diff options
105 files changed, 4199 insertions, 7919 deletions
@@ -1,12 +1,3 @@ -# Built via Makefile -overcloud.yaml -overcloud-with-block-storage.yaml -overcloud-with-block-storage-nfs.yaml -undercloud-bm.yaml -undercloud-vm.yaml -undercloud-vm-ironic.yaml -undercloud-vm-ironic-vlan.yaml - *.py[cod] # C extensions diff --git a/Makefile b/Makefile deleted file mode 100644 index 131e1b9e..00000000 --- a/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -generated_templates = \ - overcloud.yaml \ - overcloud-with-block-storage-nfs.yaml \ - undercloud-vm.yaml \ - undercloud-bm.yaml \ - undercloud-vm-ironic.yaml \ - undercloud-vm-ironic-vlan.yaml - -# Files included in deprecated/overcloud-source.yaml via FileInclude -overcloud_source_deps = deprecated/nova-compute-instance.yaml - -all: $(generated_templates) -VALIDATE := $(patsubst %,validate-%,$(generated_templates)) -validate-all: $(VALIDATE) -$(VALIDATE): - heat template-validate -f $(subst validate-,,$@) - -# You can define in CONTROLEXTRA one or more additional YAML files to further extend the template, some additions could be: -# - overcloud-vlan-port.yaml to activate the VLAN auto-assignment from Neutron -# - nfs-source.yaml to configure Cinder with NFS -overcloud.yaml: deprecated/overcloud-source.yaml deprecated/block-storage.yaml deprecated/swift-deploy.yaml deprecated/swift-source.yaml deprecated/swift-storage-source.yaml deprecated/ssl-source.yaml deprecated/nova-compute-config.yaml $(overcloud_source_deps) - python ./tripleo_heat_merge/merge.py --hot --scale NovaCompute=$${COMPUTESCALE:-'1'} --scale controller=$${CONTROLSCALE:-'1'} --scale SwiftStorage=$${SWIFTSTORAGESCALE:-'0'} --scale BlockStorage=$${BLOCKSTORAGESCALE:-'0'} --scale CephStorage=$${CEPHSTORAGESCALE:-'0'} deprecated/overcloud-source.yaml deprecated/block-storage.yaml deprecated/swift-source.yaml deprecated/swift-storage-source.yaml deprecated/ssl-source.yaml deprecated/swift-deploy.yaml deprecated/nova-compute-config.yaml ${CONTROLEXTRA} > $@.tmp - mv $@.tmp $@ - -undercloud-vm.yaml: deprecated/undercloud-source.yaml deprecated/undercloud-vm-nova-config.yaml deprecated/undercloud-vm-nova-deploy.yaml - python ./tripleo_heat_merge/merge.py --hot $^ > $@.tmp - mv $@.tmp $@ - -undercloud-bm.yaml: deprecated/undercloud-source.yaml deprecated/undercloud-bm-nova-config.yaml deprecated/undercloud-bm-nova-deploy.yaml - python ./tripleo_heat_merge/merge.py --hot $^ > $@.tmp - mv $@.tmp $@ - -undercloud-vm-ironic.yaml: deprecated/undercloud-source.yaml deprecated/undercloud-vm-ironic-config.yaml deprecated/undercloud-vm-ironic-deploy.yaml - python ./tripleo_heat_merge/merge.py --hot $^ > $@.tmp - mv $@.tmp $@ - -undercloud-vm-ironic-vlan.yaml: deprecated/undercloud-source.yaml deprecated/undercloud-vm-ironic-config.yaml deprecated/undercloud-vm-ironic-deploy.yaml deprecated/undercloud-vlan-port.yaml - python ./tripleo_heat_merge/merge.py --hot $^ > $@.tmp - mv $@.tmp $@ - -check: test - -test: - @bash test_merge.bash - -clean: - rm -f $(generated_templates) - -.PHONY: clean overcloud.yaml check @@ -15,8 +15,7 @@ Features The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include: - * Choice of deployment/configuration tooling: puppet, os-apply-config, and - (soon) docker + * Choice of deployment/configuration tooling: puppet, (soon) docker * Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage @@ -29,8 +28,6 @@ Directories A description of the directory layout in TripleO Heat Templates. - * deprecated: contains templates that have been deprecated - * environments: contains heat environment files that can be used with -e on the command like to enable features, etc. @@ -45,11 +42,5 @@ A description of the directory layout in TripleO Heat Templates. * puppet: templates mostly driven by configuration with puppet. To use these templates you can use the overcloud-resource-registry-puppet.yaml. - * os-apply-config: templates mostly driven by configuration w/ - os-collect-config and bash based - elements (which use the Heat os-apply-config group). - These will soon be deprecated and are no longer part - of the upstream CI testing efforts. - * validation-scripts: validation scripts useful to all deployment configurations diff --git a/deprecated/block-storage.yaml b/deprecated/block-storage.yaml deleted file mode 100644 index c288044a..00000000 --- a/deprecated/block-storage.yaml +++ /dev/null @@ -1,92 +0,0 @@ -heat_template_version: 2013-05-23 -description: 'Common Block Storage Configuration' -parameters: - BlockStorageImage: - type: string - default: overcloud-cinder-volume - OvercloudBlockStorageFlavor: - description: Flavor for block storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - BlockStorageExtraConfig: - default: {} - description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json -resources: - BlockStorage0: - type: OS::Nova::Server - properties: - image: - {get_param: BlockStorageImage} - flavor: {get_param: OvercloudBlockStorageFlavor} - key_name: {get_param: KeyName} - user_data_format: SOFTWARE_CONFIG - BlockStorage0AllNodesDeployment: - depends_on: [BlockStorage0Deployment,BlockStorage0PassthroughSpecific] - type: OS::Heat::StructuredDeployment - properties: - signal_transport: {get_param: DefaultSignalTransport} - config: {get_resource: allNodesConfig} - server: {get_resource: BlockStorage0} - BlockStorage0Deployment: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: BlockStorage0} - config: {get_resource: BlockStorageConfig} - input_values: - controller_virtual_ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - cinder_dsn: {"Fn::Join": ['', ['mysql://cinder:unset@', {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} , '/cinder']]} - signal_transport: NO_SIGNAL - BlockStorage0Passthrough: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: BlockStoragePassthrough} - server: {get_resource: BlockStorage0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config: {get_param: ExtraConfig} - BlockStorage0PassthroughSpecific: - depends_on: [BlockStorage0Passthrough] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: BlockStoragePassthroughSpecific} - server: {get_resource: BlockStorage0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config_specific: {get_param: BlockStorageExtraConfig} - BlockStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - admin-password: {get_param: AdminPassword} - keystone: - host: {get_input: controller_virtual_ip} - cinder: - db: {get_input: cinder_dsn} - volume_size_mb: - get_param: CinderLVMLoopDeviceSize - service-password: - get_param: CinderPassword - iscsi-helper: - get_param: CinderISCSIHelper - rabbit: - host: {get_input: controller_virtual_ip} - username: {get_param: RabbitUserName} - password: {get_param: RabbitPassword} - glance: - host: {get_input: controller_virtual_ip} - port: {get_param: GlancePort} - BlockStoragePassthrough: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config} - BlockStoragePassthroughSpecific: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config_specific} diff --git a/deprecated/nfs-source.yaml b/deprecated/nfs-source.yaml deleted file mode 100644 index 5d865ea7..00000000 --- a/deprecated/nfs-source.yaml +++ /dev/null @@ -1,36 +0,0 @@ -resources: - controllerNfsServerConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - nfs_server: - shares: - - name: cinder - clients: - - machine: 192.0.2.0/24 - options: rw,async,all_squash,anonuid=0,anongid=0 - controllerCinderNfsConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - cinder: - include_nfs_backend: true - nfs_shares: - Fn::Join: - - ':' - - - {get_attr: [controller0, networks, ctlplane, 0]} - - /mnt/state/var/lib/nfs/cinder - controllerNfsServerDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: controllerNfsServerConfig} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - controller0CinderNfsDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: controllerCinderNfsConfig} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL diff --git a/deprecated/nova-compute-config.yaml b/deprecated/nova-compute-config.yaml deleted file mode 100644 index 1fe787e3..00000000 --- a/deprecated/nova-compute-config.yaml +++ /dev/null @@ -1,69 +0,0 @@ -resources: - NovaComputeConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - nova: - compute_driver: { get_input: nova_compute_driver } - compute_libvirt_type: { get_input: nova_compute_libvirt_type } - debug: {get_param: Debug} - host: {get_input: nova_api_host} - public_ip: {get_input: nova_public_ip} - service-password: {get_input: nova_password} - ceilometer: - debug: {get_param: Debug} - metering_secret: {get_input: ceilometer_metering_secret} - service-password: {get_input: ceilometer_password} - compute_agent: {get_input: ceilometer_compute_agent} - snmpd: - export_MIB: UCD-SNMP-MIB - readonly_user_name: {get_input: snmpd_readonly_user_name} - readonly_user_password: {get_input: snmpd_readonly_user_password} - glance: - debug: {get_param: Debug} - host: {get_input: glance_host} - port: {get_input: glance_port} - protocol: {get_input: glance_protocol} - keystone: - debug: {get_param: Debug} - host: {get_input: keystone_host} - neutron: - debug: {get_param: Debug} - flat-networks: {get_input: neutron_flat_networks} - host: {get_input: neutron_host} - router_distributed: {get_input: neutron_router_distributed} - agent_mode: {get_input: neutron_agent_mode} - metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - mechanism_drivers: {get_input: neutron_mechanism_drivers} - allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} - l3_ha: {get_input: neutron_l3_ha} - ovs: - local_ip: {get_input: neutron_local_ip} - tenant_network_type: {get_input: neutron_tenant_network_type} - tunnel_types: {get_input: neutron_tunnel_types} - network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - bridge_mappings: {get_input: neutron_bridge_mappings} - enable_tunneling: {get_input: neutron_enable_tunneling} - physical_bridge: {get_input: neutron_physical_bridge} - public_interface: {get_input: neutron_public_interface} - public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - service-password: {get_input: neutron_password} - admin-password: {get_input: admin_password} - rabbit: - host: {get_input: rabbit_host} - username: {get_input: rabbit_username} - password: {get_input: rabbit_password} - ntp: - servers: - - {server: {get_input: ntp_server}} - NovaComputePassthrough: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config} - NovaComputePassthroughSpecific: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config_specific} diff --git a/deprecated/nova-compute-instance.yaml b/deprecated/nova-compute-instance.yaml deleted file mode 100644 index 811c0fc3..00000000 --- a/deprecated/nova-compute-instance.yaml +++ /dev/null @@ -1,273 +0,0 @@ -heat_template_version: 2013-05-23 -description: 'Nova Compute' -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AllNodesConfig: - type: string - description: OS::Heat::Config to use for all nodes deployment - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - DefaultSignalTransport: - default: CFN_SIGNAL - description: Transport to use for software-config signals. - type: string - constraints: - - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ] - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - GlanceHost: - type: string - GlancePort: - default: 9292 - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - default: default - KeystoneHost: - type: string - NeutronBridgeMappings: - type: string - NeutronEnableTunnelling: - type: string - NeutronFlatNetworks: - type: string - default: '' - description: If set, flat networks to configure in neutron plugins. - NeutronHost: - type: string - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron, either gre or vxlan. - type: string - NeutronNetworkVLANRanges: - type: string - NeutronPhysicalBridge: - default: '' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: '' - description: A port to add to the NeutronPhysicalBridge. - type: string - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - type: string - NeutronPublicInterfaceRawDevice: - default: '' - type: string - NeutronDVR: - default: 'False' - type: string - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NovaApiHost: - type: string - NovaComputeDriver: - type: string - default: libvirt.LibvirtDriver - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeLibvirtType: - type: string - default: '' - NovaImage: - type: string - default: overcloud-compute - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NovaPublicIP: - type: string - NtpServer: - type: string - default: '' - OvercloudComputeFlavor: - description: Use this flavor - type: string - constraints: - - custom_constraint: nova.flavor - RabbitHost: - type: string - RabbitUserName: - type: string - RabbitPassword: - type: string - hidden: true - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true -resources: - NovaCompute0: - type: OS::Nova::Server - properties: - image: - {get_param: NovaImage} - image_update_policy: - get_param: ImageUpdatePolicy - flavor: {get_param: OvercloudComputeFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - NovaCompute0Deployment: - type: OS::Heat::StructuredDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_resource: NovaComputeConfig} - server: {get_resource: NovaCompute0} - input_values: - nova_compute_driver: {get_param: NovaComputeDriver} - nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} - nova_public_ip: {get_param: NovaPublicIP} - nova_api_host: {get_param: NovaApiHost} - nova_password: {get_param: NovaPassword} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_compute_agent: {get_param: CeilometerComputeAgent} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - glance_host: {get_param: GlanceHost} - glance_port: {get_param: GlancePort} - glance_protocol: {get_param: GlanceProtocol} - keystone_host: {get_param: KeystoneHost} - neutron_flat_networks: {get_param: NeutronFlatNetworks} - neutron_host: {get_param: NeutronHost} - neutron_local_ip: {get_attr: [NovaCompute0, networks, ctlplane, 0]} - neutron_tenant_network_type: {get_param: NeutronNetworkType} - neutron_tunnel_types: {get_param: NeutronTunnelTypes} - neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: {get_param: NeutronBridgeMappings} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - neutron_physical_bridge: {get_param: NeutronPhysicalBridge} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_password: {get_param: NeutronPassword} - neutron_agent_mode: {get_param: NeutronComputeAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} - neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron_l3_ha: {get_param: NeutronL3HA} - admin_password: {get_param: AdminPassword} - rabbit_host: {get_param: RabbitHost} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - ntp_server: {get_param: NtpServer} - NovaCompute0AllNodesDeployment: - depends_on: - - controller0AllNodesDeployment - - NovaCompute0Deployment - - NovaCompute0PassthroughSpecific - type: OS::Heat::StructuredDeployment - properties: - signal_transport: {get_param: DefaultSignalTransport} - config: {get_param: AllNodesConfig} - server: {get_resource: NovaCompute0} - NovaCompute0Passthrough: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: NovaComputePassthrough} - server: {get_resource: NovaCompute0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config: {get_param: ExtraConfig} - NovaCompute0PassthroughSpecific: - depends_on: [NovaCompute0Passthrough] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: NovaComputePassthroughSpecific} - server: {get_resource: NovaCompute0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config_specific: {get_param: NovaComputeExtraConfig} diff --git a/deprecated/overcloud-source.yaml b/deprecated/overcloud-source.yaml deleted file mode 100644 index 0729b338..00000000 --- a/deprecated/overcloud-source.yaml +++ /dev/null @@ -1,952 +0,0 @@ -description: Deprecated. Please migrate to use overcloud-without-mergepy instead. -heat_template_version: 2013-05-23 -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AdminToken: - default: unset - description: The keystone auth secret. - type: string - hidden: true - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - CinderISCSIHelper: - default: tgtadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 5000 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderPassword: - default: unset - description: The password for the cinder service account, used by