aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rw-r--r--Gemfile24
-rw-r--r--Rakefile6
-rw-r--r--docker/README-containers.md2
-rw-r--r--docker/firstboot/start_docker_agents.sh5
-rw-r--r--environments/docker-rdo.yaml2
-rw-r--r--environments/net-bond-with-vlans-no-external.yaml26
-rw-r--r--environments/net-multiple-nics.yaml13
-rw-r--r--environments/net-single-nic-with-vlans-no-external.yaml25
-rw-r--r--environments/network-isolation-no-tunneling.yaml37
-rw-r--r--environments/puppet-ceph-external.yaml9
-rwxr-xr-xextraconfig/tasks/yum_update.sh114
-rw-r--r--net-config-linux-bridge.yaml73
-rw-r--r--network/config/bond-with-vlans/README.md12
-rw-r--r--network/config/bond-with-vlans/controller-no-external.yaml114
-rw-r--r--network/config/bond-with-vlans/controller.yaml3
-rw-r--r--network/config/multiple-nics/README.md21
-rw-r--r--network/config/multiple-nics/ceph-storage.yaml113
-rw-r--r--network/config/multiple-nics/cinder-storage.yaml120
-rw-r--r--network/config/multiple-nics/compute.yaml116
-rw-r--r--network/config/multiple-nics/controller.yaml152
-rw-r--r--network/config/multiple-nics/swift-storage.yaml120
-rw-r--r--network/config/single-nic-vlans/README.md12
-rw-r--r--network/config/single-nic-vlans/controller-no-external.yaml99
-rw-r--r--network/endpoints/endpoint.yaml60
-rw-r--r--network/endpoints/endpoint_map.yaml450
-rw-r--r--os-apply-config/ceph-cluster-config.yaml14
-rw-r--r--os-apply-config/compute.yaml7
-rw-r--r--os-apply-config/controller.yaml17
-rw-r--r--overcloud-resource-registry-puppet.yaml4
-rw-r--r--overcloud-resource-registry.yaml4
-rw-r--r--overcloud-without-mergepy.yaml72
-rw-r--r--puppet/ceph-cluster-config.yaml37
-rw-r--r--puppet/ceph-storage.yaml9
-rw-r--r--puppet/cinder-storage.yaml31
-rw-r--r--puppet/compute.yaml63
-rw-r--r--puppet/controller.yaml125
-rw-r--r--puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml10
-rw-r--r--puppet/extraconfig/ceph/ceph-external-config.yaml36
-rw-r--r--puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml5
-rw-r--r--puppet/hieradata/ceph.yaml9
-rw-r--r--puppet/hieradata/common.yaml2
-rw-r--r--puppet/hieradata/compute.yaml4
-rw-r--r--puppet/hieradata/controller.yaml3
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp8
-rw-r--r--puppet/manifests/overcloud_compute.pp29
-rw-r--r--puppet/manifests/overcloud_controller.pp106
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp628
-rw-r--r--puppet/manifests/overcloud_object.pp8
-rw-r--r--puppet/manifests/overcloud_volume.pp4
-rw-r--r--puppet/manifests/ringbuilder.pp22
-rw-r--r--puppet/swift-storage.yaml9
52 files changed, 2422 insertions, 574 deletions
diff --git a/.gitignore b/.gitignore
index 3035c9e..6996d50 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,6 +45,8 @@ nosetests.xml
*~
*.swp
+*.bundle
+Gemfile.lock
doc/_build
diff --git a/Gemfile b/Gemfile
new file mode 100644
index 0000000..302ef41
--- /dev/null
+++ b/Gemfile
@@ -0,0 +1,24 @@
+source 'https://rubygems.org'
+
+group :development, :test do
+ gem 'puppetlabs_spec_helper', :require => false
+
+ gem 'puppet-lint', '~> 1.1'
+ gem 'puppet-lint-absolute_classname-check'
+ gem 'puppet-lint-absolute_template_path'
+ gem 'puppet-lint-trailing_newline-check'
+
+ # Puppet 4.x related lint checks
+ gem 'puppet-lint-unquoted_string-check'
+ gem 'puppet-lint-leading_zero-check'
+ gem 'puppet-lint-variable_contains_upcase'
+ gem 'puppet-lint-numericvariable'
+end
+
+if puppetversion = ENV['PUPPET_GEM_VERSION']
+ gem 'puppet', puppetversion, :require => false
+else
+ gem 'puppet', :require => false
+end
+
+# vim:ft=ruby
diff --git a/Rakefile b/Rakefile
new file mode 100644
index 0000000..bca6a6c
--- /dev/null
+++ b/Rakefile
@@ -0,0 +1,6 @@
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+
+PuppetLint.configuration.fail_on_warnings = true
+PuppetLint.configuration.send('disable_80chars')
+PuppetLint.configuration.send('disable_autoloader_layout')
diff --git a/docker/README-containers.md b/docker/README-containers.md
index 0e67c18..17990b5 100644
--- a/docker/README-containers.md
+++ b/docker/README-containers.md
@@ -12,7 +12,7 @@ Download the fedora atomic image into glance:
```
wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2
-glance image-create --name fedora-atomic --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare
+glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare
```
## Configuring TripleO
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index cb7c57f..c8b404c 100644
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -49,9 +49,10 @@ echo nameserver 8.8.8.8 > /etc/resolv.conf
HOSTNAME=$(hostname)
echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
-# Another hack.. we need latest docker..
+# Another hack.. we need a different docker version
+# (should obviously be dropped once the atomic image contains docker 1.8.2)
/usr/bin/systemctl stop docker.service
-/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-latest
+/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-1.8.2
/bin/mount -o remount,rw /usr
/bin/rm /bin/docker
/bin/cp /tmp/docker /bin/docker
diff --git a/environments/docker-rdo.yaml b/environments/docker-rdo.yaml
index 5c9f1cb..f42dc58 100644
--- a/environments/docker-rdo.yaml
+++ b/environments/docker-rdo.yaml
@@ -5,7 +5,7 @@ resource_registry:
OS::TripleO::Compute::Net::SoftwareConfig: ../net-config-bridge.yaml
parameters:
- NovaImage: fedora-atomic
+ NovaImage: atomic-image
# FIXME: When Kolla cuts liberty tag we can use kollaglue registry
parameter_defaults:
diff --git a/environments/net-bond-with-vlans-no-external.yaml b/environments/net-bond-with-vlans-no-external.yaml
new file mode 100644
index 0000000..0da119d
--- /dev/null
+++ b/environments/net-bond-with-vlans-no-external.yaml
@@ -0,0 +1,26 @@
+# This template configures each role to use a pair of bonded nics (nic2 and
+# nic3) and configures an IP address on each relevant isolated network
+# for each role.
+
+# This template assumes use of network-isolation.yaml and should be specified
+# last on the CLI as a Heat environment so as to override specific
+# registry settings in the network-isolation registry.
+#
+# FIXME: if/when we add functionality to heatclient to include heat
+# environment files we should think about using it here to automatically
+# include network-isolation.yaml.
+resource_registry:
+
+ # Set external ports to noop
+ OS::TripleO::Network::External: ../network/noop.yaml
+ OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/noop.yaml
+
+ OS::TripleO::BlockStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/cinder-storage.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../network/config/bond-with-vlans/compute.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-no-external.yaml
+ OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml
+ OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml
+
+# NOTE: with no external interface we should be able to use the
+# default Neutron l3_agent.ini setting for the external bridge (br-ex)
+# i.e. No need to set: NeutronExternalNetworkBridge: "''"
diff --git a/environments/net-multiple-nics.yaml b/environments/net-multiple-nics.yaml
new file mode 100644
index 0000000..5ee516f
--- /dev/null
+++ b/environments/net-multiple-nics.yaml
@@ -0,0 +1,13 @@
+# This template configures each role to use a separate NIC for
+# each isolated network.
+# This template assumes use of network-isolation.yaml.
+#
+# FIXME: if/when we add functionality to heatclient to include heat
+# environment files we should think about using it here to automatically
+# include network-isolation.yaml.
+resource_registry:
+ OS::TripleO::BlockStorage::Net::SoftwareConfig: ../network/config/multiple-nics/cinder-storage.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../network/config/multiple-nics/compute.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/multiple-nics/controller.yaml
+ OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/multiple-nics/swift-storage.yaml
+ OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/multiple-nics/ceph-storage.yaml
diff --git a/environments/net-single-nic-with-vlans-no-external.yaml b/environments/net-single-nic-with-vlans-no-external.yaml
new file mode 100644
index 0000000..a173df4
--- /dev/null
+++ b/environments/net-single-nic-with-vlans-no-external.yaml
@@ -0,0 +1,25 @@
+# This template configures each role to use Vlans on a single nic for
+# each isolated network.
+# This template assumes use of network-isolation.yaml and should be specified
+# last on the CLI as a Heat environment so as to override specific
+# registry settings in the network-isolation registry.
+#
+# FIXME: if/when we add functionality to heatclient to include heat
+# environment files we should think about using it here to automatically
+# include network-isolation.yaml.
+resource_registry:
+
+ # Set external ports to noop
+ OS::TripleO::Network::External: ../network/noop.yaml
+ OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/noop.yaml
+
+ # Configure other ports as normal
+ OS::TripleO::BlockStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/cinder-storage.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../network/config/single-nic-vlans/compute.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-no-external.yaml
+ OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml
+ OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml
+
+# NOTE: with no external interface we should be able to use the
+# default Neutron l3_agent.ini setting for the external bridge (br-ex)
+# i.e. No need to set: NeutronExternalNetworkBridge: "''"
diff --git a/environments/network-isolation-no-tunneling.yaml b/environments/network-isolation-no-tunneling.yaml
new file mode 100644
index 0000000..5d2a915
--- /dev/null
+++ b/environments/network-isolation-no-tunneling.yaml
@@ -0,0 +1,37 @@
+# Enable the creation of Neutron networks for isolated Overcloud
+# traffic and configure each role to assign ports (related
+# to that role) on these networks. This version of the environment
+# has no dedicated VLAN for tunneling, for deployments that use
+# VLAN mode, flat provider networks, etc.
+resource_registry:
+ OS::TripleO::Network::External: ../network/external.yaml
+ OS::TripleO::Network::InternalApi: ../network/internal_api.yaml
+ OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml
+ OS::TripleO::Network::Storage: ../network/storage.yaml
+
+ # Port assignments for the controller role
+ OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml
+ OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml
+ OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml
+ OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
+
+ # Port assignments for the compute role
+ OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml
+ OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml
+
+ # Port assignments for the ceph storage role
+ OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml
+ OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
+
+ # Port assignments for the swift storage role
+ OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
+ OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml
+ OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
+
+ # Port assignments for the block storage role
+ OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
+ OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml
+ OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
+
+ # Port assignments for service virtual IPs for the controller role
+ OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml
diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml
index 3c7901c..7f5b508 100644
--- a/environments/puppet-ceph-external.yaml
+++ b/environments/puppet-ceph-external.yaml
@@ -3,7 +3,7 @@
resource_registry:
OS::TripleO::CephClusterConfig::SoftwareConfig: ../puppet/extraconfig/ceph/ceph-external-config.yaml
-parameters:
+parameter_defaults:
# NOTE: These example parameters are required when using Ceph External
#CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
#CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
@@ -13,6 +13,13 @@ parameters:
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
GlanceBackend: rbd
+ # If the Ceph pools which host VMs, Volumes and Images do not match these
+ # names OR the client keyring to use is not named 'openstack', edit the
+ # following as needed.
