diff options
| -rw-r--r-- | compute.yaml | 4 | ||||
| -rw-r--r-- | controller.yaml | 4 | ||||
| -rw-r--r-- | overcloud-resource-registry-puppet.yaml | 5 | ||||
| -rw-r--r-- | overcloud-without-mergepy.yaml | 16 | ||||
| -rw-r--r-- | puppet/ceph-storage-post-puppet.yaml | 2 | ||||
| -rw-r--r-- | puppet/cinder-storage-post.yaml | 3 | ||||
| -rw-r--r-- | puppet/compute-puppet.yaml | 48 | ||||
| -rw-r--r-- | puppet/controller-post-puppet.yaml | 83 | ||||
| -rw-r--r-- | puppet/controller-puppet.yaml | 47 | ||||
| -rw-r--r-- | puppet/hieradata/ceph.yaml | 6 | ||||
| -rw-r--r-- | puppet/hieradata/compute.yaml | 5 | ||||
| -rw-r--r-- | puppet/hieradata/controller.yaml | 18 | ||||
| -rw-r--r-- | puppet/manifests/loadbalancer.pp | 386 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_compute.pp | 27 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 57 | ||||
| -rw-r--r-- | puppet/swift-storage-post.yaml | 7 |
16 files changed, 220 insertions, 498 deletions
diff --git a/compute.yaml b/compute.yaml index 60733586..c776d9dd 100644 --- a/compute.yaml +++ b/compute.yaml @@ -195,6 +195,10 @@ parameters: NovaComputeLibvirtType: type: string default: '' + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean NovaPassword: default: unset description: The password for the nova service account, used by nova-api. diff --git a/controller.yaml b/controller.yaml index 2dcfb50e..33286d19 100644 --- a/controller.yaml +++ b/controller.yaml @@ -28,6 +28,10 @@ parameters: default: true description: Whether to enable or not the Iscsi backend for Cinder type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean CinderISCSIHelper: default: tgtadm description: The iSCSI helper to use with cinder. diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index a71f24c0..c64cb494 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -16,6 +16,5 @@ resource_registry: OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml OS::TripleO::BootstrapNode::SoftwareConfig: puppet/bootstrap-config.yaml -# NOTE(dprince): requires a new release of python-heatclient -#default_parameters: - #EnablePackageInstall: false +parameter_defaults: + EnablePackageInstall: false diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index c54248d5..e3e3e936 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -218,6 +218,10 @@ parameters: description: The keystone auth secret. type: string hidden: true + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean CinderLVMLoopDeviceSize: default: 5000 description: The size of the loopback file used by the cinder LVM driver. @@ -447,6 +451,10 @@ parameters: NovaComputeLibvirtType: default: '' type: string + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean NovaImage: type: string default: overcloud-compute @@ -518,6 +526,7 @@ resources: CinderPassword: {get_param: CinderPassword} CinderISCSIHelper: {get_param: CinderISCSIHelper} CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} + CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} CloudName: {get_param: CloudName} ControlVirtualInterface: {get_param: ControlVirtualInterface} ControllerExtraConfig: {get_param: controllerExtraConfig} @@ -622,6 +631,7 @@ resources: NovaComputeDriver: {get_param: NovaComputeDriver} NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig} NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType} + NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend} NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} NovaPassword: {get_param: NovaPassword} NtpServer: {get_param: NtpServer} @@ -754,6 +764,12 @@ resources: object_store_swift_devices: {get_attr: [ObjectStorage, swift_device]} controller_swift_proxy_memcaches: {get_attr: [Controller, swift_proxy_memcache]} + ComputeCephDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [CephClusterConfig, config_id]} + servers: {get_attr: [Compute, attributes, nova_server_resource]} + ControllerCephDeployment: type: OS::Heat::StructuredDeployments properties: diff --git a/puppet/ceph-storage-post-puppet.yaml b/puppet/ceph-storage-post-puppet.yaml index dd01d4fd..5e1c42fa 100644 --- a/puppet/ceph-storage-post-puppet.yaml +++ b/puppet/ceph-storage-post-puppet.yaml @@ -17,7 +17,7 @@ resources: config: get_file: manifests/overcloud_cephstorage.pp - CephStoragePuppetDeployment: + CephStorageDeployment_Step1: type: OS::Heat::StructuredDeployments properties: servers: {get_param: servers} diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index 960cc5b3..28e87800 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -18,9 +18,8 @@ resources: config: get_file: manifests/overcloud_volume.pp - VolumePuppetDeployment: + VolumeDeployment_Step1: type: OS::Heat::StructuredDeployments properties: - name: puppet_1 servers: {get_param: servers} config: {get_resource: VolumePuppetConfig} diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml index e6b5a78b..c98d1b0e 100644 --- a/puppet/compute-puppet.yaml +++ b/puppet/compute-puppet.yaml @@ -195,6 +195,10 @@ parameters: NovaComputeLibvirtType: type: string default: '' + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean NovaPassword: default: unset description: The password for the nova service account, used by nova-api. @@ -269,10 +273,14 @@ resources: hierarchy: - heat_config_%{::deploy_config_name} - compute + - ceph_cluster # provided by CephClusterConfig + - ceph - common datafiles: common: raw_data: {get_file: hieradata/common.yaml} + ceph: + raw_data: {get_file: hieradata/ceph.yaml} compute: raw_data: {get_file: hieradata/compute.yaml} oac_data: @@ -283,17 +291,16 @@ resources: nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} nova_api_host: {get_input: nova_api_host} nova::compute::vncproxy_host: {get_input: nova_public_ip} + nova_enable_rbd_backend: {get_input: nova_enable_rbd_backend} nova_password: {get_input: nova_password} #ceilometer::debug: {get_input: debug} ceilometer::metering_secret: {get_input: ceilometer_metering_secret} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} + ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} ceilometer_compute_agent: {get_input: ceilometer_compute_agent} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - glance_host: {get_input: glance_host} - glance_port: {get_input: glance_port} - glance_protocol: {get_input: glance_protocol} - keystone_host: {get_input: keystone_host} + nova::glance_api_servers: {get_input: glance_api_servers} #neutron::debug: {get_input: debug} neutron_flat_networks: {get_input: neutron_flat_networks} neutron_host: {get_input: neutron_host} @@ -306,6 +313,8 @@ resources: neutron_physical_bridge: {get_input: neutron_physical_bridge} neutron_public_interface: {get_input: neutron_public_interface} nova::network::neutron::neutron_admin_password: {get_input: neutron_password} + nova::network::neutron::neutron_url: {get_input: neutron_url} + nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} neutron_router_distributed: {get_input: neutron_router_distributed} neutron_agent_mode: {get_input: neutron_agent_mode} neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} @@ -339,15 +348,26 @@ resources: nova_public_ip: {get_param: NovaPublicIP} nova_api_host: {get_param: NovaApiHost} nova_password: {get_param: NovaPassword} + nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} ceilometer_compute_agent: {get_param: CeilometerComputeAgent} + ceilometer_agent_auth_url: + list_join: + - '' + - - 'http://' + - {get_param: KeystoneHost} + - ':5000/v2.0' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - glance_host: {get_param: GlanceHost} - glance_port: {get_param: GlancePort} - glance_protocol: {get_param: GlanceProtocol} - keystone_host: {get_param: KeystoneHost} + glance_api_servers: + list_join: + - '' + - - {get_param: GlanceProtocol} + - '://' + - {get_param: GlanceHost} + - ':' + - {get_param: GlancePort} neutron_flat_networks: {get_param: NeutronFlatNetworks} neutron_host: {get_param: NeutronHost} neutron_local_ip: {get_attr: [NovaCompute, networks, ctlplane, 0]} @@ -365,6 +385,18 @@ resources: neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} + neutron_url: + list_join: + - '' + - - 'http://' + - {get_param: NeutronHost} + - ':9696' + neutron_admin_auth_url: + list_join: + - '' + - - 'http://' + - {get_param: NeutronHost} + - ':35357/v2.0' admin_password: {get_param: AdminPassword} rabbit_host: {get_param: RabbitHost} rabbit_username: {get_param: RabbitUserName} diff --git a/puppet/controller-post-puppet.yaml b/puppet/controller-post-puppet.yaml index 72b35793..009a10ae 100644 --- a/puppet/controller-post-puppet.yaml +++ b/puppet/controller-post-puppet.yaml @@ -9,64 +9,6 @@ parameters: resources: - # NOTE(dprince): this example uses a composition class - # on the puppet side (loadbalancer.pp). This seemed like the - # cleanest way to encapulate the puppet resources definitions - # for HAProxy and Keepalived. - ControllerLoadbalancerPuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_hiera: True - enable_facter: False - inputs: - - name: tripleo::loadbalancer::keystone_admin - default: true - - name: tripleo::loadbalancer::keystone_public - default: true - - name: tripleo::loadbalancer::neutron - default: true - - name: tripleo::loadbalancer::cinder - default: true - - name: tripleo::loadbalancer::glance_api - default: true - - name: tripleo::loadbalancer::glance_registry - default: true - - name: tripleo::loadbalancer::nova_ec2 - default: true - - name: tripleo::loadbalancer::nova_osapi - default: true - - name: tripleo::loadbalancer::nova_metadata - default: true - - name: tripleo::loadbalancer::nova_novncproxy - default: true - - name: tripleo::loadbalancer::mysql - default: true - - name: tripleo::loadbalancer::rabbitmq - default: true - - name: tripleo::loadbalancer::swift_proxy_server - default: true - - name: tripleo::loadbalancer::ceilometer - default: true - - name: tripleo::loadbalancer::heat_api - default: true - - name: tripleo::loadbalancer::heat_cloudwatch - default: true - - name: tripleo::loadbalancer::heat_cfn - default: true - outputs: - - name: result - config: - get_file: manifests/loadbalancer.pp - - ControllerLoadbalancerPuppetDeployment: - type: OS::Heat::SoftwareDeployments - properties: - name: puppet_1 - servers: {get_param: servers} - config: {get_resource: ControllerLoadbalancerPuppetConfig} - ControllerPuppetConfig: type: OS::Heat::SoftwareConfig properties: @@ -74,8 +16,6 @@ resources: options: enable_hiera: True enable_facter: False - inputs: - - name: step outputs: - name: result config: @@ -84,16 +24,25 @@ resources: # Step through a series of Puppet runs using the same manifest. # NOTE(dprince): Heat breakpoints would make for a really cool way to step # through breakpoints in a controlled manner across the entire cluster - ControllerPuppetDeploymentServicesBase: + ControllerDeploymentLoadBalancer_Step1: type: OS::Heat::StructuredDeployments properties: - name: puppet_2 servers: {get_param: servers} config: {get_resource: ControllerPuppetConfig} input_values: step: 1 actions: ['CREATE'] # no need for two passes on an UPDATE + ControllerDeploymentServicesBase_Step2: + type: OS::Heat::StructuredDeployments + depends_on: ControllerDeploymentLoadBalancer_Step1 + properties: + servers: {get_param: servers} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 2 + actions: ['CREATE'] # no need for two passes on an UPDATE + ControllerRingbuilderPuppetConfig: type: OS::Heat::SoftwareConfig properties: @@ -107,18 +56,18 @@ resources: config: get_file: manifests/ringbuilder.pp - ControllerRingbuilderPuppetDeployment: + ControllerRingbuilderDeployment_Step3: type: OS::Heat::StructuredDeployments + depends_on: ControllerDeploymentServicesBase_Step2 properties: - name: puppet_3 servers: {get_param: servers} config: {get_resource: ControllerRingbuilderPuppetConfig} - ControllerPuppetDeploymentOvercloudServices: + ControllerDeploymentOvercloudServices_Step4: type: OS::Heat::StructuredDeployments + depends_on: ControllerRingbuilderDeployment_Step3 properties: - name: puppet_4 servers: {get_param: servers} config: {get_resource: ControllerPuppetConfig} input_values: - step: 2 + step: 3 diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index a13942e9..4385bbc1 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -28,6 +28,10 @@ parameters: default: true description: Whether to enable or not the Iscsi backend for Cinder type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean CinderISCSIHelper: default: tgtadm description: The iSCSI helper to use with cinder. @@ -445,6 +449,7 @@ resources: admin_token: {get_param: AdminToken} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} debug: {get_param: Debug} + cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} cinder_password: {get_param: CinderPassword} cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} @@ -486,6 +491,18 @@ resources: - - 'mysql://keystone:unset@' - {get_param: VirtualIP} - '/keystone' + keystone_identity_uri: + list_join: + - '' + - - 'http://' + - {get_param: VirtualIP} + - ':35357/' + keystone_auth_uri: + list_join: + - '' + - - 'http://' + - {get_param: VirtualIP} + - ':5000/v2.0/' mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} mysql_root_password: {get_param: MysqlRootPassword} mysql_cluster_name: @@ -597,7 +614,8 @@ resources: controller_host: {get_input: controller_host} #local-ipv4 # Swift swift::proxy::proxy_local_net_ip: {get_input: controller_host} - swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip} + swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri} + swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri} swift::storage::all::storage_local_net_ip: {get_input: controller_host} swift::swift_hash_suffix: {get_input: swift_hash_suffix} swift::proxy::authtoken::admin_password: {get_input: swift_password} @@ -610,12 +628,14 @@ resources: # See: https://review.openstack.org/#/c/109225/ tripleo::ringbuilder::build_ring: True # Cinder + cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend} cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} cinder_iscsi_helper: {get_input: cinder_iscsi_helper} cinder_iscsi_ip_address: {get_input: controller_host} cinder::database_connection: {get_input: cinder_dsn} cinder::api::keystone_password: {get_input: cinder_password} - cinder::api::keystone_auth_host: {get_input: controller_virtual_ip} + cinder::api::auth_uri: {get_input: keystone_auth_uri} + cinder::api::identity_uri: {get_input: keystone_identity_uri} cinder::api::bind_host: {get_input: controller_host} cinder::rabbit_userid: {get_input: rabbit_username} cinder::rabbit_password: {get_input: rabbit_password} @@ -624,7 +644,8 @@ resources: # Glance glance::api::bind_port: {get_input: glance_port} glance::api::bind_host: {get_input: controller_host} - glance::api::auth_host: {get_input: controller_virtual_ip} + glance::api::auth_uri: {get_input: keystone_auth_uri} + glance::api::identity_uri: {get_input: keystone_identity_uri} glance::api::registry_host: {get_input: controller_host} glance::api::keystone_password: {get_input: glance_password} # used to construct glance_api_servers @@ -637,7 +658,8 @@ resources: glance::registry::keystone_password: {get_input: glance_password} glance::registry::database_connection: {get_input: glance_dsn} glance::registry::bind_host: {get_input: controller_host} - glance::registry::auth_host: {get_input: controller_virtual_ip} + glance::registry::auth_uri: {get_input: keystone_auth_uri} + glance::registry::identity_uri: {get_input: keystone_identity_uri} glance::backend::swift::swift_store_auth_address: {get_input: glance_swift_store_auth_address} glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_input: glance_password} @@ -650,7 +672,8 @@ resources: heat::rabbit_userid: {get_input: rabbit_username} heat::rabbit_password: {get_input: rabbit_password} heat::rabbit_host: {get_input: controller_virtual_ip} - heat::keystone_host: {get_input: controller_virtual_ip} + heat::auth_uri: {get_input: keystone_auth_uri} + heat::identity_uri: {get_input: keystone_identity_uri} heat::keystone_password: {get_input: heat_password} heat::api::bind_host: {get_input: controller_host} heat::api_cloudwatch::bind_host: {get_input: controller_host} @@ -679,7 +702,8 @@ resources: neutron::rabbit_password: {get_input: rabbit_password} neutron::rabbit_user: {get_input: rabbit_user} #neutron::debug: {get_input: debug} - neutron::server::auth_host: {get_input: controller_virtual_ip} + neutron::server::auth_uri: {get_input: keystone_auth_uri} + neutron::server::identity_uri: {get_input: keystone_identity_uri} neutron::server::database_connection: {get_input: neutron_dsn} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} neutron::agents::ml2::ovs::local_ip: {get_input: controller_host} @@ -709,7 +733,8 @@ resources: ceilometer::rabbit_host: {get_input: controller_virtual_ip} ceilometer::api::host: {get_input: controller_host} ceilometer::api::keystone_password: {get_input: ceilometer_password} - ceilometer::api::keystone_host: {get_input: controller_virtual_ip} + ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} + ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} ceilometer::db::database_connection: {get_input: ceilometer_dsn} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} @@ -717,7 +742,8 @@ resources: # Nova nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} - nova::api::auth_host: {get_input: controller_virtual_ip} + nova::api::auth_uri: {get_input: keystone_auth_uri} + nova::api::identity_uri: {get_input: keystone_identity_uri} nova::api::api_bind_address: {get_input: controller_host} nova::api::metadata_listen: {get_input: controller_host} nova::api::admin_password: {get_input: nova_password} @@ -740,6 +766,11 @@ resources: controller_virtual_ip: {get_input: controller_virtual_ip} public_virtual_interface: {get_input: public_virtual_interface} public_virtual_ip: {get_input: public_virtual_ip} + tripleo::loadbalancer::controller_host: {get_input: controller_host} + tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} + tripleo::loadbalancer::controller_virtual_ip: {get_input: controller_virtual_ip} + tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} + tripleo::loadbalancer::public_virtual_ip: {get_input: public_virtual_ip} enable_package_install: {get_input: enable_package_install} outputs: diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index 995de2cf..a908b43b 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -5,3 +5,9 @@ ceph::profile::params::osd_pool_default_size: 3 ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx + +ceph_openstack_default_cap_mon: 'allow