stopped 60 + done pcs cluster stop --all fi diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index 10bea573..643ae57f 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -24,6 +24,11 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) exit 1 fi + for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Stopped | awk '{ print $1 }'); do + pcs resource enable $vip + check_resource $vip started 60 + done + pcs resource enable galera check_resource galera started 600 pcs resource enable mongod @@ -55,10 +60,8 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) check_resource rabbitmq started 600 pcs resource enable redis check_resource redis started 600 - if pcs status | grep openstack-keystone; then - pcs resource enable openstack-keystone - check_resource openstack-keystone started 1800 - fi + pcs resource enable openstack-core + check_resource openstack-core started 1800 pcs resource enable httpd check_resource httpd started 1800 fi diff --git a/extraconfig/tasks/major_upgrade_pacemaker_init.yaml b/extraconfig/tasks/major_upgrade_pacemaker_init.yaml index f662bc3d..623549a0 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_init.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker_init.yaml @@ -30,6 +30,8 @@ parameters: resources: + # For the UpgradeInit also rename /etc/resolv.conf.save for +bug/1567004 + UpgradeInitConfig: type: OS::Heat::SoftwareConfig properties: @@ -38,6 +40,7 @@ resources: list_join: - '' - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - get_param: UpgradeInitCommand UpgradeInitControllerDeployment: diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index 7fd26945..b63198db 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -12,3 +12,64 @@ # The migration functions should be idempotent. If the migration has # been already applied, it should be possible to call the function # again without damaging the deployment or failing the upgrade. + +function add_missing_openstack_core_constraints { + # The CIBs are saved under /root as they might contain sensitive data + CIB="/root/migration.cib" + CIB_BACKUP="/root/backup.cib" + CIB_PUSH_NEEDED=n + + rm -f "$CIB" "$CIB_BACKUP" || /bin/true + pcs cluster cib "$CIB" + cp "$CIB" "$CIB_BACKUP" + + if ! pcs -f "$CIB" constraint --full | grep 'start openstack-sahara-api-clone then start openstack-sahara-engine-clone'; then + pcs -f "$CIB" constraint order start openstack-sahara-api-clone then start openstack-sahara-engine-clone + CIB_PUSH_NEEDED=y + fi + + if ! pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-ceilometer-notification-clone'; then + pcs -f "$CIB" constraint order start openstack-core-clone then start openstack-ceilometer-notification-clone + CIB_PUSH_NEEDED=y + fi + + if ! pcs -f "$CIB" constraint --full | grep 'start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone'; then + pcs -f "$CIB" constraint order start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone + CIB_PUSH_NEEDED=y + fi + + if pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone'; then + CID=$(pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone' | sed -e 's/.*id\://g' -e 's/)//g') + pcs -f "$CIB" constraint remove $CID + CIB_PUSH_NEEDED=y + fi + + if [ "$CIB_PUSH_NEEDED" = 'y' ]; then + pcs cluster cib-push "$CIB" + fi +} + +function remove_ceilometer_alarm { + if pcs status | grep openstack-ceilometer-alarm; then + # Disable pacemaker resources for ceilometer-alarms + pcs resource disable openstack-ceilometer-alarm-evaluator + check_resource openstack-ceilometer-alarm-evaluator stopped 600 + pcs resource delete openstack-ceilometer-alarm-evaluator + pcs resource disable openstack-ceilometer-alarm-notifier + check_resource openstack-ceilometer-alarm-notifier stopped 600 + pcs resource delete openstack-ceilometer-alarm-notifier + + # remove constraints + pcs constraint remove ceilometer-delay-then-ceilometer-alarm-evaluator-constraint + pcs constraint remove ceilometer-alarm-evaluator-with-ceilometer-delay-colocation + pcs constraint remove ceilometer-alarm-evaluator-then-ceilometer-alarm-notifier-constraint + pcs constraint remove ceilometer-alarm-notifier-with-ceilometer-alarm-evaluator-colocation + pcs constraint remove ceilometer-alarm-notifier-then-ceilometer-notification-constraint + pcs constraint remove ceilometer-notification-with-ceilometer-alarm-notifier-colocation + + fi + + # uninstall openstack-ceilometer-alarm package + yum -y remove openstack-ceilometer-alarm + +} diff --git a/extraconfig/tasks/noop.yaml b/extraconfig/tasks/noop.yaml deleted file mode 100644 index dbb863be..00000000 --- a/extraconfig/tasks/noop.yaml +++ /dev/null @@ -1,26 +0,0 @@ -heat_template_version: 2014-10-16 -description: 'No-op task' - -parameters: - servers: - type: json - default: [] - controller_servers: - type: json - default: [] - compute_servers: - type: json - default: [] - blockstorage_servers: - type: json - default: [] - objectstorage_servers: - type: json - default: [] - cephstorage_servers: - type: json - default: [] - input_values: - type: json - default: {} - description: input values for the software deployments diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index 0808763e..7d794c97 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -19,8 +19,9 @@ function check_resource { match_for_incomplete='Stopped' fi + nodes_local=$(pcs status | grep ^Online | sed 's/.*\[ \(.*\) \]/\1/g' | sed 's/ /\|/g') if timeout -k 10 $timeout crm_resource --wait; then - node_states=$(pcs status --full | grep "$service" | grep -v Clone) + node_states=$(pcs status --full | grep "$service" | grep -v Clone | { egrep "$nodes_local" || true; } ) if echo "$node_states" | grep -q "$match_for_incomplete"; then echo_error "ERROR: cluster finished transition but $service was not in $state state, exiting." exit 1 diff --git a/extraconfig/tasks/pacemaker_maintenance_mode.sh b/extraconfig/tasks/pacemaker_maintenance_mode.sh new file mode 100755 index 00000000..ddc84ad2 --- /dev/null +++ b/extraconfig/tasks/pacemaker_maintenance_mode.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -x + +# On initial deployment, the pacemaker service is disabled and is-active exits +# 3 in that case, so allow this to fail gracefully. +pacemaker_status=$(systemctl is-active pacemaker || :) + +if [ "$pacemaker_status" = "active" ]; then + pcs property set maintenance-mode=true +fi + +# We need to reload haproxy in case the certificate changed because +# puppet doesn't know the contents of the cert file. We shouldn't +# reload it if it wasn't already active (such as if using external +# loadbalancer or on initial deployment). +haproxy_status=$(systemctl is-active haproxy || :) +if [ "$haproxy_status" = "active" ]; then + systemctl reload haproxy +fi diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh index b2bdc55a..b2e5be16 100755 --- a/extraconfig/tasks/pacemaker_resource_restart.sh +++ b/extraconfig/tasks/pacemaker_resource_restart.sh @@ -8,7 +8,7 @@ pacemaker_status=$(systemctl is-active pacemaker) # and we're updating the deployment (not creating). if [ "$pacemaker_status" = "active" -a \ "$(hiera bootstrap_nodeid)" = "$(facter hostname)" -a \ - "$(hiera update_identifier)" != "nil" ]; then + "$(hiera stack_action)" = "UPDATE" ]; then #ensure neutron constraints like #https://review.openstack.org/#/c/245093/ @@ -18,8 +18,8 @@ if [ "$pacemaker_status" = "active" -a \ pcs resource disable httpd check_resource httpd stopped 300 - pcs resource disable openstack-keystone - check_resource openstack-keystone stopped 1800 + pcs resource disable openstack-core + check_resource openstack-core stopped 1800 if pcs status | grep haproxy-clone; then pcs resource restart haproxy-clone @@ -30,8 +30,8 @@ if [ "$pacemaker_status" = "active" -a \ pcs resource restart memcached-clone pcs resource restart galera-master - pcs resource enable openstack-keystone - check_resource openstack-keystone started 1800 + pcs resource enable openstack-core + check_resource openstack-core started 1800 pcs resource enable httpd check_resource httpd started 800 diff --git a/extraconfig/tasks/pre_puppet_pacemaker.yaml b/extraconfig/tasks/pre_puppet_pacemaker.yaml index 2cfe92a7..82546588 100644 --- a/extraconfig/tasks/pre_puppet_pacemaker.yaml +++ b/extraconfig/tasks/pre_puppet_pacemaker.yaml @@ -14,13 +14,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: script - config: | - #!/bin/bash - pacemaker_status=$(systemctl is-active pacemaker) - - if [ "$pacemaker_status" = "active" ]; then - pcs property set maintenance-mode=true - fi + config: + get_file: pacemaker_maintenance_mode.sh ControllerPrePuppetMaintenanceModeDeployment: type: OS::Heat::SoftwareDeployments diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index 59e4be45..b045e5ea 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -23,7 +23,7 @@ update_identifier=${update_identifier//[^a-zA-Z0-9-_]/} # seconds to wait for this node to rejoin the cluster after update cluster_start_timeout=600 -galera_sync_timeout=360 +galera_sync_timeout=1800 cluster_settle_timeout=1800 timestamp_file="$timestamp_dir/$update_identifier" @@ -43,100 +43,8 @@ if [[ "$list_updates" == "" ]]; then fi pacemaker_status=$(systemctl is-active pacemaker) -pacemaker_dumpfile=$(mktemp) if [[ "$pacemaker_status" == "active" ]] ; then -SERVICES="memcached -httpd -neutron-dhcp-agent -neutron-l3-agent -neutron-metadata-agent -neutron-openvswitch-agent -neutron-server -openstack-ceilometer-alarm-evaluator -openstack-ceilometer-alarm-notifier -openstack-ceilometer-api -openstack-ceilometer-central -openstack-ceilometer-collector -openstack-ceilometer-notification -openstack-cinder-api -openstack-cinder-scheduler -openstack-cinder-volume -openstack-glance-api -openstack-glance-registry -openstack-heat-api -openstack-heat-api-cfn -openstack-heat-api-cloudwatch -openstack-heat-engine -openstack-keystone -openstack-nova-api -openstack-nova-conductor -openstack-nova-consoleauth -openstack-nova-novncproxy -openstack-nova-scheduler" - - echo "Dumping Pacemaker config" - pcs cluster cib $pacemaker_dumpfile - - echo "Checking for missing constraints" - - if ! pcs constraint order show | grep "start openstack-nova-novncproxy-clone then start openstack-nova-api-clone"; then - pcs -f $pacemaker_dumpfile constraint order start openstack-nova-novncproxy-clone then openstack-nova-api-clone - fi - - if ! pcs constraint order show | grep "start rabbitmq-clone then start openstack-keystone-clone"; then - pcs -f $pacemaker_dumpfile constraint order start rabbitmq-clone then openstack-keystone-clone - fi - - if ! pcs constraint order show | grep "promote galera-master then start openstack-keystone-clone"; then - pcs -f $pacemaker_dumpfile constraint order promote galera-master then openstack-keystone-clone - fi - - if pcs resource | grep "haproxy-clone"; then - SERVICES="$SERVICES haproxy" - if ! pcs constraint order show | grep "start haproxy-clone then start openstack-keystone-clone"; then - pcs -f $pacemaker_dumpfile constraint order start haproxy-clone then openstack-keystone-clone - fi - fi - - if ! pcs constraint order show | grep "start memcached-clone then start openstack-keystone-clone"; then - pcs -f $pacemaker_dumpfile constraint order start memcached-clone then openstack-keystone-clone - fi - - if ! pcs constraint order show | grep "promote redis-master then start openstack-ceilometer-central-clone"; then - pcs -f $pacemaker_dumpfile constraint order promote redis-master then start openstack-ceilometer-central-clone require-all=false - fi - - # ensure neutron constraints https://review.openstack.org/#/c/229466 - # remove ovs-cleanup after server and add openvswitch-agent instead - if pcs constraint order show | grep "start neutron-server-clone then start neutron-ovs-cleanup-clone"; then - pcs -f $pacemaker_dumpfile constraint remove order-neutron-server-clone-neutron-ovs-cleanup-clone-mandatory - fi - if ! pcs constraint order show | grep "start neutron-server-clone then start neutron-openvswitch-agent-clone"; then - pcs -f $pacemaker_dumpfile constraint order start neutron-server-clone then neutron-openvswitch-agent-clone - fi - - - if ! pcs resource defaults | grep "resource-stickiness: INFINITY"; then - pcs -f $pacemaker_dumpfile resource defaults resource-stickiness=INFINITY - fi - - echo "Setting resource start/stop timeouts" - for service in $SERVICES; do - pcs -f $pacemaker_dumpfile resource update $service op start timeout=200s op stop timeout=200s - done - # mongod start timeout is higher, setting only stop timeout - pcs -f $pacemaker_dumpfile resource update mongod op start timeout=370s op stop timeout=200s - - echo "Making sure rabbitmq has the notify=true meta parameter" - pcs -f $pacemaker_dumpfile resource update rabbitmq meta notify=true - - echo "Applying new Pacemaker config" - if ! pcs cluster cib-push $pacemaker_dumpfile; then - echo "ERROR failed to apply new pacemaker config" - exit 1 - fi - echo "Pacemaker running, stopping cluster node and doing full package update" node_count=$(pcs status xml | grep -o "<nodes_configured.*/>" | grep -o 'number="[0-9]*"' | grep -o "[0-9]*") if [[ "$node_count" == "1" ]] ; then @@ -145,13 +53,6 @@ openstack-nova-scheduler" else pcs cluster stop fi - - # clean leftover keepalived and radvd instances from neutron - # (can be removed when we remove neutron-netns-cleanup from cluster services) - # see https://review.gerrithub.io/#/c/248931/1/neutron-netns-cleanup.init - killall neutron-keepalived-state-change 2>/dev/null || : - kill $(ps ax | grep -e "keepalived.*\.pid-vrrp" | awk '{print $1}') 2>/dev/null || : - kill $(ps ax | grep -e "radvd.*\.pid\.radvd" | awk '{print $1}') 2>/dev/null || : else echo "Upgrading openstack-puppet-modules" yum -q -y update openstack-puppet-modules diff --git a/net-config-bond.yaml b/net-config-bond.yaml index b624563f..0a162e77 100644 --- a/net-config-bond.yaml +++ b/net-config-bond.yaml @@ -4,6 +4,11 @@ description: > Software Config to drive os-net-config with 2 bonded nics on a bridge. parameters: + BondInterfaceOvsOptions: + default: '' + description: The ovs_options string for the bond interface. Set things like + lacp=active and/or bond_mode=balance-slb using this option. + type: string ControlPlaneIp: default: '' description: IP address/subnet on the ctlplane network @@ -58,6 +63,7 @@ resources: type: ovs_bond name: bond1 use_dhcp: true + ovs_options: {get_param: BondInterfaceOvsOptions} members: # os-net-config translates nic1 => em1 (for example) - diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml index 375d40be..d9532439 100644 --- a/network/config/bond-with-vlans/controller-no-external.yaml +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -5,6 +5,10 @@ description: > with VLANs attached for the controller role. parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string ExternalIpSubnet: default: '' description: IP address/subnet on the external network @@ -62,6 +66,18 @@ parameters: default: '10.0.0.1' description: default route for the external network type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + resources: OsNetConfigImpl: @@ -72,6 +88,21 @@ resources: os_net_config: network_config: - + type: interface + name: nic1 + use_dhcp: false + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + - type: ovs_bridge name: {get_input: bridge_name} use_dhcp: true diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 7a0bbf4a..f88a68f4 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -1,6 +1,15 @@ # Data in this file is used to generate the endpoint_map.yaml template. # Run the script build_endpoint_map.py to regenerate the file. +Aodh: + Internal: + vip_param: AodhApi + Public: + vip_param: Public + Admin: + vip_param: AodhApi + port: 8042 + Ceilometer: Internal: vip_param: CeilometerApi @@ -10,6 +19,15 @@ Ceilometer: vip_param: CeilometerApi port: 8777 +Gnocchi: + Internal: + vip_param: GnocchiApi + Public: + vip_param: Public + Admin: + vip_param: GnocchiApi + port: 8041 + Cinder: Internal: vip_param: CinderApi @@ -40,10 +58,6 @@ Glance: GlanceRegistry: Internal: vip_param: GlanceRegistry - Public: - vip_param: Public - Admin: - vip_param: GlanceRegistry port: 9191 Mysql: @@ -72,40 +86,27 @@ Horizon: '': /dashboard port: 80 +# TODO(ayoung): V3 is a temporary fix. Endpoints should be versionless. +# Required for https://bugs.launchpad.net/puppet-nova/+bug/1542486 Keystone: Internal: vip_param: KeystonePublicApi uri_suffixes: '': /v2.0 EC2: /v2.0/ec2tokens + V3: /v3 names: EC2: KeystoneEC2 Public: vip_param: Public uri_suffixes: '': /v2.0 + V3: /v3 Admin: vip_param: KeystoneAdminApi uri_suffixes: '': /v2.0 - port: 35357 - port: 5000 - -# TODO(ayoung): V3 is a temporary fix. Endpoints should be versionless. -# Required for https://bugs.launchpad.net/puppet-nova/+bug/1542486 -KeystoneV3: - Internal: - vip_param: KeystonePublicApi - uri_suffixes: - '': /v3 - Public: - vip_param: Public - uri_suffixes: - '': /v3 - Admin: - vip_param: KeystoneAdminApi - uri_suffixes: - '': /v3 + V3: /v3 port: 35357 port: 5000 @@ -123,17 +124,14 @@ Nova: vip_param: NovaApi uri_suffixes: '': /v2.1/%(tenant_id)s - V3: /v3 Public: vip_param: Public uri_suffixes: '': /v2.1/%(tenant_id)s - V3: /v3 Admin: vip_param: NovaApi uri_suffixes: '': /v2.1/%(tenant_id)s - V3: /v3 port: 8774 NovaEC2: @@ -184,7 +182,7 @@ Sahara: uri_suffixes: '': /v1.1/%(tenant_id)s Public: - vip_param: SaharaApi + vip_param: Public uri_suffixes: '': /v1.1/%(tenant_id)s Admin: diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index a31094a1..1bd35a7c 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -8,10 +8,12 @@ description: A map of OpenStack endpoints. Since the endpoints are URLs, parameters come from net_ip_uri_map, which will include these brackets in IPv6 addresses. parameters: + AodhApiVirtualIP: {type: string, default: ''} CeilometerApiVirtualIP: {type: string, default: ''} CinderApiVirtualIP: {type: string, default: ''} GlanceApiVirtualIP: {type: string, default: ''} GlanceRegistryVirtualIP: {type: string, default: ''} + GnocchiApiVirtualIP: {type: string, default: ''} HeatApiVirtualIP: {type: string, default: ''} KeystoneAdminApiVirtualIP: {type: string, default: ''} KeystonePublicApiVirtualIP: {type: string, default: ''} @@ -24,6 +26,9 @@ parameters: EndpointMap: type: json default: + AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS} + AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS} + AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS} CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS} @@ -33,9 +38,10 @@ parameters: GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} - GlanceRegistryAdmin: {protocol: http, port: '9191', host: IP_ADDRESS} GlanceRegistryInternal: {protocol: http, port: '9191', host: IP_ADDRESS} - GlanceRegistryPublic: {protocol: http, port: '9191', host: IP_ADDRESS} + GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} + GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} + GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS} HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS} HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS} HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS} @@ -43,9 +49,6 @@ parameters: KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} - KeystoneV3Admin: {protocol: http, port: '35357', host: IP_ADDRESS} - KeystoneV3Internal: {protocol: http, port: '5000', host: IP_ADDRESS} - KeystoneV3Public: {protocol: http, port: '5000', host: IP_ADDRESS} NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS} @@ -71,6 +74,120 @@ parameters: outputs: endpoint_map: value: + AodhAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, AodhAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: AodhApiVirtualIP} + port: + get_param: [EndpointMap, AodhAdmin, port] + protocol: + get_param: [EndpointMap, AodhAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, AodhAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, AodhAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: AodhApiVirtualIP} + - ':' + - get_param: [EndpointMap, AodhAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, AodhAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, AodhAdmin, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: AodhApiVirtualIP} + - ':' + - get_param: [EndpointMap, AodhAdmin, port] + AodhInternal: + host: + str_replace: + template: + get_param: [EndpointMap, AodhInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: AodhApiVirtualIP} + port: + get_param: [EndpointMap, AodhInternal, port] + protocol: + get_param: [EndpointMap, AodhInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, AodhInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, AodhInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: AodhApiVirtualIP} + - ':' + - get_param: [EndpointMap, AodhInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, AodhInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, AodhInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: AodhApiVirtualIP} + - ':' + - get_param: [EndpointMap, AodhInternal, port] + AodhPublic: + host: + str_replace: + template: + get_param: [EndpointMap, AodhPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + port: + get_param: [EndpointMap, AodhPublic, port] + protocol: + get_param: [EndpointMap, AodhPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, AodhPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, AodhPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + - ':' + - get_param: [EndpointMap, AodhPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, AodhPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, AodhPublic, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: PublicVirtualIP} + - ':' + - get_param: [EndpointMap, AodhPublic, port] CeilometerAdmin: host: str_replace: @@ -533,120 +650,158 @@ outputs: IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - get_param: [EndpointMap, GlancePublic, port] - GlanceRegistryAdmin: + GlanceRegistryInternal: host: str_replace: template: - get_param: [EndpointMap, GlanceRegistryAdmin, host] + get_param: [EndpointMap, GlanceRegistryInternal, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: GlanceRegistryVirtualIP} port: - get_param: [EndpointMap, GlanceRegistryAdmin, port] + get_param: [EndpointMap, GlanceRegistryInternal, port] protocol: - get_param: [EndpointMap, GlanceRegistryAdmin, protocol] + get_param: [EndpointMap, GlanceRegistryInternal, protocol] uri: list_join: - '' - - - get_param: [EndpointMap, GlanceRegistryAdmin, protocol] + - - get_param: [EndpointMap, GlanceRegistryInternal, protocol] - :// - str_replace: template: - get_param: [EndpointMap, GlanceRegistryAdmin, host] + get_param: [EndpointMap, GlanceRegistryInternal, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: GlanceRegistryVirtualIP} - ':' - - get_param: [EndpointMap, GlanceRegistryAdmin, port] + - get_param: [EndpointMap, GlanceRegistryInternal, port] uri_no_suffix: list_join: - '' - - - get_param: [EndpointMap, GlanceRegistryAdmin, protocol] + - - get_param: [EndpointMap, GlanceRegistryInternal, protocol] - :// - str_replace: template: - get_param: [EndpointMap, GlanceRegistryAdmin, host] + get_param: [EndpointMap, GlanceRegistryInternal, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: GlanceRegistryVirtualIP} - ':' - - get_param: [EndpointMap, GlanceRegistryAdmin, port] - GlanceRegistryInternal: + - get_param: [EndpointMap, GlanceRegistryInternal, port] + GnocchiAdmin: host: str_replace: template: - get_param: [EndpointMap, GlanceRegistryInternal, host] + get_param: [EndpointMap, GnocchiAdmin, host] params: CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceRegistryVirtualIP} + IP_ADDRESS: {get_param: GnocchiApiVirtualIP} port: - get_param: [EndpointMap, GlanceRegistryInternal, port] + get_param: [EndpointMap, GnocchiAdmin, port] protocol: - get_param: [EndpointMap, GlanceRegistryInternal, protocol] + get_param: [EndpointMap, GnocchiAdmin, protocol] uri: list_join: - '' - - - get_param: [EndpointMap, GlanceRegistryInternal, protocol] + - - get_param: [EndpointMap, GnocchiAdmin, protocol] - :// - str_replace: template: - get_param: [EndpointMap, GlanceRegistryInternal, host] + get_param: [EndpointMap, GnocchiAdmin, host] params: CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceRegistryVirtualIP} + IP_ADDRESS: {get_param: GnocchiApiVirtualIP} - ':' - - get_param: [EndpointMap, GlanceRegistryInternal, port] + - get_param: [EndpointMap, GnocchiAdmin, port] uri_no_suffix: list_join: - '' - - - get_param: [EndpointMap, GlanceRegistryInternal, protocol] + - - get_param: [EndpointMap, GnocchiAdmin, protocol] - :// - str_replace: template: - get_param: [EndpointMap, GlanceRegistryInternal, host] + get_param: [EndpointMap, GnocchiAdmin, host] params: CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceRegistryVirtualIP} + IP_ADDRESS: {get_param: GnocchiApiVirtualIP} - ':' - - get_param: [EndpointMap, GlanceRegistryInternal, port] - GlanceRegistryPublic: + - get_param: [EndpointMap, GnocchiAdmin, port] + GnocchiInternal: + host: + str_replace: + template: + get_param: [EndpointMap, GnocchiInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: GnocchiApiVirtualIP} + port: + get_param: [EndpointMap, GnocchiInternal, port] + protocol: + get_param: [EndpointMap, GnocchiInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, GnocchiInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, GnocchiInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: GnocchiApiVirtualIP} + - ':' + - get_param: [EndpointMap, GnocchiInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, GnocchiInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, GnocchiInternal, host] + params: + CLOUDNAME: {get_param: CloudName} + IP_ADDRESS: {get_param: GnocchiApiVirtualIP} + - ':' + - get_param: [EndpointMap, GnocchiInternal, port] + GnocchiPublic: host: str_replace: template: - get_param: [EndpointMap, GlanceRegistryPublic, host] + get_param: [EndpointMap, GnocchiPublic, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: PublicVirtualIP} port: - get_param: [EndpointMap, GlanceRegistryPublic, port] + get_param: [EndpointMap, GnocchiPublic, port] protocol: - get_param: [EndpointMap, GlanceRegistryPublic, protocol] + get_param: [EndpointMap, GnocchiPublic, protocol] uri: list_join: - '' - - - get_param: [EndpointMap, GlanceRegistryPublic, protocol] + - - get_param: [EndpointMap, GnocchiPublic, protocol] - :// - str_replace: template: - get_param: [EndpointMap, GlanceRegistryPublic, host] + get_param: [EndpointMap, GnocchiPublic, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - - get_param: [EndpointMap, GlanceRegistryPublic, port] + - get_param: [EndpointMap, GnocchiPublic, port] uri_no_suffix: list_join: - '' - - - get_param: [EndpointMap, GlanceRegistryPublic, protocol] + - - get_param: [EndpointMap, GnocchiPublic, protocol] - :// - str_replace: template: - get_param: [EndpointMap, GlanceRegistryPublic, host] + get_param: [EndpointMap, GnocchiPublic, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - - get_param: [EndpointMap, GlanceRegistryPublic, port] + - get_param: [EndpointMap, GnocchiPublic, port] HeatAdmin: host: str_replace: @@ -963,119 +1118,119 @@ outputs: host: str_replace: template: - get_param: [EndpointMap, KeystoneV3Admin, host] + get_param: [EndpointMap, KeystoneAdmin, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP} port: - get_param: [EndpointMap, KeystoneV3Admin, port] + get_param: [EndpointMap, KeystoneAdmin, port] protocol: - get_param: [EndpointMap, KeystoneV3Admin, protocol] + get_param: [EndpointMap, KeystoneAdmin, protocol] uri: list_join: - '' - - - get_param: [EndpointMap, KeystoneV3Admin, protocol] + - - get_param: [EndpointMap, KeystoneAdmin, protocol] - :// - str_replace: template: - get_param: [EndpointMap, KeystoneV3Admin, host] + get_param: [EndpointMap, KeystoneAdmin, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP} - ':' - - get_param: [EndpointMap, KeystoneV3Admin, port] + - get_param: [EndpointMap, KeystoneAdmin, port] - /v3 uri_no_suffix: list_join: - '' - - - get_param: [EndpointMap, KeystoneV3Admin, protocol] + - - get_param: [EndpointMap, KeystoneAdmin, protocol] - :// - str_replace: template: - get_param: [EndpointMap, KeystoneV3Admin, host] + get_param: [EndpointMap, KeystoneAdmin, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP} - ':' - - get_param: [EndpointMap, KeystoneV3Admin, port] + - get_param: [EndpointMap, KeystoneAdmin, port] KeystoneV3Internal: host: str_replace: template: - get_param: [EndpointMap, KeystoneV3Internal, host] + get_param: [EndpointMap, KeystoneInternal, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} port: - get_param: [EndpointMap, KeystoneV3Internal, port] + get_param: [EndpointMap, KeystoneInternal, port] protocol: - get_param: [EndpointMap, KeystoneV3Internal, protocol] + get_param: [EndpointMap, KeystoneInternal, protocol] uri: list_join: - '' - - - get_param: [EndpointMap, KeystoneV3Internal, protocol] + - - get_param: [EndpointMap, KeystoneInternal, protocol] - :// - str_replace: template: - get_param: [EndpointMap, KeystoneV3Internal, host] + get_param: [EndpointMap, KeystoneInternal, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} - ':' - - get_param: [EndpointMap, KeystoneV3Internal, port] + - get_param: [EndpointMap, KeystoneInternal, port] - /v3 uri_no_suffix: list_join: - '' - - - get_param: [EndpointMap, KeystoneV3Internal, protocol] + - - get_param: [EndpointMap, KeystoneInternal, protocol] - :// - str_replace: template: - get_param: [EndpointMap, KeystoneV3Internal, host] + get_param: [EndpointMap, KeystoneInternal, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} - ':' - - get_param: [EndpointMap, KeystoneV3Internal, port] + - get_param: [EndpointMap, KeystoneInternal, port] KeystoneV3Public: host: str_replace: template: - get_param: [EndpointMap, KeystoneV3Public, host] + get_param: [EndpointMap, KeystonePublic, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: PublicVirtualIP} port: - get_param: [EndpointMap, KeystoneV3Public, port] + get_param: [EndpointMap, KeystonePublic, port] protocol: - get_param: [EndpointMap, KeystoneV3Public, protocol] + get_param: [EndpointMap, KeystonePublic, protocol] uri: list_join: - '' - - - get_param: [EndpointMap, KeystoneV3Public, protocol] + - - get_param: [EndpointMap, KeystonePublic, protocol] - :// - str_replace: template: - get_param: [EndpointMap, KeystoneV3Public, host] + get_param: [EndpointMap, KeystonePublic, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - - get_param: [EndpointMap, KeystoneV3Public, port] + - get_param: [EndpointMap, KeystonePublic, port] - /v3 uri_no_suffix: list_join: - '' - - - get_param: [EndpointMap, KeystoneV3Public, protocol] + - - get_param: [EndpointMap, KeystonePublic, protocol] - :// - str_replace: template: - get_param: [EndpointMap, KeystoneV3Public, host] + get_param: [EndpointMap, KeystonePublic, host] params: CLOUDNAME: {get_param: CloudName} IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - - get_param: [EndpointMap, KeystoneV3Public, port] + - get_param: [EndpointMap, KeystonePublic, port] NeutronAdmin: host: str_replace: @@ -1307,123 +1462,6 @@ outputs: IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - get_param: [EndpointMap, NovaPublic, port] - NovaV3Admin: - host: - str_replace: - template: - get_param: [EndpointMap, NovaAdmin, host] - params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} - port: - get_param: [EndpointMap, NovaAdmin, port] - protocol: - get_param: [EndpointMap, NovaAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, NovaAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, NovaAdmin, host] - params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} - - ':' - - get_param: [EndpointMap, NovaAdmin, port] - - /v3 - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, NovaAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, NovaAdmin, host] - params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} - - ':' - - get_param: [EndpointMap, NovaAdmin, port] - NovaV3Internal: - host: - str_replace: - template: - get_param: [EndpointMap, NovaInternal, host] - params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} - port: - get_param: [EndpointMap, NovaInternal, port] - protocol: - get_param: [EndpointMap, NovaInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, NovaInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, NovaInternal, host] - params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} - - ':' - - get_param: [EndpointMap, NovaInternal, port] - - /v3 - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, NovaInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, NovaInternal, host] - params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} - - ':' - - get_param: [EndpointMap, NovaInternal, port] - NovaV3Public: - host: - str_replace: - template: - get_param: [EndpointMap, NovaPublic, host] - params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} - port: - get_param: [EndpointMap, NovaPublic, port] - protocol: - get_param: [EndpointMap, NovaPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, NovaPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, NovaPublic, host] - params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} - - ':' - - get_param: [EndpointMap, NovaPublic, port] - - /v3 - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, NovaPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, NovaPublic, host] - params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} - - ':' - - get_param: [EndpointMap, NovaPublic, port] NovaEC2Admin: host: str_replace: @@ -1740,7 +1778,7 @@ outputs: get_param: [EndpointMap, SaharaPublic, host] params: CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + IP_ADDRESS: {get_param: PublicVirtualIP} port: get_param: [EndpointMap, SaharaPublic, port] protocol: @@ -1755,7 +1793,7 @@ outputs: get_param: [EndpointMap, SaharaPublic, host] params: CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - get_param: [EndpointMap, SaharaPublic, port] - /v1.1/%(tenant_id)s @@ -1769,7 +1807,7 @@ outputs: get_param: [EndpointMap, SaharaPublic, host] params: CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + IP_ADDRESS: {get_param: PublicVirtualIP} - ':' - get_param: [EndpointMap, SaharaPublic, port] SwiftAdmin: diff --git a/network/management.yaml b/network/management.yaml index 9bfaafa2..6878bac4 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -13,10 +13,10 @@ parameters: ManagementNetValueSpecs: default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'} description: Value specs for the management network. - type: string + type: json ManagementNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean ManagementNetEnableDHCP: default: false diff --git a/network/noop.yaml b/network/noop.yaml deleted file mode 100644 index 0963d2ce..00000000 --- a/network/noop.yaml +++ /dev/null @@ -1,3 +0,0 @@ -heat_template_version: 2015-04-30 - -description: A stack which creates no network(s). diff --git a/network/ports/external_from_pool.yaml b/network/ports/external_from_pool.yaml index 98f2aa35..867176e3 100644 --- a/network/ports/external_from_pool.yaml +++ b/network/ports/external_from_pool.yaml @@ -12,7 +12,7 @@ parameters: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml index bf0c036d..baa544e7 100644 --- a/network/ports/external_from_pool_v6.yaml +++ b/network/ports/external_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs. This version is for IPv6 @@ -43,12 +43,10 @@ outputs: - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the external network IP value: list_join: - '' - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - '/' - - {get_param: [ExternalNetCidr, -2]} - - {get_param: [ExternalNetCidr, -1]} + - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/external_v6.yaml b/network/ports/external_v6.yaml index 522caaa0..bfe2686f 100644 --- a/network/ports/external_v6.yaml +++ b/network/ports/external_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port on the external network. The IP address will be chosen @@ -57,12 +57,10 @@ outputs: - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the external network IP value: list_join: - '' - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [ExternalPort, subnets, 0, cidr, -2]} - - {get_attr: [ExternalPort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/from_service.yaml b/network/ports/from_service.yaml index 359d77a7..3d61910e 100644 --- a/network/ports/from_service.yaml +++ b/network/ports/from_service.yaml @@ -8,19 +8,19 @@ parameters: description: Name of the service to lookup default: '' type: string - NetworkName: # Here for compatability with ctlplane_vip.yaml + NetworkName: # Here for compatibility with ctlplane_vip.yaml description: Name of the network where the VIP will be created default: ctlplane type: string - PortName: # Here for compatability with ctlplane_vip.yaml + PortName: # Here for compatibility with ctlplane_vip.yaml description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with ctlplane_vip.yaml + ControlPlaneIP: # Here for compatibility with ctlplane_vip.yaml description: IP address on the control plane default: '' type: string - ControlPlaneNetwork: # Here for compatability with ctlplane_vip.yaml + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml description: The name of the undercloud Neutron control plane default: ctlplane type: string diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml index c7b04847..d7b67e26 100644 --- a/network/ports/internal_api_from_pool.yaml +++ b/network/ports/internal_api_from_pool.yaml @@ -12,7 +12,7 @@ parameters: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml index 34c17ab2..8d0a91b6 100644 --- a/network/ports/internal_api_from_pool_v6.yaml +++ b/network/ports/internal_api_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs. This version is for IPv6 @@ -43,12 +43,10 @@ outputs: - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the internal API network IP value: list_join: - '' - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - '/' - - {get_param: [InternalApiNetCidr, -2]} - - {get_param: [InternalApiNetCidr, -1]} + - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml index 279e6bd0..14738b33 100644 --- a/network/ports/internal_api_v6.yaml +++ b/network/ports/internal_api_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port on the internal_api network. @@ -52,12 +52,10 @@ outputs: - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the internal API network IP value: list_join: - '' - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [InternalApiPort, subnets, 0, cidr, -2]} - - {get_attr: [InternalApiPort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_from_pool.yaml b/network/ports/storage_from_pool.yaml index dfc9e752..0a3d394c 100644 --- a/network/ports/storage_from_pool.yaml +++ b/network/ports/storage_from_pool.yaml @@ -12,7 +12,7 @@ parameters: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml index 966d96ae..328f8385 100644 --- a/network/ports/storage_from_pool_v6.yaml +++ b/network/ports/storage_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs. This version is for IPv6 @@ -43,12 +43,10 @@ outputs: - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the storage network IP value: list_join: - '' - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - '/' - - {get_param: [StorageNetCidr, -2]} - - {get_param: [StorageNetCidr, -1]} + - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml index 9c757a6e..c3f0f4e2 100644 --- a/network/ports/storage_mgmt_from_pool.yaml +++ b/network/ports/storage_mgmt_from_pool.yaml @@ -12,7 +12,7 @@ parameters: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml index 890da75c..50470c92 100644 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ b/network/ports/storage_mgmt_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs This version is for IPv6 @@ -43,12 +43,10 @@ outputs: - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the storage MGMT network IP value: list_join: - '' - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - '/' - - {get_param: [StorageMgmtNetCidr, -2]} - - {get_param: [StorageMgmtNetCidr, -1]} + - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml index 61956be2..9db66964 100644 --- a/network/ports/storage_mgmt_v6.yaml +++ b/network/ports/storage_mgmt_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port on the storage_mgmt API network. @@ -52,12 +52,10 @@ outputs: - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the storage_mgmt network IP value: list_join: - '' - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [StorageMgmtPort, subnets, 0, cidr, -2]} - - {get_attr: [StorageMgmtPort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_v6.yaml b/network/ports/storage_v6.yaml index 13b62276..adf3595a 100644 --- a/network/ports/storage_v6.yaml +++ b/network/ports/storage_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port on the storage network. @@ -52,12 +52,10 @@ outputs: - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the storage network IP value: list_join: - '' - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [StoragePort, subnets, 0, cidr, -2]} - - {get_attr: [StoragePort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/tenant_from_pool.yaml b/network/ports/tenant_from_pool.yaml index d5f3156e..d5fd7080 100644 --- a/network/ports/tenant_from_pool.yaml +++ b/network/ports/tenant_from_pool.yaml @@ -12,7 +12,7 @@ parameters: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml index b2bcd426..bbe6f736 100644 --- a/network/ports/tenant_from_pool_v6.yaml +++ b/network/ports/tenant_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Returns an IP from a network mapped list of IPs @@ -42,12 +42,10 @@ outputs: - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the tenant network IP value: list_join: - '' - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - '/' - - {get_param: [TenantNetCidr, -2]} - - {get_param: [TenantNetCidr, -1]} + - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/tenant_v6.yaml b/network/ports/tenant_v6.yaml index 6ca37549..21ba1efa 100644 --- a/network/ports/tenant_v6.yaml +++ b/network/ports/tenant_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port on the tenant network. @@ -52,12 +52,10 @@ outputs: - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the tenant network IP value: list_join: - '' - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [TenantPort, subnets, 