+ NovaRbdPoolName: vms
+ CinderRbdPoolName: volumes
+ GlanceRbdPoolName: images
+ CephClientUserName: openstack
# finally we disable the Cinder LVM backend
CinderEnableIscsiBackend: false
diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh
index 9125ca0..fa523e8 100755
--- a/extraconfig/tasks/yum_update.sh
+++ b/extraconfig/tasks/yum_update.sh
@@ -23,6 +23,7 @@ update_identifier=${update_identifier//[^a-zA-Z0-9-_]/}
# seconds to wait for this node to rejoin the cluster after update
cluster_start_timeout=360
+galera_sync_timeout=360
timestamp_file="$timestamp_dir/$update_identifier"
if [[ -a "$timestamp_file" ]]; then
@@ -43,6 +44,108 @@ fi
pacemaker_status=$(systemctl is-active pacemaker)
if [[ "$pacemaker_status" == "active" ]] ; then
+ echo "Checking for and adding missing constraints"
+
+ if ! pcs constraint order show | grep "start openstack-nova-novncproxy-clone then start openstack-nova-api-clone"; then
+ pcs constraint order start openstack-nova-novncproxy-clone then openstack-nova-api-clone
+ fi
+
+ if ! pcs constraint order show | grep "start rabbitmq-clone then start openstack-keystone-clone"; then
+ pcs constraint order start rabbitmq-clone then openstack-keystone-clone
+ fi
+
+ if ! pcs constraint order show | grep "promote galera-master then start openstack-keystone-clone"; then
+ pcs constraint order promote galera-master then openstack-keystone-clone
+ fi
+
+ if ! pcs constraint order show | grep "start haproxy-clone then start openstack-keystone-clone"; then
+ pcs constraint order start haproxy-clone then openstack-keystone-clone
+ fi
+
+ if ! pcs constraint order show | grep "start memcached-clone then start openstack-keystone-clone"; then
+ pcs constraint order start memcached-clone then openstack-keystone-clone
+ fi
+
+ if ! pcs constraint order show | grep "promote redis-master then start openstack-ceilometer-central-clone"; then
+ pcs constraint order promote redis-master then start openstack-ceilometer-central-clone require-all=false
+ fi
+
+ if ! pcs resource defaults | grep "resource-stickiness: INFINITY"; then
+ pcs resource defaults resource-stickiness=INFINITY
+ fi
+
+ echo "Setting resource start/stop timeouts"
+
+ # timeouts for non-openstack services and special cases
+ pcs resource update haproxy op start timeout=100s
+ pcs resource update haproxy op stop timeout=100s
+ # mongod start timeout is also higher, setting only stop timeout
+ pcs resource update mongod op stop timeout=100s
+ # rabbit start timeout is already 100s
+ pcs resource update rabbitmq op stop timeout=100s
+ pcs resource update memcached op start timeout=100s
+ pcs resource update memcached op stop timeout=100s
+ pcs resource update httpd op start timeout=100s
+ pcs resource update httpd op stop timeout=100s
+ # neutron-netns-cleanup stop timeout is 300s, setting only start timeout
+ pcs resource update neutron-netns-cleanup op start timeout=100s
+ # neutron-ovs-cleanup stop timeout is 300s, setting only start timeout
+ pcs resource update neutron-ovs-cleanup op start timeout=100s
+
+ # timeouts for openstack services
+ pcs resource update neutron-dhcp-agent op start timeout=100s
+ pcs resource update neutron-dhcp-agent op stop timeout=100s
+ pcs resource update neutron-l3-agent op start timeout=100s
+ pcs resource update neutron-l3-agent op stop timeout=100s
+ pcs resource update neutron-metadata-agent op start timeout=100s
+ pcs resource update neutron-metadata-agent op stop timeout=100s
+ pcs resource update neutron-openvswitch-agent op start timeout=100s
+ pcs resource update neutron-openvswitch-agent op stop timeout=100s
+ pcs resource update neutron-server op start timeout=100s
+ pcs resource update neutron-server op stop timeout=100s
+ pcs resource update openstack-ceilometer-alarm-evaluator op start timeout=100s
+ pcs resource update openstack-ceilometer-alarm-evaluator op stop timeout=100s
+ pcs resource update openstack-ceilometer-alarm-notifier op start timeout=100s
+ pcs resource update openstack-ceilometer-alarm-notifier op stop timeout=100s
+ pcs resource update openstack-ceilometer-api op start timeout=100s
+ pcs resource update openstack-ceilometer-api op stop timeout=100s
+ pcs resource update openstack-ceilometer-central op start timeout=100s
+ pcs resource update openstack-ceilometer-central op stop timeout=100s
+ pcs resource update openstack-ceilometer-collector op start timeout=100s
+ pcs resource update openstack-ceilometer-collector op stop timeout=100s
+ pcs resource update openstack-ceilometer-notification op start timeout=100s
+ pcs resource update openstack-ceilometer-notification op stop timeout=100s
+ pcs resource update openstack-cinder-api op start timeout=100s
+ pcs resource update openstack-cinder-api op stop timeout=100s
+ pcs resource update openstack-cinder-scheduler op start timeout=100s
+ pcs resource update openstack-cinder-scheduler op stop timeout=100s
+ pcs resource update openstack-cinder-volume op start timeout=100s
+ pcs resource update openstack-cinder-volume op stop timeout=100s
+ pcs resource update openstack-glance-api op start timeout=100s
+ pcs resource update openstack-glance-api op stop timeout=100s
+ pcs resource update openstack-glance-registry op start timeout=100s
+ pcs resource update openstack-glance-registry op stop timeout=100s
+ pcs resource update openstack-heat-api op start timeout=100s
+ pcs resource update openstack-heat-api op stop timeout=100s
+ pcs resource update openstack-heat-api-cfn op start timeout=100s
+ pcs resource update openstack-heat-api-cfn op stop timeout=100s
+ pcs resource update openstack-heat-api-cloudwatch op start timeout=100s
+ pcs resource update openstack-heat-api-cloudwatch op stop timeout=100s
+ pcs resource update openstack-heat-engine op start timeout=100s
+ pcs resource update openstack-heat-engine op stop timeout=100s
+ pcs resource update openstack-keystone op start timeout=100s
+ pcs resource update openstack-keystone op stop timeout=100s
+ pcs resource update openstack-nova-api op start timeout=100s
+ pcs resource update openstack-nova-api op stop timeout=100s
+ pcs resource update openstack-nova-conductor op start timeout=100s
+ pcs resource update openstack-nova-conductor op stop timeout=100s
+ pcs resource update openstack-nova-consoleauth op start timeout=100s
+ pcs resource update openstack-nova-consoleauth op stop timeout=100s
+ pcs resource update openstack-nova-novncproxy op start timeout=100s
+ pcs resource update openstack-nova-novncproxy op stop timeout=100s
+ pcs resource update openstack-nova-scheduler op start timeout=100s
+ pcs resource update openstack-nova-scheduler op stop timeout=100s
+
echo "Pacemaker running, stopping cluster node and doing full package update"
node_count=$(pcs status xml | grep -o "<nodes_configured.*/>" | grep -o 'number="[0-9]*"' | grep -o "[0-9]*")
if [[ "$node_count" == "1" ]] ; then
@@ -83,6 +186,17 @@ if [[ "$pacemaker_status" == "active" ]] ; then
exit 1
fi
done
+
+ tstart=$(date +%s)
+ while ! clustercheck; do
+ sleep 5
+ tnow=$(date +%s)
+ if (( tnow-tstart > galera_sync_timeout )) ; then
+ echo "ERROR galera sync timed out"
+ exit 1
+ fi
+ done
+
pcs status
else
diff --git a/net-config-linux-bridge.yaml b/net-config-linux-bridge.yaml
new file mode 100644
index 0000000..0646ffa
--- /dev/null
+++ b/net-config-linux-bridge.yaml
@@ -0,0 +1,73 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config for a simple bridge.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ default: '192.0.2.1'
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+ default: '169.254.169.254/32'
+
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: linux_bridge
+ name: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: ControlPlaneIp}
+ members:
+ -
+ type: interface
+ name: {get_input: interface_name}
+ # force the MAC address of the bridge to this interface
+ primary: true
+ routes:
+ -
+ ip_netmask: 0.0.0.0/0
+ next_hop: {get_param: ControlPlaneDefaultRoute}
+ default: true
+ -
+ ip_netmask: {get_param: EC2MetadataIp}
+ next_hop: {get_param: ControlPlaneDefaultRoute}
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/bond-with-vlans/README.md b/network/config/bond-with-vlans/README.md
index 1679df3..98879b4 100644
--- a/network/config/bond-with-vlans/README.md
+++ b/network/config/bond-with-vlans/README.md
@@ -1,6 +1,12 @@
This directory contains Heat templates to help configure
Vlans on a bonded pair of NICs for each Overcloud role.
+There are two versions of the controller role template, one with
+an external network interface, and another without. If the
+external network interface is not configured the ctlplane address
+ranges will be used for external (public) network traffic.
+
+
Configuration
-------------
@@ -13,3 +19,9 @@ something like this:
OS::TripleO::Controller::Net::SoftwareConfig: network/config/bond-with-vlans/controller.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: network/config/bond-with-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: network/config/bond-with-vlans/ceph-storage.yaml
+
+Configuration with no External Network
+--------------------------------------
+Same as above except set the following value for the controller role:
+
+ OS::TripleO::Controller::Net::SoftwareConfig: network/config/bond-with-vlans/controller-no-external.yaml
diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml
new file mode 100644
index 0000000..22579e8
--- /dev/null
+++ b/network/config/bond-with-vlans/controller-no-external.yaml
@@ -0,0 +1,114 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config with 2 bonded nics on a bridge
+ with VLANs attached for the controller role.
+
+parameters:
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ BondInterfaceOvsOptions:
+ default: ''
+ description: The ovs_options string for the bond interface. Set things like
+ lacp=active and/or bond_mode=balance-slb using this option.
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: ovs_bridge
+ name: {get_input: bridge_name}
+ members:
+ -
+ type: ovs_bond
+ name: bond1
+ ovs_options: {get_param: BondInterfaceOvsOptions}
+ members:
+ -
+ type: interface
+ name: nic2
+ primary: true
+ -
+ type: interface
+ name: nic3
+ -
+ type: vlan
+ device: bond1
+ vlan_id: {get_param: InternalApiNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+ -
+ type: vlan
+ device: bond1
+ vlan_id: {get_param: StorageNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: vlan
+ device: bond1
+ vlan_id: {get_param: StorageMgmtNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageMgmtIpSubnet}
+ -
+ type: vlan
+ device: bond1
+ vlan_id: {get_param: TenantNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: TenantIpSubnet}
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml
index 4290be2..eb4399e 100644
--- a/network/config/bond-with-vlans/controller.yaml
+++ b/network/config/bond-with-vlans/controller.yaml
@@ -30,10 +30,9 @@ parameters:
description: IP address/subnet on the tenant network
type: string
BondInterfaceOvsOptions:
- default: 'bond_mode=balance-tcp lacp=active other-config:lacp-fallback-ab=true'
+ default: 'bond_mode=active-backup'
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
- Default wil attempt LACP, but will fall back to active-backup.
type: string
ExternalNetworkVlanID:
default: 10
diff --git a/network/config/multiple-nics/README.md b/network/config/multiple-nics/README.md
new file mode 100644
index 0000000..3d81f0b
--- /dev/null
+++ b/network/config/multiple-nics/README.md
@@ -0,0 +1,21 @@
+This directory contains Heat templates to help configure
+multiple NICs for each Overcloud role, where it is
+assumed that each NIC is running a specific network
+traffic type and that VLANs are not being used.
+
+Configuration
+-------------
+
+To make use of these templates create a Heat environment that looks
+something like this:
+
+ resource\_registry:
+ OS::TripleO::BlockStorage::Net::SoftwareConfig: network/config/multiple-nics/cinder-storage.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: network/config/multiple-nics/compute.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: network/config/multiple-nics/controller.yaml
+ OS::TripleO::ObjectStorage::Net::SoftwareConfig: network/config/multiple-nics/swift-storage.yaml
+ OS::TripleO::CephStorage::Net::SoftwareConfig: network/config/multiple-nics/ceph-storage.yaml
+
+Or use this Heat environment file:
+
+ environments/net-multiple-nics.yaml
diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml
new file mode 100644
index 0000000..a050858
--- /dev/null
+++ b/network/config/multiple-nics/ceph-storage.yaml
@@ -0,0 +1,113 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config to configure multiple interfaces
+ for the ceph storage role.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: json
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ type: interface
+ name: nic2
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: interface
+ name: nic3
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: StorageMgmtIpSubnet}
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml
new file mode 100644
index 0000000..c84586b
--- /dev/null
+++ b/network/config/multiple-nics/cinder-storage.yaml
@@ -0,0 +1,120 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config to configure multiple interfaces
+ for the cinder storage role.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: json
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ type: interface
+ name: nic2
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: interface
+ name: nic3
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: StorageMgmtIpSubnet}
+ -
+ type: interface
+ name: nic4
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml
new file mode 100644
index 0000000..70a1808
--- /dev/null
+++ b/network/config/multiple-nics/compute.yaml
@@ -0,0 +1,116 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config to configure multiple interfaces
+ for the compute role.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: json
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ type: interface
+ name: nic2
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: interface
+ name: nic4
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+ -
+ # Create a bridge which can also be used for VLAN-mode bridge mapping
+ type: ovs_bridge
+ name: br-tenant
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: TenantIpSubnet}
+ members:
+ -
+ type: interface
+ name: nic5
+ use_dhcp: false
+ # force the MAC address of the bridge to this interface
+ primary: true
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml
new file mode 100644
index 0000000..63f53a1
--- /dev/null
+++ b/network/config/multiple-nics/controller.yaml
@@ -0,0 +1,152 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config to configure multiple interfaces
+ for the controller role.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: json
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ type: interface
+ name: nic2
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: interface
+ name: nic3
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: StorageMgmtIpSubnet}
+ -
+ type: interface
+ name: nic4
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+ -
+ # Create a bridge which can also be used for VLAN-mode bridge mapping
+ type: ovs_bridge
+ name: br-tenant
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: TenantIpSubnet}
+ members:
+ -
+ type: interface
+ name: nic5
+ use_dhcp: false
+ # force the MAC address of the bridge to this interface
+ primary: true
+ -
+ type: ovs_bridge
+ name: {get_input: bridge_name}
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: ExternalIpSubnet}
+ routes:
+ -
+ ip_netmask: 0.0.0.0/0
+ next_hop: {get_param: ExternalInterfaceDefaultRoute}
+ members:
+ -
+ type: interface
+ name: nic6
+ # force the MAC address of the bridge to this interface
+ primary: true
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml
new file mode 100644
index 0000000..25ac75f
--- /dev/null
+++ b/network/config/multiple-nics/swift-storage.yaml
@@ -0,0 +1,120 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config to configure multiple interfaces
+ for the swift storage role.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: json
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ type: interface
+ name: nic2
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: interface
+ name: nic3
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: StorageMgmtIpSubnet}
+ -
+ type: interface
+ name: nic4
+ use_dhcp: false
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/single-nic-vlans/README.md b/network/config/single-nic-vlans/README.md
index e3e1657..6f12865 100644
--- a/network/config/single-nic-vlans/README.md
+++ b/network/config/single-nic-vlans/README.md
@@ -1,6 +1,11 @@
This directory contains Heat templates to help configure
Vlans on a single NICs for each Overcloud role.
+There are two versions of the controller role template, one with
+an external network interface, and another without. If the
+external network interface is not configured the ctlplane address
+ranges will be used for external (public) network traffic.
+
Configuration
-------------
@@ -17,3 +22,10 @@ something like this:
Or use this Heat environment file:
environments/net-single-nic-with-vlans.yaml
+
+
+Configuration with no External Network
+--------------------------------------
+Same as above except set the following value for the controller role:
+
+ OS::TripleO::Controller::Net::SoftwareConfig: network/config/single-nic-vlans/controller-no-external.yaml
diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml
new file mode 100644
index 0000000..faf9e9c
--- /dev/null
+++ b/network/config/single-nic-vlans/controller-no-external.yaml
@@ -0,0 +1,99 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config to configure VLANs for the
+ controller role. No external IP is configured.