r' +ceph_openstack_default_cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms' +ceph_pools: + - volumes + - vms diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 8d5c88fd..a72c4850 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -10,6 +10,11 @@ nova::compute::vnc_enabled: true nova::compute::libvirt::vncserver_listen: '0.0.0.0' nova::compute::libvirt::migration_support: true +nova::compute::rbd::libvirt_rbd_user: 'openstack' +nova::compute::rbd::rbd_keyring: 'client.openstack' +nova::compute::rbd::libvirt_images_rbd_pool: 'vms' +nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" + neutron::plugins::ml2::tunnel_id_ranges: ['1:1000'] ceilometer::agent::auth::auth_tenant_name: 'service' diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 39d2a487..47f358a9 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -71,3 +71,21 @@ heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] mysql::server::manage_config_file: true + +tripleo::loadbalancer::keystone_admin: true +tripleo::loadbalancer::keystone_public: true +tripleo::loadbalancer::neutron: true +tripleo::loadbalancer::cinder: true +tripleo::loadbalancer::glance_api: true +tripleo::loadbalancer::glance_registry: true +tripleo::loadbalancer::nova_ec2: true +tripleo::loadbalancer::nova_osapi: true +tripleo::loadbalancer::nova_metadata: true +tripleo::loadbalancer::nova_novncproxy: true +tripleo::loadbalancer::mysql: true +tripleo::loadbalancer::rabbitmq: true +tripleo::loadbalancer::swift_proxy_server: true +tripleo::loadbalancer::ceilometer: true +tripleo::loadbalancer::heat_api: true +tripleo::loadbalancer::heat_cloudwatch: true +tripleo::loadbalancer::heat_cfn: true diff --git a/puppet/manifests/loadbalancer.pp b/puppet/manifests/loadbalancer.pp deleted file mode 100644 index 88e6bdd4..00000000 --- a/puppet/manifests/loadbalancer.pp +++ /dev/null @@ -1,386 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} - -class tripleo::loadbalancer ( - $keystone_admin = false, - $keystone_public = false, - $neutron = false, - $cinder = false, - $glance_api = false, - $glance_registry = false, - $nova_ec2 = false, - $nova_osapi = false, - $nova_metadata = false, - $nova_novncproxy = false, - $ceilometer = false, - $swift_proxy_server = false, - $heat_api = false, - $heat_cloudwatch = false, - $heat_cfn = false, - $horizon = false, - $mysql = false, - $rabbitmq = false, -) { - - case $::osfamily { - 'RedHat': { - $keepalived_name_is_process = false - $keepalived_vrrp_script = 'systemctl status haproxy.service' - } # RedHat - 'Debian': { - $keepalived_name_is_process = true - $keepalived_vrrp_script = undef - } - } - - class { 'keepalived': } - keepalived::vrrp_script { 'haproxy': - name_is_process => $keepalived_name_is_process, - script => $keepalived_vrrp_script, - } - - # KEEPALIVE INSTANCE CONTROL - keepalived::instance { '51': - interface => hiera('control_virtual_interface'), - virtual_ips => [join([hiera('controller_virtual_ip'), ' dev ', hiera('control_virtual_interface')])], - state => 'MASTER', - track_script => ['haproxy'], - priority => 101, - } - - # KEEPALIVE INSTANCE PUBLIC - keepalived::instance { '52': - interface => hiera('public_virtual_interface'), - virtual_ips => [join([hiera('public_virtual_ip'), ' dev ', hiera('public_virtual_interface')])], - state => 'MASTER', - track_script => ['haproxy'], - priority => 101, - } - - sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' } - - class { 'haproxy': - global_options => { - 'log' => '/dev/log local0', - 'pidfile' => '/var/run/haproxy.pid', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'maxconn' => '4000', - }, - defaults_options => { - 'mode' => 'tcp', - 'log' => 'global', - 'retries' => '3', - 'maxconn' => '150', - 'option' => [ 'tcpka', 'tcplog' ], - 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], - }, - } - - haproxy::listen { 'haproxy.stats': - ipaddress => '*', - ports => '1993', - mode => 'http', - options => { - 'stats' => 'enable', - }, - collect_exported => false, - } - - if $keystone_admin { - haproxy::listen { 'keystone_admin': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 35357, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'keystone_admin': - listening_service => 'keystone_admin', - ports => '35357', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $keystone_public { - haproxy::listen { 'keystone_public': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 5000, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'keystone_public': - listening_service => 'keystone_public', - ports => '5000', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $neutron { - haproxy::listen { 