0, cidr, -2]} - - {get_attr: [TenantPort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/vip_v6.yaml b/network/ports/vip_v6.yaml index de927094..498e5d69 100644 --- a/network/ports/vip_v6.yaml +++ b/network/ports/vip_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 description: > Creates a port for a VIP on the isolated network NetworkName. @@ -54,12 +54,10 @@ outputs: - {get_attr: [VipPort, fixed_ips, 0, ip_address]} - ']' ip_subnet: - # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?) description: IP/Subnet CIDR for the network associated with this IP value: list_join: - '' - - {get_attr: [VipPort, fixed_ips, 0, ip_address]} - '/' - - {get_attr: [VipPort, subnets, 0, cidr, -2]} - - {get_attr: [VipPort, subnets, 0, cidr, -1]} + - {str_split: ['/', {get_attr: [VipPort, subnets, 0, cidr]}, 1]} diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 54074d12..eb967f1b 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -23,10 +23,10 @@ resource_registry: OS::TripleO::BootstrapNode::SoftwareConfig: puppet/bootstrap-config.yaml # Tasks (for internal TripleO usage) - OS::TripleO::Tasks::UpdateWorkflow: extraconfig/tasks/noop.yaml + OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml - OS::TripleO::Tasks::ControllerPrePuppet: extraconfig/tasks/noop.yaml - OS::TripleO::Tasks::ControllerPostPuppet: extraconfig/tasks/noop.yaml + OS::TripleO::Tasks::ControllerPrePuppet: OS::Heat::None + OS::TripleO::Tasks::ControllerPostPuppet: OS::Heat::None # This creates the "heat-admin" user for all OS images by default # To disable, replace with firstboot/userdata_default.yaml @@ -56,13 +56,12 @@ resource_registry: OS::TripleO::Network: network/networks.yaml OS::TripleO::VipConfig: puppet/vip-config.yaml - - OS::TripleO::Network::External: network/noop.yaml - OS::TripleO::Network::InternalApi: network/noop.yaml - OS::TripleO::Network::StorageMgmt: network/noop.yaml - OS::TripleO::Network::Storage: network/noop.yaml - OS::TripleO::Network::Tenant: network/noop.yaml - OS::TripleO::Network::Management: network/noop.yaml + OS::TripleO::Network::External: OS::Heat::None + OS::TripleO::Network::InternalApi: OS::Heat::None + OS::TripleO::Network::StorageMgmt: OS::Heat::None + OS::TripleO::Network::Storage: OS::Heat::None + OS::TripleO::Network::Tenant: OS::Heat::None + OS::TripleO::Network::Management: OS::Heat::None OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml @@ -122,6 +121,13 @@ resource_registry: # validation resources OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml + # services + OS::TripleO::Services: puppet/services/services.yaml + OS::TripleO::Services::Keystone: puppet/services/keystone.yaml + OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml + OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml + OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml + parameter_defaults: EnablePackageInstall: false SoftwareConfigTransport: POLL_TEMP_URL diff --git a/overcloud.yaml b/overcloud.yaml index cceb2018..cf20b512 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-04-08 description: > Deploy an OpenStack environment, consisting of several node types (roles), @@ -16,6 +16,10 @@ parameters: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true + AodhPassword: + description: The password for the aodh services. + type: string + hidden: true CeilometerBackend: default: 'mongodb' description: The ceilometer backend type. @@ -28,6 +32,12 @@ parameters: description: The password for the ceilometer service account. type: string hidden: true + CeilometerMeterDispatcher: + default: 'database' + description: Dispatcher to process meter data + type: string + constraints: + - allowed_values: ['gnocchi', 'database'] # This has to be an UUID so for now we generate it outside the template CephClusterFSID: default: '' @@ -104,6 +114,10 @@ parameters: type: string constraints: - custom_constraint: nova.keypair + MemcachedIPv6: + default: false + description: Enable IPv6 features in Memcached. + type: boolean NeutronExternalNetworkBridge: description: Name of bridge used for external network traffic. type: string @@ -122,10 +136,6 @@ parameters: default: 'ctlplane' type: string description: Neutron ID or name for ctlplane network. - NeutronEnableIsolatedMetadata: - default: 'False' - description: If True, DHCP provide metadata route to VM. - type: string NeutronEnableTunnelling: type: string default: "True" @@ -244,10 +254,6 @@ parameters: default: 'False' description: Whether to enable l3-agent HA type: string - NeutronDhcpAgentsPerNetwork: - type: number - default: 1 - description: The number of neutron dhcp agents to schedule per network NovaIPv6: default: false description: Enable IPv6 features in Nova @@ -278,13 +284,11 @@ parameters: type: string default: unset description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - # FIXME: 'guest' is provisioned in RabbitMQ by default, we should create a user if these are changed RabbitUserName: default: guest description: The username for RabbitMQ type: string RabbitPassword: - default: guest description: The password for RabbitMQ type: string hidden: true @@ -307,6 +311,10 @@ parameters: default: false description: Enable IPv6 in RabbitMQ type: boolean + RedisPassword: + description: The password for Redis + type: string + hidden: true SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -345,10 +353,6 @@ parameters: type: json # Controller-specific params - AdminToken: - description: The keystone auth secret. - type: string - hidden: true CinderLVMLoopDeviceSize: default: 10280 description: The size of the loopback file used by the cinder LVM driver. @@ -381,8 +385,7 @@ parameters: controllerExtraConfig: default: {} description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. + Deprecated. Use ControllerExtraConfig via parameter_defaults instead. type: json controllerImage: type: string @@ -458,69 +461,33 @@ parameters: ] } type: json - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlancePassword: - description: The password for the glance service account, used by the glance services. - type: string - hidden: true - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one + GnocchiBackend: + default: file + description: The short name of the Gnocchi backend to use. Should be one of swift, rbd or file type: string constraints: - allowed_values: ['swift', 'file', 'rbd'] + GnocchiIndexerBackend: + default: 'mysql' + description: The short name of the Gnocchi indexer backend to use. + type: string + GnocchiPassword: + description: The password for the gnocchi service account. + type: string + hidden: true HeatPassword: description: The password for the Heat service account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + description: Password for heat_stack_domain_admin user. type: string hidden: true InstanceNameTemplate: default: 'instance-%08x' description: Template string to be used to generate instance names type: string - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneNotificationDriver: - description: Comma-separated list of Oslo notification drivers used by Keystone - default: ['messaging'] - type: comma_delimited_list - KeystoneNotificationFormat: - description: The Keystone notification format - default: 'basic' - type: string - constraints: - - allowed_values: [ 'basic', 'cadf' ] ManageFirewall: default: false description: Whether to manage IPtables rules. @@ -540,13 +507,6 @@ parameters: description: Configures MySQL max_connections config setting type: number default: 4096 - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,%MTU%' - description: > - Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU - to be set to the value of NeutronTenantMtu, which should be set to account - for tunnel overhead. - type: string NeutronPublicInterfaceDefaultRoute: default: '' description: A custom default route for the NeutronPublicInterface. @@ -669,6 +629,8 @@ parameters: default: NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api + AodhApiNetwork: internal_api + GnocchiApiNetwork: internal_api MongoDbNetwork: internal_api CinderApiNetwork: internal_api CinderIscsiNetwork: storage @@ -700,6 +662,17 @@ parameters: via parameter_defaults in the resource registry. type: json + ControllerServices: + default: + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::NeutronDhcpAgent + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the Controllers. + type: comma_delimited_list + # Block storage specific parameters BlockStorageCount: type: number @@ -847,6 +820,12 @@ parameters: List of resources to be removed from CephStorageResourceGroup when doing an update which requires removal of specific resources. +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - controllerExtraConfig + resources: @@ -868,9 +847,11 @@ resources: properties: CloudName: {get_param: CloudName} CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + AodhApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} CinderApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} + GnocchiApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} HeatApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} @@ -881,6 +862,13 @@ resources: SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} PublicVirtualIP: {get_attr: [VipMap, net_ip_uri_map, external]} + ControllerServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: ControllerServices} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + MysqlVirtualIPUri: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + Controller: type: OS::Heat::ResourceGroup depends_on: Networks @@ -891,10 +879,11 @@ resources: type: OS::TripleO::Controller properties: AdminPassword: {get_param: AdminPassword} - AdminToken: {get_param: AdminToken} + AodhPassword: {get_param: AodhPassword} CeilometerBackend: {get_param: CeilometerBackend} CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} CeilometerPassword: {get_param: CeilometerPassword} + CeilometerMeterDispatcher: {get_param: CeilometerMeterDispatcher} CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} CinderNfsMountOptions: {get_param: CinderNfsMountOptions} CinderNfsServers: {get_param: CinderNfsServers} @@ -905,7 +894,7 @@ resources: CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} CloudDomain: {get_param: CloudDomain} ControlVirtualInterface: {get_param: ControlVirtualInterface} - ControllerExtraConfig: {get_param: controllerExtraConfig} + controllerExtraConfig: {get_param: controllerExtraConfig} CorosyncIPv6: {get_param: CorosyncIPv6} Debug: {get_param: Debug} EnableFencing: {get_param: EnableFencing} @@ -917,10 +906,9 @@ resources: ExtraConfig: {get_param: ExtraConfig} FencingConfig: {get_param: FencingConfig} Flavor: {get_param: OvercloudControlFlavor} - GlancePassword: {get_param: GlancePassword} - GlanceBackend: {get_param: GlanceBackend} - GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy} - GlanceLogFile: {get_param: GlanceLogFile} + GnocchiPassword: {get_param: GnocchiPassword} + GnocchiBackend: {get_param: GnocchiBackend} + GnocchiIndexerBackend: {get_param: GnocchiIndexerBackend} HAProxySyslogAddress: {get_param: HAProxySyslogAddress} HeatPassword: {get_param: HeatPassword} HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword} @@ -931,13 +919,7 @@ resources: ImageUpdatePolicy: {get_param: ImageUpdatePolicy} InstanceNameTemplate: {get_param: InstanceNameTemplate} KeyName: {get_param: KeyName} - KeystoneCACertificate: {get_param: KeystoneCACertificate} - KeystoneSigningCertificate: {get_param: KeystoneSigningCertificate} - KeystoneSigningKey: {get_param: KeystoneSigningKey} - KeystoneSSLCertificate: {get_param: KeystoneSSLCertificate} - KeystoneSSLCertificateKey: {get_param: KeystoneSSLCertificateKey} - KeystoneNotificationDriver: {get_param: KeystoneNotificationDriver} - KeystoneNotificationFormat: {get_param: KeystoneNotificationFormat} + MemcachedIPv6: {get_param: MemcachedIPv6} MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]} MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize} MysqlMaxConnections: {get_param: MysqlMaxConnections} @@ -947,7 +929,6 @@ resources: NeutronBridgeMappings: {get_param: NeutronBridgeMappings} NeutronTenantMtu: {get_param: NeutronTenantMtu} NeutronExternalNetworkBridge: {get_param: NeutronExternalNetworkBridge} - NeutronEnableIsolatedMetadata: {get_param: NeutronEnableIsolatedMetadata} NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} NeutronEnableL2Pop: {get_param: NeutronEnableL2Pop} NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges} @@ -955,11 +936,6 @@ resources: NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute} NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} NeutronPassword: {get_param: NeutronPassword} - NeutronDnsmasqOptions: - str_replace: - template: {get_param: NeutronDnsmasqOptions} - params: - '%MTU%': {get_param: NeutronTenantMtu} NeutronDVR: {get_param: NeutronDVR} NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} NeutronAgentMode: {get_param: NeutronAgentMode} @@ -971,7 +947,6 @@ resources: NeutronAgentExtensions: {get_param: NeutronAgentExtensions} NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} NeutronL3HA: {get_param: NeutronL3HA} - NeutronDhcpAgentsPerNetwork: {get_param: NeutronDhcpAgentsPerNetwork} NeutronNetworkType: {get_param: NeutronNetworkType} NeutronTunnelTypes: {get_param: NeutronTunnelTypes} NovaIPv6: {get_param: NovaIPv6} @@ -988,6 +963,7 @@ resources: RabbitClientPort: {get_param: RabbitClientPort} RabbitFDLimit: {get_param: RabbitFDLimit} RabbitIPv6: {get_param: RabbitIPv6} + RedisPassword: {get_param: RedisPassword} SaharaPassword: {get_param: SaharaPassword} SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} @@ -1005,17 +981,15 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + AodhApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} + GnocchiApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} HeatApiVirtualIPUri: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} MysqlVirtualIPUri: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} SaharaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} @@ -1028,6 +1002,7 @@ resources: NodeIndex: '%index%' ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: ControllerSchedulerHints} + ServiceConfigSettings: {get_attr: [ControllerServiceChain, config_settings]} Compute: type: OS::Heat::ResourceGroup @@ -1243,6 +1218,8 @@ resources: heat_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} swift_proxy_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} ceilometer_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + aodh_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} + gnocchi_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} nova_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} @@ -1363,6 +1340,8 @@ resources: nova_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + aodh_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} + gnocchi_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} redis_vip: {get_attr: [RedisVirtualIP, ip_address]} @@ -1594,6 +1573,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} controller_config: {get_attr: [Controller, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} + StepConfig: {get_attr: [ControllerServiceChain, step_config]} ComputeNodesPostDeployment: type: OS::TripleO::ComputePostDeployment @@ -1645,6 +1625,9 @@ outputs: PublicVip: description: Controller VIP for public API endpoints value: {get_attr: [VipMap, net_ip_map, external]} + AodhInternalVip: + description: VIP for Aodh API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} CeilometerInternalVip: description: VIP for Ceilometer API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} @@ -1654,6 +1637,9 @@ outputs: GlanceInternalVip: description: VIP for Glance API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} + GnocchiInternalVip: + description: VIP for Gnocchi API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} HeatInternalVip: description: VIP for Heat API internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} @@ -1672,6 +1658,12 @@ outputs: SwiftInternalVip: description: VIP for Swift Proxy internal endpoint value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} + EndpointMap: + description: | + Mapping of the resources with the needed info for their endpoints. + This includes the protocol used, the IP, port and also a full + representation of the URI. + value: {get_attr: [EndpointMap, endpoint_map]} HostsEntry: description: | The content that should be appended to your /etc/hosts if you want to get diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 2f2a1e9d..b065ddd2 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -34,6 +34,8 @@ parameters: type: comma_delimited_list ceilometer_api_node_ips: type: comma_delimited_list + aodh_api_node_ips: + type: comma_delimited_list nova_api_node_ips: type: comma_delimited_list nova_metadata_node_ips: @@ -42,6 +44,8 @@ parameters: type: comma_delimited_list glance_registry_node_ips: type: comma_delimited_list + gnocchi_api_node_ips: + type: comma_delimited_list cinder_api_node_ips: type: comma_delimited_list neutron_api_node_ips: @@ -63,6 +67,12 @@ parameters: description: > Setting to a previously unused value during stack-update will trigger package update on all nodes + StackAction: + type: string + description: > + Heat action on performed top-level stack. + constraints: + - allowed_values: ['CREATE', 'UPDATE'] resources: @@ -187,6 +197,22 @@ resources: list_join: - "','" - {get_param: ceilometer_api_node_ips} + aodh_api_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: aodh_api_node_ips} + gnocchi_api_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: gnocchi_api_node_ips} nova_api_node_ips: str_replace: template: "['SERVERS_LIST']" @@ -272,6 +298,7 @@ resources: # NOTE(gfidente): interpolation with %{} in the # hieradata file can't be used as it returns string ceilometer::rabbit_hosts: *rabbit_nodes_array + aodh::rabbit_hosts: *rabbit_nodes_array cinder::rabbit_hosts: *rabbit_nodes_array glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array heat::rabbit_hosts: *rabbit_nodes_array @@ -282,6 +309,7 @@ resources: deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} + stack_action: {get_param: StackAction} outputs: config_id: diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index dc2f98ed..fd161886 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -36,6 +36,9 @@ parameters: GlanceRbdPoolName: default: images type: string + GnocchiRbdPoolName: + default: metrics + type: string CephClientUserName: default: openstack type: string @@ -91,21 +94,25 @@ resources: cap_mon: 'allow profile bootstrap-osd' }, client.CLIENT_USER: { - secret: 'ADMIN_KEY', + secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' } }" params: CLIENT_USER: {get_param: CephClientUserName} + CLIENT_KEY: {get_param: ceph_client_key} ADMIN_KEY: {get_param: ceph_admin_key} NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} + gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} nova::compute::rbd::rbd_keyring: @@ -113,11 +120,17 @@ resources: - '.' - - 'client' - {get_param: CephClientUserName} + gnocchi::storage::ceph::ceph_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} outputs: config_id: diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index d2988926..f0eb71e4 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -256,6 +256,7 @@ resources: - ceph - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} @@ -313,12 +314,12 @@ outputs: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST - STORAGEIP STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST - TENANTIP TENANTHOST - MANAGEMENTIP MANAGEMENTHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -326,37 +327,37 @@ outputs: EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - management nova_server_resource: diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 888f3cf8..c1a04e24 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -51,7 +51,6 @@ parameters: description: Name of an existing Nova key pair to enable SSH access to the instances type: string RabbitPassword: - default: 'guest' type: string hidden: true RabbitUserName: @@ -286,7 +285,11 @@ resources: size: {get_param: CinderLVMLoopDeviceSize} cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} cinder_iscsi_helper: {get_param: CinderISCSIHelper} - cinder_iscsi_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} + cinder_iscsi_ip_address: + str_replace: + template: "'IP'" + params: + IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} @@ -313,6 +316,7 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} @@ -376,12 +380,12 @@ outputs: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST - STORAGEIP STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST - TENANTIP TENANTHOST - MANAGEMENTIP MANAGEMENTHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -389,37 +393,37 @@ outputs: EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - management nova_server_resource: diff --git a/puppet/compute.yaml b/puppet/compute.yaml index ee5bced6..4c18067a 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -251,7 +251,6 @@ parameters: type: string default: '' # Has to be here because of the