+
+parameters:
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: ovs_bridge
+ name: {get_input: bridge_name}
+ use_dhcp: true
+ members:
+ -
+ type: interface
+ name: nic1
+ # force the MAC address of the bridge to this interface
+ primary: true
+ -
+ type: vlan
+ vlan_id: {get_param: InternalApiNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: StorageNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: StorageMgmtNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageMgmtIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: TenantNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: TenantIpSubnet}
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/endpoints/endpoint.yaml b/network/endpoints/endpoint.yaml
new file mode 100644
index 0000000..6246cfd
--- /dev/null
+++ b/network/endpoints/endpoint.yaml
@@ -0,0 +1,60 @@
+heat_template_version: 2015-04-30
+
+description: >
+ OpenStack Endpoint
+
+parameters:
+ EndpointName:
+ type: string
+ description: The name of the Endpoint being evaluated
+ EndpointMap:
+ type: json
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ IP:
+ type: string
+ description: The IP address of the Neutron Port that the endpoint is attached to
+ UriSuffix:
+ type: string
+ default: ''
+ description: A suffix attached to the URL
+ CloudName:
+ type: string
+ default: ''
+ description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
+
+outputs:
+ endpoint:
+ description: >
+ A Hash containing a mapping of service endpoints to ports, protocols, uris
+ assigned IPs, and hostnames for a specific endpoint
+ value:
+ port: {get_param: [EndpointMap, {get_param: EndpointName }, port] }
+ protocol: {get_param: [EndpointMap, {get_param: EndpointName }, protocol] }
+ ip: {get_param: IP}
+ host:
+ str_replace:
+ template: {get_param: [EndpointMap, {get_param: EndpointName }, host]}
+ params: {IP_ADDRESS: {get_param: IP}, CLOUDNAME: {get_param: CloudName}}
+ uri:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, {get_param: EndpointName }, protocol] }
+ - '://'
+ - str_replace:
+ template: {get_param: [EndpointMap, {get_param: EndpointName }, host]}
+ params: {IP_ADDRESS: {get_param: IP}, CLOUDNAME: {get_param: CloudName }}
+ - ':'
+ - {get_param: [EndpointMap, {get_param: EndpointName }, port] }
+ - {get_param: UriSuffix }
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, {get_param: EndpointName }, protocol] }
+ - '://'
+ - str_replace:
+ template: {get_param: [EndpointMap, {get_param: EndpointName }, host]}
+ params: {IP_ADDRESS: {get_param: IP}, CLOUDNAME: {get_param: CloudName} }
+ - ':'
+ - {get_param: [EndpointMap, {get_param: EndpointName }, port] }
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
new file mode 100644
index 0000000..0521401
--- /dev/null
+++ b/network/endpoints/endpoint_map.yaml
@@ -0,0 +1,450 @@
+heat_template_version: 2015-04-30
+
+description: >
+ A Map of OpenStack Endpoints
+
+parameters:
+ CeilometerApiVirtualIP:
+ type: string
+ default: ''
+ CinderApiVirtualIP:
+ type: string
+ default: ''
+ GlanceApiVirtualIP:
+ type: string
+ default: ''
+ GlanceRegistryVirtualIP:
+ type: string
+ default: ''
+ HeatApiVirtualIP:
+ type: string
+ default: ''
+ KeystoneAdminApiVirtualIP:
+ type: string
+ default: ''
+ KeystonePublicApiVirtualIP:
+ type: string
+ default: ''
+ MysqlVirtualIP:
+ type: string
+ default: ''
+ NeutronApiVirtualIP:
+ type: string
+ default: ''
+ NovaApiVirtualIP:
+ type: string
+ default: ''
+ PublicVirtualIP:
+ type: string
+ default: ''
+ SwiftProxyVirtualIP:
+ type: string
+ default: ''
+ EndpointMap:
+ type: json
+ default:
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceRegistryAdmin: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
+ GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
+ GlanceRegistryPublic: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HorizonPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaEC2Admin: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'}
+ NovaEC2Internal: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'}
+ NovaEC2Public: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ CloudName:
+ type: string
+ default: ''
+ description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
+
+resources:
+
+ CeilometerInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CeilometerInternal
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: CeilometerApiVirtualIP}
+ CeilometerPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CeilometerPublic
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: PublicVirtualIP}
+ CeilometerAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CeilometerAdmin
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: CeilometerApiVirtualIP}
+
+ CinderInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderInternal
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: CinderApiVirtualIP}
+ UriSuffix: '/v1/%(tenant_id)s'
+ CinderPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderPublic
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: PublicVirtualIP}
+ UriSuffix: '/v1/%(tenant_id)s'
+ CinderAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderAdmin
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: CinderApiVirtualIP}
+ UriSuffix: '/v1/%(tenant_id)s'
+
+ CinderV2Internal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderInternal
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: CinderApiVirtualIP}
+ UriSuffix: '/v2/%(tenant_id)s'
+ CinderV2Public:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderPublic
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: PublicVirtualIP}
+ UriSuffix: '/v2/%(tenant_id)s'
+ CinderV2Admin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: CinderAdmin
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: CinderApiVirtualIP}
+ UriSuffix: '/v2/%(tenant_id)s'
+
+ GlanceInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: GlanceInternal
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: GlanceApiVirtualIP}
+ GlancePublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: GlancePublic
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: PublicVirtualIP}
+ GlanceAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: GlanceAdmin
+ EndpointMap: { get_param: EndpointMap }
+ CloudName: {get_param: CloudName}
+ IP: {get_param: GlanceApiVirtualIP}
+ GlanceRegistryInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: GlanceInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: GlanceRegistryVirtualIP}
+ GlanceRegistryPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: GlancePublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ GlanceRegistryAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: GlanceAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: GlanceRegistryVirtualIP}
+
+ HeatInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: HeatInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: HeatApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v1/%(tenant_id)s'
+ HeatPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: HeatPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v1/%(tenant_id)s'
+ HeatAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: HeatAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: HeatApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v1/%(tenant_id)s'
+
+ HorizonPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: HeatPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/dashboard'
+
+ KeystoneInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: KeystoneInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: KeystonePublicApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v2.0'
+ KeystonePublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: KeystonePublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v2.0'
+ KeystoneAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: KeystoneAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: KeystoneAdminApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v2.0'
+ KeystoneEC2:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: KeystoneInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: KeystonePublicApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v2.0/ec2tokens'
+
+ NeutronInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NeutronInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NeutronApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ NeutronPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NeutronPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ CloudName: {get_param: CloudName}
+ NeutronAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NeutronAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NeutronApiVirtualIP}
+ CloudName: {get_param: CloudName}
+
+ NovaInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v2/%(tenant_id)s'
+ NovaPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v2/%(tenant_id)s'
+ NovaAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v2/%(tenant_id)s'
+ NovaV3Internal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v3'
+ NovaV3Public:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v3'
+ NovaV3Admin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v3'
+
+ NovaEC2Internal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaEC2Internal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/services/Cloud'
+ NovaEC2Public:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaEC2Public
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/services/Cloud'
+ NovaEC2Admin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: NovaEC2Admin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: NovaApiVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/services/Admin'
+
+ SwiftInternal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: SwiftProxyVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v1/AUTH_%(tenant_id)s'
+ SwiftPublic:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ CloudName: {get_param: CloudName}
+ UriSuffix: '/v1/AUTH_%(tenant_id)s'
+ SwiftAdmin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: SwiftProxyVirtualIP}
+ CloudName: {get_param: CloudName}
+ # No Suffix for the Admin interface
+ SwiftS3Internal:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftInternal
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: SwiftProxyVirtualIP}
+ CloudName: {get_param: CloudName}
+ SwiftS3Public:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftPublic
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: PublicVirtualIP}
+ CloudName: {get_param: CloudName}
+ SwiftS3Admin:
+ type: OS::TripleO::Endpoint
+ properties:
+ EndpointName: SwiftAdmin
+ EndpointMap: { get_param: EndpointMap }
+ IP: {get_param: SwiftProxyVirtualIP}
+ CloudName: {get_param: CloudName}
+
+outputs:
+ endpoint_map:
+ value:
+ CeilometerInternal: {get_attr: [ CeilometerInternal, endpoint] }
+ CeilometerPublic: {get_attr: [ CeilometerPublic, endpoint] }
+ CeilometerAdmin: {get_attr: [ CeilometerAdmin, endpoint] }
+ CinderInternal: {get_attr: [ CinderInternal, endpoint] }
+ CinderPublic: {get_attr: [ CinderPublic, endpoint] }
+ CinderAdmin: {get_attr: [ CinderAdmin, endpoint] }
+ CinderV2Internal: {get_attr: [ CinderV2Internal, endpoint] }
+ CinderV2Public: {get_attr: [ CinderV2Public, endpoint] }
+ CinderV2Admin: {get_attr: [ CinderV2Admin, endpoint] }
+ GlanceInternal: {get_attr: [ GlanceInternal, endpoint] }
+ GlancePublic: {get_attr: [ GlancePublic, endpoint] }
+ GlanceAdmin: {get_attr: [ GlanceAdmin, endpoint] }
+ GlanceRegistryInternal: {get_attr: [ GlanceRegistryInternal, endpoint] }
+ GlanceRegistryPublic: {get_attr: [ GlanceRegistryPublic, endpoint] }
+ GlanceRegistryAdmin: {get_attr: [ GlanceRegistryAdmin, endpoint] }
+ HeatInternal: {get_attr: [ HeatInternal, endpoint] }
+ HeatPublic: {get_attr: [ HeatPublic, endpoint] }
+ HeatAdmin: {get_attr: [ HeatAdmin, endpoint] }
+ HorizonPublic: {get_attr: [ HorizonPublic, endpoint] }
+ KeystoneInternal: {get_attr: [ KeystoneInternal, endpoint] }
+ KeystonePublic: {get_attr: [ KeystonePublic, endpoint] }
+ KeystoneAdmin: {get_attr: [ KeystoneAdmin, endpoint] }
+ KeystoneEC2: {get_attr: [ KeystoneEC2, endpoint] }
+ NeutronInternal: {get_attr: [ NeutronInternal, endpoint] }
+ NeutronPublic: {get_attr: [ NeutronPublic, endpoint] }
+ NeutronAdmin: {get_attr: [ NeutronAdmin, endpoint] }
+ NovaInternal: {get_attr: [ NovaInternal, endpoint] }
+ NovaPublic: {get_attr: [ NovaPublic, endpoint] }
+ NovaAdmin: {get_attr: [ NovaAdmin, endpoint] }
+ NovaV3Internal: {get_attr: [ NovaV3Internal, endpoint] }
+ NovaV3Public: {get_attr: [ NovaV3Public, endpoint] }
+ NovaV3Admin: {get_attr: [ NovaV3Admin, endpoint] }
+ NovaEC2Internal: {get_attr: [ NovaEC2Internal, endpoint] }
+ NovaEC2Public: {get_attr: [ NovaEC2Public, endpoint] }
+ NovaEC2Admin: {get_attr: [ NovaEC2Admin, endpoint] }
+ SwiftInternal: {get_attr: [ SwiftInternal, endpoint] }
+ SwiftPublic: {get_attr: [ SwiftPublic, endpoint] }
+ SwiftAdmin: {get_attr: [ SwiftAdmin, endpoint] }
+ SwiftS3Internal: {get_attr: [ SwiftS3Internal, endpoint] }
+ SwiftS3Public: {get_attr: [ SwiftS3Public, endpoint] }
+ SwiftS3Admin: {get_attr: [ SwiftS3Admin, endpoint] }
diff --git a/os-apply-config/ceph-cluster-config.yaml b/os-apply-config/ceph-cluster-config.yaml
index c3cf8e8..115de08 100644
--- a/os-apply-config/ceph-cluster-config.yaml
+++ b/os-apply-config/ceph-cluster-config.yaml
@@ -13,7 +13,7 @@ parameters:
ceph_client_key:
default: ''
type: string
- description: Ceph key used to create the 'openstack' user keyring.
+ description: Ceph key used to create the client user keyring.
ceph_fsid:
default: ''
type: string
@@ -27,6 +27,18 @@ parameters:
type: comma_delimited_list
ceph_mon_ips:
type: comma_delimited_list
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
resources:
CephClusterConfigImpl:
diff --git a/os-apply-config/compute.yaml b/os-apply-config/compute.yaml
index ee55c58..c829248 100644
--- a/os-apply-config/compute.yaml
+++ b/os-apply-config/compute.yaml
@@ -125,6 +125,11 @@ parameters:
NeutronEnableTunnelling:
type: string
default: "True"
+ NeutronEnableL2Pop:
+ type: string
+ description: >
+ Enable/disable the L2 population feature in the Neutron agents.
+ default: "False"
NeutronFlatNetworks:
type: string
default: 'datacentre'
@@ -404,6 +409,7 @@ resources:
vni_ranges: {get_input: neutron_vni_ranges}
bridge_mappings: {get_input: neutron_bridge_mappings}
enable_tunneling: {get_input: neutron_enable_tunneling}
+ l2_population: {get_input: neutron_enable_l2pop}
physical_bridge: {get_input: neutron_physical_bridge}
public_interface: {get_input: neutron_public_interface}
public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
@@ -463,6 +469,7 @@ resources:
neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
+ neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
neutron_physical_bridge: {get_param: NeutronPhysicalBridge}
neutron_public_interface: {get_param: NeutronPublicInterface}
neutron_password: {get_param: NeutronPassword}
diff --git a/os-apply-config/controller.yaml b/os-apply-config/controller.yaml
index f289d9b..aed2367 100644
--- a/os-apply-config/controller.yaml
+++ b/os-apply-config/controller.yaml
@@ -355,9 +355,18 @@ parameters:
type: number
default: 3
description: The number of neutron dhcp agents to schedule per network
+ NeutronEnableIsolatedMetadata:
+ default: 'False'
+ description: If True, DHCP provide metadata route to VM.
+ type: string
NeutronEnableTunnelling:
type: string
default: "True"
+ NeutronEnableL2Pop:
+ type: string
+ description: >
+ Enable/disable the L2 population feature in the Neutron agents.
+ default: "False"
NeutronFlatNetworks:
type: string
default: 'datacentre'
@@ -549,6 +558,9 @@ parameters:
NeutronApiVirtualIP:
type: string
default: ''
+ NovaApiVirtualIP:
+ type: string
+ default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -673,6 +685,7 @@ resources:
debug: {get_input: debug}
host: {get_input: controller_virtual_ip}
port: {get_input: glance_port}
+ uri: {get_input: glance_uri}
protocol: {get_input: glance_protocol}
service-password: {get_input: glance_password}
swift-store-user: service:glance
@@ -719,8 +732,10 @@ resources:
allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
l3_ha: {get_input: neutron_l3_ha}
dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
+ enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
ovs:
enable_tunneling: {get_input: neutron_enable_tunneling}
+ l2_population: {get_input: neutron_enable_l2pop}
local_ip: {get_input: controller_host}
network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
bridge_mappings: {get_input: neutron_bridge_mappings}
@@ -880,6 +895,8 @@ resources:
controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
controller_virtual_ip: {get_param: VirtualIP}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
+ neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
+ neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
heat.watch_server_url:
list_join:
- ''
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 7e65d4b..4cfed6b 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -89,6 +89,10 @@ resource_registry:
# Port assignments for service virtual IPs for the controller role
OS::TripleO::Controller::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml
+ # Service Endpoint Mappings
+ OS::TripleO::Endpoint: network/endpoints/endpoint.yaml
+ OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml
+
# validation resources
OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml
diff --git a/overcloud-resource-registry.yaml b/overcloud-resource-registry.yaml
index d6eb97f..ed02551 100644
--- a/overcloud-resource-registry.yaml
+++ b/overcloud-resource-registry.yaml
@@ -72,5 +72,9 @@ resource_registry:
# Port assignments for service virtual IPs for the controller role
OS::TripleO::Controller::Ports::RedisVipPort: network/ports/noop.yaml
+ # Service Endpoint Mappings
+ OS::TripleO::Endpoint: network/endpoints/endpoint.yaml
+ OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml
+
# validation resources
OS::TripleO::AllNodes::Validation: os-apply-config/all-nodes-validation.yaml
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index 9c915c4..f679c6b 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -79,14 +79,6 @@ parameters:
default: ''
description: Set to True to enable debugging on all services.
type: string
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
@@ -123,9 +115,18 @@ parameters:
default: 'ctlplane'
type: string
description: Neutron ID or name for ctlplane network.
+ NeutronEnableIsolatedMetadata:
+ default: 'False'
+ description: If True, DHCP provide metadata route to VM.
+ type: string
NeutronEnableTunnelling:
type: string
default: "True"
+ NeutronEnableL2Pop:
+ type: string
+ description: >
+ Enable/disable the L2 population feature in the Neutron agents.
+ default: "False"
NeutronFlatNetworks:
type: string
default: 'datacentre'
@@ -214,7 +215,7 @@ parameters:
values, use a comma separated string, like so: 'openvswitch,l2_population'
type: string
NeutronAllowL3AgentFailover:
- default: 'True'
+ default: 'False'
description: Allow automatic l3-agent failover
type: string
NeutronL3HA:
@@ -223,7 +224,7 @@ parameters:
type: string
NeutronDhcpAgentsPerNetwork:
type: number
- default: 3
+ default: 1
description: The number of neutron dhcp agents to schedule per network
NovaPassword:
default: unset
@@ -231,8 +232,9 @@ parameters:
type: string
hidden: true
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
MongoDbNoJournal:
default: false
description: Should MongoDb journaling be disabled
@@ -708,6 +710,12 @@ parameters:
description: >
Setting to a previously unused value during stack-update will trigger
package update on all nodes
+ DeployIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting this to a unique value will re-run any deployment tasks which
+ perform configuration on a Heat stack-update.
