aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--compute.yaml4
-rw-r--r--controller.yaml4
-rw-r--r--overcloud-resource-registry-puppet.yaml5
-rw-r--r--overcloud-without-mergepy.yaml16
-rw-r--r--puppet/ceph-storage-post-puppet.yaml2
-rw-r--r--puppet/cinder-storage-post.yaml3
-rw-r--r--puppet/compute-puppet.yaml48
-rw-r--r--puppet/controller-post-puppet.yaml83
-rw-r--r--puppet/controller-puppet.yaml47
-rw-r--r--puppet/hieradata/ceph.yaml6
-rw-r--r--puppet/hieradata/compute.yaml5
-rw-r--r--puppet/hieradata/controller.yaml18
-rw-r--r--puppet/manifests/loadbalancer.pp386
-rw-r--r--puppet/manifests/overcloud_compute.pp27
-rw-r--r--puppet/manifests/overcloud_controller.pp57
-rw-r--r--puppet/swift-storage-post.yaml7
16 files changed, 220 insertions, 498 deletions
diff --git a/compute.yaml b/compute.yaml
index 60733586..c776d9dd 100644
--- a/compute.yaml
+++ b/compute.yaml
@@ -195,6 +195,10 @@ parameters:
NovaComputeLibvirtType:
type: string
default: ''
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
NovaPassword:
default: unset
description: The password for the nova service account, used by nova-api.
diff --git a/controller.yaml b/controller.yaml
index 2dcfb50e..33286d19 100644
--- a/controller.yaml
+++ b/controller.yaml
@@ -28,6 +28,10 @@ parameters:
default: true
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
CinderISCSIHelper:
default: tgtadm
description: The iSCSI helper to use with cinder.
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index a71f24c0..c64cb494 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -16,6 +16,5 @@ resource_registry:
OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
OS::TripleO::BootstrapNode::SoftwareConfig: puppet/bootstrap-config.yaml
-# NOTE(dprince): requires a new release of python-heatclient
-#default_parameters:
- #EnablePackageInstall: false
+parameter_defaults:
+ EnablePackageInstall: false
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index c54248d5..e3e3e936 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -218,6 +218,10 @@ parameters:
description: The keystone auth secret.
type: string
hidden: true
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
CinderLVMLoopDeviceSize:
default: 5000
description: The size of the loopback file used by the cinder LVM driver.
@@ -447,6 +451,10 @@ parameters:
NovaComputeLibvirtType:
default: ''
type: string
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
NovaImage:
type: string
default: overcloud-compute
@@ -518,6 +526,7 @@ resources:
CinderPassword: {get_param: CinderPassword}
CinderISCSIHelper: {get_param: CinderISCSIHelper}
CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend}
+ CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend}
CloudName: {get_param: CloudName}
ControlVirtualInterface: {get_param: ControlVirtualInterface}
ControllerExtraConfig: {get_param: controllerExtraConfig}
@@ -622,6 +631,7 @@ resources:
NovaComputeDriver: {get_param: NovaComputeDriver}
NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig}
NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType}
+ NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend}
NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
NovaPassword: {get_param: NovaPassword}
NtpServer: {get_param: NtpServer}
@@ -754,6 +764,12 @@ resources:
object_store_swift_devices: {get_attr: [ObjectStorage, swift_device]}
controller_swift_proxy_memcaches: {get_attr: [Controller, swift_proxy_memcache]}
+ ComputeCephDeployment:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ config: {get_attr: [CephClusterConfig, config_id]}
+ servers: {get_attr: [Compute, attributes, nova_server_resource]}
+
ControllerCephDeployment:
type: OS::Heat::StructuredDeployments
properties:
diff --git a/puppet/ceph-storage-post-puppet.yaml b/puppet/ceph-storage-post-puppet.yaml
index dd01d4fd..5e1c42fa 100644
--- a/puppet/ceph-storage-post-puppet.yaml
+++ b/puppet/ceph-storage-post-puppet.yaml
@@ -17,7 +17,7 @@ resources:
config:
get_file: manifests/overcloud_cephstorage.pp
- CephStoragePuppetDeployment:
+ CephStorageDeployment_Step1:
type: OS::Heat::StructuredDeployments
properties:
servers: {get_param: servers}
diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml
index 960cc5b3..28e87800 100644
--- a/puppet/cinder-storage-post.yaml
+++ b/puppet/cinder-storage-post.yaml
@@ -18,9 +18,8 @@ resources:
config:
get_file: manifests/overcloud_volume.pp
- VolumePuppetDeployment:
+ VolumeDeployment_Step1:
type: OS::Heat::StructuredDeployments
properties:
- name: puppet_1
servers: {get_param: servers}
config: {get_resource: VolumePuppetConfig}
diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml
index e6b5a78b..c98d1b0e 100644
--- a/puppet/compute-puppet.yaml
+++ b/puppet/compute-puppet.yaml
@@ -195,6 +195,10 @@ parameters:
NovaComputeLibvirtType:
type: string
default: ''
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
NovaPassword:
default: unset
description: The password for the nova service account, used by nova-api.