'neutron': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 9696, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'neutron': - listening_service => 'neutron', - ports => '9696', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $cinder { - haproxy::listen { 'cinder': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8776, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'cinder': - listening_service => 'cinder', - ports => '8776', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $glance_api { - haproxy::listen { 'glance_api': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 9292, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'glance_api': - listening_service => 'glance_api', - ports => '9292', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - - if $glance_registry { - haproxy::listen { 'glance_registry': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 9191, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'glance_registry': - listening_service => 'glance_registry', - ports => '9191', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_ec2 { - haproxy::listen { 'nova_ec2': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8773, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_ec2': - listening_service => 'nova_ec2', - ports => '8773', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_osapi { - haproxy::listen { 'nova_osapi': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8774, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_osapi': - listening_service => 'nova_osapi', - ports => '8774', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_metadata { - haproxy::listen { 'nova_metadata': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8775, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_metadata': - listening_service => 'nova_metadata', - ports => '8775', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_novncproxy { - haproxy::listen { 'nova_novncproxy': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 6080, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_novncproxy': - listening_service => 'nova_novncproxy', - ports => '6080', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $ceilometer { - haproxy::listen { 'ceilometer': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8777, - collect_exported => false, - } - haproxy::balancermember { 'ceilometer': - listening_service => 'ceilometer', - ports => '8777', - ipaddresses => hiera('controller_host'), - options => [], - } - } - - if $swift_proxy_server { - haproxy::listen { 'swift_proxy_server': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8080, - options => { 'option' => [ 'httpchk GET /info' ] }, - collect_exported => false, - } - haproxy::balancermember { 'swift_proxy_server': - listening_service => 'swift_proxy_server', - ports => '8080', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $heat_api { - haproxy::listen { 'heat_api': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8004, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'heat_api': - listening_service => 'heat_api', - ports => '8004', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $heat_cloudwatch { - haproxy::listen { 'heat_cloudwatch': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8003, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'heat_cloudwatch': - listening_service => 'heat_cloudwatch', - ports => '8003', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $heat_cfn { - haproxy::listen { 'heat_cfn': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8000, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'heat_cfn': - listening_service => 'heat_cfn', - ports => '8000', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $horizon { - haproxy::listen { 'horizon': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 80, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'horizon': - listening_service => 'horizon', - ports => '80', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $mysql { - haproxy::listen { 'mysql': - ipaddress => [hiera('controller_virtual_ip')], - ports => 3306, - options => { 'timeout' => [ 'client 0', 'server 0' ] }, - collect_exported => false, - } - haproxy::balancermember { 'mysql': - listening_service => 'mysql', - ports => '3306', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $rabbitmq { - haproxy::listen { 'rabbitmq': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 5672, - options => { 'timeout' => [ 'client 0', 'server 0' ] }, - collect_exported => false, - } - haproxy::balancermember { 'rabbitmq': - listening_service => 'rabbitmq', - ports => '5672', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - -} - -include ::tripleo::loadbalancer diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 0d2790b2..eef468da 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -28,16 +28,13 @@ if count(hiera('ntp::servers')) > 0 { include ::ntp } -class { 'nova': - glance_api_servers => join([hiera('glance_protocol'), '://', hiera('glance_host'), ':', hiera('glance_port')]), -} - file { ['/etc/libvirt/qemu/networks/autostart/default.xml', '/etc/libvirt/qemu/networks/default.xml']: ensure => absent, before => Service['libvirt'] } +include ::nova include ::nova::compute nova_config { @@ -45,13 +42,20 @@ nova_config { 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; } -include ::nova::compute::libvirt - -class { 'nova::network::neutron': - neutron_admin_auth_url => join(['http://', hiera('neutron_host'), ':35357/v2.0']), - neutron_url => join(['http://', hiera('neutron_host'), ':9696']), +$nova_enable_rbd_backend = hiera('nova_enable_rbd_backend', false) +if $nova_enable_rbd_backend { + include ::ceph::profile::client + include ::nova::compute::rbd + ceph::key { 'client.openstack' : + secret => hiera('ceph::profile::params::mon_key'), + cap_mon => hiera('ceph_openstack_default_cap_mon'), + cap_osd => hiera('ceph_openstack_default_cap_osd'), + user => 'nova', + } } +include ::nova::compute::libvirt +include ::nova::network::neutron include ::neutron class { 'neutron::plugins::ml2': @@ -67,10 +71,7 @@ class { 'neutron::agents::ml2::ovs': include ::ceilometer include ::ceilometer::agent::compute - -class { 'ceilometer::agent::auth': - auth_url => join(['http://', hiera('keystone_host'), ':5000/v2.0']), -} +include ::ceilometer::agent::auth $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index c9af578c..41363039 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -26,6 +26,12 @@ if !str2bool(hiera('enable_package_install', 'false')) { if hiera('step') >= 1 { + include ::tripleo::loadbalancer + +} + +if hiera('step') >= 2 { + if count(hiera('ntp::servers')) > 0 { include ::ntp } @@ -150,17 +156,29 @@ if hiera('step') >= 1 { # pre-install swift here so we can build rings include ::swift - # don't install Ceph if FSID is not provided - if hiera('ceph::profile::params::fsid', false) { + $cinder_enable_rbd_backend = hiera('cinder_enable_rbd_backend', false) + $enable_ceph = $cinder_enable_rbd_backend + + if $enable_ceph { class { 'ceph::profile::params': mon_initial_members => downcase(hiera('ceph_mon_initial_members')) } include ::ceph::profile::mon } -} #END STEP 1 + if $cinder_enable_rbd_backend { + ceph::key { 'client.openstack' : + secret => hiera('ceph::profile::params::mon_key'), + cap_mon => hiera('ceph_openstack_default_cap_mon'), + cap_osd => hiera('ceph_openstack_default_cap_osd'), + user => 'cinder', + inject => 'true', + } + } -if hiera('step') >= 2 { +} #END STEP 2 + +if hiera('step') >= 3 { include ::keystone @@ -272,7 +290,34 @@ if hiera('step') >= 2 { } } - $cinder_enabled_backends = any2array($cinder_iscsi_backend) + if $enable_ceph { + + Ceph_pool { + pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), + pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), + size => hiera('ceph::profile::params::osd_pool_default_size'), + } + + $ceph_pools = hiera('ceph_pools') + ceph::pool { $ceph_pools : } + } + + if $cinder_enable_rbd_backend { + $cinder_rbd_backend = 'tripleo_ceph' + + cinder_config { + "${cinder_rbd_backend}/host": value => 'hostgroup'; + } + + cinder::backend::rbd { $cinder_rbd_backend : + rbd_pool => 'volumes', + rbd_user => 'openstack', + rbd_secret_uuid => hiera('ceph::profile::params::fsid'), + require => Ceph::Pool['volumes'], + } + } + + $cinder_enabled_backends = concat(any2array($cinder_iscsi_backend), $cinder_rbd_backend) class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } @@ -341,4 +386,4 @@ if hiera('step') >= 2 { snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } -} #END STEP 2 +} #END STEP 3 diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index 89cf9733..3f069319 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -18,10 +18,9 @@ resources: config: get_file: manifests/overcloud_object.pp - StoragePuppetDeployment: + StorageDeployment_Step1: type: OS::Heat::StructuredDeployments properties: - name: puppet_1 servers: {get_param: servers} config: {get_resource: StoragePuppetConfig} @@ -34,9 +33,9 @@ resources: config: get_file: manifests/ringbuilder.pp - StorageRingbuilderPuppetDeployment: + StorageRingbuilderDeployment_Step2: type: OS::Heat::StructuredDeployments + depends_on: StorageDeployment_Step1 properties: - name: puppet_2 servers: {get_param: servers} config: {get_resource: StorageRingbuilderPuppetConfig} |