# If you want to remove a specific node from a resource group, you can pass
# the node name or id as a <Group>RemovalPolicies parameter, for example:
@@ -759,6 +767,23 @@ resources:
properties:
length: 10
+ EndpointMap:
+ type: OS::TripleO::EndpointMap
+ properties:
+ CloudName: {get_param: CloudName}
+ CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
+ CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
+ GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
+ GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
+ HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
+ KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
+ KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+ MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
+ NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
+ NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
+ SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
+ PublicVirtualIP: {get_attr: [VipMap, net_ip_map, external]}
+
Controller:
type: OS::Heat::ResourceGroup
depends_on: Networks
@@ -792,8 +817,6 @@ resources:
ExtraConfig: {get_param: ExtraConfig}
FencingConfig: {get_param: FencingConfig}
Flavor: {get_param: OvercloudControlFlavor}
- GlancePort: {get_param: GlancePort}
- GlanceProtocol: {get_param: GlanceProtocol}
GlancePassword: {get_param: GlancePassword}
GlanceBackend: {get_param: GlanceBackend}
GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy}
@@ -822,7 +845,9 @@ resources:
NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
NeutronExternalNetworkBridge: {get_param: NeutronExternalNetworkBridge}
+ NeutronEnableIsolatedMetadata: {get_param: NeutronEnableIsolatedMetadata}
NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
+ NeutronEnableL2Pop: {get_param: NeutronEnableL2Pop}
NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
NeutronPublicInterface: {get_param: NeutronPublicInterface}
NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute}
@@ -867,6 +892,7 @@ resources:
VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} # deprecated. Use per service VIP settings instead now.
PublicVirtualIP: {get_attr: [PublicVirtualIP, ip_address]}
ServiceNetMap: {get_param: ServiceNetMap}
+ EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
@@ -878,6 +904,7 @@ resources:
KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
+ NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
UpdateIdentifier: {get_param: UpdateIdentifier}
Hostname:
str_replace:
@@ -904,8 +931,6 @@ resources:
ExtraConfig: {get_param: ExtraConfig}
Flavor: {get_param: OvercloudComputeFlavor}
GlanceHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- GlancePort: {get_param: GlancePort}
- GlanceProtocol: {get_param: GlanceProtocol}
Image: {get_param: NovaImage}
ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
KeyName: {get_param: KeyName}
@@ -913,6 +938,7 @@ resources:
KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
+ NeutronEnableL2Pop : {get_param: NeutronEnableL2Pop}
NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
NeutronHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
NeutronNetworkType: {get_param: NeutronNetworkType}
@@ -948,6 +974,7 @@ resources:
SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
ServiceNetMap: {get_param: ServiceNetMap}
+ EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
UpdateIdentifier: {get_param: UpdateIdentifier}
Hostname:
str_replace:
@@ -974,8 +1001,6 @@ resources:
KeyName: {get_param: KeyName}
Flavor: {get_param: OvercloudBlockStorageFlavor}
VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- GlancePort: {get_param: GlancePort}
- GlanceProtocol: {get_param: GlanceProtocol}
GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
RabbitPassword: {get_param: RabbitPassword}
RabbitUserName: {get_param: RabbitUserName}
@@ -989,6 +1014,7 @@ resources:
params:
'%stackname%': {get_param: 'OS::stack_name'}
ServiceNetMap: {get_param: ServiceNetMap}
+ EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
ExtraConfig: {get_param: ExtraConfig}
BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig}
@@ -1374,6 +1400,7 @@ resources:
NodeConfigIdentifiers:
allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
controller_config: {get_attr: [Controller, attributes, config_identifier]}
+ deployment_identifier: {get_param: DeployIdentifier}
ComputeNodesPostDeployment:
type: OS::TripleO::ComputePostDeployment
@@ -1383,6 +1410,7 @@ resources:
NodeConfigIdentifiers:
allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
compute_config: {get_attr: [Compute, attributes, config_identifier]}
+ deployment_identifier: {get_param: DeployIdentifier}
ObjectStorageNodesPostDeployment:
type: OS::TripleO::ObjectStoragePostDeployment
@@ -1392,6 +1420,7 @@ resources:
NodeConfigIdentifiers:
allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
objectstorage_config: {get_attr: [ObjectStorage, attributes, config_identifier]}
+ deployment_identifier: {get_param: DeployIdentifier}
BlockStorageNodesPostDeployment:
type: OS::TripleO::BlockStoragePostDeployment
@@ -1401,6 +1430,7 @@ resources:
NodeConfigIdentifiers:
allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
blockstorage_config: {get_attr: [BlockStorage, attributes, config_identifier]}
+ deployment_identifier: {get_param: DeployIdentifier}
CephStorageNodesPostDeployment:
type: OS::TripleO::CephStoragePostDeployment
@@ -1410,16 +1440,12 @@ resources:
NodeConfigIdentifiers:
allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
cephstorage_config: {get_attr: [CephStorage, attributes, config_identifier]}
+ deployment_identifier: {get_param: DeployIdentifier}
outputs:
KeystoneURL:
description: URL for the Overcloud Keystone service
- value:
- list_join:
- - ''
- - - http://
- - {get_attr: [PublicVirtualIP, ip_address]}
- - :5000/v2.0/
+ value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]}
KeystoneAdminVip:
description: Keystone Admin VIP endpoint
value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index 9926549..96198c3 100644
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -13,7 +13,7 @@ parameters:
ceph_client_key:
default: ''
type: string
- description: Ceph key used to create the 'openstack' user keyring.
+ description: Ceph key used to create the client user keyring.
ceph_fsid:
default: ''
type: string
@@ -27,6 +27,18 @@ parameters:
type: comma_delimited_list
ceph_mon_ips:
type: comma_delimited_list
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
resources:
CephClusterConfigImpl:
@@ -65,15 +77,34 @@ resources:
keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
cap_mon: 'allow profile bootstrap-osd'
},
- client.openstack: {
+ client.CLIENT_USER: {
secret: 'ADMIN_KEY',
mode: '0644',
cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images'
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL'
}
}"
params:
+ CLIENT_USER: {get_param: CephClientUserName}
ADMIN_KEY: {get_param: ceph_admin_key}
+ NOVA_POOL: {get_param: NovaRbdPoolName}
+ CINDER_POOL: {get_param: CinderRbdPoolName}
+ GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
+ cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
+ glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
+ ceph_client_user_name: {get_param: CephClientUserName}
+ ceph_pools:
+ - {get_param: CinderRbdPoolName}
+ - {get_param: NovaRbdPoolName}
+ - {get_param: GlanceRbdPoolName}
outputs:
config_id:
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index 7529459..0d96850 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -22,8 +22,9 @@ parameters:
constraints:
- custom_constraint: nova.keypair
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -133,11 +134,7 @@ resources:
config: {get_resource: CephStorageConfig}
server: {get_resource: CephStorage}
input_values:
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index 6a86921..b536418 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -44,14 +44,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
KeyName:
default: default
description: Name of an existing EC2 KeyPair to enable SSH access to the instances
@@ -83,8 +75,9 @@ parameters:
type: string
hidden: true
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -103,6 +96,11 @@ parameters:
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
GlanceApiVirtualIP:
type: string
default: ''
@@ -200,23 +198,12 @@ resources:
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
cinder_iscsi_helper: {get_param: CinderISCSIHelper}
cinder_iscsi_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
- glance_api_servers:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
+ glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index 2b63535..c147a0f 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -51,14 +51,6 @@ parameters:
GlanceHost:
type: string
default: '' # Has to be here because of the ignored empty value bug
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
Image:
type: string
default: overcloud-compute
@@ -93,6 +85,11 @@ parameters:
NeutronEnableTunnelling:
type: string
default: "True"
+ NeutronEnableL2Pop:
+ type: string
+ description: >
+ Enable/disable the L2 population feature in the Neutron agents.
+ default: "False"
NeutronFlatNetworks:
type: string
default: 'datacentre'
@@ -219,8 +216,9 @@ parameters:
type: string
default: '' # Has to be here because of the ignored empty value bug
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
RabbitHost:
type: string
default: '' # Has to be here because of the ignored empty value bug
@@ -261,6 +259,11 @@ parameters:
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
UpdateIdentifier:
default: ''
type: string
@@ -406,7 +409,7 @@ resources:
nova::glance_api_servers: {get_input: glance_api_servers}
neutron::debug: {get_input: debug}
neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_user}
+ neutron::rabbit_user: {get_input: rabbit_username}
neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
neutron::rabbit_port: {get_input: rabbit_client_port}
neutron_flat_networks: {get_input: neutron_flat_networks}
@@ -420,10 +423,11 @@ resources:
neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
+ neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
neutron_physical_bridge: {get_input: neutron_physical_bridge}
neutron_public_interface: {get_input: neutron_public_interface}
nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_url}
+ nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
neutron_router_distributed: {get_input: neutron_router_distributed}
neutron_agent_mode: {get_input: neutron_agent_mode}
@@ -458,22 +462,10 @@ resources:
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_compute_agent: {get_param: CeilometerComputeAgent}
- ceilometer_agent_auth_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0'
+ ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- glance_api_servers:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceHost}
- - ':'
- - {get_param: GlancePort}
+ glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
neutron_flat_networks: {get_param: NeutronFlatNetworks}
neutron_host: {get_param: NeutronHost}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
@@ -505,6 +497,7 @@ resources:
- {get_param: NeutronNetworkVLANRanges}
neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
+ neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
neutron_physical_bridge: {get_param: NeutronPhysicalBridge}
neutron_public_interface: {get_param: NeutronPublicInterface}
neutron_password: {get_param: NeutronPassword}
@@ -530,28 +523,14 @@ resources:
- {get_param: NeutronTypeDrivers}
neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
- neutron_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronHost}
- - ':9696'
- neutron_admin_auth_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/v2.0'
+ neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ neutron_admin_auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri]}
admin_password: {get_param: AdminPassword}
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 98c7ba0..2e8c312 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -4,6 +4,11 @@ description: >
OpenStack controller node configured by Puppet.
parameters:
+ AdminEmail:
+ default: 'admin@example.com'
+ description: The email for the keystone admin account.
+ type: string
+ hidden: true
AdminPassword:
default: unset
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
@@ -165,14 +170,6 @@ parameters:
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
@@ -277,6 +274,10 @@ parameters:
type: string
constraints:
- allowed_values: [ 'basic', 'cadf' ]
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
@@ -365,9 +366,18 @@ parameters:
default: 'True'
description: Allow automatic l3-agent failover
type: string
+ NeutronEnableIsolatedMetadata:
+ default: 'False'
+ description: If True, DHCP provide metadata route to VM.
+ type: string
NeutronEnableTunnelling:
type: string
default: "True"
+ NeutronEnableL2Pop:
+ type: string
+ description: >
+ Enable/disable the L2 population feature in the Neutron agents.
+ default: "False"
NeutronFlatNetworks:
type: string
default: 'datacentre'
@@ -449,8 +459,9 @@ parameters:
description: Should MongoDb journaling be disabled
type: boolean
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
@@ -461,7 +472,7 @@ parameters:
Specifies the interface where the public-facing virtual ip will be assigned.
This should be int_public when a VLAN is being used.
type: string
- PublicVirtualIP: # DEPRECATED: use per service settings instead
+ PublicVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
RabbitCookie:
@@ -581,6 +592,11 @@ parameters:
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
UpdateIdentifier:
default: ''
type: string
@@ -699,6 +715,8 @@ resources:
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
+ neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
+ neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
haproxy_log_address: {get_param: HAProxySyslogAddress}
heat.watch_server_url:
list_join:
@@ -721,6 +739,7 @@ resources:
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
+ admin_email: {get_param: AdminEmail}
admin_password: {get_param: AdminPassword}
admin_token: {get_param: AdminToken}
neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
@@ -749,7 +768,7 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/cinder'
- glance_port: {get_param: GlancePort}
+ glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance_password: {get_param: GlancePassword}
glance_backend: {get_param: GlanceBackend}
glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
@@ -776,7 +795,6 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/heat'
- keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
keystone_ca_certificate: {get_param: KeystoneCACertificate}
keystone_signing_key: {get_param: KeystoneSigningKey}
keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
@@ -792,24 +810,11 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/keystone'
- keystone_identity_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/'
- keystone_auth_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/'
- keystone_ec2_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/ec2tokens'
+ keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
+ keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_galera: {get_param: EnableGalera}
enable_ceph_storage: {get_param: EnableCephStorage}
@@ -889,18 +894,11 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/ovs_neutron?charset=utf8'
- neutron_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronApiVirtualIP}
- - ':9696'
- neutron_admin_auth_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/v2.0'
+ neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+ neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
+ neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+ neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] }
+ nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
ceilometer_backend: {get_param: CeilometerBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
@@ -945,11 +943,7 @@ resources:
template: "'LIMIT'"
params:
LIMIT: {get_param: RabbitFDLimit}
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
control_virtual_interface: {get_param: ControlVirtualInterface}