@@ -269,10 +273,14 @@ resources:
hierarchy:
- heat_config_%{::deploy_config_name}
- compute
+ - ceph_cluster # provided by CephClusterConfig
+ - ceph
- common
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}
+ ceph:
+ raw_data: {get_file: hieradata/ceph.yaml}
compute:
raw_data: {get_file: hieradata/compute.yaml}
oac_data:
@@ -283,17 +291,16 @@ resources:
nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type}
nova_api_host: {get_input: nova_api_host}
nova::compute::vncproxy_host: {get_input: nova_public_ip}
+ nova_enable_rbd_backend: {get_input: nova_enable_rbd_backend}
nova_password: {get_input: nova_password}
#ceilometer::debug: {get_input: debug}
ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
+ ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
ceilometer_compute_agent: {get_input: ceilometer_compute_agent}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
- glance_host: {get_input: glance_host}
- glance_port: {get_input: glance_port}
- glance_protocol: {get_input: glance_protocol}
- keystone_host: {get_input: keystone_host}
+ nova::glance_api_servers: {get_input: glance_api_servers}
#neutron::debug: {get_input: debug}
neutron_flat_networks: {get_input: neutron_flat_networks}
neutron_host: {get_input: neutron_host}
@@ -306,6 +313,8 @@ resources:
neutron_physical_bridge: {get_input: neutron_physical_bridge}
neutron_public_interface: {get_input: neutron_public_interface}
nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
+ nova::network::neutron::neutron_url: {get_input: neutron_url}
+ nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
neutron_router_distributed: {get_input: neutron_router_distributed}
neutron_agent_mode: {get_input: neutron_agent_mode}
neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
@@ -339,15 +348,26 @@ resources:
nova_public_ip: {get_param: NovaPublicIP}
nova_api_host: {get_param: NovaApiHost}
nova_password: {get_param: NovaPassword}
+ nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_compute_agent: {get_param: CeilometerComputeAgent}
+ ceilometer_agent_auth_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: KeystoneHost}
+ - ':5000/v2.0'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- glance_host: {get_param: GlanceHost}
- glance_port: {get_param: GlancePort}
- glance_protocol: {get_param: GlanceProtocol}
- keystone_host: {get_param: KeystoneHost}
+ glance_api_servers:
+ list_join:
+ - ''
+ - - {get_param: GlanceProtocol}
+ - '://'
+ - {get_param: GlanceHost}
+ - ':'
+ - {get_param: GlancePort}
neutron_flat_networks: {get_param: NeutronFlatNetworks}
neutron_host: {get_param: NeutronHost}
neutron_local_ip: {get_attr: [NovaCompute, networks, ctlplane, 0]}
@@ -365,6 +385,18 @@ resources:
neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
+ neutron_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: NeutronHost}
+ - ':9696'
+ neutron_admin_auth_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: NeutronHost}
+ - ':35357/v2.0'
admin_password: {get_param: AdminPassword}
rabbit_host: {get_param: RabbitHost}
rabbit_username: {get_param: RabbitUserName}
diff --git a/puppet/controller-post-puppet.yaml b/puppet/controller-post-puppet.yaml
index 72b35793..009a10ae 100644
--- a/puppet/controller-post-puppet.yaml
+++ b/puppet/controller-post-puppet.yaml
@@ -9,64 +9,6 @@ parameters:
resources:
- # NOTE(dprince): this example uses a composition class
- # on the puppet side (loadbalancer.pp). This seemed like the
- # cleanest way to encapulate the puppet resources definitions
- # for HAProxy and Keepalived.
- ControllerLoadbalancerPuppetConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_hiera: True
- enable_facter: False
- inputs:
- - name: tripleo::loadbalancer::keystone_admin
- default: true
- - name: tripleo::loadbalancer::keystone_public
- default: true
- - name: tripleo::loadbalancer::neutron
- default: true
- - name: tripleo::loadbalancer::cinder
- default: true
- - name: tripleo::loadbalancer::glance_api
- default: true
- - name: tripleo::loadbalancer::glance_registry
- default: true
- - name: tripleo::loadbalancer::nova_ec2
- default: true
- - name: tripleo::loadbalancer::nova_osapi
- default: true
- - name: tripleo::loadbalancer::nova_metadata
- default: true
- - name: tripleo::loadbalancer::nova_novncproxy
- default: true
- - name: tripleo::loadbalancer::mysql
- default: true
- - name: tripleo::loadbalancer::rabbitmq
- default: true
- - name: tripleo::loadbalancer::swift_proxy_server
- default: true
- - name: tripleo::loadbalancer::ceilometer
- default: true
- - name: tripleo::loadbalancer::heat_api
- default: true
- - name: tripleo::loadbalancer::heat_cloudwatch
- default: true
- - name: tripleo::loadbalancer::heat_cfn
- default: true
- outputs:
- - name: result
- config:
- get_file: manifests/loadbalancer.pp
-
- ControllerLoadbalancerPuppetDeployment:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: puppet_1
- servers: {get_param: servers}
- config: {get_resource: ControllerLoadbalancerPuppetConfig}
-
ControllerPuppetConfig:
type: OS::Heat::SoftwareConfig
properties:
@@ -74,8 +16,6 @@ resources:
options:
enable_hiera: True
enable_facter: False
- inputs:
- - name: step
outputs:
- name: result
config:
@@ -84,16 +24,25 @@ resources:
# Step through a series of Puppet runs using the same manifest.
# NOTE(dprince): Heat breakpoints would make for a really cool way to step
# through breakpoints in a controlled manner across the entire cluster
- ControllerPuppetDeploymentServicesBase:
+ ControllerDeploymentLoadBalancer_Step1:
type: OS::Heat::StructuredDeployments
properties:
- name: puppet_2
servers: {get_param: servers}
config: {get_resource: ControllerPuppetConfig}
input_values:
step: 1
actions: ['CREATE'] # no need for two passes on an UPDATE
+ ControllerDeploymentServicesBase_Step2:
+ type: OS::Heat::StructuredDeployments
+ depends_on: ControllerDeploymentLoadBalancer_Step1
+ properties:
+ servers: {get_param: servers}
+ config: {get_resource: ControllerPuppetConfig}
+ input_values:
+ step: 2
+ actions: ['CREATE'] # no need for two passes on an UPDATE
+
ControllerRingbuilderPuppetConfig:
type: OS::Heat::SoftwareConfig
properties:
@@ -107,18 +56,18 @@ resources:
config:
get_file: manifests/ringbuilder.pp
- ControllerRingbuilderPuppetDeployment:
+ ControllerRingbuilderDeployment_Step3:
type: OS::Heat::StructuredDeployments
+ depends_on: ControllerDeploymentServicesBase_Step2
properties:
- name: puppet_3
servers: {get_param: servers}
config: {get_resource: ControllerRingbuilderPuppetConfig}
- ControllerPuppetDeploymentOvercloudServices:
+ ControllerDeploymentOvercloudServices_Step4:
type: OS::Heat::StructuredDeployments
+ depends_on: ControllerRingbuilderDeployment_Step3
properties:
- name: puppet_4
servers: {get_param: servers}
config: {get_resource: ControllerPuppetConfig}
input_values:
- step: 2
+ step: 3
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index a13942e9..4385bbc1 100644
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -28,6 +28,10 @@ parameters:
default: true
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
CinderISCSIHelper:
default: tgtadm
description: The iSCSI helper to use with cinder.