ignored empty value bug RabbitPassword: - default: guest description: The password for RabbitMQ type: string hidden: true @@ -487,6 +486,7 @@ resources: - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - midonet_data # Optionally provided by AllNodesExtraConfig - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre + merge_behavior: deeper datafiles: compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} @@ -761,12 +761,12 @@ outputs: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST - STORAGEIP STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST - TENANTIP TENANTHOST - MANAGEMENTIP MANAGEMENTHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -774,37 +774,37 @@ outputs: EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - management nova_server_resource: diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml index dc81498a..dfebcf82 100644 --- a/puppet/controller-config-pacemaker.yaml +++ b/puppet/controller-config-pacemaker.yaml @@ -8,6 +8,10 @@ parameters: default: false description: Whether to run config management (e.g. Puppet) in debug mode. type: boolean + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' resources: @@ -22,7 +26,11 @@ resources: outputs: - name: result config: - get_file: manifests/overcloud_controller_pacemaker.pp + list_join: + - '' + - - get_file: manifests/overcloud_controller_pacemaker.pp + - get_file: manifests/ringbuilder.pp + - {get_param: StepConfig} outputs: OS::stack_id: diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml index f85e1a9e..458aff32 100644 --- a/puppet/controller-config.yaml +++ b/puppet/controller-config.yaml @@ -8,6 +8,10 @@ parameters: default: false description: Whether to run config management (e.g. Puppet) in debug mode. type: boolean + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' resources: @@ -22,7 +26,11 @@ resources: outputs: - name: result config: - get_file: manifests/overcloud_controller.pp + list_join: + - '' + - - get_file: manifests/overcloud_controller.pp + - get_file: manifests/ringbuilder.pp + - {get_param: StepConfig} outputs: OS::stack_id: diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index 713ad706..705e4b90 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -13,7 +13,10 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied - + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' resources: @@ -35,6 +38,8 @@ resources: ControllerPuppetConfig: type: OS::TripleO::ControllerConfig + properties: + StepConfig: {get_param: StepConfig} # Step through a series of Puppet runs using the same manifest. # NOTE: To enable stepping through the deployments via heat hooks, @@ -64,39 +69,26 @@ resources: update_identifier: {get_param: NodeConfigIdentifiers} actions: ['CREATE'] # no need for two passes on an UPDATE - ControllerRingbuilderPuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - inputs: - outputs: - - name: result - config: - get_file: manifests/ringbuilder.pp - - ControllerRingbuilderDeployment_Step3: + ControllerOvercloudServicesDeployment_Step3: type: OS::Heat::StructuredDeployments depends_on: ControllerServicesBaseDeployment_Step2 properties: - name: ControllerRingbuilderDeployment_Step3 + name: ControllerOvercloudServicesDeployment_Step3 servers: {get_param: servers} - config: {get_resource: ControllerRingbuilderPuppetConfig} + config: {get_resource: ControllerPuppetConfig} input_values: + step: 3 update_identifier: {get_param: NodeConfigIdentifiers} ControllerOvercloudServicesDeployment_Step4: type: OS::Heat::StructuredDeployments - depends_on: ControllerRingbuilderDeployment_Step3 + depends_on: ControllerOvercloudServicesDeployment_Step3 properties: name: ControllerOvercloudServicesDeployment_Step4 servers: {get_param: servers} config: {get_resource: ControllerPuppetConfig} input_values: - step: 3 + step: 4 update_identifier: {get_param: NodeConfigIdentifiers} ControllerOvercloudServicesDeployment_Step5: @@ -107,23 +99,12 @@ resources: servers: {get_param: servers} config: {get_resource: ControllerPuppetConfig} input_values: - step: 4 - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerOvercloudServicesDeployment_Step6: - type: OS::Heat::StructuredDeployments - depends_on: ControllerOvercloudServicesDeployment_Step5 - properties: - name: ControllerOvercloudServicesDeployment_Step6 - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: step: 5 update_identifier: {get_param: NodeConfigIdentifiers} ControllerPostPuppet: type: OS::TripleO::Tasks::ControllerPostPuppet - depends_on: ControllerOvercloudServicesDeployment_Step6 + depends_on: ControllerOvercloudServicesDeployment_Step5 properties: servers: {get_param: servers} input_values: diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 21551e35..7334d4a1 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -1,20 +1,18 @@ -heat_template_version: 2015-10-15 +heat_template_version: 2016-04-08 description: > OpenStack controller node configured by Puppet. parameters: - AdminEmail: - default: 'admin@example.com' - description: The email for the keystone admin account. - type: string - hidden: true AdminPassword: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true - AdminToken: - description: The keystone auth secret and db password. + AodhApiVirtualIP: + type: string + default: '' + AodhPassword: + description: The password for the aodh services. type: string hidden: true CeilometerApiVirtualIP: @@ -36,6 +34,12 @@ parameters: default: false description: Whether to store events in ceilometer. type: boolean + CeilometerMeterDispatcher: + default: 'database' + description: Dispatcher to process meter data + type: string + constraints: + - allowed_values: ['gnocchi', 'database'] CinderApiVirtualIP: type: string default: '' @@ -93,6 +97,11 @@ parameters: default: 0 description: Number of workers for Cinder service. type: number + controllerExtraConfig: + default: {} + description: | + Deprecated. Use ControllerExtraConfig via parameter_defaults instead. + type: json ControllerExtraConfig: default: {} description: | @@ -182,63 +191,41 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlancePassword: - description: The password for the glance service and db account, used by the glance services. - type: string - hidden: true - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one + GnocchiBackend: + default: file + description: The short name of the Gnocchi backend to use. Should be one of swift, rbd, or file type: string constraints: - allowed_values: ['swift', 'file', 'rbd'] - GlanceFilePcmkDevice: - default: '' - description: > - An exported storage device that should be mounted by Pacemaker - as Glance storage. Effective when GlanceFilePcmkManage is true. + GnocchiIndexerBackend: + default: 'mysql' + description: The short name of the Gnocchi indexer backend to use. type: string - GlanceFilePcmkFstype: - default: 'nfs' - description: > - Filesystem type for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. + GnocchiApiVirtualIP: type: string - GlanceFilePcmkManage: - default: false - description: > - Whether to make Glance file backend a mount managed by Pacemaker. - Effective when GlanceBackend is 'file'. - type: boolean - GlanceFilePcmkOptions: default: '' - description: > - Mount options for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. + GnocchiPassword: + description: The password for the gnocchi service and db account. + type: string + hidden: true + HAProxyStatsPassword: + description: Password for HAProxy stats endpoint + type: string + HAProxyStatsUser: + description: User for HAProxy stats endpoint + default: admin type: string HAProxySyslogAddress: default: /dev/log description: Syslog address where HAproxy will send its log type: string - GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number HeatPassword: description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + description: Password for heat_stack_domain_admin user. type: string hidden: true HeatAuthEncryptionKey: @@ -281,43 +268,6 @@ parameters: type: string constraints: - custom_constraint: nova.keypair - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneEnableDBPurge: - default: true - description: | - Whether to create cron job for purging soft deleted rows in Keystone database. - type: boolean - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneNotificationDriver: - description: Comma-separated list of Oslo notification drivers used by Keystone - default: ['messaging'] - type: comma_delimited_list - KeystoneNotificationFormat: - description: The Keystone notification format - default: 'basic' - type: string - constraints: - - allowed_values: [ 'basic', 'cadf' ] KeystoneRegion: type: string default: 'regionOne' @@ -326,14 +276,14 @@ parameters: default: false description: Whether to manage IPtables rules. type: boolean + MemcachedIPv6: + default: false + description: Enable IPv6 features in Memcached. + type: boolean PurgeFirewallRules: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - KeystoneWorkers: - default: 0 - description: Number of workers for Keystone service. - type: number SaharaApiVirtualIP: type: string default: '' @@ -378,14 +328,6 @@ parameters: scripts or be sure to keep 'datacentre' as a mapping network name. type: comma_delimited_list default: "datacentre:br-ex" - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,1400' - description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. - type: string - NeutronEnableDHCPAgent: - description: Knob to enable/disable DHCP Agent - type: boolean - default: true NeutronEnableL3Agent: description: Knob to enable/disable L3 agent type: boolean @@ -406,10 +348,6 @@ parameters: default: 'False' description: Whether to enable l3-agent HA type: string - NeutronDhcpAgentsPerNetwork: - type: number - default: 3 - description: The number of neutron dhcp agents to schedule per network NeutronDVR: default: 'False' description: Whether to configure Neutron Distributed Virtual Routers @@ -444,10 +382,6 @@ parameters: default: 'True' description: Allow automatic l3-agent failover type: string - NeutronEnableIsolatedMetadata: - default: 'False' - description: If True, DHCP provide metadata route to VM. - type: string NeutronEnableTunnelling: type: string default: "True" @@ -595,7 +529,6 @@ parameters: default: '' # Has to be here because of the ignored empty value bug hidden: true RabbitPassword: - default: guest description: The password for RabbitMQ type: string hidden: true @@ -621,6 +554,10 @@ parameters: default: false description: Enable IPv6 in RabbitMQ type: boolean + RedisPassword: + type: string + description: The password to access the Redis service + hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -653,6 +590,10 @@ parameters: default: 10 description: Partition Power to use when building Swift rings type: number + SwiftRingBuild: + default: true + description: Whether to manage Swift rings or not + type: boolean SwiftPassword: description: The password for the swift service account, used by the swift proxy services. @@ -686,24 +627,12 @@ parameters: HeatApiVirtualIPUri: type: string default: '' - GlanceApiVirtualIP: - type: string - default: '' - GlanceRegistryVirtualIP: - type: string - default: '' MysqlVirtualIP: type: string default: '' MysqlVirtualIPUri: type: string default: '' - KeystoneAdminApiVirtualIP: - type: string - default: '' - KeystonePublicApiVirtualIP: - type: string - default: '' NeutronApiVirtualIP: type: string default: '' @@ -765,6 +694,15 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + ServiceConfigSettings: + type: json + default: {} + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - controllerExtraConfig resources: @@ -926,16 +864,15 @@ resources: bootstack_nodeid: {get_attr: [Controller, name]} ceilometer_workers: {get_param: CeilometerWorkers} cinder_workers: {get_param: CinderWorkers} - glance_workers: {get_param: GlanceWorkers} heat_workers: {get_param: HeatWorkers} - keystone_workers: {get_param: KeystoneWorkers} nova_workers: {get_param: NovaWorkers} neutron_workers: {get_param: NeutronWorkers} swift_workers: {get_param: SwiftWorkers} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} - neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} haproxy_log_address: {get_param: HAProxySyslogAddress} + haproxy_stats_password: {get_param: HAProxyStatsPassword} + haproxy_stats_user: {get_param: HAProxyStatsUser} heat.watch_server_url: list_join: - '' @@ -954,13 +891,14 @@ resources: - - 'http://' - {get_param: HeatApiVirtualIPUri} - ':8000/v1/waitcondition' + heat_public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat_internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat_admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} heat_enable_db_purge: {get_param: HeatEnableDBPurge} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} - admin_email: {get_param: AdminEmail} admin_password: {get_param: AdminPassword} - admin_token: {get_param: AdminToken} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} debug: {get_param: Debug} cinder_enable_db_purge: {get_param: CinderEnableDBPurge} @@ -985,23 +923,12 @@ resources: - '@' - {get_param: MysqlVirtualIPUri} - '/cinder' - glance_port: {get_param: [EndpointMap, GlanceInternal, port]} - glance_password: {get_param: GlancePassword} - glance_backend: {get_param: GlanceBackend} - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} - glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} - glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} - glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} - glance_notifier_strategy: {get_param: GlanceNotifierStrategy} - glance_log_file: {get_param: GlanceLogFile} - glance_dsn: - list_join: - - '' - - - 'mysql+pymysql://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: MysqlVirtualIPUri} - - '/glance' + cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} heat_password: {get_param: HeatPassword} heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} heat_dsn: @@ -1012,26 +939,8 @@ resources: - '@' - {get_param: MysqlVirtualIPUri} - '/heat' - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} - keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} - keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} - keystone_notification_driver: {get_param: KeystoneNotificationDriver} - keystone_notification_format: {get_param: KeystoneNotificationFormat} - keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} - keystone_dsn: - list_join: - - '' - - - 'mysql+pymysql://keystone:' - - {get_param: AdminToken} - - '@' - - {get_param: MysqlVirtualIPUri} - - '/keystone' keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] } - keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} enable_galera: {get_param: EnableGalera} @@ -1067,7 +976,6 @@ resources: template: DRIVERS params: DRIVERS: {get_param: NeutronTypeDrivers} - neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent} neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent} neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent} neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent} @@ -1078,7 +986,6 @@ resources: MECHANISMS: {get_param: NeutronMechanismDrivers} neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron_l3_ha: {get_param: NeutronL3HA} - neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} neutron_network_vlan_ranges: str_replace: template: RANGES @@ -1126,7 +1033,6 @@ resources: AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} neutron_password: {get_param: NeutronPassword} neutron_tenant_mtu: {get_param: NeutronTenantMtu} - neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} neutron_dsn: list_join: - '' @@ -1144,12 +1050,22 @@ resources: ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} ceilometer_store_events: {get_param: CeilometerStoreEvents} + aodh_password: {get_param: AodhPassword} + aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } + aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } + aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } + ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher} + gnocchi_password: {get_param: GnocchiPassword} + gnocchi_backend: {get_param: GnocchiBackend} + gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend} ceilometer_coordination_url: list_join: - '' - - - 'redis://' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' - {get_param: RedisVirtualIPUri} - - ':6379' + - ':6379/' ceilometer_dsn: list_join: - '' @@ -1158,11 +1074,26 @@ resources: - '@' - {get_param: MysqlVirtualIPUri} - '/ceilometer' + gnocchi_dsn: + list_join: + - '' + - - 'mysql+pymysql://gnocchi:' + - {get_param: GnocchiPassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/gnocchi' + gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} + ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} + ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} nova_enable_db_purge: {get_param: NovaEnableDBPurge} nova_ipv6: {get_param: NovaIPv6} corosync_ipv6: {get_param: CorosyncIPv6} + memcached_ipv6: {get_param: MemcachedIPv6} nova_password: {get_param: NovaPassword} nova_dsn: list_join: @@ -1182,6 +1113,12 @@ resources: - '/nova_api' upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} instance_name_template: {get_param: InstanceNameTemplate} + nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} + nova_ec2_public_url: {get_param: [EndpointMap, NovaEC2Public, uri]} + nova_ec2_internal_url: {get_param: [EndpointMap, NovaEC2Internal, uri]} + nova_ec2_admin_url: {get_param: [EndpointMap, NovaEC2Admin, uri]} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} @@ -1190,16 +1127,9 @@ resources: rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} rabbit_ipv6: {get_param: RabbitIPv6} + rabbit_fd_limit: {get_param: RabbitFDLimit} mongodb_no_journal: {get_param: MongoDbNoJournal} mongodb_ipv6: {get_param: MongoDbIPv6} - # We need to force this into quotes or hiera will return integer causing - # the puppet module validation regexp to fail. - # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401 - rabbit_fd_limit: - str_replace: - template: "'LIMIT'" - params: - LIMIT: {get_param: RabbitFDLimit} ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} control_virtual_interface: {get_param: ControlVirtualInterface} @@ -1207,12 +1137,22 @@ resources: swift_hash_suffix: {get_param: SwiftHashSuffix} swift_password: {get_param: SwiftPassword} swift_part_power: {get_param: SwiftPartPower} + swift_ring_build: {get_param: SwiftRingBuild} swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} + swift_public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift_internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift_admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift_public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift_internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift_admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} sahara_password: {get_param: SaharaPassword} + sahara_public_url: {get_param: [EndpointMap, SaharaPublic, uri]} + sahara_internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} + sahara_admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} sahara_dsn: list_join: - '' @@ -1223,12 +1163,15 @@ resources: - '/sahara' swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} + cinder_iscsi_network: + str_replace: + template: "'IP'" + params: + IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} - glance_registry_host: {get_param: GlanceRegistryVirtualIP} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} @@ -1237,11 +1180,19 @@ resources: neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} + gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} + horizon_subnet: + str_replace: + template: "['SUBNET']" + params: + SUBNET: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + redis_password: {get_param: RedisPassword} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} @@ -1263,6 +1214,7 @@ resources: - heat_config_%{::deploy_config_name} - controller_extraconfig - extraconfig + - service_configs - controller - database - object @@ -1283,9 +1235,16 @@ resources: - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre - midonet_data #Optionally provided by AllNodesExtraConfig - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre + - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre + merge_behavior: deeper datafiles: + service_configs: + mapped_data: {get_param: ServiceConfigSettings} controller_extraconfig: - mapped_data: {get_param: ControllerExtraConfig} + mapped_data: + map_merge: + - {get_param: controllerExtraConfig} + - {get_param: ControllerExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} common: @@ -1320,14 +1279,19 @@ resources: swift::swift_hash_suffix: {get_input: swift_hash_suffix} swift::proxy::authtoken::admin_password: {get_input: swift_password} swift::proxy::workers: {get_input: swift_workers} + tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: {get_input: swift_part_power} tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} - - # NOTE(dprince): build_ring support is currently not wired in. - # See: https://review.openstack.org/#/c/109225/ - tripleo::ringbuilder::build_ring: True + swift::keystone::auth::public_url: {get_input: swift_public_url } + swift::keystone::auth::internal_url: {get_input: swift_internal_url } + swift::keystone::auth::admin_url: {get_input: swift_admin_url } + swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 } + swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 } + swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 } + swift::keystone::auth::password: {get_input: swift_password } + swift::keystone::auth::region: {get_input: keystone_region} # Cinder cinder_enable_db_purge: {get_input: cinder_enable_db_purge} @@ -1352,39 +1316,19 @@ resources: cinder::glance::glance_api_servers: {get_input: glance_api_servers} cinder_backend_config: {get_input: CinderBackendConfig} cinder::db::mysql::password: {get_input: cinder_password} + cinder::keystone::auth::public_url: {get_input: cinder_public_url } + cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } + cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } + cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 } + cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 } + cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 } + cinder::keystone::auth::password: {get_input: cinder_password } + cinder::keystone::auth::region: {get_input: keystone_region} # Glance - glance::api::bind_port: {get_input: glance_port} glance::api::bind_host: {get_input: glance_api_network} - glance::api::auth_uri: {get_input: keystone_auth_uri} - glance::api::identity_uri: {get_input: keystone_identity_uri} - glance::api::registry_host: {get_input: glance_registry_host} - glance::api::keystone_password: {get_input: glance_password} - glance::api::debug: {get_input: debug} - glance::api::workers: {get_input: glance_workers} - glance_notifier_strategy: {get_input: glance_notifier_strategy} - glance_log_file: {get_input: glance_log_file} - glance_log_file: {get_input: glance_log_file} - glance::api::database_connection: {get_input: glance_dsn} - glance::registry::keystone_password: {get_input: glance_password} - glance::registry::database_connection: {get_input: glance_dsn} glance::registry::bind_host: {get_input: glance_registry_network} - glance::registry::auth_uri: {get_input: keystone_auth_uri} - glance::registry::identity_uri: {get_input: keystone_identity_uri} - glance::registry::debug: {get_input: debug} - glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri} - glance::registry::workers: {get_input: glance_workers} - glance::backend::swift::swift_store_user: service:glance - glance::backend::swift::swift_store_key: {get_input: glance_password} - glance_backend: {get_input: glance_backend} - glance::db::mysql::password: {get_input: glance_password} - glance_file_pcmk_device: {get_input: glance_file_pcmk_device} - glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} - glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} - glance_file_pcmk_options: {get_input: glance_file_pcmk_options} - glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username} - glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password} - glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + glance::keystone::auth::region: {get_input: keystone_region} # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} @@ -1406,41 +1350,23 @@ resources: heat::api_cloudwatch::workers: {get_input: heat_workers} heat::api_cfn::bind_host: {get_input: heat_api_network} heat::api_cfn::workers: {get_input: heat_workers} + heat::engine::num_engine_workers: {get_input: heat_workers} heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} heat_enable_db_purge: {get_input: heat_enable_db_purge} + heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} + heat::keystone::auth::public_url: {get_input: heat_public_url } + heat::keystone::auth::internal_url: {get_input: heat_internal_url } + heat::keystone::auth::admin_url: {get_input: heat_admin_url } + heat::keystone::auth::password: {get_input: heat_password } + heat::keystone::auth::region: {get_input: keystone_region} # Keystone - keystone::admin_token: {get_input: admin_token} - keystone_ca_certificate: {get_input: keystone_ca_certificate} - keystone_signing_key: {get_input: keystone_signing_key} - keystone_signing_certificate: {get_input: keystone_signing_certificate} - keystone_ssl_certificate: {get_input: keystone_ssl_certificate} - keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} - keystone::database_connection: {get_input: keystone_dsn} keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} - keystone::debug: {get_input: debug} - keystone::db::mysql::password: {get_input: admin_token} - keystone::rabbit_userid: {get_input: rabbit_username} - keystone::rabbit_password: {get_input: rabbit_password} - keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - keystone::rabbit_port: {get_input: rabbit_client_port} - keystone::notification_driver: {get_input: keystone_notification_driver} - keystone::notification_format: {get_input: keystone_notification_format} - keystone::roles::admin::email: {get_input: admin_email} - keystone::roles::admin::password: {get_input: admin_password} - keystone::endpoint::public_url: {get_input: keystone_public_url} - keystone::endpoint::internal_url: {get_input: keystone_internal_url} - keystone::endpoint::admin_url: {get_input: keystone_identity_uri} - keystone::endpoint::region: {get_input: keystone_region} - keystone::admin_workers: {get_input: keystone_workers} - keystone::public_workers: {get_input: keystone_workers} - keystone_enable_db_purge: {get_input: keystone_enable_db_purge} - keystone::public_endpoint: {get_input: keystone_public_url} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} @@ -1459,11 +1385,6 @@ resources: # Neutron neutron::bind_host: {get_input: neutron_api_network} - neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_username} - neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - neutron::rabbit_port: {get_input: rabbit_client_port} - neutron::debug: {get_input: debug} neutron::server::auth_uri: {get_input: keystone_auth_uri} neutron::server::identity_uri: {get_input: keystone_identity_uri} neutron::server::database_connection: {get_input: neutron_dsn} @@ -1472,7 +1393,6 @@ resources: neutron::network_device_mtu: {get_input: neutron_tenant_mtu} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} - neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks} neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} @@ -1482,7 +1402,6 @@ resources: neutron_router_distributed: {get_input: neutron_router_distributed} neutron::core_plugin: {get_input: neutron_core_plugin} neutron::service_plugins: {get_input: neutron_service_plugins} - neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent} neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent} neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent} neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent} @@ -1491,7 +1410,6 @@ resources: neutron::plugins::ml2::extension_drivers: {get_input: neutron_plugin_extensions} neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} neutron::server::l3_ha: {get_input: neutron_l3_ha} - neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network} neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} @@ -1505,7 +1423,6 @@ resources: neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions} neutron::server::auth_password: {get_input: neutron_password} neutron::agents::metadata::auth_password: {get_input: neutron_password} - neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} neutron_dsn: {get_input: neutron_dsn} neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} neutron::db::mysql::password: {get_input: neutron_password} @@ -1538,9 +1455,63 @@ resources: ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events} ceilometer::db::mysql::password: {get_input: ceilometer_password} + ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher} + ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url } + ceilometer::dispatcher::gnocchi::filter_project: 'service' + ceilometer::dispatcher::gnocchi::archive_policy: 'low' + ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' + ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url } + ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url } + ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url } + ceilometer::keystone::auth::password: {get_input: ceilometer_password } + ceilometer::keystone::auth::region: {get_input: keystone_region} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + # Aodh + aodh::rabbit_userid: {get_input: rabbit_username} + aodh::rabbit_password: {get_input: rabbit_password} + aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + aodh::rabbit_port: {get_input: rabbit_client_port} + aodh::debug: {get_input: debug} + aodh::wsgi::apache::ssl: false + aodh::wsgi::apache::bind_host: {get_input: aodh_api_network} + aodh::api::service_name: 'httpd' + aodh::api::host: {get_input: aodh_api_network} + aodh::api::keystone_password: {get_input: aodh_password} + aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri} + aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri} + aodh::auth::auth_password: {get_input: aodh_password} + aodh::db::mysql::password: {get_input: aodh_password} + # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination + aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url} + aodh::keystone::auth::public_url: {get_input: aodh_public_url } + aodh::keystone::auth::internal_url: {get_input: aodh_internal_url } + aodh::keystone::auth::admin_url: {get_input: aodh_admin_url } + aodh::keystone::auth::password: {get_input: aodh_password } + aodh::keystone::auth::region: {get_input: keystone_region} + + # Gnocchi + gnocchi_backend: {get_input: gnocchi_backend} + gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend} + gnocchi_mysql_conn_string: {get_input: gnocchi_dsn} + gnocchi::debug: {get_input: debug} + gnocchi::wsgi::apache::ssl: false + gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network} + gnocchi::api::service_name: 'httpd' + gnocchi::api::host: {get_input: gnocchi_api_network} + gnocchi::api::keystone_password: {get_input: gnocchi_password} + gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri} + gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri} + gnocchi::db::mysql::password: {get_input: gnocchi_password} + gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri} + gnocchi::storage::swift::swift_key: {get_input: gnocchi_password} + gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url } + gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url } + gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url } + gnocchi::keystone::auth::password: {get_input: gnocchi_password } + gnocchi::keystone::auth::region: {get_input: keystone_region} + # Nova nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} @@ -1570,8 +1541,17 @@ resources: nova::db::mysql::password: {get_input: nova_password} nova::db::mysql_api::password: {get_input: nova_password} nova_enable_db_purge: {get_input: nova_enable_db_purge} + nova::keystone::auth::public_url: {get_input: nova_public_url} + nova::keystone::auth::internal_url: {get_input: nova_internal_url} + nova::keystone::auth::admin_url: {get_input: nova_admin_url} + nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url} + nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url} + nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url} + nova::keystone::auth::password: {get_input: nova_password } + nova::keystone::auth::region: {get_input: keystone_region} # Horizon + apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} apache::ip: {get_input: horizon_network} horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} @@ -1601,6 +1581,11 @@ resources: sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} sahara::rabbit_port: {get_input: rabbit_client_port} sahara::db::mysql::password: {get_input: sahara_password} + sahara::keystone::auth::public_url: {get_input: sahara_public_url } + sahara::keystone::auth::internal_url: {get_input: sahara_internal_url } + sahara::keystone::auth::admin_url: {get_input: sahara_admin_url } + sahara::keystone::auth::password: {get_input: sahara_password } + sahara::keystone::auth::region: {get_input: keystone_region} # Rabbit rabbitmq::node_ip_address: {get_input: rabbitmq_network} @@ -1611,11 +1596,15 @@ resources: rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} + redis::requirepass: {get_input: redis_password} + redis::masterauth: {get_input: redis_password} + redis::sentinel_auth_pass: {get_input: redis_password} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc + memcached_ipv6: {get_input: memcached_ipv6} memcached::listen_ip: {get_input: memcached_network} neutron_public_interface_ip: {get_input: neutron_public_interface_ip} ntp::servers: {get_input: ntp_servers} @@ -1626,6 +1615,9 @@ resources: tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + tripleo::loadbalancer::haproxy_stats_user: {get_input: haproxy_stats_user} + tripleo::loadbalancer::haproxy_stats_password: {get_input: haproxy_stats_password} + tripleo::loadbalancer::redis_password: {get_input: redis_password} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -1696,12 +1688,12 @@ outputs: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST - STORAGEIP STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST - TENANTIP TENANTHOST - MANAGEMENTIP MANAGEMENTHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -1709,37 +1701,37 @@ outputs: EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - management nova_server_resource: diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 312d49a0..5942088c 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -38,6 +38,9 @@ parameters: GlanceRbdPoolName: default: images type: string + GnocchiRbdPoolName: + default: metrics + type: string CephClientUserName: default: openstack type: string @@ -68,7 +71,7 @@ resources: secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' } }" params: @@ -77,10 +80,13 @@ resources: NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} + gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} nova::compute::rbd::rbd_keyring: @@ -88,11 +94,17 @@ resources: - '.' - - 'client' - {get_param: CephClientUserName} + gnocchi::storage::ceph::ceph_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} outputs: config_id: diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml new file mode 100755 index 00000000..7c0a7ad2 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml @@ -0,0 +1,113 @@ +heat_template_version: 2015-04-30 + +description: Controller hieradata for Neutron PLUMgrid configuration + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + PLUMgridDirectorServer: + description: IP address of the PLUMgrid Director Server + type: string + default: 127.0.0.1 + PLUMgridDirectorServerPort: + description: Port of the PLUMgrid Director Server + type: string + default: 443 + PLUMgridUsername: + description: Username for PLUMgrid platform + type: string + PLUMgridPassword: + description: Password for PLUMgrid platform + type: string + hidden: true + PLUMgridServerTimeOut: + description: Request timeout duration (seconds) to PLUMgrid platform + type: string + default: 99 + PLUMgridNovaMetadataIP: + description: IP address of Nova Metadata + type: string + default: 169.254.169.254 + PLUMgridNovaMetadataPort: + description: Port of Nova Metadata + type: string + default: 8775 + PLUMgridL2GatewayVendor: + description: Vendor for L2 Gateway Switch + type: string + default: vendor + PLUMgridL2GatewayUsername: + description: Username for L2 Gateway Switch + type: string + default: username + PLUMgridL2GatewayPassword: + description: Password for L2 Gateway Switch + type: string + hidden: true + PLUMgridIdentityVersion: + description: Keystone Identity version + type: string + default: v2.0 + PLUMgridConnectorType: + description: Neutron Network Connector Type + type: string + default: distributed + PLUMgridNeutronPluginVersion: + description: PLUMgrid Neutron Plugin version + type: string + default: present + PLUMgridPlumlibVersion: + description: PLUMgrid Plumlib version + type: string + default: present + + +resources: + ControllerPLUMgridConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_plumgrid_data: + mapped_data: + neutron::plugins::plumgrid::director_server: {get_input: plumgrid_director_server} + neutron::plugins::plumgrid::director_server_port: {get_input: plumgrid_director_server_port} + neutron::plugins::plumgrid::username: {get_input: plumgrid_username} + neutron::plugins::plumgrid::password: {get_input: plumgrid_password} + neutron::plugins::plumgrid::nova_metadata_ip: {get_input: plumgrid_nova_metadata_ip} + neutron::plugins::plumgrid::nova_metadata_port: {get_input: plumgrid_nova_metadata_port} + neutron::plugins::plumgrid::l2gateway_vendor: {get_input: plumgrid_l2gateway_vendor} + neutron::plugins::plumgrid::l2gateway_sw_username: {get_input: plumgrid_l2gateway_sw_username} + neutron::plugins::plumgrid::l2gateway_sw_password: {get_input: plumgrid_l2gateway_sw_password} + neutron::plugins::plumgrid::connector_type: {get_input: plumgrid_connector_type} + neutron::plugins::plumgrid::identity_version: {get_input: plumgrid_identity_version} + neutron::plugins::plumgrid::package_ensure: {get_input: plumgrid_neutron_plugin_version} + neutron::plugins::plumgrid::plumlib_package_ensure: {get_input: plumgrid_plumlib_version} + + ControllerPLUMgridDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: ControllerPLUMgridConfig} + server: {get_param: server} + input_values: + plumgrid_director_server: {get_param: PLUMgridDirectorServer} + plumgrid_director_server_port: {get_param: PLUMgridDirectorServerPort} + plumgrid_username: {get_param: PLUMgridUsername} + plumgrid_password: {get_param: PLUMgridPassword} + plumgrid_nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP} + plumgrid_nova_metadata_port: {get_param: PLUMgridNovaMetadataPort} + plumgrid_l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor} + plumgrid_l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername} + plumgrid_l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword} + plumgrid_identity_version: {get_param: PLUMgridIdentityVersion} + plumgrid_connector_type: {get_param: PLUMgridConnectorType} + plumgrid_neutron_plugin_version: {get_param: PLUMgridNeutronPluginVersion} + plumgrid_plumlib_version: {get_param: PLUMgridPlumlibVersion} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [ControllerPLUMgridDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml index aab42849..f955034d 100644 --- a/puppet/extraconfig/tls/ca-inject.yaml +++ b/puppet/extraconfig/tls/ca-inject.yaml @@ -4,7 +4,7 @@ description: > This is a template which will inject the trusted anchor. parameters: - # Can be overriden via parameter_defaults in the environment + # Can be overridden via parameter_defaults in the environment SSLRootCertificate: description: > The content of a CA's SSL certificate file in PEM format. diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 20bb3737..e281ef51 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -5,7 +5,7 @@ description: > for the load balancer using the given parameters. parameters: - # Can be overriden via parameter_defaults in the environment + # Can be overridden via parameter_defaults in the environment SSLCertificate: description: > The content of the SSL certificate (without Key) in PEM format. @@ -21,7 +21,7 @@ parameters: type: string hidden: true - # Can be overriden by parameter_defaults if the user wants to try deploying + # Can be overridden by parameter_defaults if the user wants to try deploying # this in a distro that doesn't support this path. DeployedSSLCertificatePath: default: '/etc/pki/tls/private/overcloud_endpoint.pem' @@ -63,6 +63,14 @@ resources: openssl rsa -noout -modulus -in ${cert_path} \ | openssl md5 | cut -c 10- \ > ${heat_outputs_path}.key_modulus + # We need to reload haproxy in case the certificate changed because + # puppet doesn't know the contents of the cert file. The pacemaker + # case is handled separately in a pacemaker-specific resource. + pacemaker_status=$(systemctl is-active pacemaker) + haproxy_status=$(systemctl is-active haproxy) + if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then + systemctl reload haproxy + fi ControllerTLSDeployment: type: OS::Heat::SoftwareDeployment diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 98cec364..34965959 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -5,6 +5,12 @@ ssh::server::storeconfigs_enabled: false ceilometer::agent::auth::auth_region: 'regionOne' ceilometer::agent::auth::auth_tenant_name: 'service' +aodh::auth::auth_region: 'regionOne' +aodh::auth::auth_tenant_name: 'service' + +gnocchi::auth::auth_region: 'regionOne' +gnocchi::auth::auth_tenant_name: 'service' + nova::api::admin_tenant_name: 'service' nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 865210c9..1e888f39 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -11,6 +11,8 @@ nova::compute::libvirt::migration_support: true nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" +nova::network::neutron::neutron_auth_type: 'v3password' + # Changing the default from 512MB. The current templates can not deploy # overclouds with swap. On an idle compute