public_virtual_interface: {get_param: PublicVirtualInterface}
swift_hash_suffix: {get_param: SwiftHashSuffix}
@@ -966,18 +960,12 @@ resources:
cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- glance_api_servers:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
+ glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
glance_registry_host: {get_param: GlanceRegistryVirtualIP}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
+ keystone_region: {get_param: KeystoneRegion}
mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
@@ -1106,7 +1094,7 @@ resources:
glance::registry::auth_uri: {get_input: keystone_auth_uri}
glance::registry::identity_uri: {get_input: keystone_identity_uri}
glance::registry::debug: {get_input: debug}
- glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
+ glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_input: glance_password}
glance_backend: {get_input: glance_backend}
@@ -1155,6 +1143,12 @@ resources:
keystone::rabbit_port: {get_input: rabbit_client_port}
keystone::notification_driver: {get_input: keystone_notification_driver}
keystone::notification_format: {get_input: keystone_notification_format}
+ keystone::roles::admin::email: {get_input: admin_email}
+ keystone::roles::admin::password: {get_input: admin_password}
+ keystone::endpoint::public_url: {get_input: keystone_public_url}
+ keystone::endpoint::internal_url: {get_input: keystone_internal_url}
+ keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
+ keystone::endpoint::region: {get_input: keystone_region}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
mongodb::server::nojournal: {get_input: mongodb_no_journal}
@@ -1173,7 +1167,7 @@ resources:
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_user}
+ neutron::rabbit_user: {get_input: rabbit_username}
neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
neutron::rabbit_port: {get_input: rabbit_client_port}
neutron::debug: {get_input: debug}
@@ -1182,6 +1176,8 @@ resources:
neutron::server::database_connection: {get_input: neutron_dsn}
neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
+ neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
+ neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron_flat_networks: {get_input: neutron_flat_networks}
neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
@@ -1211,6 +1207,15 @@ resources:
neutron_dsn: {get_input: neutron_dsn}
neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
neutron::db::mysql::password: {get_input: neutron_password}
+ neutron::keystone::auth::public_url: {get_input: neutron_public_url }
+ neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
+ neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
+ neutron::keystone::auth::password: {get_input: neutron_password }
+ neutron::keystone::auth::region: {get_input: keystone_region}
+ neutron::server::notifications::nova_url: {get_input: nova_internal_url}
+ neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url}
+ neutron::server::notifications::tenant_name: 'service'
+ neutron::server::notifications::password: {get_input: nova_password}
# Ceilometer
ceilometer_backend: {get_input: ceilometer_backend}
@@ -1226,7 +1231,7 @@ resources:
ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
+ ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
@@ -1247,7 +1252,7 @@ resources:
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_url}
+ nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
@@ -1264,6 +1269,8 @@ resources:
rabbitmq::node_ip_address: {get_input: rabbitmq_network}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
rabbitmq::file_limit: {get_input: rabbit_fd_limit}
+ rabbitmq::default_user: {get_input: rabbit_username}
+ rabbitmq::default_pass: {get_input: rabbit_password}
# Redis
redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
index d08a169..2413f5a 100644
--- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
+++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
@@ -265,10 +265,14 @@ resources:
for (mac,swport) in nexus[nexus_switch]['servers'].iteritems():
lmac=mac.lower()
if lmac in mac2host:
- if mac2host[lmac] in nexus_cp[nexus_switch]['servers']:
- nexus_cp[nexus_switch]['servers'][mac2host[lmac]]['ports'] += ',' + swport['ports']
+ hostname = mac2host[lmac]
+ # for puppet we need a unique title even at the 2nd key level
+ serv_key = nexus_switch + "::" + hostname
+ if serv_key in nexus_cp[nexus_switch]['servers']:
+ nexus_cp[nexus_switch]['servers'][serv_key]['ports'] += ',' + swport['ports']
else:
- nexus_cp[nexus_switch]['servers'][mac2host[lmac]] = swport
+ nexus_cp[nexus_switch]['servers'][serv_key] = swport
+ nexus_cp[nexus_switch]['servers'][serv_key]['hostname'] = hostname
del nexus_cp[nexus_switch]['servers'][mac]
# Note this echo means you can view the data via heat deployment-show
print json.dumps(nexus_cp)
diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
index 6290710..7cefc24 100644
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ b/puppet/extraconfig/ceph/ceph-external-config.yaml
@@ -29,6 +29,18 @@ parameters:
type: comma_delimited_list
ceph_mon_ips:
type: comma_delimited_list
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
resources:
CephClusterConfigImpl:
@@ -47,16 +59,34 @@ resources:
ceph::profile::params::client_keys:
str_replace:
template: "{
- client.openstack: {
+ client.CLIENT_USER: {
secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images'
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL'
}
}"
params:
+ CLIENT_USER: {get_param: CephClientUserName}
CLIENT_KEY: {get_param: ceph_client_key}
-
+ NOVA_POOL: {get_param: NovaRbdPoolName}
+ CINDER_POOL: {get_param: CinderRbdPoolName}
+ GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
+ cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
+ glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
+ ceph_client_user_name: {get_param: CephClientUserName}
+ ceph_pools:
+ - {get_param: CinderRbdPoolName}
+ - {get_param: NovaRbdPoolName}
+ - {get_param: GlanceRbdPoolName}
outputs:
config_id:
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml
index 5985116..6730ddf 100644
--- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml
@@ -69,6 +69,9 @@ parameters:
N1000vExistingBridge:
type: boolean
default: true
+ N1000vVSMHostMgmtIntfVlan:
+ type: number
+ default: 0
#Plugin Parameters
N1000vVSMUser:
type: string
@@ -125,6 +128,7 @@ resources:
n1k_vsm::vsm_mgmt_netmask: {get_input: n1kv_vsm_mgmt_netmask}
n1k_vsm::vsm_mgmt_gateway: {get_input: n1kv_vsm_gateway_ip}
n1k_vsm::phy_gateway: {get_input: n1kv_vsm_gateway_ip}
+ n1k_vsm::phy_bridge_vlan: {get_input: n1kv_phy_brige_vlan}
# Cisco N1KV driver Parameters
neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_ip: {get_input: n1kv_vsm_ip}
neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_username: {get_input: n1kv_vsm_username}
@@ -159,6 +163,7 @@ resources:
n1kv_vsm_password: {get_param: N1000vVSMPassword}
n1kv_vsm_mgmt_netmask: {get_param: N1000vMgmtNetmask}
n1kv_vsm_gateway_ip: {get_param: N1000vMgmtGatewayIP}
+ n1kv_phy_brige_vlan: {get_param: N1000vVSMHostMgmtIntfVlan}
n1kv_vsm_pacemaker_ctrl: {get_param: N1000vPacemakerControl}
n1kv_vsm_existing_br: {get_param: N1000vExistingBridge}
n1kv_vsm_username: {get_param: N1000vVSMUser}
diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml
index 18a4862..1e480e6 100644
--- a/puppet/hieradata/ceph.yaml
+++ b/puppet/hieradata/ceph.yaml
@@ -1,17 +1,12 @@
ceph::profile::params::osd_journal_size: 1024
-ceph::profile::params::osd_pool_default_pg_num: 128
-ceph::profile::params::osd_pool_default_pgp_num: 128
+ceph::profile::params::osd_pool_default_pg_num: 32
+ceph::profile::params::osd_pool_default_pgp_num: 32
ceph::profile::params::osd_pool_default_size: 3
ceph::profile::params::osd_pool_default_min_size: 1
ceph::profile::params::osds: {/srv/data: {}}
ceph::profile::params::manage_repo: false
ceph::profile::params::authentication_type: cephx
-ceph_pools:
- - volumes
- - vms
- - images
-
ceph_classes: []
ceph_osd_selinux_permissive: true
diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
index 030f661..95f5ccb 100644
--- a/puppet/hieradata/common.yaml
+++ b/puppet/hieradata/common.yaml
@@ -9,8 +9,6 @@ ceilometer::agent::auth::auth_tenant_name: 'admin'
nova::network::neutron::neutron_admin_tenant_name: 'service'
nova::network::neutron::neutron_admin_username: 'neutron'
-nova::network::neutron::vif_plugging_is_fatal: false
-nova::network::neutron::vif_plugging_timeout: 30
nova::network::neutron::dhcp_domain: ''
neutron::allow_overlapping_ips: true
diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
index 4a94c23..173020f 100644
--- a/puppet/hieradata/compute.yaml
+++ b/puppet/hieradata/compute.yaml
@@ -10,11 +10,9 @@ nova::compute::vnc_enabled: true
nova::compute::libvirt::vncserver_listen: '0.0.0.0'
nova::compute::libvirt::migration_support: true
-nova::compute::rbd::libvirt_rbd_user: 'openstack'
-nova::compute::rbd::rbd_keyring: 'client.openstack'
-nova::compute::rbd::libvirt_images_rbd_pool: 'vms'
nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
ceilometer::agent::auth::auth_tenant_name: 'service'
+ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
compute_classes: []
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index bc13526..a4914c0 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -42,6 +42,8 @@ heat::keystone_tenant: 'service'
# keystone
keystone::cron::token_flush::maxdelay: 3600
+keystone::roles::admin::service_tenant: 'service'
+keystone::roles::admin::admin_tenant: 'admin'
#swift
swift::proxy::pipeline:
@@ -61,6 +63,7 @@ swift::proxy::account_autocreate: true
# glance
glance::api::pipeline: 'keystone'
+glance::api::show_image_direct_url: true
glance::registry::pipeline: 'keystone'
glance::backend::swift::swift_store_create_container_on_put: true
glance::backend::rbd::rbd_store_user: 'openstack'
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index a88ca2d..51f5e88 100644
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -13,7 +13,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-include tripleo::packages
+include ::tripleo::packages
create_resources(sysctl::value, hiera('sysctl_settings'), {})
@@ -25,13 +25,13 @@ if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
exec { 'set selinux to permissive on boot':
command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
- path => ["/usr/bin", "/usr/sbin"],
+ path => ['/usr/bin', '/usr/sbin'],
}
exec { 'set selinux to permissive':
- command => "setenforce 0",
+ command => 'setenforce 0',
onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
- path => ["/usr/bin", "/usr/sbin"],
+ path => ['/usr/bin', '/usr/sbin'],
} -> Class['ceph::profile::osd']
}
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 2150bab..cd41cc7 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -13,7 +13,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-include tripleo::packages
+include ::tripleo::packages
create_resources(sysctl::value, hiera('sysctl_settings'), {})
@@ -24,14 +24,14 @@ if count(hiera('ntp::servers')) > 0 {
file { ['/etc/libvirt/qemu/networks/autostart/default.xml',
'/etc/libvirt/qemu/networks/default.xml']:
ensure => absent,
- before => Service['libvirt']
+ before => Service['libvirt'],
}
# in case libvirt has been already running before the Puppet run, make
# sure the default network is destroyed
exec { 'libvirt-default-net-destroy':
command => '/usr/bin/virsh net-destroy default',
- onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"',
- before => Service['libvirt'],
+ onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"',
+ before => Service['libvirt'],
}
include ::nova
@@ -49,16 +49,17 @@ if $rbd_ephemeral_storage or $rbd_persistent_storage {
include ::ceph::profile::client
$client_keys = hiera('ceph::profile::params::client_keys')
+ $client_user = join(['client.', hiera('ceph_client_user_name')])
class { '::nova::compute::rbd':
- libvirt_rbd_secret_key => $client_keys['client.openstack']['secret'],
+ libvirt_rbd_secret_key => $client_keys[$client_user]['secret'],
}
}
if hiera('cinder_enable_nfs_backend', false) {
- if ($::selinux != "false") {
+ if str2bool($::selinux) {
selboolean { 'virt_use_nfs':
- value => on,
- persistent => true,
+ value => on,
+ persistent => true,
} -> Package['nfs-utils']
}
@@ -69,20 +70,20 @@ include ::nova::compute::libvirt
include ::nova::network::neutron
include ::neutron
-class { 'neutron::plugins::ml2':
+class { '::neutron::plugins::ml2':
flat_networks => split(hiera('neutron_flat_networks'), ','),
tenant_network_types => [hiera('neutron_tenant_network_type')],
}
-class { 'neutron::agents::ml2::ovs':
+class { '::neutron::agents::ml2::ovs':
bridge_mappings => split(hiera('neutron_bridge_mappings'), ','),
tunnel_types => split(hiera('neutron_tunnel_types'), ','),
}
if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') {
- class { 'neutron::agents::n1kv_vem':
- n1kv_source => hiera('n1kv_vem_source', undef),
- n1kv_version => hiera('n1kv_vem_version', undef),
+ class { '::neutron::agents::n1kv_vem':
+ n1kv_source => hiera('n1kv_vem_source', undef),
+ n1kv_version => hiera('n1kv_vem_version', undef),
}
}
@@ -97,7 +98,7 @@ snmp::snmpv3_user { $snmpd_user:
authtype => 'MD5',
authpass => hiera('snmpd_readonly_user_password'),
}
-class { 'snmp':
+class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 777af22..570c43b 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -13,7 +13,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-include tripleo::packages
+include ::tripleo::packages
if hiera('step') >= 1 {
@@ -70,18 +70,18 @@ if hiera('step') >= 2 {
include ::tripleo::redis_notification
}
- if str2bool(hiera('enable_galera', 'true')) {
+ if str2bool(hiera('enable_galera', true)) {
$mysql_config_file = '/etc/my.cnf.d/galera.cnf'
} else {
$mysql_config_file = '/etc/my.cnf.d/server.cnf'
}
# TODO Galara
- class { 'mysql::server':
- config_file => $mysql_config_file,
- override_options => {
+ class { '::mysql::server':
+ config_file => $mysql_config_file,
+ override_options => {
'mysqld' => {
- 'bind-address' => hiera('mysql_bind_host'),
- 'max_connections' => hiera('mysql_max_connections'),
+ 'bind-address' => hiera('mysql_bind_host'),
+ 'max_connections' => hiera('mysql_max_connections'),
'open_files_limit' => '-1',
},
},
@@ -126,31 +126,31 @@ if hiera('step') >= 2 {
$enable_ceph = hiera('ceph_storage_count', 0) > 0
if $enable_ceph {
- class { 'ceph::profile::params':
- mon_initial_members => downcase(hiera('ceph_mon_initial_members'))
+ class { '::ceph::profile::params':
+ mon_initial_members => downcase(hiera('ceph_mon_initial_members')),
}
include ::ceph::profile::mon
}
- if str2bool(hiera('enable_ceph_storage', 'false')) {
+ if str2bool(hiera('enable_ceph_storage', false)) {
if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
exec { 'set selinux to permissive on boot':
command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
- path => ["/usr/bin", "/usr/sbin"],
+ path => ['/usr/bin', '/usr/sbin'],
}
exec { 'set selinux to permissive':
- command => "setenforce 0",
+ command => 'setenforce 0',
onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
- path => ["/usr/bin", "/usr/sbin"],
+ path => ['/usr/bin', '/usr/sbin'],
} -> Class['ceph::profile::osd']
}
include ::ceph::profile::osd
}
- if str2bool(hiera('enable_external_ceph', 'false')) {
+ if str2bool(hiera('enable_external_ceph', false)) {
include ::ceph::profile::client
}
@@ -159,6 +159,8 @@ if hiera('step') >= 2 {
if hiera('step') >= 3 {
include ::keystone
+ include ::keystone::roles::admin
+ include ::keystone::endpoint
#TODO: need a cleanup-keystone-tokens.sh solution here
keystone_config {
@@ -194,9 +196,9 @@ if hiera('step') >= 3 {
$glance_backend = downcase(hiera('glance_backend', 'swift'))
case $glance_backend {
- swift: { $backend_store = 'glance.store.swift.Store' }
- file: { $backend_store = 'glance.store.filesystem.Store' }
- rbd: { $backend_store = 'glance.store.rbd.Store' }
+ 'swift': { $backend_store = 'glance.store.swift.Store' }
+ 'file': { $backend_store = 'glance.store.filesystem.Store' }
+ 'rbd': { $backend_store = 'glance.store.rbd.Store' }
default: { fail('Unrecognized glance_backend parameter.') }
}
$http_store = ['glance.store.http.Store']