@@ -445,6 +449,7 @@ resources:
admin_token: {get_param: AdminToken}
neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
debug: {get_param: Debug}
+ cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
cinder_password: {get_param: CinderPassword}
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
@@ -486,6 +491,18 @@ resources:
- - 'mysql://keystone:unset@'
- {get_param: VirtualIP}
- '/keystone'
+ keystone_identity_uri:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: VirtualIP}
+ - ':35357/'
+ keystone_auth_uri:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: VirtualIP}
+ - ':5000/v2.0/'
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
mysql_root_password: {get_param: MysqlRootPassword}
mysql_cluster_name:
@@ -597,7 +614,8 @@ resources:
controller_host: {get_input: controller_host} #local-ipv4
# Swift
swift::proxy::proxy_local_net_ip: {get_input: controller_host}
- swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip}
+ swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
+ swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
swift::storage::all::storage_local_net_ip: {get_input: controller_host}
swift::swift_hash_suffix: {get_input: swift_hash_suffix}
swift::proxy::authtoken::admin_password: {get_input: swift_password}
@@ -610,12 +628,14 @@ resources:
# See: https://review.openstack.org/#/c/109225/
tripleo::ringbuilder::build_ring: True
# Cinder
+ cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
cinder_iscsi_ip_address: {get_input: controller_host}
cinder::database_connection: {get_input: cinder_dsn}
cinder::api::keystone_password: {get_input: cinder_password}
- cinder::api::keystone_auth_host: {get_input: controller_virtual_ip}
+ cinder::api::auth_uri: {get_input: keystone_auth_uri}
+ cinder::api::identity_uri: {get_input: keystone_identity_uri}
cinder::api::bind_host: {get_input: controller_host}
cinder::rabbit_userid: {get_input: rabbit_username}
cinder::rabbit_password: {get_input: rabbit_password}
@@ -624,7 +644,8 @@ resources:
# Glance
glance::api::bind_port: {get_input: glance_port}
glance::api::bind_host: {get_input: controller_host}
- glance::api::auth_host: {get_input: controller_virtual_ip}
+ glance::api::auth_uri: {get_input: keystone_auth_uri}
+ glance::api::identity_uri: {get_input: keystone_identity_uri}
glance::api::registry_host: {get_input: controller_host}
glance::api::keystone_password: {get_input: glance_password}
# used to construct glance_api_servers
@@ -637,7 +658,8 @@ resources:
glance::registry::keystone_password: {get_input: glance_password}
glance::registry::database_connection: {get_input: glance_dsn}
glance::registry::bind_host: {get_input: controller_host}
- glance::registry::auth_host: {get_input: controller_virtual_ip}
+ glance::registry::auth_uri: {get_input: keystone_auth_uri}
+ glance::registry::identity_uri: {get_input: keystone_identity_uri}
glance::backend::swift::swift_store_auth_address: {get_input: glance_swift_store_auth_address}
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_input: glance_password}
@@ -650,7 +672,8 @@ resources:
heat::rabbit_userid: {get_input: rabbit_username}
heat::rabbit_password: {get_input: rabbit_password}
heat::rabbit_host: {get_input: controller_virtual_ip}
- heat::keystone_host: {get_input: controller_virtual_ip}
+ heat::auth_uri: {get_input: keystone_auth_uri}
+ heat::identity_uri: {get_input: keystone_identity_uri}
heat::keystone_password: {get_input: heat_password}
heat::api::bind_host: {get_input: controller_host}
heat::api_cloudwatch::bind_host: {get_input: controller_host}
@@ -679,7 +702,8 @@ resources:
neutron::rabbit_password: {get_input: rabbit_password}
neutron::rabbit_user: {get_input: rabbit_user}
#neutron::debug: {get_input: debug}
- neutron::server::auth_host: {get_input: controller_virtual_ip}
+ neutron::server::auth_uri: {get_input: keystone_auth_uri}
+ neutron::server::identity_uri: {get_input: keystone_identity_uri}
neutron::server::database_connection: {get_input: neutron_dsn}
neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
neutron::agents::ml2::ovs::local_ip: {get_input: controller_host}
@@ -709,7 +733,8 @@ resources:
ceilometer::rabbit_host: {get_input: controller_virtual_ip}