cinder-api. - type: string - hidden: true - CloudName: - default: '' - description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org - type: string - ControlFixedIPs: - default: [] - description: Should be used for arbitrary ips. - type: json - controllerExtraConfig: - default: {} - description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - controllerImage: - type: string - default: overcloud-control - constraints: - - custom_constraint: glance.image - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - DefaultSignalTransport: - default: CFN_SIGNAL - description: Transport to use for software-config signals. - type: string - constraints: - - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ] - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - HorizonPort: - type: number - default: 80 - description: Horizon web server port. - GlancePassword: - default: unset - description: The password for the glance service account, used by the glance services. - type: string - hidden: true - GlancePort: - default: 9292 - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - HeatPassword: - default: unset - description: The password for the Heat service account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. - type: string - default: '' - hidden: true - HypervisorNeutronPhysicalBridge: - default: 'br-ex' - description: > - An OVS bridge to create on each hypervisor. This defaults to br-ex the - same as the control plane nodes, as we have a uniform configuration of - the openvswitch agent. Typically should not need to be changed. - type: string - HypervisorNeutronPublicInterface: - default: nic1 - description: What interface to add to the HypervisorNeutronPhysicalBridge. - type: string - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: string - default: "datacentre:br-ex" - NeutronControlPlaneID: - default: '' - type: string - description: Neutron ID for ctlplane network. - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,1400' - description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead. - type: string - NeutronFlatNetworks: - type: string - default: 'datacentre' - description: > - If set, flat networks to configure in neutron plugins. Defaults to - 'datacentre' to permit external network creation. - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron, either gre or vxlan. - type: string - NeutronNetworkVLANRanges: - default: 'datacentre' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: string - NeutronPassword: - default: unset - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: A custom IP address to put onto the NeutronPublicInterface. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge for each control plane node, - and that port will be given the IP address returned by neutron from the - public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling - overcloud.yaml to include the deployment of VLAN ports to the control - plane. - type: string - NeutronComputeAgentMode: - default: 'dvr' - description: Agent mode for the neutron-l3-agent on the compute hosts - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NeutronDVR: - default: 'False' - description: Whether to configure Neutron Distributed Virtual Routers - type: string - NeutronMetadataProxySharedSecret: - default: 'unset' - description: Shared secret to prevent spoofing - type: string - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - type: string - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NovaComputeDriver: - default: libvirt.LibvirtDriver - type: string - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeLibvirtType: - default: '' - type: string - NovaImage: - type: string - default: overcloud-compute - constraints: - - custom_constraint: glance.image - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NtpServer: - type: string - default: '' - OvercloudComputeFlavor: - description: Flavor for compute nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - OvercloudControlFlavor: - description: Flavor for control nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - PublicVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the PublicVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - PublicVirtualNetwork: - default: 'ctlplane' - type: string - description: > - Neutron network to allocate public virtual IP port on. - RabbitCookieSalt: - type: string - default: unset - description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true -resources: - ControlVirtualIP: - type: OS::Neutron::Port - properties: - name: control_virtual_ip - network_id: {get_param: NeutronControlPlaneID} - fixed_ips: - get_param: ControlFixedIPs - replacement_policy: AUTO - MysqlClusterUniquePart: - type: OS::Heat::RandomString - properties: - length: 10 - MysqlRootPassword: - type: OS::Heat::RandomString - properties: - length: 10 - PublicVirtualIP: - type: OS::Neutron::Port - properties: - name: public_virtual_ip - network: {get_param: PublicVirtualNetwork} - fixed_ips: - get_param: PublicVirtualFixedIPs - replacement_policy: AUTO - RabbitCookie: - type: OS::Heat::RandomString - properties: - length: 20 - salt: - get_param: RabbitCookieSalt - NovaCompute0Deployment: - type: FileInclude - Path: deprecated/nova-compute-instance.yaml - SubKey: resources.NovaCompute0Deployment - parameters: - DefaultSignalTransport: - get_param: DefaultSignalTransport - NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - NeutronNetworkType: - get_param: NeutronNetworkType - NeutronTunnelTypes: - get_param: NeutronTunnelTypes - NeutronEnableTunnelling: "True" - NeutronFlatNetworks: - get_param: NeutronFlatNetworks - NeutronNetworkVLANRanges: - get_param: NeutronNetworkVLANRanges - NeutronPhysicalBridge: - get_param: HypervisorNeutronPhysicalBridge - NeutronPublicInterface: - get_param: HypervisorNeutronPublicInterface - NeutronBridgeMappings: - get_param: NeutronBridgeMappings - NeutronDVR: - get_param: NeutronDVR - NeutronAgentMode: - get_param: NeutronComputeAgentMode - NeutronPublicInterfaceRawDevice: - get_param: NeutronPublicInterfaceRawDevice - NeutronMechanismDrivers: - get_param: NeutronMechanismDrivers - NeutronAllowL3AgentFailover: - get_param: NeutronAllowL3AgentFailover - NeutronL3HA: - get_param: NeutronL3HA - NovaCompute0AllNodesDeployment: - type: FileInclude - Path: deprecated/nova-compute-instance.yaml - SubKey: resources.NovaCompute0AllNodesDeployment - parameters: - AllNodesConfig: {get_resource: allNodesConfig} - NovaCompute0: - type: FileInclude - Path: deprecated/nova-compute-instance.yaml - SubKey: resources.NovaCompute0 - NovaCompute0Passthrough: - type: FileInclude - Path: deprecated/nova-compute-instance.yaml - SubKey: resources.NovaCompute0Passthrough - parameters: - passthrough_config: {get_param: ExtraConfig} - NovaCompute0PassthroughSpecific: - type: FileInclude - Path: deprecated/nova-compute-instance.yaml - SubKey: resources.NovaCompute0PassthroughSpecific - parameters: - passthrough_config_specific: {get_param: NovaComputeExtraConfig} - HeatAuthEncryptionKey: - type: OS::Heat::RandomString - controllerConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - admin-password: - get_param: AdminPassword - admin-token: - get_param: AdminToken - bootstack: - public_interface_ip: - get_param: NeutronPublicInterfaceIP - bootstrap_host: - bootstrap_nodeid: - Fn::Select: - - 0 - - Fn::Select: - - 0 - - Merge::Map: - controller0: - - get_attr: - - controller0 - - name - nodeid: {get_input: bootstack_nodeid} - database: - host: &database_host - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - cinder: - db: - Fn::Join: - - '' - - - mysql://cinder:unset@ - - *database_host - - /cinder - debug: {get_param: Debug} - volume_size_mb: - get_param: CinderLVMLoopDeviceSize - service-password: - get_param: CinderPassword - iscsi-helper: - get_param: CinderISCSIHelper - controller-address: - get_input: controller_host - corosync: - bindnetaddr: {get_input: controller_host} - mcastport: 5577 - nodes: - Merge::Map: - controller0: - ip: {get_attr: [controller0, networks, ctlplane, 0]} - pacemaker: - stonith_enabled : false - recheck_interval : 5 - quorum_policy : ignore - db-password: unset - glance: - registry: - host: {get_input: controller_virtual_ip} - backend: swift - db: - Fn::Join: - - '' - - - mysql://glance:unset@ - - *database_host - - /glance - debug: {get_param: Debug} - host: - get_input: controller_virtual_ip - port: - get_param: GlancePort - protocol: - get_param: GlanceProtocol - service-password: - get_param: GlancePassword - swift-store-user: service:glance - swift-store-key: - get_param: GlancePassword - notifier-strategy: - get_param: GlanceNotifierStrategy - log-file: - get_param: GlanceLogFile - heat: - admin_password: - get_param: HeatPassword - admin_tenant_name: service - admin_user: heat - auth_encryption_key: - get_resource: HeatAuthEncryptionKey - db: - Fn::Join: - - '' - - - mysql://heat:unset@ - - *database_host - - /heat - debug: {get_param: Debug} - stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} - watch_server_url: {get_input: heat.watch_server_url} - metadata_server_url: {get_input: heat.metadata_server_url} - waitcondition_server_url: {get_input: heat.waitcondition_server_url} - horizon: - port: {get_param: HorizonPort} - caches: - memcached: - nodes: - Merge::Map: - controller0: - {get_attr: [controller0, name]} - keystone: - db: - Fn::Join: - - '' - - - mysql://keystone:unset@ - - *database_host - - /keystone - debug: {get_param: Debug} - host: - get_input: controller_virtual_ip - ca_certificate: {get_param: KeystoneCACertificate} - signing_key: {get_param: KeystoneSigningKey} - signing_certificate: {get_param: KeystoneSigningCertificate} - ssl: - certificate: {get_param: KeystoneSSLCertificate} - certificate_key: {get_param: KeystoneSSLCertificateKey} - mysql: - innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - local_bind: true - root-password: {get_resource: MysqlRootPassword} - nodes: - Merge::Map: - controller0: - ip: {get_attr: [controller0, networks, ctlplane, 0]} - cluster_name: - Fn::Join: - - '-' - - - 'tripleo' - - {get_resource: MysqlClusterUniquePart} - neutron: - debug: {get_param: Debug} - flat-networks: {get_param: NeutronFlatNetworks} - host: {get_input: controller_virtual_ip} - metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - agent_mode: {get_param: NeutronAgentMode} - router_distributed: {get_param: NeutronDVR} - mechanism_drivers: {get_param: NeutronMechanismDrivers} - allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - l3_ha: {get_param: NeutronL3HA} - ovs: - enable_tunneling: 'True' - local_ip: - get_input: controller_host - network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} - bridge_mappings: {get_param: NeutronBridgeMappings} - public_interface: - get_param: NeutronPublicInterface - public_interface_raw_device: - get_param: NeutronPublicInterfaceRawDevice - public_interface_route: - get_param: NeutronPublicInterfaceDefaultRoute - public_interface_tag: - get_param: NeutronPublicInterfaceTag - physical_bridge: br-ex - tenant_network_type: - get_param: NeutronNetworkType - tunnel_types: - get_param: NeutronTunnelTypes - ovs_db: - Fn::Join: - - '' - - - mysql://neutron:unset@ - - *database_host - - /ovs_neutron?charset=utf8 - service-password: - get_param: NeutronPassword - dnsmasq-options: - get_param: NeutronDnsmasqOptions - ceilometer: - db: - Fn::Join: - - '' - - - mysql://ceilometer:unset@ - - *database_host - - /ceilometer - debug: {get_param: Debug} - metering_secret: {get_param: CeilometerMeteringSecret} - service-password: - get_param: CeilometerPassword - snmpd: - export_MIB: UCD-SNMP-MIB - readonly_user_name: - get_param: SnmpdReadonlyUserName - readonly_user_password: - get_param: SnmpdReadonlyUserPassword - nova: - compute_driver: libvirt.LibvirtDriver - db: - Fn::Join: - - '' - - - mysql://nova:unset@ - - *database_host - - /nova - default_floating_pool: - ext-net - host: {get_input: controller_virtual_ip} - metadata-proxy: true - service-password: - get_param: NovaPassword - rabbit: - host: {get_input: controller_virtual_ip} - username: - get_param: RabbitUserName - password: - get_param: RabbitPassword - cookie: - get_attr: - - RabbitCookie - - value - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_port: {get_param: RabbitClientPort} - ntp: - servers: - - {server: {get_param: NtpServer}} - virtual_interfaces: - instances: - - vrrp_instance_name: VI_CONTROL - virtual_router_id: 51 - keepalive_interface: - get_param: ControlVirtualInterface - priority: 101 - virtual_ips: - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - interface: - get_param: ControlVirtualInterface - - vrrp_instance_name: VI_PUBLIC - virtual_router_id: 52 - keepalive_interface: - get_param: PublicVirtualInterface - priority: 101 - virtual_ips: - - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - interface: - get_param: PublicVirtualInterface - vrrp_sync_groups: - - name: VG1 - members: - - VI_CONTROL - - VI_PUBLIC - keepalived: - keepalive_interface: - get_param: PublicVirtualInterface - priority: 101 - virtual_ips: - - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - interface: - get_param: ControlVirtualInterface - - - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - interface: - get_param: PublicVirtualInterface - haproxy: - nodes: - Merge::Map: - controller0: - ip: {get_attr: [controller0, networks, ctlplane, 0]} - name: {get_attr: [controller0, name]} - net_binds: - - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}} - - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}} - options: - - option httpchk GET / - services: - - name: keystone_admin - port: 35357 - - name: keystone_public - port: 5000 - - name: horizon - port: 80 - - name: neutron - port: 9696 - - name: cinder - port: 8776 - - name: glance_api - port: 9292 - - name: glance_registry - port: 9191 - options: # overwrite options as glace_reg needs auth for http req - - name: heat_api - port: 8004 - - name: heat_cloudwatch - port: 8003 - - name: heat_cfn - port: 8000 - - name: mysql - port: 3306 - net_binds: - - *control_vip - extra_server_params: - - backup - options: - - timeout client 0 - - timeout server 0 - - name: nova_ec2 - port: 8773 - - name: nova_osapi - port: 8774 - - name: nova_metadata - port: 8775 - - name: nova_novncproxy - port: 6080 - - name: ceilometer - port: 8777 - options: # overwrite options as ceil needs auth for http req - - name: swift_proxy_server - port: 8080 - options: - - option httpchk GET /info - - name: rabbitmq - port: 5672 - net_binds: - - *control_vip - options: - - timeout client 0 - - timeout server 0 - - maxconn 1500 - controllerPassthrough: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config} - controllerPassthroughSpecific: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config_specific} - controller0: - type: OS::Nova::Server - properties: - image: - get_param: controllerImage - image_update_policy: - get_param: ImageUpdatePolicy - flavor: - get_param: OvercloudControlFlavor - key_name: - get_param: KeyName - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - controller0AllNodesDeployment: - depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific] - type: OS::Heat::StructuredDeployment - properties: - signal_transport: {get_param: DefaultSignalTransport} - config: {get_resource: allNodesConfig} - server: {get_resource: controller0} - controller0Deployment: - type: OS::Heat::StructuredDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_resource: controllerConfig} - server: {get_resource: controller0} - input_values: - bootstack_nodeid: {get_attr: [controller0, name]} - controller_host: {get_attr: [controller0, networks, ctlplane, 0]} - controller_virtual_ip: - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - heat.watch_server_url: - Fn::Join: - - '' - - - 'http://' - - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - ':8003' - heat.metadata_server_url: - Fn::Join: - - '' - - - 'http://' - - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - ':8000' - heat.waitcondition_server_url: - Fn::Join: - - '' - - - 'http://' - - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - ':8000/v1/waitcondition' - allNodesConfig: - type: OS::Heat::StructuredConfig - properties: - config: - completion-signal: {get_input: deploy_signal_id} - hosts: - Fn::Join: - - "\n" - - - Fn::Join: - - "\n" - - Merge::Map: - NovaCompute0: - Fn::Join: - - ' ' - - - {get_attr: [NovaCompute0, networks, ctlplane, 0]} - - {get_attr: [NovaCompute0, name]} - - Fn::Join: - - "\n" - - Merge::Map: - BlockStorage0: - Fn::Join: - - ' ' - - - {get_attr: [BlockStorage0, networks, ctlplane, 0]} - - {get_attr: [BlockStorage0, name]} - - Fn::Join: - - "\n" - - Merge::Map: - SwiftStorage0: - Fn::Join: - - ' ' - - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]} - - {get_attr: [SwiftStorage0, name]} - - Fn::Join: - - "\n" - - Merge::Map: - controller0: - Fn::Join: - - ' ' - - - {get_attr: [controller0, networks, ctlplane, 0]} - - {get_attr: [controller0, name]} - - {get_param: CloudName} - rabbit: - nodes: - Fn::Join: - - ',' - - Merge::Map: - controller0: - {get_attr: [controller0, name]} - sysctl: - net.ipv4.tcp_keepalive_time: 5 - net.ipv4.tcp_keepalive_probes: 5 - net.ipv4.tcp_keepalive_intvl: 1 - controller0SSLDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: SSLConfig} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - input_values: - controller_host: {get_attr: [controller0, networks, ctlplane, 0]} - ssl_certificate: {get_param: SSLCertificate} - ssl_key: {get_param: SSLKey} - ssl_ca_certificate: {get_param: SSLCACertificate} - controller0Passthrough: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: controllerPassthrough} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config: {get_param: ExtraConfig} - controller0PassthroughSpecific: - depends_on: [controller0Passthrough] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: controllerPassthroughSpecific} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - input_values: - passthrough_config_specific: {get_param: controllerExtraConfig} -outputs: - KeystoneURL: - description: URL for the Overcloud Keystone service - value: - Fn::Join: - - '' - - - http:// - - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - :5000/v2.0/ diff --git a/deprecated/overcloud-vlan-port.yaml b/deprecated/overcloud-vlan-port.yaml deleted file mode 100644 index 8f6f6937..00000000 --- a/deprecated/overcloud-vlan-port.yaml +++ /dev/null @@ -1,39 +0,0 @@ -outputs: - controller0PublicIP: - description: Address for registering endpoints in the cloud. - value: {get_attr: [controller0_VLANPort, fixed_ips, 0, ip_address]} -resources: - # Override the main template which can also supply a static route. - controller0_99_VLANPort: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ControllerVLANPortConfig} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - input_values: - vlan_port: - list_join: - - '/' - - - {get_attr: [controller0_VLANPort, fixed_ips, 0, ip_address]} - # This should also be pulled out of the subnet. May need a - # neutron fix too - XXX make into a parameter and feed it - # in via _overcloud.sh for now. - - '24' - # Tell the instance to apply the default route. - # Reinstate when https://bugs.launchpad.net/heat/+bug/1336656 is - # sorted - # public_interface_route: - # get_attr: [controller0_VLANPort, fixed_ips, 0, subnet, gateway_ip] - ControllerVLANPortConfig: - type: OS::Heat::StructuredConfig - properties: - config: - neutron: - ovs: - public_interface_tag_ip: {get_input: vlan_port} - controller0_VLANPort: - type: OS::Neutron::Port - properties: - name: controller0_vlan - network: public - replacement_policy: AUTO diff --git a/deprecated/ssl-source.yaml b/deprecated/ssl-source.yaml deleted file mode 100644 index a9357323..00000000 --- a/deprecated/ssl-source.yaml +++ /dev/null @@ -1,54 +0,0 @@ -description: 'ssl-source: SSL endpoint metadata for openstack' -parameters: - SSLCACertificate: - default: '' - description: If set, the contents of an SSL certificate authority file. - type: string - SSLCertificate: - default: '' - description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. - type: string - hidden: true - SSLKey: - default: '' - description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. - type: string - hidden: true -resources: - SSLConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - ssl: - ca_certificate: {get_input: ssl_ca_certificate} - stunnel: - cert: {get_input: ssl_certificate} - key: {get_input: ssl_key} - cacert: {get_input: ssl_ca_certificate} - connect_host: {get_input: controller_host} - ports: - - name: 'ec2' - accept: 13773 - connect: 8773 - - name: 'image' - accept: 13292 - connect: 9292 - - name: 'identity' - accept: 13000 - connect: 5000 - - name: 'network' - accept: 13696 - connect: 9696 - - name: 'compute' - accept: 13774 - connect: 8774 - - name: 'swift-proxy' - accept: 13080 - connect: 8080 - - name: 'cinder' - accept: 13776 - connect: 8776 - - name: 'ceilometer' - accept: 13777 - connect: 8777 diff --git a/deprecated/swift-deploy.yaml b/deprecated/swift-deploy.yaml deleted file mode 100644 index d4d32cbd..00000000 --- a/deprecated/swift-deploy.yaml +++ /dev/null @@ -1,69 +0,0 @@ -description: 'Swift-proxy: OpenStack object storage proxy' -parameters: - SwiftHashSuffix: - default: unset - description: A random string to be used as a salt when hashing to determine mappings in the ring. - type: string - hidden: true - SwiftMountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - SwiftMinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - SwiftPartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - SwiftPassword: - default: unset - description: The password for the swift service account, used by the swift proxy services. - type: string - hidden: true - SwiftReplicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. -resources: - controller0Swift: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: SwiftConfig} - server: {get_resource: controller0} - signal_transport: NO_SIGNAL - input_values: - swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_mount_check: {get_param: SwiftMountCheck} - swift_password: {get_param: SwiftPassword} - swift_part_power: {get_param: SwiftPartPower} - swift_devices: - Fn::Join: - - ', ' - - Merge::Map: - controller0: - Fn::Join: - - '' - - - 'r1z1-' - - {get_attr: [controller0, networks, ctlplane, 0]} - - ':%PORT%/d1' - SwiftStorage0: - Fn::Join: - - '' - - - 'r1z1-' - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]} - - ':%PORT%/d1' - swift_proxy_memcache: - Fn::Join: - - ',' - - Merge::Map: - controller0: - Fn::Join: - - ', ' - - - Fn::Join: - - '' - - - {get_attr: [controller0, networks, ctlplane, 0]} - - ':11211' - swift_replicas: { get_param: SwiftReplicas} - swift_min_part_hours: { get_param: SwiftMinPartHours} diff --git a/deprecated/swift-source.yaml b/deprecated/swift-source.yaml deleted file mode 100644 index e6fd951e..00000000 --- a/deprecated/swift-source.yaml +++ /dev/null @@ -1,15 +0,0 @@ -resources: - SwiftConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - swift: - devices: { get_input: swift_devices } - hash: { get_input: swift_hash_suffix } - mount-check: { get_input: swift_mount_check } - part-power: { get_input: swift_part_power } - proxy-memcache: { get_input: swift_proxy_memcache } - replicas: {get_input: swift_replicas } - min-part-hours: {get_input: swift_min_part_hours } - service-password: { get_input: swift_password } diff --git a/deprecated/swift-storage-source.yaml b/deprecated/swift-storage-source.yaml deleted file mode 100644 index 176925b6..00000000 --- a/deprecated/swift-storage-source.yaml +++ /dev/null @@ -1,77 +0,0 @@ -heat_template_version: 2013-05-23 -description: 'Common Swift Storage Configuration' -parameters: - OvercloudSwiftStorageFlavor: - description: Flavor for Swift storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - SwiftReplicas: - type: number - default: 1 - description: How many replicas to use in the swift rings. - SwiftStorageImage: - type: string - default: overcloud-swift-storage -resources: - SwiftStorage0: - type: OS::Nova::Server - properties: - image: {get_param: SwiftStorageImage} - flavor: {get_param: OvercloudSwiftStorageFlavor} - key_name: {get_param: KeyName} - user_data_format: SOFTWARE_CONFIG - SwiftKeystoneConfig: - type: OS::Heat::StructuredConfig - properties: - config: - keystone: - host: {get_input: keystone_host} - SwiftStorage0Keystone: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: SwiftStorage0} - config: {get_resource: SwiftKeystoneConfig} - signal_transport: NO_SIGNAL - input_values: - keystone_host: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - SwiftStorage0Deploy: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: SwiftStorage0} - config: {get_resource: SwiftConfig} - signal_transport: NO_SIGNAL - input_values: - swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_mount_check: {get_param: SwiftMountCheck} - swift_password: {get_param: SwiftPassword} - swift_part_power: {get_param: SwiftPartPower} - swift_devices: - Fn::Join: - - ', ' - - Merge::Map: - controller0: - Fn::Join: - - '' - - - 'r1z1-' - - {get_attr: [controller0, networks, ctlplane, 0]} - - ':%PORT%/d1' - SwiftStorage0: - Fn::Join: - - '' - - - 'r1z1-' - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]} - - ':%PORT%/d1' - swift_proxy_memcache: - Fn::Join: - - ',' - - Merge::Map: - controller0: - Fn::Join: - - ', ' - - - Fn::Join: - - '' - - - {get_attr: [controller0, networks, ctlplane, 0]} - - ':11211' - swift_replicas: { get_param: SwiftReplicas} - swift_min_part_hours: { get_param: SwiftMinPartHours} diff --git a/deprecated/undercloud-bm-nova-config.yaml b/deprecated/undercloud-bm-nova-config.yaml deleted file mode 100644 index 306dc0a1..00000000 --- a/deprecated/undercloud-bm-nova-config.yaml +++ /dev/null @@ -1,23 +0,0 @@ -resources: - undercloudNovaConfig: - type: OS::Heat::StructuredConfig - properties: - config: - nova: - compute_hostname: undercloud - compute_driver: {get_param: NovaComputeDriver} - compute_manager: {get_param: NovaComputeManager} - scheduler_host_manager: {get_param: NovaSchedulerHostManager} - db: {list_join: ['', ['mysql://nova:', {get_param: NovaPassword}, '@localhost/nova']]} - default_ephemeral_format: ext4 - host: 127.0.0.1 - metadata-proxy: false - tuning: - ram_allocation_ratio: 1.0 - reserved_host_memory_mb: 0 - baremetal: - arch: {get_input: nova_arch} - db: {list_join: ['', ['mysql://nova:', {get_param: NovaPassword}, '@localhost/nova_bm']]} - power_manager: {get_input: power_manager} - pxe_deploy_timeout: {get_input: pxe_deploy_timeout} - service-password: {get_input: nova_service_password} diff --git a/deprecated/undercloud-bm-nova-deploy.yaml b/deprecated/undercloud-bm-nova-deploy.yaml deleted file mode 100644 index dca68329..00000000 --- a/deprecated/undercloud-bm-nova-deploy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -parameters: - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NovaComputeDriver: - default: baremetal.driver.BareMetalDriver - description: Full class name for the Nova compute driver - type: string - NovaComputeManager: - default: nova.compute.manager.ComputeManager - description: Full class name for the Nova compute manager - type: string - NovaSchedulerHostManager: - default: nova.scheduler.host_manager.HostManager - description: Full class name for the Nova scheduler host manager - type: string - PowerManager: - default: nova.virt.baremetal.ipmi.IPMI - description: Bare metal power manager driver. - type: string - PxeDeployTimeout: - default: 2400 - description: Timeout for PXE deployment of baremetal nodes - type: number -resources: - undercloudNovaDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudNovaConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - input_values: - nova_arch: {get_param: BaremetalArch} - power_manager: {get_param: PowerManager} - pxe_deploy_timeout: {get_param: PxeDeployTimeout} - nova_service_password: {get_param: NovaPassword} diff --git a/deprecated/undercloud-source.yaml b/deprecated/undercloud-source.yaml deleted file mode 100644 index 317896d9..00000000 --- a/deprecated/undercloud-source.yaml +++ /dev/null @@ -1,412 +0,0 @@ -description: Deprecated. Use instack-undercloud instead. All-in-one baremetal OpenStack and all dependencies. -heat_template_version: 2013-05-23 -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AdminToken: - default: unset - description: The keystone auth secret. - type: string - hidden: true - BaremetalArch: - default: i386 - description: The architecture to use in Nova-BM - i386 or amd64. - type: string - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - DefaultSignalTransport: - default: CFN_SIGNAL - description: Transport to use for software-config signals. - type: string - constraints: - - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ] - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config: - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "compute_manager", - "value": "ironic.nova.compute.manager.ClusterComputeManager" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - Flavor: - description: Flavor to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlancePassword: - default: unset - description: The password for the glance service account, used by the glance services. - type: string - hidden: true - GlancePort: - default: 9292 - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - HeatPassword: - default: unset - description: The password for the Heat service account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. - type: string - default: '' - hidden: true - ImageUpdatePolicy: - default: REBUILD_PRESERVE_EPHEMERAL - description: What policy to use when reconstructing instances. REBUILD for rebuilds, - REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - NeutronPassword: - default: unset - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: > - A custom IP address to put onto the NeutronPublicInterface bridge. - See also NeutronPublicInterfaceTagIP for adding a VLAN tagging IP. - NeutronPublicInterfaceIP is deprecated in the context of deploying - underclouds - its only needed for the seed bootstrap process. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge, and that port will be - given the IP address returned by neutron from the public network. - type: string - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NeutronDVR: - default: 'False' - type: string - NtpServer: - type: string - default: '' - RabbitCookieSalt: - type: string - default: unset - description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - undercloudImage: - default: undercloud - type: string -resources: - RabbitCookie: - type: OS::Heat::RandomString - properties: - length: 20 - salt: - get_param: RabbitCookieSalt - MysqlRootPassword: - type: OS::Heat::RandomString - properties: - length: 10 - undercloudConfig: - type: OS::Heat::StructuredConfig - properties: - config: - completion-signal: {get_input: deploy_signal_id} - admin-password: - get_param: AdminPassword - admin-token: - get_param: AdminToken - bootstrap_host: - bootstrap_nodeid: - Fn::Select: - - 0 - - Fn::Select: - - 0 - - Merge::Map: - undercloud: - - get_attr: - - undercloud - - name - nodeid: {get_input: bootstack_nodeid} - bootstack: - public_interface_ip: - get_param: NeutronPublicInterfaceIP - controller-address: - get_input: controller_host - corosync: - bindnetaddr: {get_input: controller_host} - mcastport: 5577 - nodes: - Merge::Map: - controller0: - ip: {get_attr: [undercloud, networks, ctlplane, 0]} - pacemaker: - stonith_enabled : false - recheck_interval : 5 - quorum_policy : ignore - ceilometer: - db: {list_join: ['', ['mysql://ceilometer:', {get_param: CeilometerPassword}, '@localhost/ceilometer']]} - debug: {get_param: Debug} - metering_secret: {get_param: CeilometerMeteringSecret} - snmpd_readonly_user_name: - get_param: SnmpdReadonlyUserName - snmpd_readonly_user_password: - get_param: SnmpdReadonlyUserPassword - service-password: - get_param: CeilometerPassword - db-password: unset - glance: - backend: file - db: {list_join: ['', ['mysql://glance:', {get_param: GlancePassword}, '@localhost/glance']]} - debug: {get_param: Debug} - host: 127.0.0.1 - port: - get_param: GlancePort - protocol: - get_param: GlanceProtocol - service-password: - get_param: GlancePassword - notifier-strategy: - get_param: GlanceNotifierStrategy - log-file: - get_param: GlanceLogFile - heat: - admin_password: - get_param: HeatPassword - admin_tenant_name: service - admin_user: heat - auth_encryption_key: unset___________ - db: {list_join: ['', ['mysql://heat:', {get_param: HeatPassword}, '@localhost/heat']]} - debug: {get_param: Debug} - stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} - watch_server_url: {get_input: heat.watch_server_url} - metadata_server_url: {get_input: heat.metadata_server_url} - waitcondition_server_url: {get_input: heat.waitcondition_server_url} - keystone: - db: {list_join: ['', ['mysql://keystone:', {get_param: AdminToken}, '@localhost/keystone']]} - debug: {get_param: Debug} - host: 127.0.0.1 - ca_certificate: {get_param: KeystoneCACertificate} - signing_key: {get_param: KeystoneSigningKey} - signing_certificate: {get_param: KeystoneSigningCertificate} - ssl: - certificate: {get_param: KeystoneSSLCertificate} - certificate_key: {get_param: KeystoneSSLCertificateKey} - mysql: - innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - root-password: {get_resource: MysqlRootPassword} - bind_address: 127.0.0.1 - neutron: - debug: {get_param: Debug} - host: 127.0.0.1 - ovs_db: {list_join: ['', ['mysql://neutron:', {get_param: NeutronPassword}, '@localhost/ovs_neutron?charset=utf8']]} - ovs: - local_ip: - get_input: controller_host - public_interface: - get_param: NeutronPublicInterface - public_interface_raw_device: - get_param: NeutronPublicInterfaceRawDevice - public_interface_route: - get_param: NeutronPublicInterfaceDefaultRoute - public_interface_tag: - get_param: NeutronPublicInterfaceTag - physical_bridge: br-ctlplane - physical_network: ctlplane - network_vlan_ranges: ctlplane - bridge_mappings: ctlplane:br-ctlplane - tenant_network_type: vlan - enable_tunneling: 'False' - service-password: - get_param: NeutronPassword - rabbit: - host: 127.0.0.1 - username: - get_param: RabbitUserName - password: - get_param: RabbitPassword - cookie: - get_attr: - - RabbitCookie - - value - ntp: - servers: - - {server: {get_param: NtpServer}} - undercloudPassthroughConfig: - type: OS::Heat::StructuredConfig - properties: - config: {get_input: passthrough_config} - undercloud: - type: OS::Nova::Server - properties: - image: - get_param: undercloudImage - flavor: - get_param: Flavor - key_name: - get_param: KeyName - image_update_policy: - get_param: ImageUpdatePolicy - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - undercloudDeployment: - depends_on: [undercloudPassthroughDeployment] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudConfig} - server: {get_resource: undercloud} - signal_transport: {get_param: DefaultSignalTransport} - input_values: - bootstack_nodeid: - get_attr: - - undercloud - - name - controller_host: - get_attr: - - undercloud - - networks - - ctlplane - - 0 - heat.watch_server_url: - Fn::Join: - - '' - - - 'http://' - - get_attr: [undercloud, networks, ctlplane, 0] - - ':8003' - heat.metadata_server_url: - Fn::Join: - - '' - - - 'http://' - - {get_attr: [undercloud, networks, ctlplane, 0]} - - ':8000' - heat.waitcondition_server_url: - Fn::Join: - - '' - - - 'http://' - - {get_attr: [undercloud, networks, ctlplane, 0]} - - ':8000/v1/waitcondition' - undercloudPassthroughDeployment: - depends_on: [undercloudNovaDeployment] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudPassthroughConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - input_values: - passthrough_config: {get_param: ExtraConfig} diff --git a/deprecated/undercloud-vlan-port.yaml b/deprecated/undercloud-vlan-port.yaml deleted file mode 100644 index 7e39f5fc..00000000 --- a/deprecated/undercloud-vlan-port.yaml +++ /dev/null @@ -1,37 +0,0 @@ -outputs: - PublicIP: - description: Address for registering endpoints in the cloud. - value: {get_attr: [undercloud_VLANPort, fixed_ips, 0, ip_address]} -resources: - # Override the main template which can also supply a static route. - undercloud_99VLANPort: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudVLANPortConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - undercloudVLANPortConfig: - type: OS::Heat::StructuredConfig - properties: - config: - neutron: - ovs: - public_interface_tag_ip: - Fn::Join: - - '/' - - - {get_attr: [undercloud_VLANPort, fixed_ips, 0, ip_address]} - - '24' - # This should also be pulled out of the subnet. May need a - # neutron fix too - XXX make into a parameter and feed it - # in via _undercloud.sh for now. - # Tell the instance to apply the default route. - # Reinstate when https://bugs.launchpad.net/heat/+bug/1336656 is - # sorted - # public_interface_route: - # get_attr: [undercloud_VLANPort, fixed_ips, 0, subnet, gateway_ip] - undercloud_VLANPort: - type: OS::Neutron::Port - properties: - name: undercloud_vlan - network: public - replacement_policy: AUTO
\ No newline at end of file diff --git a/deprecated/undercloud-vm-ironic-config.yaml b/deprecated/undercloud-vm-ironic-config.yaml deleted file mode 100644 index cc0dafb6..00000000 --- a/deprecated/undercloud-vm-ironic-config.yaml +++ /dev/null @@ -1,27 +0,0 @@ -resources: - undercloudNovaConfig: - type: OS::Heat::StructuredConfig - properties: - config: - nova: - compute_hostname: undercloud - compute_driver: {get_param: NovaComputeDriver} - compute_manager: {get_param: NovaComputeManager} - scheduler_host_manager: {get_param: NovaSchedulerHostManager} - db: {list_join: ['', ['mysql://nova:', {get_param: NovaPassword}, '@localhost/nova']]} - debug: {get_param: Debug} - default_ephemeral_format: ext4 - host: 127.0.0.1 - metadata-proxy: false - tuning: - ram_allocation_ratio: 1.0 - reserved_host_memory_mb: 0 - service-password: {get_input: nova_service_password} - undercloudIronicConfig: - type: OS::Heat::StructuredConfig - properties: - config: - ironic: - db: {list_join: ['', ['mysql://ironic:', {get_param: IronicPassword}, '@localhost/ironic']]} - service-password: {get_input: ironic_service_password} - virtual_power_ssh_key: {get_input: virtual_power_ssh_key} diff --git a/deprecated/undercloud-vm-ironic-deploy.yaml b/deprecated/undercloud-vm-ironic-deploy.yaml deleted file mode 100644 index 5d23495c..00000000 --- a/deprecated/undercloud-vm-ironic-deploy.yaml +++ /dev/null @@ -1,44 +0,0 @@ -parameters: - IronicPassword: - type: string - description: Ironic password for keystone access - hidden: true - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NovaComputeDriver: - default: nova.virt.ironic.driver.IronicDriver - description: Full class name for the Nova compute driver - type: string - NovaComputeManager: - default: ironic.nova.compute.manager.ClusteredComputeManager - description: Full class name for the Nova compute manager - type: string - NovaSchedulerHostManager: - default: nova.scheduler.ironic_host_manager.IronicHostManager - description: Full class name for the Nova scheduler host manager - type: string - PowerSSHPrivateKey: - description: Private key for using to ssh to a virtual power host. - type: string - hidden: true -resources: - undercloudNovaDeployment: - depends_on: [undercloudIronicDeployment] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudNovaConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - input_values: - nova_service_password: {get_param: NovaPassword} - undercloudIronicDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudIronicConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - input_values: - ironic_service_password: {get_param: IronicPassword} - virtual_power_ssh_key: {get_param: PowerSSHPrivateKey} diff --git a/deprecated/undercloud-vm-nova-config.yaml b/deprecated/undercloud-vm-nova-config.yaml deleted file mode 100644 index 1fb8abb3..00000000 --- a/deprecated/undercloud-vm-nova-config.yaml +++ /dev/null @@ -1,29 +0,0 @@ -resources: - undercloudNovaConfig: - type: OS::Heat::StructuredConfig - properties: - config: - nova: - compute_hostname: undercloud - compute_driver: {get_param: NovaComputeDriver} - compute_manager: {get_param: NovaComputeManager} - scheduler_host_manager: {get_param: NovaSchedulerHostManager} - db: {list_join: ['', ['mysql://nova:', {get_param: NovaPassword}, '@localhost/nova']]} - default_ephemeral_format: ext4 - host: 127.0.0.1 - metadata-proxy: false - tuning: - ram_allocation_ratio: 1.0 - reserved_host_memory_mb: 0 - baremetal: - arch: {get_input: nova_arch} - db: {list_join: ['', ['mysql://nova:', {get_param: NovaPassword}, '@localhost/nova_bm']]} - power_manager: {get_input: power_manager} - pxe_deploy_timeout: {get_input: pxe_deploy_timeout} - virtual_power: - user: {get_input: user} - ssh_host: {get_input: ssh_host} - ssh_key: {get_input: ssh_key} - type: virsh - service-password: {get_input: nova_service_password} - diff --git a/deprecated/undercloud-vm-nova-deploy.yaml b/deprecated/undercloud-vm-nova-deploy.yaml deleted file mode 100644 index da15b46d..00000000 --- a/deprecated/undercloud-vm-nova-deploy.yaml +++ /dev/null @@ -1,52 +0,0 @@ -parameters: - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NovaComputeDriver: - default: baremetal.driver.BareMetalDriver - description: Full class name for the Nova compute driver - type: string - NovaComputeManager: - default: nova.compute.manager.ComputeManager - description: Full class name for the Nova compute manager - type: string - NovaSchedulerHostManager: - default: nova.scheduler.host_manager.HostManager - description: Full class name for the Nova scheduler host manager - type: string - PowerManager: - default: nova.virt.baremetal.virtual_power_driver.VirtualPowerManager - description: Bare metal power manager driver. - type: string - PowerSSHHost: - default: 192.168.122.1 - description: SSH host to ssh to for power management operations. - type: string - PowerSSHPrivateKey: - description: Private key for using to ssh to a virtual power host. - type: string - hidden: true - PowerUserName: - default: stack - description: What username to ssh to the virtual power host with. - type: string - PxeDeployTimeout: - default: 2400 - description: Timeout for PXE deployment of baremetal nodes - type: number -resources: - undercloudNovaDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: undercloudNovaConfig} - server: {get_resource: undercloud} - signal_transport: NO_SIGNAL - input_values: - nova_arch: {get_param: BaremetalArch} - power_manager: {get_param: PowerManager} - pxe_deploy_timeout: {get_param: PxeDeployTimeout} - nova_service_password: {get_param: NovaPassword} - user: {get_param: PowerUserName} - ssh_host: {get_param: PowerSSHHost} - ssh_key: {get_param: PowerSSHPrivateKey} diff --git a/docker/README-containers.md b/docker/README-containers.md index 0e67c183..17990b54 100644 --- a/docker/README-containers.md +++ b/docker/README-containers.md @@ -12,7 +12,7 @@ Download the fedora atomic image into glance: ``` wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 -glance image-create --name fedora-atomic --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare +glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare ``` ## Configuring TripleO diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml index 0d049ebc..a6607fd9 100644 --- a/docker/compute-post.yaml +++ b/docker/compute-post.yaml @@ -9,6 +9,9 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied + DockerNamespace: + type: string + default: tripleoupstream DockerComputeImage: type: string DockerComputeDataImage: @@ -67,8 +70,24 @@ resources: config: {get_resource: CopyEtcConfig} servers: {get_param: servers} + CopyJsonConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + outputs: + - name: result + config: {get_file: ./generate_json_config.sh} + + CopyJsonDeployment: + type: OS::Heat::SoftwareDeployments + depends_on: CopyEtcDeployment + properties: + config: {get_resource: CopyJsonConfig} + servers: {get_param: servers} + NovaComputeContainersDeploymentOVS: type: OS::Heat::StructuredDeployments + depends_on: CopyJsonDeployment properties: config: {get_resource: NovaComputeContainersConfigOVS} servers: {get_param: servers} @@ -79,7 +98,10 @@ resources: group: docker-compose config: ovsvswitchd: - image: {get_param: DockerOvsVswitchdImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] container_name: ovs-vswitchd net: host privileged: true @@ -87,18 +109,23 @@ resources: volumes: - /run:/run - /lib/modules:/lib/modules:ro + - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json environment: - - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS openvswitchdb: - image: {get_param: DockerOpenvswitchDBImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] container_name: ovs-db-server net: host restart: always volumes: - /run:/run + - /var/lib/etc-data/json-config/ovs-dbserver.json:/var/lib/kolla/config_files/config.json environment: - - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS NovaComputeContainersDeploymentNetconfig: type: OS::Heat::SoftwareDeployments @@ -122,7 +149,7 @@ resources: LibvirtContainersDeployment: type: OS::Heat::StructuredDeployments - depends_on: [CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig] + depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig] properties: config: {get_resource: LibvirtContainersConfig} servers: {get_param: servers} @@ -133,11 +160,20 @@ resources: group: docker-compose config: computedata: - image: {get_param: DockerComputeDataImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerComputeDataImage} ] container_name: computedata + volumes: + - /var/lib/nova/instances + - /var/lib/libvirt libvirt: - image: {get_param: DockerLibvirtImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] container_name: libvirt net: host pid: host @@ -146,16 +182,17 @@ resources: volumes: - /run:/run - /lib/modules:/lib/modules:ro - - /var/lib/etc-data/libvirt/libvirtd.conf:/opt/kolla/libvirtd/libvirtd.conf - - /var/lib/nova/instances:/var/lib/nova/instances + - /sys/fs/cgroup:/sys/fs/cgroup + - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf environment: - - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS volumes_from: - computedata NovaComputeContainersDeployment: type: OS::Heat::StructuredDeployments - depends_on: [CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig, LibvirtContainersDeployment] + depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig, LibvirtContainersDeployment] properties: config: {get_resource: NovaComputeContainersConfig} servers: {get_param: servers} @@ -166,7 +203,10 @@ resources: group: docker-compose config: openvswitch: - image: {get_param: DockerOpenvswitchImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] container_name: openvswitch net: host privileged: true @@ -174,17 +214,20 @@ resources: volumes: - /run:/run - /lib/modules:/lib/modules:ro + - /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json - /var/lib/etc-data/neutron/neutron.conf:/etc/kolla/neutron-openvswitch-agent/:ro - - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/etc/kolla/neutron-openvswitch-agent/:ro + - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro + - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro environment: - - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS volumes_from: - computedata - # FIXME: Kolla now uses a JSON model to run custom commands. We rebuilt a custom container to read in KOLLA_COMMAND_ARGS - # FIXME: Here we're subjugating kolla's start scripts because we want our custom run command neutronagent: - image: {get_param: DockerOpenvswitchImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] container_name: neutronagent net: host pid: host @@ -193,33 +236,32 @@ resources: volumes: - /run:/run - /lib/modules:/lib/modules:ro - - /var/lib/etc-data/neutron/neutron.conf:/etc/neutron/neutron.conf:ro - - /var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:ro + - /var/lib/etc-data/json-config/neutron-agent.