@@ -204,8 +206,8 @@ if hiera('step') >= 3 {
# TODO: notifications, scrubber, etc.
include ::glance
- class { 'glance::api':
- known_stores => $glance_store
+ class { '::glance::api':
+ known_stores => $glance_store,
}
include ::glance::registry
include join(['::glance::backend::', $glance_backend])
@@ -225,6 +227,7 @@ if hiera('step') >= 3 {
include ::neutron
include ::neutron::server
+ include ::neutron::server::notifications
include ::neutron::agents::l3
include ::neutron::agents::dhcp
include ::neutron::agents::metadata
@@ -237,24 +240,24 @@ if hiera('step') >= 3 {
require => Package['neutron'],
}
- class { 'neutron::plugins::ml2':
- flat_networks => split(hiera('neutron_flat_networks'), ','),
+ class { '::neutron::plugins::ml2':
+ flat_networks => split(hiera('neutron_flat_networks'), ','),
tenant_network_types => [hiera('neutron_tenant_network_type')],
- mechanism_drivers => [hiera('neutron_mechanism_drivers')],
+ mechanism_drivers => [hiera('neutron_mechanism_drivers')],
}
- class { 'neutron::agents::ml2::ovs':
+ class { '::neutron::agents::ml2::ovs':
bridge_mappings => split(hiera('neutron_bridge_mappings'), ','),
- tunnel_types => split(hiera('neutron_tunnel_types'), ','),
+ tunnel_types => split(hiera('neutron_tunnel_types'), ','),
}
if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') {
- include neutron::plugins::ml2::cisco::nexus1000v
+ include ::neutron::plugins::ml2::cisco::nexus1000v
- class { 'neutron::agents::n1kv_vem':
- n1kv_source => hiera('n1kv_vem_source', undef),
- n1kv_version => hiera('n1kv_vem_version', undef),
+ class { '::neutron::agents::n1kv_vem':
+ n1kv_source => hiera('n1kv_vem_source', undef),
+ n1kv_version => hiera('n1kv_vem_version', undef),
}
- class { 'n1k_vsm':
+ class { '::n1k_vsm':
n1kv_source => hiera('n1kv_vsm_source', undef),
n1kv_version => hiera('n1kv_vsm_version', undef),
pacemaker_control => false,
@@ -270,7 +273,7 @@ if hiera('step') >= 3 {
}
if hiera('neutron_enable_bigswitch_ml2', false) {
- include neutron::plugins::ml2::bigswitch::restproxy
+ include ::neutron::plugins::ml2::bigswitch::restproxy
}
neutron_l3_agent_config {
'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
@@ -289,7 +292,7 @@ if hiera('step') >= 3 {
include ::cinder::glance
include ::cinder::scheduler
include ::cinder::volume
- class {'cinder::setup_test_volume':
+ class { '::cinder::setup_test_volume':
size => join([hiera('cinder_lvm_loop_device_size'), 'M']),
}
@@ -305,16 +308,14 @@ if hiera('step') >= 3 {
if $enable_ceph {
- Ceph_pool {
+ $ceph_pools = hiera('ceph_pools')
+ ceph::pool { $ceph_pools :
pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'),
pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'),
size => hiera('ceph::profile::params::osd_pool_default_size'),
}
- $ceph_pools = hiera('ceph_pools')
- ceph::pool { $ceph_pools : }
-
- $cinder_pool_requires = [Ceph::Pool['volumes']]
+ $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]]
} else {
$cinder_pool_requires = []
@@ -324,8 +325,8 @@ if hiera('step') >= 3 {
$cinder_rbd_backend = 'tripleo_ceph'
cinder::backend::rbd { $cinder_rbd_backend :
- rbd_pool => 'volumes',
- rbd_user => 'openstack',
+ rbd_pool => hiera('cinder_rbd_pool_name'),
+ rbd_user => hiera('ceph_client_user_name'),
rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
require => $cinder_pool_requires,
}
@@ -369,18 +370,18 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_nfs_backend', false) {
$cinder_nfs_backend = 'tripleo_nfs'
- if ($::selinux != "false") {
+ if str2bool($::selinux) {
selboolean { 'virt_use_nfs':
- value => on,
- persistent => true,
+ value => on,
+ persistent => true,
} -> Package['nfs-utils']
}
package {'nfs-utils': } ->
cinder::backend::nfs { $cinder_nfs_backend :
- nfs_servers => hiera('cinder_nfs_servers'),
- nfs_mount_options => hiera('cinder_nfs_mount_options'),
- nfs_shares_config => '/etc/cinder/shares-nfs.conf',
+ nfs_servers => hiera('cinder_nfs_servers'),
+ nfs_mount_options => hiera('cinder_nfs_mount_options',''),
+ nfs_shares_config => '/etc/cinder/shares-nfs.conf',
}
}
@@ -404,9 +405,9 @@ if hiera('step') >= 3 {
include ::swift::proxy::formpost
# swift storage
- if str2bool(hiera('enable_swift_storage', 'true')) {
- class {'swift::storage::all':
- mount_check => str2bool(hiera('swift_mount_check'))
+ if str2bool(hiera('enable_swift_storage', true)) {
+ class { '::swift::storage::all':
+ mount_check => str2bool(hiera('swift_mount_check')),
}
if(!defined(File['/srv/node'])) {
file { '/srv/node':
@@ -440,7 +441,7 @@ if hiera('step') >= 3 {
include ::ceilometer::alarm::evaluator
include ::ceilometer::expirer
include ::ceilometer::collector
- include ceilometer::agent::auth
+ include ::ceilometer::agent::auth
class { '::ceilometer::db' :
database_connection => $ceilometer_database_connection,
}
@@ -461,9 +462,10 @@ if hiera('step') >= 3 {
$_profile_support = 'None'
}
$neutron_options = {'profile_support' => $_profile_support }
- class { 'horizon':
- cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'),
- neutron_options => $neutron_options,
+
+ class { '::horizon':
+ cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'),
+ neutron_options => $neutron_options,
}
$snmpd_user = hiera('snmpd_readonly_user_name')
@@ -471,7 +473,7 @@ if hiera('step') >= 3 {
authtype => 'MD5',
authpass => hiera('snmpd_readonly_user_password'),
}
- class { 'snmp':
+ class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 38ee9c3..2a3f1f9 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -18,7 +18,7 @@ Pcmk_resource <| |> {
try_sleep => 3,
}
-include tripleo::packages
+include ::tripleo::packages
if $::hostname == downcase(hiera('bootstrap_nodeid')) {
$pacemaker_master = true
@@ -28,7 +28,7 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) {
$sync_db = false
}
-$enable_fencing = str2bool(hiera('enable_fencing', 'false')) and hiera('step') >= 5
+$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5
# When to start and enable services which haven't been Pacemakerized
# FIXME: remove when we start all OpenStack services using Pacemaker
@@ -55,7 +55,7 @@ if hiera('step') >= 1 {
$pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G'))
user { 'hacluster':
- ensure => present,
+ ensure => present,
} ->
class { '::pacemaker':
hacluster_pwd => hiera('hacluster_pwd'),
@@ -68,17 +68,17 @@ if hiera('step') >= 1 {
disable => !$enable_fencing,
}
if $enable_fencing {
- include tripleo::fencing
+ include ::tripleo::fencing
# enable stonith after all fencing devices have been created
Class['tripleo::fencing'] -> Class['pacemaker::stonith']
}
- # FIXME(gfidente): sets 90secs as default start timeout op
+ # FIXME(gfidente): sets 100secs as default start timeout op
# param; until we can use pcmk global defaults we'll still
# need to add it to every resource which redefines op params
Pacemaker::Resource::Service {
- op_params => 'start timeout=90s',
+ op_params => 'start timeout=100s stop timeout=100s',
}
# Only configure RabbitMQ in this step, don't start it yet to
@@ -93,7 +93,7 @@ if hiera('step') >= 1 {
environment_variables => hiera('rabbitmq_environment'),
} ->
file { '/var/lib/rabbitmq/.erlang.cookie':
- ensure => 'present',
+ ensure => file,
owner => 'rabbitmq',
group => 'rabbitmq',
mode => '0400',
@@ -120,7 +120,7 @@ if hiera('step') >= 1 {
}
# Galera
- if str2bool(hiera('enable_galera', 'true')) {
+ if str2bool(hiera('enable_galera', true)) {
$mysql_config_file = '/etc/my.cnf.d/galera.cnf'
} else {
$mysql_config_file = '/etc/my.cnf.d/server.cnf'
@@ -154,7 +154,7 @@ if hiera('step') >= 1 {
'wsrep_causal_reads' => '0',
'wsrep_notify_cmd' => '',
'wsrep_sst_method' => 'rsync',
- }
+ },
}
class { '::mysql::server':
@@ -178,7 +178,7 @@ if hiera('step') >= 2 {
if $pacemaker_master {
- include pacemaker::resource_defaults
+ include ::pacemaker::resource_defaults
# FIXME: we should not have to access tripleo::loadbalancer class
# parameters here to configure pacemaker VIPs. The configuration
@@ -199,8 +199,8 @@ if hiera('step') >= 2 {
first_action => 'start',
second_action => 'start',
constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['control_vip']],
+ require => [Pacemaker::Resource::Service['haproxy'],
+ Pacemaker::Resource::Ip['control_vip']],
}
pacemaker::constraint::colocation { 'control_vip-with-haproxy':
source => "ip-${control_vip}",
@@ -222,8 +222,8 @@ if hiera('step') >= 2 {
first_action => 'start',
second_action => 'start',
constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['public_vip']],
+ require => [Pacemaker::Resource::Service['haproxy'],
+ Pacemaker::Resource::Ip['public_vip']],
}
pacemaker::constraint::colocation { 'public_vip-with-haproxy':
source => "ip-${public_vip}",
@@ -246,8 +246,8 @@ if hiera('step') >= 2 {
first_action => 'start',
second_action => 'start',
constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['redis_vip']],
+ require => [Pacemaker::Resource::Service['haproxy'],
+ Pacemaker::Resource::Ip['redis_vip']],
}
pacemaker::constraint::colocation { 'redis_vip-with-haproxy':
source => "ip-${redis_vip}",
@@ -270,8 +270,8 @@ if hiera('step') >= 2 {
first_action => 'start',
second_action => 'start',
constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['internal_api_vip']],
+ require => [Pacemaker::Resource::Service['haproxy'],
+ Pacemaker::Resource::Ip['internal_api_vip']],
}
pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy':
source => "ip-${internal_api_vip}",
@@ -294,8 +294,8 @@ if hiera('step') >= 2 {
first_action => 'start',
second_action => 'start',
constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_vip']],
+ require => [Pacemaker::Resource::Service['haproxy'],
+ Pacemaker::Resource::Ip['storage_vip']],
}
pacemaker::constraint::colocation { 'storage_vip-with-haproxy':
source => "ip-${storage_vip}",
@@ -318,8 +318,8 @@ if hiera('step') >= 2 {
first_action => 'start',
second_action => 'start',
constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_mgmt_vip']],
+ require => [Pacemaker::Resource::Service['haproxy'],
+ Pacemaker::Resource::Ip['storage_mgmt_vip']],
}
pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy':
source => "ip-${storage_mgmt_vip}",
@@ -331,7 +331,7 @@ if hiera('step') >= 2 {
}
pacemaker::resource::service { $::memcached::params::service_name :
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
require => Class['::memcached'],
}
@@ -344,7 +344,7 @@ if hiera('step') >= 2 {
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
pacemaker::resource::service { $::mongodb::params::service_name :
- op_params => 'start timeout=120s',
+ op_params => 'start timeout=120s stop timeout=100s',
clone_params => true,
require => Class['::mongodb::server'],
}
@@ -385,7 +385,7 @@ if hiera('step') >= 2 {
timeout => 30,
tries => 180,
try_sleep => 10,
- environment => ["AVAILABLE_WHEN_READONLY=0"],
+ environment => ['AVAILABLE_WHEN_READONLY=0'],
require => File['/etc/sysconfig/clustercheck'],
}
@@ -411,28 +411,28 @@ MYSQL_HOST=localhost\n",
# Create all the database schemas
if $sync_db {
- class { 'keystone::db::mysql':
- require => Exec['galera-ready'],
+ class { '::keystone::db::mysql':
+ require => Exec['galera-ready'],
}
- class { 'glance::db::mysql':
- require => Exec['galera-ready'],
+ class { '::glance::db::mysql':
+ require => Exec['galera-ready'],
}
- class { 'nova::db::mysql':
- require => Exec['galera-ready'],
+ class { '::nova::db::mysql':
+ require => Exec['galera-ready'],
}
- class { 'neutron::db::mysql':
- require => Exec['galera-ready'],
+ class { '::neutron::db::mysql':
+ require => Exec['galera-ready'],
}
- class { 'cinder::db::mysql':
- require => Exec['galera-ready'],
+ class { '::cinder::db::mysql':
+ require => Exec['galera-ready'],
}
- class { 'heat::db::mysql':
- require => Exec['galera-ready'],
+ class { '::heat::db::mysql':
+ require => Exec['galera-ready'],
}
if downcase(hiera('ceilometer_backend')) == 'mysql' {
- class { 'ceilometer::db::mysql':
- require => Exec['galera-ready'],
+ class { '::ceilometer::db::mysql':
+ require => Exec['galera-ready'],
}
}
}
@@ -444,31 +444,31 @@ MYSQL_HOST=localhost\n",
$enable_ceph = hiera('ceph_storage_count', 0) > 0
if $enable_ceph {
- class { 'ceph::profile::params':
- mon_initial_members => downcase(hiera('ceph_mon_initial_members'))
+ class { '::ceph::profile::params':
+ mon_initial_members => downcase(hiera('ceph_mon_initial_members')),
}
include ::ceph::profile::mon
}
- if str2bool(hiera('enable_ceph_storage', 'false')) {
+ if str2bool(hiera('enable_ceph_storage', false)) {
if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
exec { 'set selinux to permissive on boot':
command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
- path => ["/usr/bin", "/usr/sbin"],
+ path => ['/usr/bin', '/usr/sbin'],
}
exec { 'set selinux to permissive':
- command => "setenforce 0",
+ command => 'setenforce 0',
onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
- path => ["/usr/bin", "/usr/sbin"],
+ path => ['/usr/bin', '/usr/sbin'],
} -> Class['ceph::profile::osd']
}
include ::ceph::profile::osd
}
- if str2bool(hiera('enable_external_ceph', 'false')) {
+ if str2bool(hiera('enable_external_ceph', false)) {
include ::ceph::profile::client
}
@@ -478,9 +478,9 @@ MYSQL_HOST=localhost\n",
if hiera('step') >= 3 {
class { '::keystone':
- sync_db => $sync_db,
+ sync_db => $sync_db,
manage_service => false,
- enabled => false,
+ enabled => false,
}
#TODO: need a cleanup-keystone-tokens.sh solution here
@@ -517,16 +517,16 @@ if hiera('step') >= 3 {
$glance_backend = downcase(hiera('glance_backend', 'swift'))
case $glance_backend {
- swift: { $backend_store = 'glance.store.swift.Store' }
- file: { $backend_store = 'glance.store.filesystem.Store' }
- rbd: { $backend_store = 'glance.store.rbd.Store' }
+ 'swift': { $backend_store = 'glance.store.swift.Store' }
+ 'file': { $backend_store = 'glance.store.filesystem.Store' }
+ 'rbd': { $backend_store = 'glance.store.rbd.Store' }
default: { fail('Unrecognized glance_backend parameter.') }
}
$http_store = ['glance.store.http.Store']
$glance_store = concat($http_store, $backend_store)
if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) {
- pacemaker::resource::filesystem { "glance-fs":
+ pacemaker::resource::filesystem { 'glance-fs':