ceilometer::api::host: {get_input: controller_host}
ceilometer::api::keystone_password: {get_input: ceilometer_password}
- ceilometer::api::keystone_host: {get_input: controller_virtual_ip}
+ ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
+ ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
ceilometer::db::database_connection: {get_input: ceilometer_dsn}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
@@ -717,7 +742,8 @@ resources:
# Nova
nova::rabbit_userid: {get_input: rabbit_username}
nova::rabbit_password: {get_input: rabbit_password}
- nova::api::auth_host: {get_input: controller_virtual_ip}
+ nova::api::auth_uri: {get_input: keystone_auth_uri}
+ nova::api::identity_uri: {get_input: keystone_identity_uri}
nova::api::api_bind_address: {get_input: controller_host}
nova::api::metadata_listen: {get_input: controller_host}
nova::api::admin_password: {get_input: nova_password}
@@ -740,6 +766,11 @@ resources:
controller_virtual_ip: {get_input: controller_virtual_ip}
public_virtual_interface: {get_input: public_virtual_interface}
public_virtual_ip: {get_input: public_virtual_ip}
+ tripleo::loadbalancer::controller_host: {get_input: controller_host}
+ tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
+ tripleo::loadbalancer::controller_virtual_ip: {get_input: controller_virtual_ip}
+ tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
+ tripleo::loadbalancer::public_virtual_ip: {get_input: public_virtual_ip}
enable_package_install: {get_input: enable_package_install}
outputs:
diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml
index 995de2cf..a908b43b 100644
--- a/puppet/hieradata/ceph.yaml
+++ b/puppet/hieradata/ceph.yaml
@@ -5,3 +5,9 @@ ceph::profile::params::osd_pool_default_size: 3
ceph::profile::params::osd_pool_default_min_size: 1
ceph::profile::params::manage_repo: false
ceph::profile::params::authentication_type: cephx
+
+ceph_openstack_default_cap_mon: 'allow r'
+ceph_openstack_default_cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms'
+ceph_pools:
+ - volumes
+ - vms
diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
index 8d5c88fd..a72c4850 100644
--- a/puppet/hieradata/compute.yaml
+++ b/puppet/hieradata/compute.yaml
@@ -10,6 +10,11 @@ nova::compute::vnc_enabled: true
nova::compute::libvirt::vncserver_listen: '0.0.0.0'
nova::compute::libvirt::migration_support: true
+nova::compute::rbd::libvirt_rbd_user: 'openstack'
+nova::compute::rbd::rbd_keyring: 'client.openstack'
+nova::compute::rbd::libvirt_images_rbd_pool: 'vms'
+nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
+
neutron::plugins::ml2::tunnel_id_ranges: ['1:1000']
ceilometer::agent::auth::auth_tenant_name: 'service'
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 39d2a487..47f358a9 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -71,3 +71,21 @@ heat::engine::configure_delegated_roles: false
heat::engine::trusts_delegated_roles: []
mysql::server::manage_config_file: true
+
+tripleo::loadbalancer::keystone_admin: true
+tripleo::loadbalancer::keystone_public: true
+tripleo::loadbalancer::neutron: true
+tripleo::loadbalancer::cinder: true
+tripleo::loadbalancer::glance_api: true
+tripleo::loadbalancer::glance_registry: true
+tripleo::loadbalancer::nova_ec2: true
+tripleo::loadbalancer::nova_osapi: true
+tripleo::loadbalancer::nova_metadata: true
+tripleo::loadbalancer::nova_novncproxy: true
+tripleo::loadbalancer::mysql: true
+tripleo::loadbalancer::rabbitmq: true
+tripleo::loadbalancer::swift_proxy_server: true
+tripleo::loadbalancer::ceilometer: true
+tripleo::loadbalancer::heat_api: true
+tripleo::loadbalancer::heat_cloudwatch: true
+tripleo::loadbalancer::heat_cfn: true
diff --git a/puppet/manifests/loadbalancer.pp b/puppet/manifests/loadbalancer.pp
deleted file mode 100644
index 88e6bdd4..00000000
--- a/puppet/manifests/loadbalancer.pp
+++ /dev/null
@@ -1,386 +0,0 @@
-# Copyright 2014 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-if !str2bool(hiera('enable_package_install', 'false')) {
- case $::osfamily {
- 'RedHat': {
- Package { provider => 'norpm' } # provided by tripleo-puppet
- }
- default: {
- warning('enable_package_install option not supported.')