node, we see ~1024MB of RAM # used. 2048 is suggested to account for other possible operations for diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index e80bee07..416233ce 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,10 +1,21 @@ # Hiera data here applies to all controller nodes + nova::api::enabled: true nova::conductor::enabled: true nova::consoleauth::enabled: true nova::vncproxy::enabled: true nova::scheduler::enabled: true +# gnocchi +gnocchi::db::sync::extra_opts: '--skip-storage' +gnocchi::storage::swift::swift_user: 'service:gnocchi' +gnocchi::storage::swift::swift_auth_version: 2 +gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' +gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3' +gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' +gnocchi::statsd::flush_delay: 10 +gnocchi::statsd::archive_policy_name: 'low' + # rabbitmq rabbitmq::delete_guest_user: false rabbitmq::wipe_db_on_cookie_change: true @@ -29,18 +40,32 @@ redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' +# keystone +keystone::roles::admin::email: 'root@localhost' + # service tenant glance::api::keystone_tenant: 'service' +aodh::api::keystone_tenant: 'service' glance::registry::keystone_tenant: 'service' neutron::server::auth_tenant: 'service' neutron::agents::metadata::auth_tenant: 'service' neutron::agents::l3::router_delete_namespaces: True -neutron::agents::dhcp::dhcp_delete_namespaces: True cinder::api::keystone_tenant: 'service' swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' +gnocchi::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' sahara::admin_tenant_name: 'service' +aodh::keystone::auth::tenant: 'service' +ceilometer::keystone::auth::tenant: 'service' +cinder::keystone::auth::tenant: 'service' +glance::keystone::auth::tenant: 'service' +gnocchi::keystone::auth::tenant: 'service' +heat::keystone::auth::tenant: 'service' +neutron::keystone::auth::tenant: 'service' +nova::keystone::auth::tenant: 'service' +sahara::keystone::auth::tenant: 'service' +swift::keystone::auth::tenant: 'service' # keystone keystone::cron::token_flush::maxdelay: 3600 @@ -70,28 +95,30 @@ swift::proxy::pipeline: - 'proxy-server' swift::proxy::account_autocreate: true +swift::keystone::auth::configure_s3_endpoint: false +swift::keystone::auth::operator_roles: + - admin + - swiftoperator # glance glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true glance::registry::pipeline: 'keystone' glance::backend::swift::swift_store_create_container_on_put: true -glance::backend::rbd::rbd_store_user: 'openstack' glance_file_pcmk_directory: '/var/lib/glance/images' # neutron neutron::server::sync_db: true -neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf # nova nova::notify_on_state_change: 'vm_and_task_state' nova::api::default_floating_pool: 'public' -nova::api::osapi_v3: true nova::api::sync_db_api: true nova::scheduler::filter::ram_allocation_ratio: '1.0' nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' nova::notification_driver: messaging +nova::keystone::auth::configure_ec2_endpoint: false # ceilometer ceilometer::agent::auth::auth_endpoint_type: 'internalURL' @@ -110,12 +137,16 @@ heat::cron::purge_deleted::age: 30 heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::maxdelay: 3600 heat::cron::purge_deleted::destination: '/dev/null' +heat::keystone::domain::domain_name: 'heat_stack' +heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' +heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' pacemaker::corosync::manage_fw: false pacemaker::resource_defaults::defaults: resource-stickiness: { value: INFINITY } +corosync_token_timeout: 10000 # horizon horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache @@ -123,6 +154,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: add_listen: false priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' # mysql mysql::server::manage_config_file: true @@ -143,6 +175,8 @@ tripleo::loadbalancer::redis: true tripleo::loadbalancer::sahara: true tripleo::loadbalancer::swift_proxy_server: true tripleo::loadbalancer::ceilometer: true +tripleo::loadbalancer::aodh: true +tripleo::loadbalancer::gnocchi: true tripleo::loadbalancer::heat_api: true tripleo::loadbalancer::heat_cloudwatch: true tripleo::loadbalancer::heat_cfn: true @@ -255,3 +289,11 @@ tripleo::firewall::firewall_rules: '127 snmp': port: 161 proto: 'udp' + '128 aodh': + port: + - 8042 + - 13042 + '129 gnocchi-api': + port: + - 8041 + - 13041 diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml index 61714691..4eb199c8 100644 --- a/puppet/hieradata/database.yaml +++ b/puppet/hieradata/database.yaml @@ -61,6 +61,14 @@ ceilometer::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" +# Gnocchi +gnocchi::db::mysql::user: gnocchi +gnocchi::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +gnocchi::db::mysql::dbname: gnocchi +gnocchi::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + sahara::db::mysql::user: sahara sahara::db::mysql::host: "%{hiera('mysql_virtual_ip')}" sahara::db::mysql::dbname: sahara diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 7c8cda71..cc58cb14 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -53,12 +53,6 @@ include ::nova include ::nova::config include ::nova::compute -nova_config { - 'DEFAULT/my_ip': value => $ipaddress; - 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; - 'DEFAULT/host': value => $fqdn; -} - $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) $rbd_persistent_storage = hiera('rbd_persistent_storage', false) if $rbd_ephemeral_storage or $rbd_persistent_storage { @@ -99,6 +93,19 @@ if str2bool(hiera('nova::use_ipv6', false)) { class { '::nova::compute::libvirt' : vncserver_listen => $vncserver_listen, } + +nova_config { + 'DEFAULT/my_ip': value => $ipaddress; + 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; + 'DEFAULT/host': value => $fqdn; + # TUNNELLED mode provides a security enhancement when using shared storage but is not + # supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), Dan's native encryption + # work will obsolete the need to use TUNNELLED transport mode. + 'libvirt/live_migration_tunnelled': value => $rbd_ephemeral_storage; +} + if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { file {'/etc/libvirt/qemu.conf': ensure => present, @@ -145,8 +152,32 @@ elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencont # require => Class['contrail::vrouter'], #} } +elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { + # forward all ipv4 traffic + # this is required for the vms to pass through the gateways public interface + sysctl::value { 'net.ipv4.ip_forward': value => '1' } + + # ifc_ctl_pp needs to be invoked by root as part of the vif.py when a VM is powered on + file { '/etc/sudoers.d/ifc_ctl_sudoers': + ensure => file, + owner => root, + group => root, + mode => '0440', + content => "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *\n", + } +} else { + # NOTE: this code won't live in puppet-neutron until Neutron OVS agent + # can be gracefully restarted. See https://review.openstack.org/#/c/297211 + # In the meantime, it's safe to restart the agent on each change in neutron.conf, + # because Puppet changes are supposed to be done during bootstrap and upgrades. + # Some resource managed by Neutron_config (like messaging and logging options) require + # a restart of OVS agent. This code does it. + # In Newton, OVS agent will be able to be restarted gracefully so we'll drop the code + # from here and fix it in puppet-neutron. + Neutron_config<||> ~> Service['neutron-ovs-agent-service'] + include ::neutron::plugins::ml2 include ::neutron::agents::ml2::ovs diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 4a03fefa..34ca845c 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -46,7 +46,7 @@ if hiera('step') >= 2 { # MongoDB if downcase(hiera('ceilometer_backend')) == 'mongodb' { include ::mongodb::globals - + include ::mongodb::client include ::mongodb::server # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and # without the brackets as 'members' argument for the 'mongodb_replset' @@ -113,16 +113,18 @@ if hiera('step') >= 2 { # FIXME: this should only occur on the bootstrap host (ditto for db syncs) # Create all the database schemas - include ::keystone::db::mysql - include ::glance::db::mysql include ::nova::db::mysql include ::nova::db::mysql_api include ::neutron::db::mysql include ::cinder::db::mysql include ::heat::db::mysql include ::sahara::db::mysql + if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { + include ::gnocchi::db::mysql + } if downcase(hiera('ceilometer_backend')) == 'mysql' { include ::ceilometer::db::mysql + include ::aodh::db::mysql } $rabbit_nodes = hiera('rabbit_node_ips') @@ -209,66 +211,17 @@ if hiera('step') >= 2 { } #END STEP 2 -if hiera('step') >= 3 { - - include ::keystone - include ::keystone::config - include ::keystone::roles::admin - include ::keystone::endpoint - include ::keystone::wsgi::apache - - #TODO: need a cleanup-keystone-tokens.sh solution here - - file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: - ensure => 'directory', - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - } - file { '/etc/keystone/ssl/certs/signing_cert.pem': - content => hiera('keystone_signing_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - file { '/etc/keystone/ssl/private/signing_key.pem': - content => hiera('keystone_signing_key'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/private'], - } - file { '/etc/keystone/ssl/certs/ca.pem': - content => hiera('keystone_ca_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - - $glance_backend = downcase(hiera('glance_backend', 'swift')) - case $glance_backend { - 'swift': { $backend_store = 'glance.store.swift.Store' } - 'file': { $backend_store = 'glance.store.filesystem.Store' } - 'rbd': { $backend_store = 'glance.store.rbd.Store' } - default: { fail('Unrecognized glance_backend parameter.') } - } - $http_store = ['glance.store.http.Store'] - $glance_store = concat($http_store, $backend_store) - - # TODO: scrubber and other additional optional features - include ::glance - include ::glance::config - class { '::glance::api': - known_stores => $glance_store, - } - include ::glance::registry - include ::glance::notify::rabbitmq - include join(['::glance::backend::', $glance_backend]) +if hiera('step') >= 4 { + + $nova_ipv6 = hiera('nova::use_ipv6', false) + if $nova_ipv6 { + $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') + } else { + $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') + } class { '::nova' : - memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'), + memcached_servers => $memcached_servers } include ::nova::config include ::nova::api @@ -336,26 +289,25 @@ if hiera('step') >= 3 { include ::neutron::server include ::neutron::server::notifications - # If the value of core plugin is set to 'nuage' or 'opencontrail', - # include nuage or opencontrail core plugins, and it does not - # need the l3, dhcp and metadata agents + # If the value of core plugin is set to 'nuage' or'opencontrail' or 'plumgrid', + # include nuage or opencontrail or plumgrid core plugins + # else use the default value of 'ml2' if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { include ::neutron::plugins::nuage } elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { include ::neutron::plugins::opencontrail + } + elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { + class { '::neutron::plugins::plumgrid' : + connection => hiera('neutron::server::database_connection'), + controller_priv_host => hiera('keystone_admin_api_vip'), + admin_password => hiera('admin_password'), + metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), + } } else { include ::neutron::agents::l3 - include ::neutron::agents::dhcp include ::neutron::agents::metadata - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], - } - # If the value of core plugin is set to 'midonet', # skip all the ML2 configuration if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { @@ -400,13 +352,9 @@ if hiera('step') >= 3 { neutron_l3_agent_config { 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); } - neutron_dhcp_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } Service['neutron-server'] -> Service['neutron-ovs-agent-service'] } - Service['neutron-server'] -> Service['neutron-dhcp-service'] Service['neutron-server'] -> Service['neutron-l3'] Service['neutron-server'] -> Service['neutron-metadata'] } @@ -452,6 +400,7 @@ if hiera('step') >= 3 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : + backend_host => hiera('cinder::host'), rbd_pool => hiera('cinder_rbd_pool_name'), rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), @@ -597,12 +546,28 @@ if hiera('step') >= 3 { include ::ceilometer::expirer include ::ceilometer::collector include ::ceilometer::agent::auth + include ::ceilometer::dispatcher::gnocchi class { '::ceilometer::db' : database_connection => $ceilometer_database_connection, } Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } + # Aodh + class { '::aodh' : + database_connection => $ceilometer_database_connection, + } + include ::aodh::db::sync + # To manage the upgrade: + Exec['ceilometer-dbsync'] -> Exec['aodh-db-sync'] + include ::aodh::auth + include ::aodh::api + include ::aodh::wsgi::apache + include ::aodh::evaluator + include ::aodh::notifier + include ::aodh::listener + include ::aodh::client + # Heat class { '::heat' : notification_driver => 'messaging', @@ -619,6 +584,7 @@ if hiera('step') >= 3 { include ::sahara::service::engine # Horizon + include ::apache::mod::remoteip if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' } else { @@ -626,11 +592,38 @@ if hiera('step') >= 3 { } $neutron_options = {'profile_support' => $_profile_support } + $memcached_ipv6 = hiera('memcached_ipv6', false) + if $memcached_ipv6 { + $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') + } else { + $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') + } + class { '::horizon': - cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), + cache_server_ip => $horizon_memcached_servers, neutron_options => $neutron_options, } + # Gnocchi + $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string') + class { '::gnocchi': + database_connection => $gnocchi_database_connection, + } + include ::gnocchi::api + include ::gnocchi::wsgi::apache + include ::gnocchi::client + include ::gnocchi::db::sync + include ::gnocchi::storage + include ::gnocchi::metricd + include ::gnocchi::statsd + $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')) + case $gnocchi_backend { + 'swift': { include ::gnocchi::storage::swift } + 'file': { include ::gnocchi::storage::file } + 'rbd': { include ::gnocchi::storage::ceph } + default: { fail('Unrecognized gnocchi_backend parameter.') } + } + $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: authtype => 'MD5', @@ -643,17 +636,13 @@ if hiera('step') >= 3 { hiera_include('controller_classes') -} #END STEP 3 +} #END STEP 4 -if hiera('step') >= 4 { - $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true) +if hiera('step') >= 5 { $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) $heat_enable_db_purge = hiera('heat_enable_db_purge', true) - if $keystone_enable_db_purge { - include ::keystone::cron::token_flush - } if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } @@ -663,7 +652,23 @@ if hiera('step') >= 4 { if $heat_enable_db_purge { include ::heat::cron::purge_deleted } -} #END STEP 4 + + if downcase(hiera('bootstrap_nodeid')) == $::hostname { + # Class ::heat::keystone::domain has to run on bootstrap node + # because it creates DB entities via API calls. + include ::heat::keystone::domain + + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + } else { + # On non-bootstrap node we don't need to create Keystone resources again + class { '::heat::keystone::domain': + manage_domain => false, + manage_user => false, + manage_role => false, + } + } + +} #END STEP 5 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 7637029c..1890918e 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -18,6 +18,23 @@ Pcmk_resource <| |> { try_sleep => 3, } +# TODO(jistr): use pcs resource provider instead of just no-ops +Service <| + tag == 'aodh-service' or + tag == 'cinder-service' or + tag == 'ceilometer-service' or + tag == 'gnocchi-service' or + tag == 'heat-service' or + tag == 'neutron-service' or + tag == 'nova-service' or + tag == 'sahara-service' +|> { + hasrestart => true, + restart => '/bin/true', + start => '/bin/true', + stop => '/bin/true', +} + include ::tripleo::packages include ::tripleo::firewall @@ -34,8 +51,8 @@ $enable_load_balancer = hiera('enable_load_balancer', true) # When to start and enable services which haven't been Pacemakerized # FIXME: remove when we start all OpenStack services using Pacemaker -# (occurences of this variable will be gradually replaced with false) -$non_pcmk_start = hiera('step') >= 4 +# (occurrences of this variable will be gradually replaced with false) +$non_pcmk_start = hiera('step') >= 5 if hiera('step') >= 1 { @@ -64,13 +81,10 @@ if hiera('step') >= 1 { $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) if $corosync_ipv6 { - $cluster_setup_extras = { '--ipv6' => '' } + $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000), '--ipv6' => '' } } else { - $cluster_setup_extras = {} + $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000) } } - user { 'hacluster': - ensure => present, - } -> class { '::pacemaker': hacluster_pwd => hiera('hacluster_pwd'), } -> @@ -85,6 +99,10 @@ if hiera('step') >= 1 { if $enable_fencing { include ::tripleo::fencing + # enable stonith after all Pacemaker resources have been created + Pcmk_resource<||> -> Class['tripleo::fencing'] + Pcmk_constraint<||> -> Class['tripleo::fencing'] + Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing'] # enable stonith after all fencing devices have been created Class['tripleo::fencing'] -> Class['pacemaker::stonith'] } @@ -127,6 +145,7 @@ if hiera('step') >= 1 { if downcase(hiera('ceilometer_backend')) == 'mongodb' { include ::mongodb::globals + include ::mongodb::client class { '::mongodb::server' : service_manage => false, } @@ -169,8 +188,10 @@ if hiera('step') >= 1 { 'bind-address' => $::hostname, 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', + 'wsrep_on' => 'ON', 'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so', 'wsrep_cluster_name' => 'galera_cluster', + 'wsrep_cluster_address' => "gcomm://${galera_nodes}", 'wsrep_slave_threads' => '1', 'wsrep_certify_nonPK' => '1', 'wsrep_max_ws_rows' => '131072', @@ -236,183 +257,46 @@ if hiera('step') >= 2 { } $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip') - if is_ipv6_address($control_vip) { - $control_vip_netmask = '64' - } else { - $control_vip_netmask = '32' - } - pacemaker::resource::ip { 'control_vip': - ip_address => $control_vip, - cidr_netmask => $control_vip_netmask, - } - pacemaker::constraint::base { 'control_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${control_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['control_vip']], - } - pacemaker::constraint::colocation { 'control_vip-with-haproxy': - source => "ip-${control_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['control_vip']], + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip': + vip_name => 'control', + ip_address => $control_vip, } $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip') - if is_ipv6_address($public_vip) { - $public_vip_netmask = '64' - } else { - $public_vip_netmask = '32' - } - if $public_vip and $public_vip != $control_vip { - pacemaker::resource::ip { 'public_vip': - ip_address => $public_vip, - cidr_netmask => $public_vip_netmask, - } - pacemaker::constraint::base { 'public_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${public_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['public_vip']], - } - pacemaker::constraint::colocation { 'public_vip-with-haproxy': - source => "ip-${public_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['public_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip': + ensure => $public_vip and $public_vip != $control_vip, + vip_name => 'public', + ip_address => $public_vip, } $redis_vip = hiera('redis_vip') - if is_ipv6_address($redis_vip) { - $redis_vip_netmask = '64' - } else { - $redis_vip_netmask = '32' - } - if $redis_vip and $redis_vip != $control_vip { - pacemaker::resource::ip { 'redis_vip': - ip_address => $redis_vip, - cidr_netmask => $redis_vip_netmask, - } - pacemaker::constraint::base { 'redis_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${redis_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['redis_vip']], - } - pacemaker::constraint::colocation { 'redis_vip-with-haproxy': - source => "ip-${redis_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['redis_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip': + ensure => $redis_vip and $redis_vip != $control_vip, + vip_name => 'redis', + ip_address => $redis_vip, } + $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip') - if is_ipv6_address($internal_api_vip) { - $internal_api_vip_netmask = '64' - } else { - $internal_api_vip_netmask = '32' - } - if $internal_api_vip and $internal_api_vip != $control_vip { - pacemaker::resource::ip { 'internal_api_vip': - ip_address => $internal_api_vip, - cidr_netmask => $internal_api_vip_netmask, - } - pacemaker::constraint::base { 'internal_api_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${internal_api_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['internal_api_vip']], - } - pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy': - source => "ip-${internal_api_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['internal_api_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip': + ensure => $internal_api_vip and $internal_api_vip != $control_vip, + vip_name => 'internal_api', + ip_address => $internal_api_vip, } $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip') - if is_ipv6_address($storage_vip) { - $storage_vip_netmask = '64' - } else { - $storage_vip_netmask = '32' - } - if $storage_vip and $storage_vip != $control_vip { - pacemaker::resource::ip { 'storage_vip': - ip_address => $storage_vip, - cidr_netmask => $storage_vip_netmask, - } - pacemaker::constraint::base { 'storage_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${storage_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_vip']], - } - pacemaker::constraint::colocation { 'storage_vip-with-haproxy': - source => "ip-${storage_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip': + ensure => $storage_vip and $storage_vip != $control_vip, + vip_name => 'storage', + ip_address => $storage_vip, } $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip') - if is_ipv6_address($storage_mgmt_vip) { - $storage_mgmt_vip_netmask = '64' - } else { - $storage_mgmt_vip_netmask = '32' + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip': + ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip, + vip_name => 'storage_mgmt', + ip_address => $storage_mgmt_vip, } - if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip { - pacemaker::resource::ip { 'storage_mgmt_vip': - ip_address => $storage_mgmt_vip, - cidr_netmask => $storage_mgmt_vip_netmask, - } - pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${storage_mgmt_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_mgmt_vip']], - } - pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy': - source => "ip-${storage_mgmt_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_mgmt_vip']], - } - } - } pacemaker::resource::service { $::memcached::params::service_name : @@ -497,12 +381,6 @@ MYSQL_HOST=localhost\n", # Create all the database schemas if $sync_db { - class { '::keystone::db::mysql': - require => Exec['galera-ready'], - } - class { '::glance::db::mysql': - require => Exec['galera-ready'], - } class { '::nova::db::mysql': require => Exec['galera-ready'], } @@ -525,6 +403,11 @@ MYSQL_HOST=localhost\n", } } + if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { + class { '::gnocchi::db::mysql': + require => Exec['galera-ready'], + } + } class { '::sahara::db::mysql': require => Exec['galera-ready'], } @@ -586,82 +469,7 @@ MYSQL_HOST=localhost\n", } #END STEP 2 -if hiera('step') >= 3 { - - class { '::keystone': - sync_db => $sync_db, - manage_service => false, - enabled => false, - enable_bootstrap => $pacemaker_master, - } - include ::keystone::config - - #TODO: need a cleanup-keystone-tokens.sh solution here - - file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: - ensure => 'directory', - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - } - file { '/etc/keystone/ssl/certs/signing_cert.pem': - content => hiera('keystone_signing_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - file { '/etc/keystone/ssl/private/signing_key.pem': - content => hiera('keystone_signing_key'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/private'], - } - file { '/etc/keystone/ssl/certs/ca.pem': - content => hiera('keystone_ca_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - - $glance_backend = downcase(hiera('glance_backend', 'swift')) - case $glance_backend { - 'swift': { $backend_store = 'glance.store.swift.Store' } - 'file': { $backend_store = 'glance.store.filesystem.Store' } - 'rbd': { $backend_store = 'glance.store.rbd.Store' } - default: { fail('Unrecognized glance_backend parameter.') } - } - $http_store = ['glance.store.http.Store'] - $glance_store = concat($http_store, $backend_store) - - if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) { - $secontext = 'context="system_u:object_r:glance_var_lib_t:s0"' - pacemaker::resource::filesystem { 'glance-fs': - device => hiera('glance_file_pcmk_device'), - directory => hiera('glance_file_pcmk_directory'), - fstype => hiera('glance_file_pcmk_fstype'), - fsoptions => join([$secontext, hiera('glance_file_pcmk_options', '')],','), - clone_params => '', - } - } - - # TODO: notifications, scrubber, etc. - include ::glance - include ::glance::config - class { '::glance::api': - known_stores => $glance_store, - manage_service => false, - enabled => false, - } - class { '::glance::registry' : - sync_db => $sync_db, - manage_service => false, - enabled => false, - } - include ::glance::notify::rabbitmq - include join(['::glance::backend::', $glance_backend]) +if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { $nova_ipv6 = hiera('nova::use_ipv6', false) if $nova_ipv6 { @@ -776,17 +584,12 @@ if hiera('step') >= 3 { keystone_password => hiera('neutron::server::auth_password') } } - if hiera('neutron::enable_dhcp_agent',true) { - class { '::neutron::agents::dhcp' : - manage_service => false, - enabled => false, - } - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], + if hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { + class { '::neutron::plugins::plumgrid' : + connection => hiera('neutron::server::database_connection'), + controller_priv_host => hiera('keystone_admin_api_vip'), + admin_password => hiera('admin_password'), + metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), } } if hiera('neutron::enable_l3_agent',true) { @@ -835,12 +638,6 @@ if hiera('step') >= 3 { neutron_l3_agent_config { 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); } - neutron_dhcp_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } - neutron_config { - 'DEFAULT/notification_driver': value => 'messaging'; - } include ::cinder include ::cinder::config @@ -893,6 +690,7 @@ if hiera('step') >= 3 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : + backend_host => hiera('cinder::host'), rbd_pool => hiera('cinder_rbd_pool_name'), rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), @@ -1080,6 +878,7 @@ if hiera('step') >= 3 { sync_db => $sync_db, } include ::ceilometer::agent::auth + include ::ceilometer::dispatcher::gnocchi Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } @@ -1112,7 +911,7 @@ if hiera('step') >= 3 { service_enable => false, # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? } - include ::keystone::wsgi::apache + include ::apache::mod::remoteip include ::apache::mod::status if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' @@ -1120,11 +919,79 @@ if hiera('step') >= 3 { $_profile_support = 'None' } $neutron_options = {'profile_support' => $_profile_support } + + $memcached_ipv6 = hiera('memcached_ipv6', false) + if $memcached_ipv6 { + $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') + } else { + $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') + } + class { '::horizon': - cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), + cache_server_ip => $horizon_memcached_servers, neutron_options => $neutron_options, } + # Aodh + class { '::aodh' : + database_connection => $ceilometer_database_connection, + } + include ::aodh::config + include ::aodh::auth + include ::aodh::client + include ::aodh::wsgi::apache + class { '::aodh::api': + manage_service => false, + enabled => false, + service_name => 'httpd', + } + class { '::aodh::evaluator': + manage_service => false, + enabled => false, + } + class { '::aodh::notifier': + manage_service => false, + enabled => false, + } + class { '::aodh::listener': + manage_service => false, + enabled => false, + } + + # Gnocchi + $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string') + include ::gnocchi::client + if $sync_db { + include ::gnocchi::db::sync + } + include ::gnocchi::storage + $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')) + case $gnocchi_backend { + 'swift': { include ::gnocchi::storage::swift } + 'file': { include ::gnocchi::storage::file } + 'rbd': { include ::gnocchi::storage::ceph } + default: { fail('Unrecognized gnocchi_backend parameter.') } + } + class { '::gnocchi': + database_connection => $gnocchi_database_connection, + } + class { '::gnocchi::api' : + manage_service => false, + enabled => false, + service_name => 'httpd', + } + class { '::gnocchi::wsgi::apache' : + ssl => false, + } + class { '::gnocchi::metricd' : + manage_service => false, + enabled => false, + } + class { '::gnocchi::statsd' : + manage_service => false, + enabled => false, + } + $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: authtype => 'MD5', @@ -1137,17 +1004,13 @@ if hiera('step') >= 3 { hiera_include('controller_classes') -} #END STEP 3 +} #END STEP 4 -if hiera('step') >= 4 { - $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true) +if hiera('step') >= 5 { $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) $heat_enable_db_purge = hiera('heat_enable_db_purge', true) - if $keystone_enable_db_purge { - include ::keystone::cron::token_flush - } if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } @@ -1160,18 +1023,6 @@ if hiera('step') >= 4 { if $pacemaker_master { - if $enable_load_balancer { - pacemaker::constraint::base { 'haproxy-then-keystone-constraint': - constraint_type => 'order', - first_resource => 'haproxy-clone', - second_resource => 'openstack-core-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ocf['openstack-core']], - } - } - pacemaker::constraint::base { 'openstack-core-then-httpd-constraint': constraint_type => 'order', first_resource => 'openstack-core-clone', @@ -1181,15 +1032,6 @@ if hiera('step') >= 4 { require => [Pacemaker::Resource::Service[$::apache::params::service_name], Pacemaker::Resource::Ocf['openstack-core']], } - pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint': - constraint_type => 'order', - first_resource => 'rabbitmq-clone', - second_resource => 'openstack-core-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['rabbitmq'], - Pacemaker::Resource::Ocf['openstack-core']], - } pacemaker::constraint::base { 'memcached-then-openstack-core-constraint': constraint_type => 'order', first_resource => 'memcached-clone', @@ -1278,79 +1120,22 @@ if hiera('step') >= 4 { require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], Pacemaker::Resource::Ocf['openstack-core']], } - - # Glance - pacemaker::resource::service { $::glance::params::registry_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::glance::params::api_service_name : - clone_params => 'interleave=true', - } - - pacemaker::constraint::base { 'keystone-then-glance-registry-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::glance::params::registry_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': + pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint': constraint_type => 'order', - first_resource => "${::glance::params::registry_service_name}-clone", - second_resource => "${::glance::params::api_service_name}-clone", + first_resource => "${::sahara::params::api_service_name}-clone", + second_resource => "${::sahara::params::engine_service_name}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], - } - pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation': - source => "${::glance::params::api_service_name}-clone", - target => "${::glance::params::registry_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], - } - - if hiera('step') == 4 { - # Neutron - # NOTE(gfidente): Neutron will try to populate the database with some data - # as soon as neutron-server is started; to avoid races we want to make this - # happen only on one node, before normal Pacemaker initialization - # https://bugzilla.redhat.com/show_bug.cgi?id=1233061 - # NOTE(emilien): we need to run this Exec only at Step 4 otherwise this exec - # will try to start the service while it's already started by Pacemaker - # It would result to a deployment failure since systemd would return 1 to Puppet - # and the overcloud would fail to deploy (6 would be returned). - # This conditional prevents from a race condition during the deployment. - # https://bugzilla.redhat.com/show_bug.cgi?id=1290582 - exec { 'neutron-server-systemd-start-sleep' : - command => 'systemctl start neutron-server && /usr/bin/sleep 5', - path => '/usr/bin', - unless => '/sbin/pcs resource show neutron-server', - } -> - pacemaker::resource::service { $::neutron::params::server_service: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'] - } - } else { - pacemaker::resource::service { $::neutron::params::server_service: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'] - } + require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], + Pacemaker::Resource::Service[$::sahara::params::engine_service_name]], } + if hiera('neutron::enable_l3_agent', true) { pacemaker::resource::service { $::neutron::params::l3_agent_service: clone_params => 'interleave=true', } } - if hiera('neutron::enable_dhcp_agent', true) { - pacemaker::resource::service { $::neutron::params::dhcp_agent_service: - clone_params => 'interleave=true', - } - } + if hiera('neutron::enable_ovs_agent', true) { pacemaker::resource::service { $::neutron::params::ovs_agent_service: clone_params => 'interleave=true', @@ -1410,81 +1195,6 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], } } - pacemaker::constraint::base { 'keystone-to-neutron-server-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::neutron::params::server_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::neutron::params::server_service]], - } - if hiera('neutron::enable_ovs_agent',true) { - pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_agent_service}-clone", - second_resource => "${::neutron::params::dhcp_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - } - if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) { - pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - - pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': - source => "${::neutron::params::dhcp_agent_service}-clone", - target => "${::neutron::params::ovs_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - } - if hiera('neutron::enable_dhcp_agent',true) and hiera('l3_agent_service',true) { - pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::dhcp_agent_service}-clone", - second_resource => "${::neutron::params::l3_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] - } - pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation': - source => "${::neutron::params::l3_agent_service}-clone", - target => "${::neutron::params::dhcp_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] - } - } - if hiera('neutron::enable_l3_agent',true) and hiera('neutron::enable_metadata_agent',true) { - pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::l3_agent_service}-clone", - second_resource => "${::neutron::params::metadata_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] - } - pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation': - source => "${::neutron::params::metadata_agent_service}-clone", - target => "${::neutron::params::l3_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] - } - } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { #midonet-chain chain keystone-->neutron-server-->dhcp-->metadata->tomcat pacemaker::constraint::base { 'neutron-server-to-dhcp-agent-constraint': @@ -1615,7 +1325,7 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], } - # Ceilometer + # Ceilometer and Aodh case downcase(hiera('ceilometer_backend')) { /mysql/: { pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: @@ -1648,8 +1358,10 @@ if hiera('step') >= 4 { # Fedora doesn't know `require-all` parameter for constraints yet if $::operatingsystem == 'Fedora' { $redis_ceilometer_constraint_params = undef + $redis_aodh_constraint_params = undef } else { $redis_ceilometer_constraint_params = 'require-all=false' + $redis_aodh_constraint_params = 'require-all=false' } pacemaker::constraint::base { 'redis-then-ceilometer-central-constraint': constraint_type => 'order', @@ -1661,6 +1373,16 @@ if hiera('step') >= 4 { require => [Pacemaker::Resource::Ocf['redis'], Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name]], } + pacemaker::constraint::base { 'redis-then-aodh-evaluator-constraint': + constraint_type => 'order', + first_resource => 'redis-master', + second_resource => "${::aodh::params::evaluator_service_name}-clone", + first_action => 'promote', + second_action => 'start', + constraint_params => $redis_aodh_constraint_params, + require => [Pacemaker::Resource::Ocf['redis'], + Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name]], + } pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint': constraint_type => 'order', first_resource => 'openstack-core-clone', @@ -1670,6 +1392,15 @@ if hiera('step') >= 4 { require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], Pacemaker::Resource::Ocf['openstack-core']], } + pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint': + constraint_type => 'order', + first_resource => 'openstack-core-clone', + second_resource => "${::ceilometer::params::agent_notification_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint': constraint_type => 'order', first_resource => "${::ceilometer::params::agent_central_service_name}-clone", @@ -1711,6 +1442,64 @@ if hiera('step') >= 4 { require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], Pacemaker::Resource::Ocf['delay']], } + # Aodh + pacemaker::resource::service { $::aodh::params::evaluator_service_name : + clone_params => 'interleave=true', + } + pacemaker::resource::service { $::aodh::params::notifier_service_name : + clone_params => 'interleave=true', + } + pacemaker::resource::service { $::aodh::params::listener_service_name : + clone_params => 'interleave=true', + } + pacemaker::constraint::base { 'aodh-delay-then-aodh-evaluator-constraint': + constraint_type => 'order', + first_resource => 'delay-clone', + second_resource => "${::aodh::params::evaluator_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], + Pacemaker::Resource::Ocf['delay']], + } + pacemaker::constraint::colocation { 'aodh-evaluator-with-aodh-delay-colocation': + source => "${::aodh::params::evaluator_service_name}-clone", + target => 'delay-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], + Pacemaker::Resource::Ocf['delay']], + } + pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint': + constraint_type => 'order', + first_resource => "${::aodh::params::evaluator_service_name}-clone", + second_resource => "${::aodh::params::notifier_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], + Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], + } + pacemaker::constraint::colocation { 'aodh-notifier-with-aodh-evaluator-colocation': + source => "${::aodh::params::notifier_service_name}-clone", + target => "${::aodh::params::evaluator_service_name}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], + Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], + } + pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint': + constraint_type => 'order', + first_resource => "${::aodh::params::evaluator_service_name}-clone", + second_resource => "${::aodh::params::listener_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], + Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], + } + pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation': + source => "${::aodh::params::listener_service_name}-clone", + target => "${::aodh::params::evaluator_service_name}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], + Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], + } if downcase(hiera('ceilometer_backend')) == 'mongodb' { pacemaker::constraint::base { 'mongodb-then-ceilometer-central-constraint': constraint_type => 'order', @@ -1723,6 +1512,30 @@ if hiera('step') >= 4 { } } + # gnocchi + pacemaker::resource::service { $::gnocchi::params::metricd_service_name : + clone_params => 'interleave=true', + } + pacemaker::resource::service { $::gnocchi::params::statsd_service_name : + clone_params => 'interleave=true', + } + pacemaker::constraint::base { 'gnocchi-metricd-then-gnocchi-statsd-constraint': + constraint_type => 'order', + first_resource => "${::gnocchi::params::metricd_service_name}-clone", + second_resource => "${::gnocchi::params::statsd_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], + Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], + } + pacemaker::constraint::colocation { 'gnocchi-statsd-with-metricd-colocation': + source => "${::gnocchi::params::statsd_service_name}-clone", + target => "${::gnocchi::params::metricd_service_name}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], + Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], + } + # Heat pacemaker::resource::service { $::heat::params::api_service_name : clone_params => 'interleave=true', @@ -1736,15 +1549,6 @@ if