device => hiera('glance_file_pcmk_device'),
directory => hiera('glance_file_pcmk_directory'),
fstype => hiera('glance_file_pcmk_fstype'),
@@ -537,15 +537,15 @@ if hiera('step') >= 3 {
# TODO: notifications, scrubber, etc.
include ::glance
- class { 'glance::api':
- known_stores => $glance_store,
+ class { '::glance::api':
+ known_stores => $glance_store,
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::glance::registry' :
- sync_db => $sync_db,
+ sync_db => $sync_db,
manage_service => false,
- enabled => false,
+ enabled => false,
}
include join(['::glance::backend::', $glance_backend])
@@ -556,51 +556,52 @@ if hiera('step') >= 3 {
include ::nova::config
class { '::nova::api' :
- sync_db => $sync_db,
+ sync_db => $sync_db,
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::nova::cert' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::nova::conductor' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::nova::consoleauth' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::nova::vncproxy' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
include ::nova::scheduler::filter
class { '::nova::scheduler' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
include ::nova::network::neutron
# Neutron class definitions
include ::neutron
class { '::neutron::server' :
- sync_db => $sync_db,
+ sync_db => $sync_db,
manage_service => false,
- enabled => false,
+ enabled => false,
}
+ include ::neutron::server::notifications
class { '::neutron::agents::dhcp' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::neutron::agents::l3' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
- class { 'neutron::agents::metadata':
+ class { '::neutron::agents::metadata':
manage_service => false,
- enabled => false,
+ enabled => false,
}
file { '/etc/neutron/dnsmasq-neutron.conf':
content => hiera('neutron_dnsmasq_options'),
@@ -609,16 +610,16 @@ if hiera('step') >= 3 {
notify => Service['neutron-dhcp-service'],
require => Package['neutron'],
}
- class { 'neutron::plugins::ml2':
- flat_networks => split(hiera('neutron_flat_networks'), ','),
+ class { '::neutron::plugins::ml2':
+ flat_networks => split(hiera('neutron_flat_networks'), ','),
tenant_network_types => [hiera('neutron_tenant_network_type')],
- mechanism_drivers => [hiera('neutron_mechanism_drivers')],
+ mechanism_drivers => [hiera('neutron_mechanism_drivers')],
}
- class { 'neutron::agents::ml2::ovs':
- manage_service => false,
- enabled => false,
- bridge_mappings => split(hiera('neutron_bridge_mappings'), ','),
- tunnel_types => split(hiera('neutron_tunnel_types'), ','),
+ class { '::neutron::agents::ml2::ovs':
+ manage_service => false,
+ enabled => false,
+ bridge_mappings => split(hiera('neutron_bridge_mappings'), ','),
+ tunnel_types => split(hiera('neutron_tunnel_types'), ','),
}
if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') {
@@ -629,21 +630,21 @@ if hiera('step') >= 3 {
include ::neutron::plugins::ml2::cisco::type_nexus_vxlan
}
if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') {
- include neutron::plugins::ml2::cisco::nexus1000v
+ include ::neutron::plugins::ml2::cisco::nexus1000v
- class { 'neutron::agents::n1kv_vem':
- n1kv_source => hiera('n1kv_vem_source', undef),
- n1kv_version => hiera('n1kv_vem_version', undef),
+ class { '::neutron::agents::n1kv_vem':
+ n1kv_source => hiera('n1kv_vem_source', undef),
+ n1kv_version => hiera('n1kv_vem_version', undef),
}
- class { 'n1k_vsm':
- n1kv_source => hiera('n1kv_vsm_source', undef),
- n1kv_version => hiera('n1kv_vsm_version', undef),
+ class { '::n1k_vsm':
+ n1kv_source => hiera('n1kv_vsm_source', undef),
+ n1kv_version => hiera('n1kv_vsm_version', undef),
}
}
if hiera('neutron_enable_bigswitch_ml2', false) {
- include neutron::plugins::ml2::bigswitch::restproxy
+ include ::neutron::plugins::ml2::bigswitch::restproxy
}
neutron_l3_agent_config {
'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
@@ -654,20 +655,20 @@ if hiera('step') >= 3 {
include ::cinder
class { '::cinder::api':
- sync_db => $sync_db,
+ sync_db => $sync_db,
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::cinder::scheduler' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::cinder::volume' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
include ::cinder::glance
- class {'cinder::setup_test_volume':
+ class { '::cinder::setup_test_volume':
size => join([hiera('cinder_lvm_loop_device_size'), 'M']),
}
@@ -683,16 +684,14 @@ if hiera('step') >= 3 {
if $enable_ceph {
- Ceph_pool {
+ $ceph_pools = hiera('ceph_pools')
+ ceph::pool { $ceph_pools :
pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'),
pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'),
size => hiera('ceph::profile::params::osd_pool_default_size'),
}
- $ceph_pools = hiera('ceph_pools')
- ceph::pool { $ceph_pools : }
-
- $cinder_pool_requires = [Ceph::Pool['volumes']]
+ $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]]
} else {
$cinder_pool_requires = []
@@ -702,8 +701,8 @@ if hiera('step') >= 3 {
$cinder_rbd_backend = 'tripleo_ceph'
cinder::backend::rbd { $cinder_rbd_backend :
- rbd_pool => 'volumes',
- rbd_user => 'openstack',
+ rbd_pool => hiera('cinder_rbd_pool_name'),
+ rbd_user => hiera('ceph_client_user_name'),
rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
require => $cinder_pool_requires,
}
@@ -747,18 +746,18 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_nfs_backend', false) {
$cinder_nfs_backend = 'tripleo_nfs'
- if ($::selinux != "false") {
+ if str2bool($::selinux) {
selboolean { 'virt_use_nfs':
- value => on,
- persistent => true,
+ value => on,
+ persistent => true,
} -> Package['nfs-utils']
}
- package {'nfs-utils': } ->
+ package { 'nfs-utils': } ->
cinder::backend::nfs { $cinder_nfs_backend:
- nfs_servers => hiera('cinder_nfs_servers'),
- nfs_mount_options => hiera('cinder_nfs_mount_options'),
- nfs_shares_config => '/etc/cinder/shares-nfs.conf',
+ nfs_servers => hiera('cinder_nfs_servers'),
+ nfs_mount_options => hiera('cinder_nfs_mount_options',''),
+ nfs_shares_config => '/etc/cinder/shares-nfs.conf',
}
}
@@ -770,7 +769,7 @@ if hiera('step') >= 3 {
# swift proxy
class { '::swift::proxy' :
manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
+ enabled => $non_pcmk_start,
}
include ::swift::proxy::proxy_logging
include ::swift::proxy::healthcheck
@@ -784,21 +783,21 @@ if hiera('step') >= 3 {
include ::swift::proxy::formpost
# swift storage
- if str2bool(hiera('enable_swift_storage', 'true')) {
+ if str2bool(hiera('enable_swift_storage', true)) {
class {'::swift::storage::all':
- mount_check => str2bool(hiera('swift_mount_check'))
+ mount_check => str2bool(hiera('swift_mount_check')),
}
class {'::swift::storage::account':
manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
+ enabled => $non_pcmk_start,
}
class {'::swift::storage::container':
manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
+ enabled => $non_pcmk_start,
}
class {'::swift::storage::object':
manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
+ enabled => $non_pcmk_start,
}
if(!defined(File['/srv/node'])) {
file { '/srv/node':
@@ -814,12 +813,11 @@ if hiera('step') >= 3 {
}
# Ceilometer
- $ceilometer_backend = downcase(hiera('ceilometer_backend'))
- case $ceilometer_backend {
- /mysql/ : {
+ case downcase(hiera('ceilometer_backend')) {
+ /mysql/: {
$ceilometer_database_connection = hiera('ceilometer_mysql_conn_string')
}
- default : {
+ default: {
$mongo_node_string = join($mongo_node_ips_with_port, ',')
$ceilometer_database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}"
}
@@ -828,34 +826,34 @@ if hiera('step') >= 3 {
include ::ceilometer::config
class { '::ceilometer::api' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::ceilometer::agent::notification' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::ceilometer::agent::central' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::ceilometer::alarm::notifier' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::ceilometer::alarm::evaluator' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::ceilometer::collector' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
include ::ceilometer::expirer
class { '::ceilometer::db' :
database_connection => $ceilometer_database_connection,
sync_db => $sync_db,
}
- include ceilometer::agent::auth
+ include ::ceilometer::agent::auth
Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
@@ -865,19 +863,19 @@ if hiera('step') >= 3 {
}
class { '::heat::api' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::heat::api_cfn' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::heat::api_cloudwatch' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
class { '::heat::engine' :
manage_service => false,
- enabled => false,
+ enabled => false,
}
# httpd/apache and horizon
@@ -893,9 +891,9 @@ if hiera('step') >= 3 {
$_profile_support = 'None'
}
$neutron_options = {'profile_support' => $_profile_support }
- class { 'horizon':
- cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'),
- neutron_options => $neutron_options,
+ class { '::horizon':
+ cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'),
+ neutron_options => $neutron_options,
}
$snmpd_user = hiera('snmpd_readonly_user_name')
@@ -903,7 +901,7 @@ if hiera('step') >= 3 {
authtype => 'MD5',
authpass => hiera('snmpd_readonly_user_password'),
}
- class { 'snmp':
+ class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
@@ -919,12 +917,16 @@ if hiera('step') >= 4 {
# Keystone
pacemaker::resource::service { $::keystone::params::service_name :
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
+ verify_on_create => true,
+ require => [File['/etc/keystone/ssl/certs/ca.pem'],
+ File['/etc/keystone/ssl/private/signing_key.pem'],
+ File['/etc/keystone/ssl/certs/signing_cert.pem']],
}
pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
constraint_type => 'order',
- first_resource => "haproxy-clone",
+ first_resource => 'haproxy-clone',
second_resource => "${::keystone::params::service_name}-clone",
first_action => 'start',
second_action => 'start',
@@ -933,7 +935,7 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint':
constraint_type => 'order',
- first_resource => "rabbitmq-clone",
+ first_resource => 'rabbitmq-clone',
second_resource => "${::keystone::params::service_name}-clone",
first_action => 'start',
second_action => 'start',
@@ -942,7 +944,7 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'memcached-then-keystone-constraint':
constraint_type => 'order',
- first_resource => "memcached-clone",
+ first_resource => 'memcached-clone',
second_resource => "${::keystone::params::service_name}-clone",
first_action => 'start',
second_action => 'start',
@@ -951,7 +953,7 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'galera-then-keystone-constraint':
constraint_type => 'order',
- first_resource => "galera-master",
+ first_resource => 'galera-master',
second_resource => "${::keystone::params::service_name}-clone",
first_action => 'promote',
second_action => 'start',
@@ -961,11 +963,11 @@ if hiera('step') >= 4 {
# Cinder
pacemaker::resource::service { $::cinder::params::api_service :
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
require => Pacemaker::Resource::Service[$::keystone::params::service_name],
}
pacemaker::resource::service { $::cinder::params::scheduler_service :
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
}
pacemaker::resource::service { $::cinder::params::volume_service : }
@@ -979,45 +981,45 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::keystone::params::service_name]],
}
pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint':
- constraint_type => "order",
- first_resource => "${::cinder::params::api_service}-clone",
+ constraint_type => 'order',
+ first_resource => "${::cinder::params::api_service}-clone",
second_resource => "${::cinder::params::scheduler_service}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::cinder::params::api_service],
- Pacemaker::Resource::Service[$::cinder::params::scheduler_service]],
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::cinder::params::api_service],
+ Pacemaker::Resource::Service[$::cinder::params::scheduler_service]],
}
pacemaker::constraint::colocation { 'cinder-scheduler-with-cinder-api-colocation':
- source => "${::cinder::params::scheduler_service}-clone",
- target => "${::cinder::params::api_service}-clone",
- score => "INFINITY",
+ source => "${::cinder::params::scheduler_service}-clone",
+ target => "${::cinder::params::api_service}-clone",
+ score => 'INFINITY',
require => [Pacemaker::Resource::Service[$::cinder::params::api_service],
Pacemaker::Resource::Service[$::cinder::params::scheduler_service]],
}
pacemaker::constraint::base { 'cinder-scheduler-then-cinder-volume-constraint':
- constraint_type => "order",
- first_resource => "${::cinder::params::scheduler_service}-clone",
- second_resource => "${::cinder::params::volume_service}",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service],
- Pacemaker::Resource::Service[$::cinder::params::volume_service]],
+ constraint_type => 'order',
+ first_resource => "${::cinder::params::scheduler_service}-clone",
+ second_resource => $::cinder::params::volume_service,
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service],
+ Pacemaker::Resource::Service[$::cinder::params::volume_service]],
}
pacemaker::constraint::colocation { 'cinder-volume-with-cinder-scheduler-colocation':
- source => "${::cinder::params::volume_service}",
- target => "${::cinder::params::scheduler_service}-clone",
- score => "INFINITY",
+ source => $::cinder::params::volume_service,
+ target => "${::cinder::params::scheduler_service}-clone",
+ score => 'INFINITY',
require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service],
Pacemaker::Resource::Service[$::cinder::params::volume_service]],
}
# Glance
pacemaker::resource::service { $::glance::params::registry_service_name :
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
require => Pacemaker::Resource::Service[$::keystone::params::service_name],
}
pacemaker::resource::service { $::glance::params::api_service_name :
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
}
pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
@@ -1030,18 +1032,18 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::keystone::params::service_name]],
}
pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
- constraint_type => "order",
+ constraint_type => 'order',
first_resource => "${::glance::params::registry_service_name}-clone",
second_resource => "${::glance::params::api_service_name}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::glance::params::api_service_name]],
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
+ Pacemaker::Resource::Service[$::glance::params::api_service_name]],
}
pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation':
source => "${::glance::params::api_service_name}-clone",
target => "${::glance::params::registry_service_name}-clone",
- score => "INFINITY",
+ score => 'INFINITY',
require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
Pacemaker::Resource::Service[$::glance::params::api_service_name]],
}
@@ -1053,155 +1055,154 @@ if hiera('step') >= 4 {
# https://bugzilla.redhat.com/show_bug.cgi?id=1233061
exec { '/usr/bin/systemctl start neutron-server && /usr/bin/sleep 5' : } ->
pacemaker::resource::service { $::neutron::params::server_service:
- op_params => "start timeout=90",
- clone_params => "interleave=true",
- require => Pacemaker::Resource::Service[$::keystone::params::service_name]
+ clone_params => 'interleave=true',
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
}
pacemaker::resource::service { $::neutron::params::l3_agent_service:
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
}
pacemaker::resource::service { $::neutron::params::dhcp_agent_service:
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
}
pacemaker::resource::service { $::neutron::params::ovs_agent_service:
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
}
pacemaker::resource::service { $::neutron::params::metadata_agent_service:
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
}
pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service:
- ocf_agent_name => "neutron:OVSCleanup",
- clone_params => "interleave=true",
+ ocf_agent_name => 'neutron:OVSCleanup',
+ clone_params => 'interleave=true',
}
pacemaker::resource::ocf { 'neutron-netns-cleanup':
- ocf_agent_name => "neutron:NetnsCleanup",
- clone_params => "interleave=true",
+ ocf_agent_name => 'neutron:NetnsCleanup',
+ clone_params => 'interleave=true',
}
# neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent
pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint':
- constraint_type => "order",
- first_resource => "${::neutron::params::ovs_cleanup_service}-clone",
- second_resource => "neutron-netns-cleanup-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Ocf["${::neutron::params::ovs_cleanup_service}"],
- Pacemaker::Resource::Ocf['neutron-netns-cleanup']],
+ constraint_type => 'order',
+ first_resource => "${::neutron::params::ovs_cleanup_service}-clone",
+ second_resource => 'neutron-netns-cleanup-clone',
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service],
+ Pacemaker::Resource::Ocf['neutron-netns-cleanup']],
}
pacemaker::constraint::colocation { 'neutron-ovs-cleanup-to-netns-cleanup-colocation':
- source => "neutron-netns-cleanup-clone",
- target => "${::neutron::params::ovs_cleanup_service}-clone",
- score => "INFINITY",
- require => [Pacemaker::Resource::Ocf["${::neutron::params::ovs_cleanup_service}"],
+ source => 'neutron-netns-cleanup-clone',
+ target => "${::neutron::params::ovs_cleanup_service}-clone",
+ score => 'INFINITY',
+ require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service],
Pacemaker::Resource::Ocf['neutron-netns-cleanup']],
}
pacemaker::constraint::base { 'neutron-netns-cleanup-to-openvswitch-agent-constraint':
- constraint_type => "order",
- first_resource => "neutron-netns-cleanup-clone",
+ constraint_type => 'order',
+ first_resource => 'neutron-netns-cleanup-clone',
second_resource => "${::neutron::params::ovs_agent_service}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Ocf["neutron-netns-cleanup"],