- }
- }
-}
-
-class tripleo::loadbalancer (
- $keystone_admin = false,
- $keystone_public = false,
- $neutron = false,
- $cinder = false,
- $glance_api = false,
- $glance_registry = false,
- $nova_ec2 = false,
- $nova_osapi = false,
- $nova_metadata = false,
- $nova_novncproxy = false,
- $ceilometer = false,
- $swift_proxy_server = false,
- $heat_api = false,
- $heat_cloudwatch = false,
- $heat_cfn = false,
- $horizon = false,
- $mysql = false,
- $rabbitmq = false,
-) {
-
- case $::osfamily {
- 'RedHat': {
- $keepalived_name_is_process = false
- $keepalived_vrrp_script = 'systemctl status haproxy.service'
- } # RedHat
- 'Debian': {
- $keepalived_name_is_process = true
- $keepalived_vrrp_script = undef
- }
- }
-
- class { 'keepalived': }
- keepalived::vrrp_script { 'haproxy':
- name_is_process => $keepalived_name_is_process,
- script => $keepalived_vrrp_script,
- }
-
- # KEEPALIVE INSTANCE CONTROL
- keepalived::instance { '51':
- interface => hiera('control_virtual_interface'),
- virtual_ips => [join([hiera('controller_virtual_ip'), ' dev ', hiera('control_virtual_interface')])],
- state => 'MASTER',
- track_script => ['haproxy'],
- priority => 101,
- }
-
- # KEEPALIVE INSTANCE PUBLIC
- keepalived::instance { '52':
- interface => hiera('public_virtual_interface'),
- virtual_ips => [join([hiera('public_virtual_ip'), ' dev ', hiera('public_virtual_interface')])],
- state => 'MASTER',
- track_script => ['haproxy'],
- priority => 101,
- }
-
- sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' }
-
- class { 'haproxy':
- global_options => {
- 'log' => '/dev/log local0',
- 'pidfile' => '/var/run/haproxy.pid',
- 'user' => 'haproxy',
- 'group' => 'haproxy',
- 'daemon' => '',
- 'maxconn' => '4000',
- },
- defaults_options => {
- 'mode' => 'tcp',
- 'log' => 'global',
- 'retries' => '3',
- 'maxconn' => '150',
- 'option' => [ 'tcpka', 'tcplog' ],
- 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ],
- },
- }
-
- haproxy::listen { 'haproxy.stats':
- ipaddress => '*',
- ports => '1993',
- mode => 'http',
- options => {
- 'stats' => 'enable',
- },
- collect_exported => false,
- }
-
- if $keystone_admin {
- haproxy::listen { 'keystone_admin':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 35357,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'keystone_admin':
- listening_service => 'keystone_admin',
- ports => '35357',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $keystone_public {
- haproxy::listen { 'keystone_public':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 5000,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'keystone_public':
- listening_service => 'keystone_public',
- ports => '5000',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $neutron {
- haproxy::listen { 'neutron':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 9696,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'neutron':
- listening_service => 'neutron',
- ports => '9696',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $cinder {
- haproxy::listen { 'cinder':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 8776,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'cinder':
- listening_service => 'cinder',
- ports => '8776',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $glance_api {
- haproxy::listen { 'glance_api':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 9292,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'glance_api':
- listening_service => 'glance_api',
- ports => '9292',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
-
- if $glance_registry {
- haproxy::listen { 'glance_registry':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 9191,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'glance_registry':
- listening_service => 'glance_registry',
- ports => '9191',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $nova_ec2 {
- haproxy::listen { 'nova_ec2':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 8773,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'nova_ec2':
- listening_service => 'nova_ec2',
- ports => '8773',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $nova_osapi {