hiera('step') >= 4 { pacemaker::resource::service { $::heat::params::engine_service_name : clone_params => 'interleave=true', } - pacemaker::constraint::base { 'keystone-then-heat-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::heat::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint': constraint_type => 'order', first_resource => "${::heat::params::api_service_name}-clone", @@ -1839,20 +1643,6 @@ if hiera('step') >= 4 { } -} #END STEP 4 - -if hiera('step') >= 5 { - - if $pacemaker_master { - - class {'::keystone::roles::admin' : - require => Pacemaker::Resource::Service[$::apache::params::service_name], - } -> - class {'::keystone::endpoint' : - require => Pacemaker::Resource::Service[$::apache::params::service_name], - } - } - } #END STEP 5 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp index 2d880d33..a623da29 100644 --- a/puppet/manifests/ringbuilder.pp +++ b/puppet/manifests/ringbuilder.pp @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages - define add_devices( $swift_zones = '1' ){ @@ -91,6 +89,6 @@ class tripleo::ringbuilder ( } } -include ::tripleo::ringbuilder - -package_manifest{'/var/lib/tripleo/installed-packages/ringbuilder': ensure => present} +if hiera('step') >= 3 { + include ::tripleo::ringbuilder +} diff --git a/puppet/services/README.rst b/puppet/services/README.rst new file mode 100644 index 00000000..38d2ac64 --- /dev/null +++ b/puppet/services/README.rst @@ -0,0 +1,50 @@ +======== +services +======== + +A TripleO nested stack Heat template that encapsulates generic configuration +data to configure a specific service. This generally includes everything +needed to configure the service excluding the local bind ports which +are still managed in the per-node role templates directly (controller.yaml, +compute.yaml, etc.). All other (global) service settings go into +the puppet/service templates. + +Input Parameters +---------------- + +Each service may define its own input parameters and defaults. +Operators will use the parameter_defaults section of any Heat +environment to set per service parameters. + +Config Settings +--------------- + +Each service may define a config_settings output variable which returns +Hiera settings to be configured. + +Steps +----- + +Each service may define an output variable which returns a puppet manifest +snippet that will run at each of the following steps. Earlier manifests +are re-asserted when applying latter ones. + + * config_settings: Custom hiera settings for this service. + + * step_config: A puppet manifest that is used to step through the deployment + sequence. Each sequence is given a "step" (via hiera('step') that provides + information for when puppet classes should activate themselves. + + Steps correlate to the following: + + 1) Load Balancer configuration + + 2) Core Services (Database/Rabbit/NTP/etc.) + + 3) Early Openstack Service setup (Ringbuilder, etc.) + + 4) General OpenStack Services + + 5) Service activation (Pacemaker) + + 6) Fencing (Pacemaker) diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml new file mode 100644 index 00000000..ca50d91d --- /dev/null +++ b/puppet/services/glance-api.yaml @@ -0,0 +1,102 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + GlanceNotifierStrategy: + description: Strategy to use for Glance notification queue + type: string + default: noop + GlanceLogFile: + description: The filepath of the file to use for logging messages from Glance. + type: string + default: '' + GlancePassword: + description: The password for the glance service and db account, used by the glance services. + type: string + hidden: true + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + GlanceWorkers: + default: 0 + description: Number of workers for Glance service. + type: number + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + +outputs: + role_data: + description: Role data for the Glance API role. + value: + config_settings: + glance_dsn: &glance_dsn + list_join: + - '' + - - 'mysql+pymysql://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/glance' + glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} + glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::api::registry_host: + str_replace: + template: "'REGISTRY_HOST'" + params: + REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} + glance::api::keystone_password: {get_param: GlancePassword} + glance::api::debug: {get_param: Debug} + glance::api::workers: {get_param: GlanceWorkers} + glance_notifier_strategy: {get_param: GlanceNotifierStrategy} + glance_log_file: {get_param: GlanceLogFile} + glance::api::database_connection: *glance_dsn + glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::backend::swift::swift_store_user: service:glance + glance::backend::swift::swift_store_key: {get_param: GlancePassword} + glance_backend: {get_param: GlanceBackend} + glance::db::mysql::password: {get_param: GlancePassword} + glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} + glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} + glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} + glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} + glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} + glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} + glance::keystone::auth::password: {get_param: GlancePassword } + step_config: | + include ::tripleo::profile::base::glance::api diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml new file mode 100644 index 00000000..1a1a515a --- /dev/null +++ b/puppet/services/glance-registry.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance Registry service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + GlancePassword: + description: The password for the glance service and db account, used by the glance services. + type: string + hidden: true + GlanceWorkers: + default: 0 + description: Number of workers for Glance service. + type: number + +outputs: + role_data: + description: Role data for the Glance Registry role. + value: + config_settings: + glance_dsn: &glance_dsn + list_join: + - '' + - - 'mysql+pymysql://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/glance' + glance::registry::keystone_password: {get_param: GlancePassword} + glance::registry::database_connection: *glance_dsn + glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::registry::debug: {get_param: Debug} + glance::registry::workers: {get_param: GlanceWorkers} + step_config: | + include ::tripleo::profile::base::glance::registry diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml new file mode 100644 index 00000000..1654f0e7 --- /dev/null +++ b/puppet/services/keystone.yaml @@ -0,0 +1,135 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Keystone service configured with Puppet + +parameters: + KeystoneCACertificate: + default: '' + description: Keystone self-signed certificate authority certificate. + type: string + KeystoneEnableDBPurge: + default: true + description: | + Whether to create cron job for purging soft deleted rows in Keystone database. + type: boolean + KeystoneSigningCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSigningKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + KeystoneWorkers: + default: 0 + description: Number of workers for Keystone service. + type: number + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + type: string + default: '' + AdminEmail: + default: 'admin@example.com' + description: The email for the keystone admin account. + type: string + hidden: true + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + AdminToken: + description: The keystone auth secret and db password. + type: string + hidden: true + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Role data for the Keystone role. + value: + config_settings: + keystone_dsn: &keystone_dsn + list_join: + - '' + - - 'mysql+pymysql://keystone:' + - {get_param: AdminToken} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/keystone' + keystone::database_connection: *keystone_dsn + keystone::admin_token: {get_param: AdminToken} + keystone::roles::admin::password: {get_param: AdminPassword} + keystone_ca_certificate: {get_param: KeystoneCACertificate} + keystone_signing_key: {get_param: KeystoneSigningKey} + keystone_signing_certificate: {get_param: KeystoneSigningCertificate} + keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} + keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::debug: {get_param: Debug} + keystone::db::mysql::password: {get_param: AdminToken} + keystone::rabbit_userid: {get_param: RabbitUserName} + keystone::rabbit_password: {get_param: RabbitPassword} + keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + keystone::rabbit_port: {get_param: RabbitClientPort} + keystone::notification_driver: {get_param: KeystoneNotificationDriver} + keystone::notification_format: {get_param: KeystoneNotificationFormat} + keystone::roles::admin::email: {get_param: AdminEmail} + keystone::roles::admin::password: {get_param: AdminPassword} + keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + keystone::endpoint::region: {get_param: KeystoneRegion} + keystone::admin_workers: {get_param: KeystoneWorkers} + keystone::public_workers: {get_param: KeystoneWorkers} + keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} + keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + step_config: | + include ::tripleo::profile::base::keystone diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml new file mode 100644 index 00000000..b34bdd22 --- /dev/null +++ b/puppet/services/neutron-base.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron base service. Shared for all Neutron agents. + +parameters: + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + NeutronDhcpAgentsPerNetwork: + type: number + default: 3 + description: The number of neutron dhcp agents to schedule per network + Debug: + type: string + default: '' + description: Set to True to enable debugging on all services. + +outputs: + role_data: + description: Role data for the Neutron base service. + value: + config_settings: + neutron::rabbit_password: {get_param: RabbitPassword} + neutron::rabbit_user: {get_param: RabbitUserName} + neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + neutron::rabbit_port: {get_param: RabbitClientPort} + neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} + neutron::debug: {get_param: Debug} diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml new file mode 100644 index 00000000..548b4ba0 --- /dev/null +++ b/puppet/services/neutron-dhcp.yaml @@ -0,0 +1,56 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron DHCP agent configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + NeutronEnableIsolatedMetadata: + default: 'False' + description: If True, DHCP provide metadata route to VM. + type: string + NeutronDnsmasqOptions: + default: 'dhcp-option-force=26,%MTU%' + description: > + Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU + to be set to the value of NeutronTenantMtu, which should be set to account + for tunnel overhead. + type: string + NeutronTenantMtu: + description: > + The default MTU for tenant networks. For VXLAN/GRE tunneling, this should + be at least 50 bytes smaller than the MTU on the physical network. This + value will be used to set the MTU on the virtual Ethernet device. + This value will be used to construct the NeutronDnsmasqOptions, since that + will determine the MTU that is assigned to the VM host through DHCP. + default: "1400" + type: string + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron DHCP agent service. + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf + tripleo::profile::base::neutron::dhcp: + str_replace: + template: {get_param: NeutronDnsmasqOptions} + params: + '%MTU%': {get_param: NeutronTenantMtu} + neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + step_config: | + include tripleo::profile::base::neutron::dhcp diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml new file mode 100644 index 00000000..815eb5bf --- /dev/null +++ b/puppet/services/pacemaker/glance-api.yaml @@ -0,0 +1,60 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance API service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + GlanceFilePcmkDevice: + default: '' + description: > + An exported storage device that should be mounted by Pacemaker + as Glance storage. Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkFstype: + default: 'nfs' + description: > + Filesystem type for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkManage: + default: false + description: > + Whether to make Glance file backend a mount managed by Pacemaker. + Effective when GlanceBackend is 'file'. + type: boolean + GlanceFilePcmkOptions: + default: '' + description: > + Mount options for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + +resources: + + GlanceApiBase: + type: ../glance-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Glance role. + value: + config_settings: + map_merge: + - get_attr: [GlanceApiBase, role_data, config_settings] + - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} + glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} + glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} + glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} + step_config: | + include ::tripleo::profile::pacemaker::glance diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml new file mode 100644 index 00000000..56353459 --- /dev/null +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance Registry service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + GlanceRegistryBase: + type: ../glance-registry.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Glance role. + value: + config_settings: + get_attr: [GlanceRegistryBase, role_data, config_settings] + # No puppet manifests since glance-registry is included in + # ::tripleo::profile::pacemaker::glance which is maintained alongside of + # pacemaker/glance-api.yaml. + step_config: diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml new file mode 100644 index 00000000..8fcab15f --- /dev/null +++ b/puppet/services/pacemaker/keystone.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Keystone service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + KeystoneServiceBase: + type: ../keystone.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Keystone pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [KeystoneServiceBase, role_data, config_settings] + #- + # custom keystone hiera goes here if we need it!? + step_config: | + include ::tripleo::profile::pacemaker::keystone diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml new file mode 100644 index 00000000..4be711ca --- /dev/null +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron DHCP service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + NeutronDhcpBase: + type: ../neutron-dhcp.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Neutron DHCP role. + value: + config_settings: + map_merge: + - get_attr: [NeutronDhcpBase, role_data, config_settings] + - tripleo::profile::pacemaker::neutron::enable_dhcp: True + step_config: | + include ::tripleo::profile::pacemaker::neutron::dhcp diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml new file mode 100644 index 00000000..f9681634 --- /dev/null +++ b/puppet/services/services.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + Utility stack to convert an array of services into a set of combined + role configs. + +parameters: + Services: + default: [] + description: | + List nested stack service templates. + type: comma_delimited_list + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + default: '' + type: string + description: The URI virtual IP for the MySQL service. + +resources: + + ServiceChain: + type: OS::Heat::ResourceChain + properties: + resources: {get_param: Services} + concurrent: true + resource_properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + config_settings: + description: Configuration settings. + value: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} + step_config: + description: Step configuration. + value: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index c26aca77..296428db 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -30,6 +30,10 @@ parameters: default: 10 description: Partition Power to use when building Swift rings type: number + RingBuild: + default: true + description: Whether to manage Swift rings or not + type: boolean Replicas: type: number default: 3 @@ -252,6 +256,7 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} @@ -263,17 +268,14 @@ resources: raw_data: {get_file: hieradata/object.yaml} mapped_data: # data supplied directly to this deployment configuration, etc swift::swift_hash_suffix: { get_input: swift_hash_suffix } + tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: { get_input: swift_part_power } tripleo::ringbuilder::replicas: {get_input: swift_replicas } - # Swift swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} swift_mount_check: {get_input: swift_mount_check } tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} - # NOTE(dprince): build_ring support is currently not wired in. - # See: https://review.openstack.org/#/c/109225/ - tripleo::ringbuilder::build_ring: True snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} tripleo::packages::enable_install: {get_input: enable_package_install} @@ -294,6 +296,7 @@ resources: swift_hash_suffix: {get_param: HashSuffix} swift_mount_check: {get_param: MountCheck} swift_min_part_hours: {get_param: MinPartHours} + swift_ring_build: {get_param: RingBuild} swift_part_power: {get_param: PartPower} swift_replicas: { get_param: Replicas} ntp_servers: {get_param: NtpServer} @@ -335,12 +338,12 @@ outputs: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST - STORAGEIP STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST - TENANTIP TENANTHOST - MANAGEMENTIP MANAGEMENTHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -348,37 +351,37 @@ outputs: EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - management nova_server_resource: diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index 5e2f698f..3e8e9182 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -26,6 +26,8 @@ resources: nova_api_vip: {get_input: nova_api_vip} nova_metadata_vip: {get_input: nova_metadata_vip} ceilometer_api_vip: {get_input: ceilometer_api_vip} + aodh_api_vip: {get_input: aodh_api_vip} + gnocchi_api_vip: {get_input: gnocchi_api_vip} heat_api_vip: {get_input: heat_api_vip} horizon_vip: {get_input: horizon_vip} redis_vip: {get_input: redis_vip} diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index fe690d8c..2da873d0 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -24,10 +24,19 @@ def exit_usage(): def validate(filename): print('Validating %s' % filename) try: - yaml.load(open(filename).read()) + tpl = yaml.load(open(filename).read()) except Exception: print(traceback.format_exc()) return 1 + # yaml is OK, now walk the parameters and output a warning for unused ones + for p in tpl.get('parameters', {}): + str_p = '\'%s\'' % p + in_resources = str_p in str(tpl.get('resources', {})) + in_outputs = str_p in str(tpl.get('outputs', {})) + if not in_resources and not in_outputs: + print('Warning: parameter %s in template %s appears to be unused' + % (p, filename)) + return 0 if len(sys.argv) < 2: diff --git a/validation-scripts/all-nodes.sh b/validation-scripts/all-nodes.sh index 31b4d6bf..1c834e76 100644 --- a/validation-scripts/all-nodes.sh +++ b/validation-scripts/all-nodes.sh @@ -1,6 +1,25 @@ #!/bin/bash set -e +function ping_retry() { + local IP_ADDR=$1 + local TIMES=${2:-'10'} + local COUNT=0 + local PING_CMD=ping + if [[ $IP_ADDR =~ ":" ]]; then + PING_CMD=ping6 + fi + until [ $COUNT -ge $TIMES ]; do + if $PING_CMD -W 300 -c 1 $IP_ADDR &> /dev/null; then + echo "Ping to $IP_ADDR succeeded." + return 0 + fi + echo "Ping to $IP_ADDR failed. Retrying..." + COUNT=$(($COUNT + 1)) + done + return 1 +} + # For each unique remote IP (specified via Heat) we check to # see if one of the locally configured networks matches and if so we # attempt a ping test the remote network IP. @@ -9,17 +28,15 @@ function ping_controller_ips() { for REMOTE_IP in $(echo $REMOTE_IPS | sed -e "s| |\n|g" | sort -u); do if [[ $REMOTE_IP =~ ":" ]]; then networks=$(ip -6 r | grep -v default | cut -d " " -f 1 | grep -v "unreachable") - ping=ping6 else networks=$(ip r | grep -v default | cut -d " " -f 1) - ping=ping fi for LOCAL_NETWORK in $networks; do in_network=$(python -c "import ipaddr; net=ipaddr.IPNetwork('$LOCAL_NETWORK'); addr=ipaddr.IPAddress('$REMOTE_IP'); print(addr in net)") if [[ $in_network == "True" ]]; then - echo -n "Trying to ping $REMOTE_IP for local network $LOCAL_NETWORK..." + echo "Trying to ping $REMOTE_IP for local network ${LOCAL_NETWORK}." set +e - if ! $ping -W 300 -c 1 $REMOTE_IP &> /dev/null; then + if ! ping_retry $REMOTE_IP; then echo "FAILURE" echo "$REMOTE_IP is not pingable. Local Network: $LOCAL_NETWORK" >&2 exit 1 @@ -40,7 +57,7 @@ function ping_default_gateways() { set +e for GW in $DEFAULT_GW; do echo -n "Trying to ping default gateway ${GW}..." - if ! ping -c 1 $GW &> /dev/null; then + if ! ping_retry $GW; then echo "FAILURE" echo "$GW is not pingable." exit 1 |