- Pacemaker::Resource::Service["${::neutron::params::ovs_agent_service}"]],
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'],
+ Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
}
pacemaker::constraint::colocation { 'neutron-netns-cleanup-to-openvswitch-agent-colocation':
- source => "${::neutron::params::ovs_agent_service}-clone",
- target => "neutron-netns-cleanup-clone",
- score => "INFINITY",
- require => [Pacemaker::Resource::Ocf["neutron-netns-cleanup"],
- Pacemaker::Resource::Service["${::neutron::params::ovs_agent_service}"]],
+ source => "${::neutron::params::ovs_agent_service}-clone",
+ target => 'neutron-netns-cleanup-clone',
+ score => 'INFINITY',
+ require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'],
+ Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
}
#another chain keystone-->neutron-server-->ovs-agent-->dhcp-->l3
pacemaker::constraint::base { 'keystone-to-neutron-server-constraint':
- constraint_type => "order",
- first_resource => "${::keystone::params::service_name}-clone",
+ constraint_type => 'order',
+ first_resource => "${::keystone::params::service_name}-clone",
second_resource => "${::neutron::params::server_service}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
- Pacemaker::Resource::Service[$::neutron::params::server_service]],
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
+ Pacemaker::Resource::Service[$::neutron::params::server_service]],
}
pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
- constraint_type => "order",
- first_resource => "${::neutron::params::server_service}-clone",
+ constraint_type => 'order',
+ first_resource => "${::neutron::params::server_service}-clone",
second_resource => "${::neutron::params::ovs_agent_service}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
- Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
+ Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
}
pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint':
- constraint_type => "order",
- first_resource => "${::neutron::params::ovs_agent_service}-clone",
+ constraint_type => 'order',
+ first_resource => "${::neutron::params::ovs_agent_service}-clone",
second_resource => "${::neutron::params::dhcp_agent_service}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service["${::neutron::params::ovs_agent_service}"],
- Pacemaker::Resource::Service["${::neutron::params::dhcp_agent_service}"]],
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
+ Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
}
pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation':
- source => "${::neutron::params::dhcp_agent_service}-clone",
- target => "${::neutron::params::ovs_agent_service}-clone",
- score => "INFINITY",
- require => [Pacemaker::Resource::Service["${::neutron::params::ovs_agent_service}"],
- Pacemaker::Resource::Service["${::neutron::params::dhcp_agent_service}"]],
+ source => "${::neutron::params::dhcp_agent_service}-clone",
+ target => "${::neutron::params::ovs_agent_service}-clone",
+ score => 'INFINITY',
+ require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
+ Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
}
pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint':
- constraint_type => "order",
- first_resource => "${::neutron::params::dhcp_agent_service}-clone",
+ constraint_type => 'order',
+ first_resource => "${::neutron::params::dhcp_agent_service}-clone",
second_resource => "${::neutron::params::l3_agent_service}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service["${::neutron::params::dhcp_agent_service}"],
- Pacemaker::Resource::Service["${::neutron::params::l3_agent_service}"]]
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service],
+ Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]],
}
pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation':
- source => "${::neutron::params::l3_agent_service}-clone",
- target => "${::neutron::params::dhcp_agent_service}-clone",
- score => "INFINITY",
- require => [Pacemaker::Resource::Service["${::neutron::params::dhcp_agent_service}"],
- Pacemaker::Resource::Service["${::neutron::params::l3_agent_service}"]]
+ source => "${::neutron::params::l3_agent_service}-clone",
+ target => "${::neutron::params::dhcp_agent_service}-clone",
+ score => 'INFINITY',
+ require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service],
+ Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]],
}
pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint':
- constraint_type => "order",
- first_resource => "${::neutron::params::l3_agent_service}-clone",
+ constraint_type => 'order',
+ first_resource => "${::neutron::params::l3_agent_service}-clone",
second_resource => "${::neutron::params::metadata_agent_service}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service["${::neutron::params::l3_agent_service}"],
- Pacemaker::Resource::Service["${::neutron::params::metadata_agent_service}"]]
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service],
+ Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]],
}
pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation':
- source => "${::neutron::params::metadata_agent_service}-clone",
- target => "${::neutron::params::l3_agent_service}-clone",
- score => "INFINITY",
- require => [Pacemaker::Resource::Service["${::neutron::params::l3_agent_service}"],
- Pacemaker::Resource::Service["${::neutron::params::metadata_agent_service}"]]
+ source => "${::neutron::params::metadata_agent_service}-clone",
+ target => "${::neutron::params::l3_agent_service}-clone",
+ score => 'INFINITY',
+ require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service],
+ Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]],
}
# Nova
pacemaker::resource::service { $::nova::params::api_service_name :
- clone_params => "interleave=true",
- op_params => "start timeout=90s monitor start-delay=10s",
+ clone_params => 'interleave=true',
+ op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::conductor_service_name :
- clone_params => "interleave=true",
- op_params => "start timeout=90s monitor start-delay=10s",
+ clone_params => 'interleave=true',
+ op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::consoleauth_service_name :
- clone_params => "interleave=true",
- op_params => "start timeout=90s monitor start-delay=10s",
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ clone_params => 'interleave=true',
+ op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s',
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
}
pacemaker::resource::service { $::nova::params::vncproxy_service_name :
- clone_params => "interleave=true",
- op_params => "start timeout=90s monitor start-delay=10s",
+ clone_params => 'interleave=true',
+ op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::scheduler_service_name :
- clone_params => "interleave=true",
- op_params => "start timeout=90s monitor start-delay=10s",
+ clone_params => 'interleave=true',
+ op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s',
}
pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint':
@@ -1214,75 +1215,85 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::keystone::params::service_name]],
}
pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint':
- constraint_type => "order",
+ constraint_type => 'order',
first_resource => "${::nova::params::consoleauth_service_name}-clone",
second_resource => "${::nova::params::vncproxy_service_name}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]],
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
+ Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]],
}
pacemaker::constraint::colocation { 'nova-vncproxy-with-nova-consoleauth-colocation':
- source => "${::nova::params::vncproxy_service_name}-clone",
- target => "${::nova::params::consoleauth_service_name}-clone",
- score => "INFINITY",
+ source => "${::nova::params::vncproxy_service_name}-clone",
+ target => "${::nova::params::consoleauth_service_name}-clone",
+ score => 'INFINITY',
require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]],
}
pacemaker::constraint::base { 'nova-vncproxy-then-nova-api-constraint':
- constraint_type => "order",
+ constraint_type => 'order',
first_resource => "${::nova::params::vncproxy_service_name}-clone",
second_resource => "${::nova::params::api_service_name}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name],
- Pacemaker::Resource::Service[$::nova::params::api_service_name]],
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name],
+ Pacemaker::Resource::Service[$::nova::params::api_service_name]],
}
pacemaker::constraint::colocation { 'nova-api-with-nova-vncproxy-colocation':
- source => "${::nova::params::api_service_name}-clone",
- target => "${::nova::params::vncproxy_service_name}-clone",
- score => "INFINITY",
+ source => "${::nova::params::api_service_name}-clone",
+ target => "${::nova::params::vncproxy_service_name}-clone",
+ score => 'INFINITY',
require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name],
Pacemaker::Resource::Service[$::nova::params::api_service_name]],
}
pacemaker::constraint::base { 'nova-api-then-nova-scheduler-constraint':
- constraint_type => "order",
+ constraint_type => 'order',
first_resource => "${::nova::params::api_service_name}-clone",
second_resource => "${::nova::params::scheduler_service_name}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::nova::params::api_service_name],
- Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]],
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::nova::params::api_service_name],
+ Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]],
}
pacemaker::constraint::colocation { 'nova-scheduler-with-nova-api-colocation':
- source => "${::nova::params::scheduler_service_name}-clone",
- target => "${::nova::params::api_service_name}-clone",
- score => "INFINITY",
+ source => "${::nova::params::scheduler_service_name}-clone",
+ target => "${::nova::params::api_service_name}-clone",
+ score => 'INFINITY',
require => [Pacemaker::Resource::Service[$::nova::params::api_service_name],
Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]],
}
pacemaker::constraint::base { 'nova-scheduler-then-nova-conductor-constraint':
- constraint_type => "order",
+ constraint_type => 'order',
first_resource => "${::nova::params::scheduler_service_name}-clone",
second_resource => "${::nova::params::conductor_service_name}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name],
- Pacemaker::Resource::Service[$::nova::params::conductor_service_name]],
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name],
+ Pacemaker::Resource::Service[$::nova::params::conductor_service_name]],
}
pacemaker::constraint::colocation { 'nova-conductor-with-nova-scheduler-colocation':
- source => "${::nova::params::conductor_service_name}-clone",
- target => "${::nova::params::scheduler_service_name}-clone",
- score => "INFINITY",
+ source => "${::nova::params::conductor_service_name}-clone",
+ target => "${::nova::params::scheduler_service_name}-clone",
+ score => 'INFINITY',
require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name],
Pacemaker::Resource::Service[$::nova::params::conductor_service_name]],
}
# Ceilometer
- pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
- clone_params => 'interleave=true',
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
- Pacemaker::Resource::Service[$::mongodb::params::service_name]],
+ case downcase(hiera('ceilometer_backend')) {
+ /mysql/: {
+ pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
+ clone_params => 'interleave=true',
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ }
+ }
+ default: {
+ pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
+ clone_params => 'interleave=true',
+ require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
+ Pacemaker::Resource::Service[$::mongodb::params::service_name]],
+ }
+ }
}
pacemaker::resource::service { $::ceilometer::params::collector_service_name :
clone_params => 'interleave=true',
@@ -1312,7 +1323,7 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'redis-then-ceilometer-central-constraint':
constraint_type => 'order',
- first_resource => "redis-master",
+ first_resource => 'redis-master',
second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
first_action => 'promote',
second_action => 'start',
@@ -1458,8 +1469,8 @@ if hiera('step') >= 4 {
second_resource => "${::heat::params::api_cfn_service_name}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]],
+ require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
+ Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]],
}
pacemaker::constraint::colocation { 'heat-api-cfn-with-heat-api-colocation':
source => "${::heat::params::api_cfn_service_name}-clone",
@@ -1474,8 +1485,8 @@ if hiera('step') >= 4 {
second_resource => "${::heat::params::api_cloudwatch_service_name}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name],
- Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]],
+ require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name],
+ Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]],
}
pacemaker::constraint::colocation { 'heat-api-cloudwatch-with-heat-api-cfn-colocation':
source => "${::heat::params::api_cloudwatch_service_name}-clone",
@@ -1490,8 +1501,8 @@ if hiera('step') >= 4 {
second_resource => "${::heat::params::engine_service_name}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name],
- Pacemaker::Resource::Service[$::heat::params::engine_service_name]],
+ require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name],
+ Pacemaker::Resource::Service[$::heat::params::engine_service_name]],
}
pacemaker::constraint::colocation { 'heat-engine-with-heat-api-cloudwatch-colocation':
source => "${::heat::params::engine_service_name}-clone",
@@ -1512,7 +1523,7 @@ if hiera('step') >= 4 {
# Horizon
pacemaker::resource::service { $::horizon::params::http_service:
- clone_params => "interleave=true",
+ clone_params => 'interleave=true',
}
#VSM
@@ -1523,7 +1534,7 @@ if hiera('step') >= 4 {
require => Class['n1k_vsm'],
meta_params => 'resource-stickiness=INFINITY',
}
- if str2bool(hiera('n1k_vsm::pacemaker_control', 'true')) {
+ if str2bool(hiera('n1k_vsm::pacemaker_control', true)) {
pacemaker::resource::ocf { 'vsm-s' :
ocf_agent_name => 'heartbeat:VirtualDomain',
resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml',
@@ -1531,9 +1542,9 @@ if hiera('step') >= 4 {
meta_params => 'resource-stickiness=INFINITY',
}
pacemaker::constraint::colocation { 'vsm-colocation-contraint':
- source => "vsm-p",
- target => "vsm-s",
- score => "-INFINITY",
+ source => 'vsm-p',
+ target => 'vsm-s',
+ score => '-INFINITY',
require => [Pacemaker::Resource::Ocf['vsm-p'],
Pacemaker::Resource::Ocf['vsm-s']],
}
@@ -1544,5 +1555,20 @@ if hiera('step') >= 4 {
} #END STEP 4
+if hiera('step') >= 5 {
+
+ if $pacemaker_master {
+
+ class {'::keystone::roles::admin' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ } ->
+ class {'::keystone::endpoint' :
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ }
+
+ }
+
+} #END STEP 5
+
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')])
package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
index 5f4b070..5f0b4c8 100644
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -13,7 +13,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-include tripleo::packages
+include ::tripleo::packages
create_resources(sysctl::value, hiera('sysctl_settings'), {})
@@ -22,8 +22,8 @@ if count(hiera('ntp::servers')) > 0 {
}
include ::swift
-class {'swift::storage::all':
- mount_check => str2bool(hiera('swift_mount_check'))
+class { '::swift::storage::all':
+ mount_check => str2bool(hiera('swift_mount_check')),
}
if(!defined(File['/srv/node'])) {
file { '/srv/node':
@@ -43,7 +43,7 @@ snmp::snmpv3_user { $snmpd_user:
authtype => 'MD5',
authpass => hiera('snmpd_readonly_user_password'),
}
-class { 'snmp':
+class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp
index eaaed66..7f24959 100644
--- a/puppet/manifests/overcloud_volume.pp
+++ b/puppet/manifests/overcloud_volume.pp
@@ -13,7 +13,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-include tripleo::packages
+include ::tripleo::packages
create_resources(sysctl::value, hiera('sysctl_settings'), {})
@@ -47,7 +47,7 @@ snmp::snmpv3_user { $snmpd_user:
authtype => 'MD5',
authpass => hiera('snmpd_readonly_user_password'),
}
-class { 'snmp':
+class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp
index 1897dcd..4296208 100644
--- a/puppet/manifests/ringbuilder.pp
+++ b/puppet/manifests/ringbuilder.pp
@@ -13,7 +13,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-include tripleo::packages
+include ::tripleo::packages
define add_devices(
$swift_zones = '1'
@@ -37,31 +37,33 @@ define add_devices(
$base = regsubst($name,'^r1.*-(.*)$','\1')
$object = regsubst($base, '%PORT%', '6000')
ring_object_device { $object:
- zone => '1',
- weight => 100,
+ zone => '1',
+ weight => 100,
}
$container = regsubst($base, '%PORT%', '6001')
ring_container_device { $container:
- zone => '1',
- weight => 100,
+ zone => '1',
+ weight => 100,
}
$account = regsubst($base, '%PORT%', '6002')
ring_account_device { $account:
- zone => '1',
- weight => 100,
+ zone => '1',
+ weight => 100,
}
}
class tripleo::ringbuilder (
$swift_zones = '1',
$devices = '',
- $build_ring = 'True',
+ $build_ring = true,
$part_power,
$replicas,
$min_part_hours,
) {
- if str2bool(downcase("$build_ring")) {
+ validate_bool($build_ring)
+
+ if $build_ring {
$device_array = strip(split(rstrip($devices), ','))
@@ -74,7 +76,7 @@ class tripleo::ringbuilder (
# add all other devices
add_devices {$device_array:
- swift_zones => $swift_zones
+ swift_zones => $swift_zones,
} ->
# rebalance
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index 22ec609..3d9b901 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -45,8 +45,9 @@ parameters:
type: string
hidden: true
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -207,11 +208,7 @@ resources:
swift_min_part_hours: {get_param: MinPartHours}
swift_part_power: {get_param: PartPower}
swift_replicas: { get_param: Replicas}
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}