- haproxy::listen { 'nova_osapi':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 8774,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'nova_osapi':
- listening_service => 'nova_osapi',
- ports => '8774',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $nova_metadata {
- haproxy::listen { 'nova_metadata':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 8775,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'nova_metadata':
- listening_service => 'nova_metadata',
- ports => '8775',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $nova_novncproxy {
- haproxy::listen { 'nova_novncproxy':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 6080,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'nova_novncproxy':
- listening_service => 'nova_novncproxy',
- ports => '6080',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $ceilometer {
- haproxy::listen { 'ceilometer':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 8777,
- collect_exported => false,
- }
- haproxy::balancermember { 'ceilometer':
- listening_service => 'ceilometer',
- ports => '8777',
- ipaddresses => hiera('controller_host'),
- options => [],
- }
- }
-
- if $swift_proxy_server {
- haproxy::listen { 'swift_proxy_server':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 8080,
- options => { 'option' => [ 'httpchk GET /info' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'swift_proxy_server':
- listening_service => 'swift_proxy_server',
- ports => '8080',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $heat_api {
- haproxy::listen { 'heat_api':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 8004,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'heat_api':
- listening_service => 'heat_api',
- ports => '8004',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $heat_cloudwatch {
- haproxy::listen { 'heat_cloudwatch':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 8003,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'heat_cloudwatch':
- listening_service => 'heat_cloudwatch',
- ports => '8003',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $heat_cfn {
- haproxy::listen { 'heat_cfn':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 8000,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'heat_cfn':
- listening_service => 'heat_cfn',
- ports => '8000',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $horizon {
- haproxy::listen { 'horizon':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 80,
- options => { 'option' => [ 'httpchk GET /' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'horizon':
- listening_service => 'horizon',
- ports => '80',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $mysql {
- haproxy::listen { 'mysql':
- ipaddress => [hiera('controller_virtual_ip')],
- ports => 3306,
- options => { 'timeout' => [ 'client 0', 'server 0' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'mysql':
- listening_service => 'mysql',
- ports => '3306',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
- if $rabbitmq {
- haproxy::listen { 'rabbitmq':
- ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')],
- ports => 5672,
- options => { 'timeout' => [ 'client 0', 'server 0' ] },
- collect_exported => false,
- }
- haproxy::balancermember { 'rabbitmq':
- listening_service => 'rabbitmq',
- ports => '5672',
- ipaddresses => hiera('controller_host'),
- options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
- }
- }
-
-}
-
-include ::tripleo::loadbalancer
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 0d2790b2..eef468da 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -28,16 +28,13 @@ if count(hiera('ntp::servers')) > 0 {
include ::ntp
}
-class { 'nova':
- glance_api_servers => join([hiera('glance_protocol'), '://', hiera('glance_host'), ':', hiera('glance_port')]),
-}
-
file { ['/etc/libvirt/qemu/networks/autostart/default.xml',
'/etc/libvirt/qemu/networks/default.xml']:
ensure => absent,
before => Service['libvirt']
}
+include ::nova
include ::nova::compute
nova_config {
@@ -45,13 +42,20 @@ nova_config {
'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
}
-include ::nova::compute::libvirt
-
-class { 'nova::network::neutron':
- neutron_admin_auth_url => join(['http://', hiera('neutron_host'), ':35357/v2.0']),
- neutron_url => join(['http://', hiera('neutron_host'), ':9696']),
+$nova_enable_rbd_backend = hiera('nova_enable_rbd_backend', false)
+if $nova_enable_rbd_backend {
+ include ::ceph::profile::client
+ include ::nova::compute::rbd
+ ceph::key { 'client.openstack' :
+ secret => hiera('ceph::profile::params::mon_key'),
+ cap_mon => hiera('ceph_openstack_default_cap_mon'),
+ cap_osd => hiera('ceph_openstack_default_cap_osd'),
+ user => 'nova',
+ }
}
+include ::nova::compute::libvirt
+include ::nova::network::neutron
include ::neutron
class { 'neutron::plugins::ml2':
@@ -67,10 +71,7 @@ class { 'neutron::agents::ml2::ovs':
include ::ceilometer
include ::ceilometer::agent::compute
-
-class { 'ceilometer::agent::auth':
- auth_url => join(['http://', hiera('keystone_host'), ':5000/v2.0']),
-}
+include ::ceilometer::agent::auth
$snmpd_user = hiera('snmpd_readonly_user_name')
snmp::snmpv3_user { $snmpd_user:
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index c9af578c..41363039 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -26,6 +26,12 @@ if !str2bool(hiera('enable_package_install', 'false')) {
if hiera('step') >= 1 {
+ include ::tripleo::loadbalancer
+
+}
+
+if hiera('step') >= 2 {
+
if count(hiera('ntp::servers')) > 0 {
include ::ntp
}
@@ -150,17 +156,29 @@ if hiera('step') >= 1 {
# pre-install swift here so we can build rings
include ::swift
- # don't install Ceph if FSID is not provided
- if hiera('ceph::profile::params::fsid', false) {
+ $cinder_enable_rbd_backend = hiera('cinder_enable_rbd_backend', false)
+ $enable_ceph = $cinder_enable_rbd_backend
+
+ if $enable_ceph {
class { 'ceph::profile::params':
mon_initial_members => downcase(hiera('ceph_mon_initial_members'))
}
include ::ceph::profile::mon
}
-} #END STEP 1
+ if $cinder_enable_rbd_backend {
+ ceph::key { 'client.openstack' :
+ secret => hiera('ceph::profile::params::mon_key'),
+ cap_mon => hiera('ceph_openstack_default_cap_mon'),
+ cap_osd => hiera('ceph_openstack_default_cap_osd'),
+ user => 'cinder',
+ inject => 'true',
+ }
+ }
-if hiera('step') >= 2 {
+} #END STEP 2
+
+if hiera('step') >= 3 {
include ::keystone
@@ -272,7 +290,34 @@ if hiera('step') >= 2 {
}
}
- $cinder_enabled_backends = any2array($cinder_iscsi_backend)
+ if $enable_ceph {
+
+ Ceph_pool {
+ pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'),
+ pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'),
+ size => hiera('ceph::profile::params::osd_pool_default_size'),
+ }
+
+ $ceph_pools = hiera('ceph_pools')
+ ceph::pool { $ceph_pools : }
+ }
+
+ if $cinder_enable_rbd_backend {
+ $cinder_rbd_backend = 'tripleo_ceph'
+
+ cinder_config {
+ "${cinder_rbd_backend}/host": value => 'hostgroup';
+ }
+
+ cinder::backend::rbd { $cinder_rbd_backend :
+ rbd_pool => 'volumes',
+ rbd_user => 'openstack',
+ rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
+ require => Ceph::Pool['volumes'],
+ }
+ }
+
+ $cinder_enabled_backends = concat(any2array($cinder_iscsi_backend), $cinder_rbd_backend)
class { '::cinder::backends' :
enabled_backends => $cinder_enabled_backends,
}
@@ -341,4 +386,4 @@ if hiera('step') >= 2 {
snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
-} #END STEP 2
+} #END STEP 3
diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml
index 89cf9733..3f069319 100644
--- a/puppet/swift-storage-post.yaml
+++ b/puppet/swift-storage-post.yaml
@@ -18,10 +18,9 @@ resources:
config:
get_file: manifests/overcloud_object.pp
- StoragePuppetDeployment:
+ StorageDeployment_Step1:
type: OS::Heat::StructuredDeployments
properties:
- name: puppet_1
servers: {get_param: servers}
config: {get_resource: StoragePuppetConfig}
@@ -34,9 +33,9 @@ resources:
config:
get_file: manifests/ringbuilder.pp
- StorageRingbuilderPuppetDeployment:
+ StorageRingbuilderDeployment_Step2:
type: OS::Heat::StructuredDeployments
+ depends_on: StorageDeployment_Step1
properties:
- name: puppet_2
servers: {get_param: servers}
config: {get_resource: StorageRingbuilderPuppetConfig}