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro + - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro environment: - - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS - # FIXME: Kolla now uses a JSON model to run custom commands. We rebuilt a custom container to read in KOLLA_COMMAND_ARGS - - KOLLA_COMMAND_ARGS=--config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS volumes_from: - computedata novacompute: - image: {get_param: DockerComputeImage} + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerComputeImage} ] container_name: novacompute net: host privileged: true restart: always volumes: - /run:/run - - /sys/fs/cgroup:/sys/fs/cgroup - /lib/modules:/lib/modules:ro - - /var/lib/etc-data/:/etc/:ro - - /var/lib/nova/instances:/var/lib/nova/instances + - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS volumes_from: - computedata - # FIXME: this skips the kolla start.sh script and just starts Nova - # Ideally we'd have an environment that switched the kolla container - # to be externally configured. - command: /usr/bin/nova-compute ExtraConfig: depends_on: NovaComputeContainersDeployment diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml index 8adc8939..22a8ff92 100644 --- a/docker/firstboot/install_docker_agents.yaml +++ b/docker/firstboot/install_docker_agents.yaml @@ -4,6 +4,12 @@ parameters: DockerAgentImage: type: string default: dprince/heat-docker-agents-centos + DockerNamespace: + type: string + default: kollaglue + DockerNamespaceIsRegistry: + type: boolean + default: false resources: @@ -21,6 +27,8 @@ resources: str_replace: params: $agent_image: {get_param: DockerAgentImage} + $docker_registry: {get_param: DockerNamespace} + $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry} template: {get_file: ./start_docker_agents.sh} outputs: diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index caf511bd..a0e95d11 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -7,7 +7,7 @@ if ! hostname | grep compute &>/dev/null; then exit 0 fi -mkdir -p /var/lib/etc-data/ #FIXME: this should be a docker data container +mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container # heat-docker-agents service cat <<EOF > /etc/systemd/system/heat-docker-agents.service @@ -38,23 +38,23 @@ EOF #echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker # Local docker registry 1.8 -#/bin/sed -i s/ADD_REGISTRY/#ADD_REGISTRY/ /etc/sysconfig/docker +if [ $docker_namespace_is_registry ]; then + /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry '/INSECURE_REGISTRY='--insecure-registry $docker_registry'/g" /etc/sysconfig/docker +fi /sbin/setenforce 0 /sbin/modprobe ebtables -# Create /var/lib/etc-data for now. FIXME: This should go into a data container. -#mkdir -p /var/lib/etc-data - echo nameserver 8.8.8.8 > /etc/resolv.conf # We need hostname -f to return in a centos container for the puppet hook HOSTNAME=$(hostname) echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts -# Another hack.. we need latest docker.. +# Another hack.. we need a different docker version +# (should obviously be dropped once the atomic image contains docker 1.8.2) /usr/bin/systemctl stop docker.service -/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-latest +/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-1.8.2 /bin/mount -o remount,rw /usr /bin/rm /bin/docker /bin/cp /tmp/docker /bin/docker diff --git a/docker/generate_json_config.sh b/docker/generate_json_config.sh new file mode 100644 index 00000000..5cf49226 --- /dev/null +++ b/docker/generate_json_config.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +KOLLA_DEST=/var/lib/kolla/config_files +JSON_DEST=/var/lib/etc-data/json-config + +# For more config file generation, simply define a new SERVICE_DATA_ +# prefixed variable. The command string is quoted to include config-file +# arguments. Note that the variable name following SERVICE_DATA_ will be +# the filename the JSON config is written to. + +# [EXAMPLE]: SERVICE_DATA_<SERVICE_NAME>=(<command> <source> <dest> <owner> <perms>) + +SERVICE_DATA_NOVA_LIBVIRT=("/usr/sbin/libvirtd" libvirtd.conf /etc/libvirt/libvirtd.conf root 0644) +SERVICE_DATA_NOVA_COMPUTE=("/usr/bin/nova-compute" nova.conf /etc/nova/nova.conf nova 0600) +SERVICE_DATA_NEUTRON_OPENVSWITCH_AGENT=("/usr/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini" neutron.conf /etc/neutron/neutron.conf neutron 0600 ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini neutron 0600) +SERVICE_DATA_NEUTRON_AGENT=("/usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" neutron.conf /etc/neutron/neutron.conf neutron 0600 ovs_neutron_plugin.ini /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini neutron 0600) +SERVICE_DATA_OVS_VSWITCHD=("/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/openvswitch/ovs-vswitchd.log") +SERVICE_DATA_OVS_DBSERVER=("/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --log-file=/var/log/openvswitch/ovsdb-server.log") + +function create_json_header() { + local command=$1 + + echo "\ +{ + \"command\": \"${command[@]}\"," + +} + +function create_config_file_header() { + echo " \"config_files\": [" +} + +function create_config_file_block() { + local source=$KOLLA_DEST/$1 + local dest=$2 + local owner=$3 + local perm=$4 + + printf "\ +\t{ +\t \"source\": \"$source\", +\t \"dest\": \"$dest\", +\t \"owner\": \"$owner\", +\t \"perm\": \"$perm\" +\t}" +} + +function add_trailing_comma() { + printf ", \n" +} + +function create_config_file_trailer() { + echo -e "\n ]" +} + +function create_json_trailer() { + echo "}" +} + +function create_json_data() { + local config_data=$1 + shift + + create_json_header "$config_data" + create_config_file_header + while [ "$1" ]; do + create_config_file_block "$@" + shift 4 + if [ "$1" ]; then + add_trailing_comma + fi + done + create_config_file_trailer + create_json_trailer +} + +function write_json_data() { + + local name=$1[@] + local service_data=("${!name}") + + local service_name=${1#SERVICE_DATA_} # chop SERVICE_DATA_ prefix + service_name=${service_name//_/-} # switch underscore to dash + service_name=${service_name,,} # change to lowercase + + echo "Creating JSON file ${service_name}" + create_json_data "${service_data[@]}" > "$JSON_DEST/$service_name.json" +} + +function process_configs() { + for service in ${!SERVICE_DATA_*}; do + write_json_data "${service}" + done +} + +process_configs diff --git a/environments/docker-rdo.yaml b/environments/docker-rdo.yaml index d5791369..66824feb 100644 --- a/environments/docker-rdo.yaml +++ b/environments/docker-rdo.yaml @@ -5,13 +5,19 @@ resource_registry: OS::TripleO::Compute::Net::SoftwareConfig: ../net-config-bridge.yaml parameters: - NovaImage: fedora-atomic + NovaImage: atomic-image parameter_defaults: - DockerComputeImage: rthallisey/centos-binary-nova-compute:liberty - DockerComputeDataImage: kollaglue/centos-rdo-nova-compute-data:liberty2 - DockerLibvirtImage: kollaglue/centos-rdo-nova-libvirt:liberty2 - DockerNeutronAgentImage: kollaglue/centos-rdo-neutron-agents:liberty2 - DockerOpenvswitchImage: rthallisey/centos-rdo-neutron-openvswitch-agent:latest - DockerOvsVswitchdImage: kollaglue/centos-rdo-ovs-vswitchd:liberty2 - DockerOpenvswitchDBImage: kollaglue/centos-rdo-ovs-db-server:liberty2 + # Defaults to 'tripleoupstream'. Specify a local docker registry + # Example: 192.168.122.131:8787 + DockerNamespace: tripleoupstream + # Enable local Docker registry + DockerNamespaceIsRegistry: false + # Compute Node Images + DockerComputeImage: centos-binary-nova-compute:latest + DockerComputeDataImage: centos-binary-data:latest + DockerLibvirtImage: centos-binary-nova-libvirt:latest + DockerNeutronAgentImage: centos-binary-neutron-agents:latest + DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:latest + DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:latest + DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:latest diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml new file mode 100644 index 00000000..5c2506e9 --- /dev/null +++ b/environments/enable-tls.yaml @@ -0,0 +1,9 @@ +parameter_defaults: + SSLCertificate: | + The contents of your certificate go here + SSLIntermediateCertificate: '' + SSLKey: | + The contents of the private key go here + +resource_registry: + OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/environments/external-loadbalancer-vip.yaml b/environments/external-loadbalancer-vip.yaml new file mode 100644 index 00000000..47d5bd9b --- /dev/null +++ b/environments/external-loadbalancer-vip.yaml @@ -0,0 +1,14 @@ +resource_registry: + OS::TripleO::Network::Ports::NetVipMap: ../network/ports/net_vip_map_external.yaml + +parameter_defaults: + # When using an external loadbalancer set the following in parameter_defaults + # to control your VIPs (currently one per network) + # NOTE: we will eventually move to one VIP per service + # + # ControlNetworkVip: + # ExternalNetworkVip: + # InternalApiNetworkVip: + # StorageNetworkVip: + # StorageMgmtNetworkVip: + EnableLoadBalancer: false
\ No newline at end of file diff --git a/environments/inject-trust-anchor.yaml b/environments/inject-trust-anchor.yaml new file mode 100644 index 00000000..3ecb0d27 --- /dev/null +++ b/environments/inject-trust-anchor.yaml @@ -0,0 +1,6 @@ +parameter_defaults: + SSLRootCertificate: | + The contents of your root CA certificate go here + +resource_registry: + OS::TripleO::NodeTLSCAData: ../puppet/extraconfig/tls/ca-inject.yaml diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml new file mode 100644 index 00000000..071f4108 --- /dev/null +++ b/environments/manage-firewall.yaml @@ -0,0 +1,2 @@ +parameters: + ManageFirewall: true diff --git a/environments/net-bond-with-vlans-no-external.yaml b/environments/net-bond-with-vlans-no-external.yaml new file mode 100644 index 00000000..0da119d9 --- /dev/null +++ b/environments/net-bond-with-vlans-no-external.yaml @@ -0,0 +1,26 @@ +# This template configures each role to use a pair of bonded nics (nic2 and +# nic3) and configures an IP address on each relevant isolated network +# for each role. + +# This template assumes use of network-isolation.yaml and should be specified +# last on the CLI as a Heat environment so as to override specific +# registry settings in the network-isolation registry. +# +# FIXME: if/when we add functionality to heatclient to include heat +# environment files we should think about using it here to automatically +# include network-isolation.yaml. +resource_registry: + + # Set external ports to noop + OS::TripleO::Network::External: ../network/noop.yaml + OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/noop.yaml + + OS::TripleO::BlockStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/cinder-storage.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../network/config/bond-with-vlans/compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-no-external.yaml + OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml + OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml + +# NOTE: with no external interface we should be able to use the +# default Neutron l3_agent.ini setting for the external bridge (br-ex) +# i.e. No need to set: NeutronExternalNetworkBridge: "''" diff --git a/environments/net-single-nic-with-vlans-no-external.yaml b/environments/net-single-nic-with-vlans-no-external.yaml new file mode 100644 index 00000000..a173df4e --- /dev/null +++ b/environments/net-single-nic-with-vlans-no-external.yaml @@ -0,0 +1,25 @@ +# This template configures each role to use Vlans on a single nic for +# each isolated network. +# This template assumes use of network-isolation.yaml and should be specified +# last on the CLI as a Heat environment so as to override specific +# registry settings in the network-isolation registry. +# +# FIXME: if/when we add functionality to heatclient to include heat +# environment files we should think about using it here to automatically +# include network-isolation.yaml. +resource_registry: + + # Set external ports to noop + OS::TripleO::Network::External: ../network/noop.yaml + OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/noop.yaml + + # Configure other ports as normal + OS::TripleO::BlockStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/cinder-storage.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../network/config/single-nic-vlans/compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-no-external.yaml + OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml + OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml + +# NOTE: with no external interface we should be able to use the +# default Neutron l3_agent.ini setting for the external bridge (br-ex) +# i.e. No need to set: NeutronExternalNetworkBridge: "''" diff --git a/environments/network-isolation-no-tunneling.yaml b/environments/network-isolation-no-tunneling.yaml new file mode 100644 index 00000000..5d2a915b --- /dev/null +++ b/environments/network-isolation-no-tunneling.yaml @@ -0,0 +1,37 @@ +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. This version of the environment +# has no dedicated VLAN for tunneling, for deployments that use +# VLAN mode, flat provider networks, etc. +resource_registry: + OS::TripleO::Network::External: ../network/external.yaml + OS::TripleO::Network::InternalApi: ../network/internal_api.yaml + OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml + OS::TripleO::Network::Storage: ../network/storage.yaml + + # Port assignments for the controller role + OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml + OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml + OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml + OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + + # Port assignments for the compute role + OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml + OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml + + # Port assignments for the ceph storage role + OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml + OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + + # Port assignments for the swift storage role + OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml + OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml + OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + + # Port assignments for the block storage role + OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml + OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml + OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + + # Port assignments for service virtual IPs for the controller role + OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml new file mode 100644 index 00000000..4ba8d9cb --- /dev/null +++ b/environments/neutron-nuage-config.yaml @@ -0,0 +1,14 @@ +# A Heat environment file which can be used to enable a +# a Neutron Nuage backend on the controller, configured via puppet +resource_registry: + OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml + +parameter_defaults: + NeutronNuageOSControllerIp: '0.0.0.0' + NeutronNuageNetPartitionName: 'default_name' + NeutronNuageVSDIp: '0.0.0.0:0' + NeutronNuageVSDUsername: 'username' + NeutronNuageVSDPassword: 'password' + NeutronNuageVSDOrganization: 'organization' + NeutronNuageBaseURIVersion: 'default_uri_version' + NeutronNuageCMSId: '' diff --git a/environments/nova-nuage-config.yaml b/environments/nova-nuage-config.yaml new file mode 100644 index 00000000..56c64d15 --- /dev/null +++ b/environments/nova-nuage-config.yaml @@ -0,0 +1,8 @@ +# A Heat environment file which can be used to enable +# Nuage backend on the compute, configured via puppet +resource_registry: + OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml + +parameter_defaults: + NuageActiveController: '0.0.0.0' + NuageStandbyController: '0.0.0.0' diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 3c7901cc..7f5b5080 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -3,7 +3,7 @@ resource_registry: OS::TripleO::CephClusterConfig::SoftwareConfig: ../puppet/extraconfig/ceph/ceph-external-config.yaml -parameters: +parameter_defaults: # NOTE: These example parameters are required when using Ceph External #CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' #CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' @@ -13,6 +13,13 @@ parameters: NovaEnableRbdBackend: true CinderEnableRbdBackend: true GlanceBackend: rbd + # If the Ceph pools which host VMs, Volumes and Images do not match these + # names OR the client keyring to use is not named 'openstack', edit the + # following as needed. + NovaRbdPoolName: vms + CinderRbdPoolName: volumes + GlanceRbdPoolName: images + CephClientUserName: openstack # finally we disable the Cinder LVM backend CinderEnableIscsiBackend: false diff --git a/environments/updates/README.md b/environments/updates/README.md new file mode 100644 index 00000000..8c03411d --- /dev/null +++ b/environments/updates/README.md @@ -0,0 +1,9 @@ +This directory contains Heat environment file snippets which can +be used to ensure smooth updates of the Overcloud. + +Contents +-------- + +**update-from-keystone-admin-internal-api.yaml** + To be used if the Keystone Admin API was originally deployed on the + Internal API network. diff --git a/environments/updates/update-from-keystone-admin-internal-api.yaml b/environments/updates/update-from-keystone-admin-internal-api.yaml new file mode 100644 index 00000000..3c71ef1b --- /dev/null +++ b/environments/updates/update-from-keystone-admin-internal-api.yaml @@ -0,0 +1,33 @@ +# This environment file provides a default value for ServiceNetMap where +# Keystone Admin API service is running on the Internal API network + +parameters: + ServiceNetMap: + NeutronTenantNetwork: tenant + CeilometerApiNetwork: internal_api + MongoDbNetwork: internal_api + CinderApiNetwork: internal_api + CinderIscsiNetwork: storage + GlanceApiNetwork: storage + GlanceRegistryNetwork: internal_api + KeystoneAdminApiNetwork: internal_api + KeystonePublicApiNetwork: internal_api + NeutronApiNetwork: internal_api + HeatApiNetwork: internal_api + NovaApiNetwork: internal_api + NovaMetadataNetwork: internal_api + NovaVncProxyNetwork: internal_api + SwiftMgmtNetwork: storage_mgmt + SwiftProxyNetwork: storage + HorizonNetwork: internal_api + MemcachedNetwork: internal_api + RabbitMqNetwork: internal_api + RedisNetwork: internal_api + MysqlNetwork: internal_api + CephClusterNetwork: storage_mgmt + CephPublicNetwork: storage + ControllerHostnameResolveNetwork: internal_api + ComputeHostnameResolveNetwork: internal_api + BlockStorageHostnameResolveNetwork: internal_api + ObjectStorageHostnameResolveNetwork: internal_api + CephStorageHostnameResolveNetwork: storage diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index 9125ca07..e32369e1 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -22,7 +22,8 @@ mkdir -p $timestamp_dir update_identifier=${update_identifier//[^a-zA-Z0-9-_]/} # seconds to wait for this node to rejoin the cluster after update -cluster_start_timeout=360 +cluster_start_timeout=600 +galera_sync_timeout=360 timestamp_file="$timestamp_dir/$update_identifier" if [[ -a "$timestamp_file" ]]; then @@ -41,8 +42,94 @@ if [[ "$list_updates" == "" ]]; then fi pacemaker_status=$(systemctl is-active pacemaker) +pacemaker_dumpfile=$(mktemp) if [[ "$pacemaker_status" == "active" ]] ; then +SERVICES="memcached +httpd +neutron-dhcp-agent +neutron-l3-agent +neutron-metadata-agent +neutron-openvswitch-agent +neutron-server +openstack-ceilometer-alarm-evaluator +openstack-ceilometer-alarm-notifier +openstack-ceilometer-api +openstack-ceilometer-central +openstack-ceilometer-collector +openstack-ceilometer-notification +openstack-cinder-api +openstack-cinder-scheduler +openstack-cinder-volume +openstack-glance-api +openstack-glance-registry +openstack-heat-api +openstack-heat-api-cfn +openstack-heat-api-cloudwatch +openstack-heat-engine +openstack-keystone +openstack-nova-api +openstack-nova-conductor +openstack-nova-consoleauth +openstack-nova-novncproxy +openstack-nova-scheduler" + + echo "Dumping Pacemaker config" + pcs cluster cib $pacemaker_dumpfile + + echo "Checking for missing constraints" + + if ! pcs constraint order show | grep "start openstack-nova-novncproxy-clone then start openstack-nova-api-clone"; then + pcs -f $pacemaker_dumpfile constraint order start openstack-nova-novncproxy-clone then openstack-nova-api-clone + fi + + if ! pcs constraint order show | grep "start rabbitmq-clone then start openstack-keystone-clone"; then + pcs -f $pacemaker_dumpfile constraint order start rabbitmq-clone then openstack-keystone-clone + fi + + if ! pcs constraint order show | grep "promote galera-master then start openstack-keystone-clone"; then + pcs -f $pacemaker_dumpfile constraint order promote galera-master then openstack-keystone-clone + fi + + if pcs resource | grep "haproxy-clone"; then + SERVICES="$SERVICES haproxy" + if ! pcs constraint order show | grep "start haproxy-clone then start openstack-keystone-clone"; then + pcs -f $pacemaker_dumpfile constraint order start haproxy-clone then openstack-keystone-clone + fi + fi + + if ! pcs constraint order show | grep "start memcached-clone then start openstack-keystone-clone"; then + pcs -f $pacemaker_dumpfile constraint order start memcached-clone then openstack-keystone-clone + fi + + if ! pcs constraint order show | grep "promote redis-master then start openstack-ceilometer-central-clone"; then + pcs -f $pacemaker_dumpfile constraint order promote redis-master then start openstack-ceilometer-central-clone require-all=false + fi + + # ensure neutron constraints https://review.openstack.org/#/c/229466 + # remove ovs-cleanup after server and add openvswitch-agent instead + if pcs constraint order show | grep "start neutron-server-clone then start neutron-ovs-cleanup-clone"; then + pcs -f $pacemaker_dumpfile constraint remove order-neutron-server-clone-neutron-ovs-cleanup-clone-mandatory + fi + if ! pcs constraint order show | grep "start neutron-server-clone then start neutron-openvswitch-agent-clone"; then + pcs -f $pacemaker_dumpfile constraint order start neutron-server-clone then neutron-openvswitch-agent-clone + fi + + + if ! pcs resource defaults | grep "resource-stickiness: INFINITY"; then + pcs -f $pacemaker_dumpfile resource defaults resource-stickiness=INFINITY + fi + + echo "Setting resource start/stop timeouts" + for service in $SERVICES; do + pcs -f $pacemaker_dumpfile resource update $service op start timeout=100s op stop timeout=100s + done + # mongod start timeout is higher, setting only stop timeout + pcs -f $pacemaker_dumpfile resource update mongod op stop timeout=100s + + echo "Applying new Pacemaker config" + pcs cluster cib-push $pacemaker_dumpfile + echo "Pacemaker running, stopping cluster node and doing full package update" node_count=$(pcs status xml | grep -o "<nodes_configured.*/>" | grep -o 'number="[0-9]*"' | grep -o "[0-9]*") if [[ "$node_count" == "1" ]] ; then @@ -51,6 +138,13 @@ if [[ "$pacemaker_status" == "active" ]] ; then else pcs cluster stop fi + + # clean leftover keepalived and radvd instances from neutron + # (can be removed when we remove neutron-netns-cleanup from cluster services) + # see https://review.gerrithub.io/#/c/248931/1/neutron-netns-cleanup.init + killall neutron-keepalived-state-change 2>/dev/null || : + kill $(ps ax | grep -e "keepalived.*\.pid-vrrp" | awk '{print $1}') 2>/dev/null || : + kill $(ps ax | grep -e "radvd.*\.pid\.radvd" | awk '{print $1}') 2>/dev/null || : else echo "Excluding upgrading packages that are handled by config management tooling" command_arguments="$command_arguments --skip-broken" @@ -83,6 +177,17 @@ if [[ "$pacemaker_status" == "active" ]] ; then exit 1 fi done + + tstart=$(date +%s) + while ! clustercheck; do + sleep 5 + tnow=$(date +%s) + if (( tnow-tstart > galera_sync_timeout )) ; then + echo "ERROR galera sync timed out" + exit 1 + fi + done + pcs status else diff --git a/net-config-linux-bridge.yaml b/net-config-linux-bridge.yaml new file mode 100644 index 00000000..0646ffab --- /dev/null +++ b/net-config-linux-bridge.yaml @@ -0,0 +1,73 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config for a simple bridge. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + default: '192.0.2.1' + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + default: '169.254.169.254/32' + + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: linux_bridge + name: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: ControlPlaneIp} + members: + - + type: interface + name: {get_input: interface_name} + # force the MAC address of the bridge to this interface + primary: true + routes: + - + ip_netmask: 0.0.0.0/0 + next_hop: {get_param: ControlPlaneDefaultRoute} + default: true + - + ip_netmask: {get_param: EC2MetadataIp} + next_hop: {get_param: ControlPlaneDefaultRoute} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/config/bond-with-vlans/README.md b/network/config/bond-with-vlans/README.md index 1679df3c..98879b4f 100644 --- a/network/config/bond-with-vlans/README.md +++ b/network/config/bond-with-vlans/README.md @@ -1,6 +1,12 @@ This directory contains Heat templates to help configure Vlans on a bonded pair of NICs for each Overcloud role. +There are two versions of the controller role template, one with +an external network interface, and another without. If the +external network interface is not configured the ctlplane address +ranges will be used for external (public) network traffic. + + Configuration ------------- @@ -13,3 +19,9 @@ something like this: OS::TripleO::Controller::Net::SoftwareConfig: network/config/bond-with-vlans/controller.yaml OS::TripleO::ObjectStorage::Net::SoftwareConfig: network/config/bond-with-vlans/swift-storage.yaml OS::TripleO::CephStorage::Net::SoftwareConfig: network/config/bond-with-vlans/ceph-storage.yaml + +Configuration with no External Network +-------------------------------------- +Same as above except set the following value for the controller role: + + OS::TripleO::Controller::Net::SoftwareConfig: network/config/bond-with-vlans/controller-no-external.yaml diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml new file mode 100644 index 00000000..22579e8f --- /dev/null +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -0,0 +1,114 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config with 2 bonded nics on a bridge + with VLANs attached for the controller role. + +parameters: + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + BondInterfaceOvsOptions: + default: '' + description: The ovs_options string for the bond interface. Set things like + lacp=active and/or bond_mode=balance-slb using this option. + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: ovs_bridge + name: {get_input: bridge_name} + members: + - + type: ovs_bond + name: bond1 + ovs_options: {get_param: BondInterfaceOvsOptions} + members: + - + type: interface + name: nic2 + primary: true + - + type: interface + name: nic3 + - + type: vlan + device: bond1 + vlan_id: {get_param: InternalApiNetworkVlanID} + addresses: + - + ip_netmask: {get_param: InternalApiIpSubnet} + - + type: vlan + device: bond1 + vlan_id: {get_param: StorageNetworkVlanID} + addresses: + - + ip_netmask: {get_param: StorageIpSubnet} + - + type: vlan + device: bond1 + vlan_id: {get_param: StorageMgmtNetworkVlanID} + addresses: + - + ip_netmask: {get_param: StorageMgmtIpSubnet} + - + type: vlan + device: bond1 + vlan_id: {get_param: TenantNetworkVlanID} + addresses: + - + ip_netmask: {get_param: TenantIpSubnet} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index 4290be20..eb4399ea 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -30,10 +30,9 @@ parameters: description: IP address/subnet on the tenant network type: string BondInterfaceOvsOptions: - default: 'bond_mode=balance-tcp lacp=active other-config:lacp-fallback-ab=true' + default: 'bond_mode=active-backup' description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. - Default wil attempt LACP, but will fall back to active-backup. type: string ExternalNetworkVlanID: default: 10 diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml index a0508583..7d650f4b 100644 --- a/network/config/multiple-nics/ceph-storage.yaml +++ b/network/config/multiple-nics/ceph-storage.yaml @@ -92,6 +92,9 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} - type: interface name: nic2 diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml index c84586bb..fdb6c9d8 100644 --- a/network/config/multiple-nics/cinder-storage.yaml +++ b/network/config/multiple-nics/cinder-storage.yaml @@ -92,6 +92,9 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} - type: interface name: nic2 diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index 70a18081..0032a287 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -80,6 +80,9 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} - type: interface name: nic2 diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml index 25ac75f2..00e4f353 100644 --- a/network/config/multiple-nics/swift-storage.yaml +++ b/network/config/multiple-nics/swift-storage.yaml @@ -92,6 +92,9 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} - type: interface name: nic2 diff --git a/network/config/single-nic-vlans/README.md b/network/config/single-nic-vlans/README.md index e3e16574..6f128650 100644 --- a/network/config/single-nic-vlans/README.md +++ b/network/config/single-nic-vlans/README.md @@ -1,6 +1,11 @@ This directory contains Heat templates to help configure Vlans on a single NICs for each Overcloud role. +There are two versions of the controller role template, one with +an external network interface, and another without. If the +external network interface is not configured the ctlplane address +ranges will be used for external (public) network traffic. + Configuration ------------- @@ -17,3 +22,10 @@ something like this: Or use this Heat environment file: environments/net-single-nic-with-vlans.yaml + + +Configuration with no External Network +-------------------------------------- +Same as above except set the following value for the controller role: + + OS::TripleO::Controller::Net::SoftwareConfig: network/config/single-nic-vlans/controller-no-external.yaml diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml new file mode 100644 index 00000000..faf9e9c2 --- /dev/null +++ b/network/config/single-nic-vlans/controller-no-external.yaml @@ -0,0 +1,99 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config to configure VLANs for the + controller role. No external IP is configured. + +parameters: + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: ovs_bridge + name: {get_input: bridge_name} + use_dhcp: true + members: + - + type: interface + name: nic1 + # force the MAC address of the bridge to this interface + primary: true + - + type: vlan + vlan_id: {get_param: InternalApiNetworkVlanID} + addresses: + - + ip_netmask: {get_param: InternalApiIpSubnet} + - + type: vlan + vlan_id: {get_param: StorageNetworkVlanID} + addresses: + - + ip_netmask: {get_param: StorageIpSubnet} + - + type: vlan + vlan_id: {get_param: StorageMgmtNetworkVlanID} + addresses: + - + ip_netmask: {get_param: StorageMgmtIpSubnet} + - + type: vlan + vlan_id: {get_param: TenantNetworkVlanID} + addresses: + - + ip_netmask: {get_param: TenantIpSubnet} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/endpoints/endpoint.yaml b/network/endpoints/endpoint.yaml new file mode 100644 index 00000000..6246cfdd --- /dev/null +++ b/network/endpoints/endpoint.yaml @@ -0,0 +1,60 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack Endpoint + +parameters: + EndpointName: + type: string + description: The name of the Endpoint being evaluated + EndpointMap: + type: json + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + IP: + type: string + description: The IP address of the Neutron Port that the endpoint is attached to + UriSuffix: + type: string + default: '' + description: A suffix attached to the URL + CloudName: + type: string + default: '' + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + +outputs: + endpoint: + description: > + A Hash containing a mapping of service endpoints to ports, protocols, uris + assigned IPs, and hostnames for a specific endpoint + value: + port: {get_param: [EndpointMap, {get_param: EndpointName }, port] } + protocol: {get_param: [EndpointMap, {get_param: EndpointName }, protocol] } + ip: {get_param: IP} + host: + str_replace: + template: {get_param: [EndpointMap, {get_param: EndpointName }, host]} + params: {IP_ADDRESS: {get_param: IP}, CLOUDNAME: {get_param: CloudName}} + uri: + list_join: + - '' + - - {get_param: [EndpointMap, {get_param: EndpointName }, protocol] } + - '://' + - str_replace: + template: {get_param: [EndpointMap, {get_param: EndpointName }, host]} + params: {IP_ADDRESS: {get_param: IP}, CLOUDNAME: {get_param: CloudName }} + - ':' + - {get_param: [EndpointMap, {get_param: EndpointName }, port] } + - {get_param: UriSuffix } + uri_no_suffix: + list_join: + - '' + - - {get_param: [EndpointMap, {get_param: EndpointName }, protocol] } + - '://' + - str_replace: + template: {get_param: [EndpointMap, {get_param: EndpointName }, host]} + params: {IP_ADDRESS: {get_param: IP}, CLOUDNAME: {get_param: CloudName} } + - ':' + - {get_param: [EndpointMap, {get_param: EndpointName }, port] } diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml new file mode 100644 index 00000000..05214011 --- /dev/null +++ b/network/endpoints/endpoint_map.yaml @@ -0,0 +1,450 @@ +heat_template_version: 2015-04-30 + +description: > + A Map of OpenStack Endpoints + +parameters: + CeilometerApiVirtualIP: + type: string + default: '' + CinderApiVirtualIP: + type: string + default: '' + GlanceApiVirtualIP: + type: string + default: '' + GlanceRegistryVirtualIP: + type: string + default: '' + HeatApiVirtualIP: + type: string + default: '' + KeystoneAdminApiVirtualIP: + type: string + default: '' + KeystonePublicApiVirtualIP: + type: string + default: '' + MysqlVirtualIP: + type: string + default: '' + NeutronApiVirtualIP: + type: string + default: '' + NovaApiVirtualIP: + type: string + default: '' + PublicVirtualIP: + type: string + default: '' + SwiftProxyVirtualIP: + type: string + default: '' + EndpointMap: + type: json + default: + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceRegistryAdmin: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + GlanceRegistryPublic: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HorizonPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaEC2Admin: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} + NovaEC2Internal: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} + NovaEC2Public: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + CloudName: + type: string + default: '' + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + +resources: + + CeilometerInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: CeilometerInternal + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: CeilometerApiVirtualIP} + CeilometerPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: CeilometerPublic + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: PublicVirtualIP} + CeilometerAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: CeilometerAdmin + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: CeilometerApiVirtualIP} + + CinderInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderInternal + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: CinderApiVirtualIP} + UriSuffix: '/v1/%(tenant_id)s' + CinderPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderPublic + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: PublicVirtualIP} + UriSuffix: '/v1/%(tenant_id)s' + CinderAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderAdmin + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: CinderApiVirtualIP} + UriSuffix: '/v1/%(tenant_id)s' + + CinderV2Internal: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderInternal + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: CinderApiVirtualIP} + UriSuffix: '/v2/%(tenant_id)s' + CinderV2Public: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderPublic + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: PublicVirtualIP} + UriSuffix: '/v2/%(tenant_id)s' + CinderV2Admin: + type: OS::TripleO::Endpoint + properties: + EndpointName: CinderAdmin + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: CinderApiVirtualIP} + UriSuffix: '/v2/%(tenant_id)s' + + GlanceInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlanceInternal + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: GlanceApiVirtualIP} + GlancePublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlancePublic + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: PublicVirtualIP} + GlanceAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlanceAdmin + EndpointMap: { get_param: EndpointMap } + CloudName: {get_param: CloudName} + IP: {get_param: GlanceApiVirtualIP} + GlanceRegistryInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlanceInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: GlanceRegistryVirtualIP} + GlanceRegistryPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlancePublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + GlanceRegistryAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: GlanceAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: GlanceRegistryVirtualIP} + + HeatInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: HeatInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: HeatApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v1/%(tenant_id)s' + HeatPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: HeatPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v1/%(tenant_id)s' + HeatAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: HeatAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: HeatApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v1/%(tenant_id)s' + + HorizonPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: HeatPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/dashboard' + + KeystoneInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: KeystoneInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: KeystonePublicApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v2.0' + KeystonePublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: KeystonePublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v2.0' + KeystoneAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: KeystoneAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: KeystoneAdminApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v2.0' + KeystoneEC2: + type: OS::TripleO::Endpoint + properties: + EndpointName: KeystoneInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: KeystonePublicApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v2.0/ec2tokens' + + NeutronInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: NeutronInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NeutronApiVirtualIP} + CloudName: {get_param: CloudName} + NeutronPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: NeutronPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + NeutronAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: NeutronAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NeutronApiVirtualIP} + CloudName: {get_param: CloudName} + + NovaInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v2/%(tenant_id)s' + NovaPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v2/%(tenant_id)s' + NovaAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v2/%(tenant_id)s' + NovaV3Internal: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v3' + NovaV3Public: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v3' + NovaV3Admin: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v3' + + NovaEC2Internal: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaEC2Internal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/services/Cloud' + NovaEC2Public: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaEC2Public + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/services/Cloud' + NovaEC2Admin: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaEC2Admin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/services/Admin' + + SwiftInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: SwiftProxyVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v1/AUTH_%(tenant_id)s' + SwiftPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + UriSuffix: '/v1/AUTH_%(tenant_id)s' + SwiftAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: SwiftProxyVirtualIP} + CloudName: {get_param: CloudName} + # No Suffix for the Admin interface + SwiftS3Internal: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: SwiftProxyVirtualIP} + CloudName: {get_param: CloudName} + SwiftS3Public: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + SwiftS3Admin: + type: OS::TripleO::Endpoint + properties: + EndpointName: SwiftAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: SwiftProxyVirtualIP} + CloudName: {get_param: CloudName} + +outputs: + endpoint_map: + value: + CeilometerInternal: {get_attr: [ CeilometerInternal, endpoint] } + CeilometerPublic: {get_attr: [ CeilometerPublic, endpoint] } + CeilometerAdmin: {get_attr: [ CeilometerAdmin, endpoint] } + CinderInternal: {get_attr: [ CinderInternal, endpoint] } + CinderPublic: {get_attr: [ CinderPublic, endpoint] } + CinderAdmin: {get_attr: [ CinderAdmin, endpoint] } + CinderV2Internal: {get_attr: [ CinderV2Internal, endpoint] } + CinderV2Public: {get_attr: [ CinderV2Public, endpoint] } + CinderV2Admin: {get_attr: [ CinderV2Admin, endpoint] } + GlanceInternal: {get_attr: [ GlanceInternal, endpoint] } + GlancePublic: {get_attr: [ GlancePublic, endpoint] } + GlanceAdmin: {get_attr: [ GlanceAdmin, endpoint] } + GlanceRegistryInternal: {get_attr: [ GlanceRegistryInternal, endpoint] } + GlanceRegistryPublic: {get_attr: [ GlanceRegistryPublic, endpoint] } + GlanceRegistryAdmin: {get_attr: [ GlanceRegistryAdmin, endpoint] } + HeatInternal: {get_attr: [ HeatInternal, endpoint] } + HeatPublic: {get_attr: [ HeatPublic, endpoint] } + HeatAdmin: {get_attr: [ HeatAdmin, endpoint] } + HorizonPublic: {get_attr: [ HorizonPublic, endpoint] } + KeystoneInternal: {get_attr: [ KeystoneInternal, endpoint] } + KeystonePublic: {get_attr: [ KeystonePublic, endpoint] } + KeystoneAdmin: {get_attr: [ KeystoneAdmin, endpoint] } + KeystoneEC2: {get_attr: [ KeystoneEC2, endpoint] } + NeutronInternal: {get_attr: [ NeutronInternal, endpoint] } + NeutronPublic: {get_attr: [ NeutronPublic, endpoint] } + NeutronAdmin: {get_attr: [ NeutronAdmin, endpoint] } + NovaInternal: {get_attr: [ NovaInternal, endpoint] } + NovaPublic: {get_attr: [ NovaPublic, endpoint] } + NovaAdmin: {get_attr: [ NovaAdmin, endpoint] } + NovaV3Internal: {get_attr: [ NovaV3Internal, endpoint] } + NovaV3Public: {get_attr: [ NovaV3Public, endpoint] } + NovaV3Admin: {get_attr: [ NovaV3Admin, endpoint] } + NovaEC2Internal: {get_attr: [ NovaEC2Internal, endpoint] } + NovaEC2Public: {get_attr: [ NovaEC2Public, endpoint] } + NovaEC2Admin: {get_attr: [ NovaEC2Admin, endpoint] } + SwiftInternal: {get_attr: [ SwiftInternal, endpoint] } + SwiftPublic: {get_attr: [ SwiftPublic, endpoint] } + SwiftAdmin: {get_attr: [ SwiftAdmin, endpoint] } + SwiftS3Internal: {get_attr: [ SwiftS3Internal, endpoint] } + SwiftS3Public: {get_attr: [ SwiftS3Public, endpoint] } + SwiftS3Admin: {get_attr: [ SwiftS3Admin, endpoint] } diff --git a/network/ports/ctlplane_vip.yaml b/network/ports/ctlplane_vip.yaml index 0d2945bc..3e949f41 100644 --- a/network/ports/ctlplane_vip.yaml +++ b/network/ports/ctlplane_vip.yaml @@ -15,6 +15,7 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string ControlPlaneNetwork: description: The name of the undercloud Neutron control plane diff --git a/network/ports/external.yaml b/network/ports/external.yaml index 63e3eeb3..1e2fff68 100644 --- a/network/ports/external.yaml +++ b/network/ports/external.yaml @@ -15,6 +15,7 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml description: The name of the undercloud Neutron control plane diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml index da1b1856..d528b327 100644 --- a/network/ports/internal_api.yaml +++ b/network/ports/internal_api.yaml @@ -14,7 +14,14 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json resources: @@ -23,6 +30,7 @@ resources: properties: network: {get_param: InternalApiNetName} name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} replacement_policy: AUTO outputs: diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml new file mode 100644 index 00000000..36426b32 --- /dev/null +++ b/network/ports/net_vip_map_external.yaml @@ -0,0 +1,50 @@ +heat_template_version: 2015-04-30 + +parameters: + # Set these via parameter defaults to configure external VIPs + ControlNetworkVip: + default: '' + type: string + ExternalNetworkVip: + default: '' + type: string + InternalApiNetworkVip: + default: '' + type: string + StorageNetworkVip: + default: '' + type: string + StorageMgmtNetworkVip: + default: '' + type: string + # The following are unused in this template + ControlPlaneIp: + default: '' + type: string + ExternalIp: + default: '' + type: string + InternalApiIp: + default: '' + type: string + StorageIp: + default: '' + type: string + StorageMgmtIp: + default: '' + type: string + TenantIp: + default: '' + type: string + +outputs: + net_ip_map: + description: > + A Hash containing a mapping of network names to assigned IPs + for a specific machine. + value: + ctlplane: {get_param: ControlNetworkVip} + external: {get_param: ExternalNetworkVip} + internal_api: {get_param: InternalApiNetworkVip} + storage: {get_param: StorageNetworkVip} + storage_mgmt: {get_param: StorageMgmtNetworkVip} diff --git a/network/ports/storage.yaml b/network/ports/storage.yaml index ecb20b8f..88fb537c 100644 --- a/network/ports/storage.yaml +++ b/network/ports/storage.yaml @@ -14,7 +14,14 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json resources: @@ -23,6 +30,7 @@ resources: properties: network: {get_param: StorageNetName} name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} replacement_policy: AUTO outputs: @@ -39,4 +47,3 @@ outputs: - '/' - {get_attr: [StoragePort, subnets, 0, cidr, -2]} - {get_attr: [StoragePort, subnets, 0, cidr, -1]} - diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml index 2ab39f21..c98a21ef 100644 --- a/network/ports/storage_mgmt.yaml +++ b/network/ports/storage_mgmt.yaml @@ -14,7 +14,14 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json resources: @@ -23,6 +30,7 @@ resources: properties: network: {get_param: StorageMgmtNetName} name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} replacement_policy: AUTO outputs: diff --git a/network/ports/tenant.yaml b/network/ports/tenant.yaml index aae12d46..94408ca2 100644 --- a/network/ports/tenant.yaml +++ b/network/ports/tenant.yaml @@ -14,7 +14,14 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json resources: @@ -23,6 +30,7 @@ resources: properties: network: {get_param: TenantNetName} name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} replacement_policy: AUTO outputs: diff --git a/network/ports/vip.yaml b/network/ports/vip.yaml index 299579dc..56efc178 100644 --- a/network/ports/vip.yaml +++ b/network/ports/vip.yaml @@ -15,6 +15,7 @@ parameters: type: string ControlPlaneIP: # Here for compatability with noop.yaml description: IP address on the control plane + default: '' type: string ControlPlaneNetwork: description: The name of the undercloud Neutron control plane diff --git a/os-apply-config/all-nodes-config.yaml b/os-apply-config/all-nodes-config.yaml deleted file mode 100644 index 3f0bd61c..00000000 --- a/os-apply-config/all-nodes-config.yaml +++ /dev/null @@ -1,93 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'All Nodes Config' - -parameters: - compute_hosts: - type: comma_delimited_list - controller_hosts: - type: comma_delimited_list - controller_ips: - type: comma_delimited_list - block_storage_hosts: - type: comma_delimited_list - object_storage_hosts: - type: comma_delimited_list - ceph_storage_hosts: - type: comma_delimited_list - controller_names: - type: comma_delimited_list - rabbit_node_ips: - type: comma_delimited_list - mongo_node_ips: - type: comma_delimited_list - redis_node_ips: - type: comma_delimited_list - memcache_node_ips: - type: comma_delimited_list - mysql_node_ips: - type: comma_delimited_list - horizon_node_ips: - type: comma_delimited_list - heat_api_node_ips: - type: comma_delimited_list - swift_proxy_node_ips: - type: comma_delimited_list - ceilometer_api_node_ips: - type: comma_delimited_list - nova_api_node_ips: - type: comma_delimited_list - nova_metadata_node_ips: - type: comma_delimited_list - glance_api_node_ips: - type: comma_delimited_list - glance_registry_node_ips: - type: comma_delimited_list - cinder_api_node_ips: - type: comma_delimited_list - neutron_api_node_ips: - type: comma_delimited_list - keystone_public_api_node_ips: - type: comma_delimited_list - keystone_admin_api_node_ips: - type: comma_delimited_list - -resources: - - allNodesConfigImpl: - type: OS::Heat::StructuredConfig - properties: - config: - completion-signal: {get_input: deploy_signal_id} - hosts: - list_join: - - "\n" - - - list_join: - - "\n" - - {get_param: compute_hosts} - - list_join: - - "\n" - - {get_param: controller_hosts} - - list_join: - - "\n" - - {get_param: block_storage_hosts} - - list_join: - - "\n" - - {get_param: object_storage_hosts} - - list_join: - - "\n" - - {get_param: ceph_storage_hosts} - rabbit: - nodes: - list_join: - - ',' - - {get_param: controller_names} - sysctl: - net.ipv4.tcp_keepalive_time: 5 - net.ipv4.tcp_keepalive_probes: 5 - net.ipv4.tcp_keepalive_intvl: 1 - -outputs: - config_id: - description: The ID of the allNodesConfigImpl resource. - value: - {get_resource: allNodesConfigImpl} diff --git a/os-apply-config/ceph-cluster-config.yaml b/os-apply-config/ceph-cluster-config.yaml deleted file mode 100644 index c3cf8e8a..00000000 --- a/os-apply-config/ceph-cluster-config.yaml +++ /dev/null @@ -1,57 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Ceph Cluster config data' - -parameters: - ceph_storage_count: - default: 0 - type: number - description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. - ceph_external_mon_ips: - default: '' - type: string - description: List of external Ceph Mon host IPs. - ceph_client_key: - default: '' - type: string - description: Ceph key used to create the 'openstack' user keyring. - ceph_fsid: - default: '' - type: string - ceph_admin_key: - default: '' - type: string - ceph_mon_key: - default: '' - type: string - ceph_mon_names: - type: comma_delimited_list - ceph_mon_ips: - type: comma_delimited_list - -resources: - CephClusterConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - ceph_cluster: - mon_initial_members: - list_join: - - ',' - - {get_param: ceph_mon_names} - mon_host: - list_join: - - ',' - - {get_param: ceph_mon_ips} - fsid: {get_param: ceph_fsid} - admin_key: {get_param: ceph_admin_key} - mon_key: {get_param: ceph_mon_key} - # We would need a dedicated key for OSD bootstrap - bootstrap_osd_key: {get_param: ceph_mon_key} - osds: '{"/srv/data": {}}' - -outputs: - config_id: - description: The ID of the CephClusterConfigImpl resource. - value: - {get_resource: CephClusterConfigImpl} diff --git a/os-apply-config/ceph-storage-post.yaml b/os-apply-config/ceph-storage-post.yaml deleted file mode 100644 index 734f90bd..00000000 --- a/os-apply-config/ceph-storage-post.yaml +++ /dev/null @@ -1,21 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Ceph Storage Post Deployment' -# NOTE: this is a noop for os-apply-config style deployments because -# post deployment ordering is controlled by tripleo-image-elements - -parameters: - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - -resources: - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} - diff --git a/os-apply-config/ceph-storage.yaml b/os-apply-config/ceph-storage.yaml deleted file mode 100644 index fc321d88..00000000 --- a/os-apply-config/ceph-storage.yaml +++ /dev/null @@ -1,172 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Common Ceph Storage Configuration' -parameters: - Image: - type: string - default: overcloud-ceph-storage - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - Flavor: - default: baremetal - description: Flavor for block storage nodes to request when deploying. - type: string - CephClusterFSID: - default: '' - type: string - description: The Ceph cluster FSID. Must be a UUID. - CephMonKey: - default: '' - description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. - type: string - hidden: true - CephAdminKey: - default: '' - description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. - type: string - hidden: true - CephMonitors: - default: '' - description: The list of ip/names to use as Ceph monitors - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. Note - that CephStorageExtraConfig takes precedence over ExtraConfig. - type: json - CephStorageExtraConfig: - default: {} - description: | - Role specific additional configuration to inject into the cluster. - type: json - - -resources: - CephStorage: - type: OS::Nova::Server - properties: - image: - {get_param: Image} - flavor: {get_param: OvercloudCephStorageFlavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} - name: {get_param: Hostname} - - NodeUserData: - type: OS::TripleO::NodeUserData - - StoragePort: - type: OS::TripleO::CephStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::CephStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - - NetworkConfig: - type: OS::TripleO::CephStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - config: {get_resource: NetworkConfig} - server: {get_resource: CephStorage} - - CephStorageDeployment: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: CephStorage} - config: {get_resource: CephStorageConfig} - signal_transport: NO_SIGNAL - CephStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - ceph: - fsid: {get_param: CephClusterFSID} - keyrings: - admin: - key: {get_param: CephAdminKey} - mon_nodes: {get_param: CephMonitors} - ControllerCephDeployment: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: Controller} - config: {get_resource: ControllerCephConfig} - signal_transport: NO_SIGNAL - ControllerCephConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - cinder: - include_ceph_backend: true - ceph: - fsid: {get_param: CephClusterFSID} - keyrings: - mon: - key: {get_param: CephMonKey} - admin: - key: {get_param: CephAdminKey} - mon_nodes: {get_param: CephMonitors} - NovaComputeCephDeployment: - depends_on: [ControllerCephDeployment] - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: NovaCompute} - config: {get_resource: NovaComputeCephConfig} - signal_transport: NO_SIGNAL - NovaComputeCephConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - ceph: - fsid: {get_param: CephClusterFSID} - keyrings: - admin: - key: {get_param: CephAdminKey} - mon_nodes: {get_param: CephMonitors} -outputs: - hosts_entry: - value: - str_replace: - template: "IP HOST" - params: - IP: {get_attr: [CephStorage, networks, ctlplane, 0]} - HOST: {get_attr: [CephStorage, name]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: "None - NO_SIGNAL" diff --git a/os-apply-config/cinder-storage-post.yaml b/os-apply-config/cinder-storage-post.yaml deleted file mode 100644 index ad4e0460..00000000 --- a/os-apply-config/cinder-storage-post.yaml +++ /dev/null @@ -1,21 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Common Block Storage Post Deployment' -# NOTE: this is a noop for os-apply-config style deployments because -# post deployment ordering is controlled by tripleo-image-elements - -parameters: - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - -resources: - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} - diff --git a/os-apply-config/cinder-storage.yaml b/os-apply-config/cinder-storage.yaml deleted file mode 100644 index 7f1164c4..00000000 --- a/os-apply-config/cinder-storage.yaml +++ /dev/null @@ -1,234 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Common Block Storage Configuration' -parameters: - Image: - default: overcloud-cinder-volume - type: string - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderISCSIHelper: - default: tgtadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 5000 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderPassword: - default: unset - description: The password for the cinder service and db account, used by cinder-api. - type: string - hidden: true - VirtualIP: - default: '' - type: string - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - BlockStorageExtraConfig: - default: {} - description: | - Role specific additional configuration to inject into the cluster. - type: json - Flavor: - description: Flavor for block storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - RabbitPassword: - default: 'guest' - type: string - hidden: true - RabbitUserName: - default: 'guest' - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - GlanceApiVirtualIP: - type: string - default: '' - MysqlVirtualIP: - type: string - default: '' - -resources: - BlockStorage: - type: OS::Nova::Server - properties: - image: - {get_param: Image} - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} - name: {get_param: Hostname} - - NodeUserData: - type: OS::TripleO::NodeUserData - - InternalApiPort: - type: OS::TripleO::BlockStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::BlockStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - - NetworkConfig: - type: OS::TripleO::BlockStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - config: {get_resource: NetworkConfig} - server: {get_resource: BlockStorage} - - BlockStorageDeployment: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: BlockStorage} - config: {get_resource: BlockStorageConfig} - input_values: - controller_virtual_ip: {get_param: VirtualIP} - cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - signal_transport: NO_SIGNAL - BlockStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - keystone: - host: {get_input: controller_virtual_ip} - cinder: - db: {get_input: cinder_dsn} - volume_size_mb: - get_param: CinderLVMLoopDeviceSize - iscsi-helper: - get_param: CinderISCSIHelper - snmpd: - export_MIB: UCD-SNMP-MIB - readonly_user_name: {get_input: snmpd_readonly_user_name} - readonly_user_password: {get_input: snmpd_readonly_user_password} - rabbit: - host: {get_input: controller_virtual_ip} - username: {get_param: RabbitUserName} - password: {get_param: RabbitPassword} - glance: - host: {get_input: controller_virtual_ip} - port: {get_param: GlancePort} -outputs: - hosts_entry: - value: - str_replace: - template: "IP HOST" - params: - IP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - HOST: {get_attr: [BlockStorage, name]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: "None - NO_SIGNAL" diff --git a/os-apply-config/compute-post.yaml b/os-apply-config/compute-post.yaml deleted file mode 100644 index 695690d4..00000000 --- a/os-apply-config/compute-post.yaml +++ /dev/null @@ -1,22 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Compute Post Deployment' -# NOTE: this is a noop for os-apply-config style deployments because -# post deployment ordering is controlled by tripleo-image-elements - -parameters: - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - -resources: - - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} - diff --git a/os-apply-config/compute.yaml b/os-apply-config/compute.yaml deleted file mode 100644 index ee55c587..00000000 --- a/os-apply-config/compute.yaml +++ /dev/null @@ -1,562 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - OpenStack hypervisor node. Can be wrapped in a ResourceGroup for scaling. - -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - Flavor: - description: Flavor for the nova compute node - type: string - constraints: - - custom_constraint: nova.flavor - GlanceHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - Image: - type: string - default: overcloud-compute - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - KeystoneAdminApiVirtualIP: - type: string - default: '' - KeystonePublicApiVirtualIP: - type: string - default: '' - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: string - default: "datacentre:br-ex" - NeutronEnableTunnelling: - type: string - default: "True" - NeutronFlatNetworks: - type: string - default: 'datacentre' - description: > - If set, flat networks to configure in neutron plugins. - NeutronHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - NeutronNetworkType: - type: string - description: The tenant network type for Neutron, either gre or vxlan. - default: 'vxlan' - NeutronNetworkVLANRanges: - default: 'datacentre' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list - NeutronPassword: - default: unset - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - NeutronPhysicalBridge: - default: '' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: nic1 - description: A port to add to the NeutronPhysicalBridge. - type: string - NeutronTunnelTypes: - type: string - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - default: 'vxlan' - NeutronTunnelIdRanges: - description: | - Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:1000", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:1000", ] - type: comma_delimited_list - NeutronPublicInterfaceRawDevice: - default: '' - type: string - NeutronDVR: - default: 'False' - type: string - NeutronMetadataProxySharedSecret: - default: 'unset' - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronCorePlugin: - default: "ml2" - description: | - The core plugin for Neutron. The value should be the entrypoint to be loaded - from neutron.core_plugins namespace. - type: string - NeutronServicePlugins: - default: "router" - description: | - Comma-separated list of service plugin entrypoints to be loaded from the - neutron.service_plugins namespace. - type: comma_delimited_list - NeutronTypeDrivers: - default: "vxlan,vlan,flat,gre" - description: | - Comma-separated list of network type driver entrypoints to be loaded. - type: comma_delimited_list - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - # Not relevant for Computes, should be removed - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - # Not relevant for Computes, should be removed - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NovaApiHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - NovaComputeDriver: - type: string - default: libvirt.LibvirtDriver - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeLibvirtType: - type: string - default: '' - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NovaPublicIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - NtpServer: - type: string - default: '' - RabbitHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - -resources: - - NovaCompute: - type: OS::Nova::Server - properties: - image: - {get_param: Image} - image_update_policy: - get_param: ImageUpdatePolicy - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} - name: {get_param: Hostname} - - NodeUserData: - type: OS::TripleO::NodeUserData - - InternalApiPort: - type: OS::TripleO::Compute::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::Compute::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - - TenantPort: - type: OS::TripleO::Compute::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - - NetworkConfig: - type: OS::TripleO::Compute::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_resource: NetworkConfig} - server: {get_resource: NovaCompute} - input_values: - bridge_name: {get_param: NeutronPhysicalBridge} - interface_name: {get_param: NeutronPublicInterface} - - NovaComputeConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - nova: - compute_driver: { get_input: nova_compute_driver } - compute_libvirt_type: { get_input: nova_compute_libvirt_type } - debug: {get_input: debug} - host: {get_input: nova_api_host} - public_ip: {get_input: nova_public_ip} - service-password: {get_input: nova_password} - ceilometer: - debug: {get_input: debug} - metering_secret: {get_input: ceilometer_metering_secret} - service-password: {get_input: ceilometer_password} - compute_agent: {get_input: ceilometer_compute_agent} - snmpd: - export_MIB: UCD-SNMP-MIB - readonly_user_name: {get_input: snmpd_readonly_user_name} - readonly_user_password: {get_input: snmpd_readonly_user_password} - glance: - debug: {get_input: debug} - host: {get_input: glance_host} - port: {get_input: glance_port} - protocol: {get_input: glance_protocol} - keystone: - debug: {get_input: debug} - host: {get_input: keystone_host} - neutron: - debug: {get_input: debug} - flat-networks: {get_input: neutron_flat_networks} - host: {get_input: neutron_host} - router_distributed: {get_input: neutron_router_distributed} - agent_mode: {get_input: neutron_agent_mode} - ovs_db: {get_input: neutron_dsn} - metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - core_plugin: {get_input: neutron_core_plugin} - service_plugins: {get_input: neutron_service_plugins} - type_drivers: {get_input: neutron_type_drivers} - mechanism_drivers: {get_input: neutron_mechanism_drivers} - allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} - l3_ha: {get_input: neutron_l3_ha} - ovs: - local_ip: {get_input: neutron_local_ip} - tenant_network_type: {get_input: neutron_tenant_network_type} - tunnel_types: {get_input: neutron_tunnel_types} - network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} - vni_ranges: {get_input: neutron_vni_ranges} - bridge_mappings: {get_input: neutron_bridge_mappings} - enable_tunneling: {get_input: neutron_enable_tunneling} - physical_bridge: {get_input: neutron_physical_bridge} - public_interface: {get_input: neutron_public_interface} - public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - service-password: {get_input: neutron_password} - admin-password: {get_input: admin_password} - rabbit: - host: {get_input: rabbit_host} - username: {get_input: rabbit_username} - password: {get_input: rabbit_password} - ntp: - servers: - - {server: {get_input: ntp_server}} - - NovaComputeDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_resource: NovaComputeConfig} - server: {get_resource: NovaCompute} - input_values: - debug: {get_param: Debug} - nova_compute_driver: {get_param: NovaComputeDriver} - nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} - nova_public_ip: {get_param: NovaPublicIP} - nova_api_host: {get_param: NovaApiHost} - nova_password: {get_param: NovaPassword} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_compute_agent: {get_param: CeilometerComputeAgent} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - glance_host: {get_param: GlanceHost} - glance_port: {get_param: GlancePort} - glance_protocol: {get_param: GlanceProtocol} - keystone_host: {get_param: KeystonePublicApiVirtualIP} - neutron_flat_networks: {get_param: NeutronFlatNetworks} - neutron_host: {get_param: NeutronHost} - neutron_local_ip: {get_attr: [NovaCompute, networks, ctlplane, 0]} - neutron_tenant_network_type: {get_param: NeutronNetworkType} - neutron_tunnel_types: {get_param: NeutronTunnelTypes} - neutron_tunnel_id_ranges: - str_replace: - template: "['RANGES']" - params: - RANGES: - list_join: - - "','" - - {get_param: NeutronTunnelIdRanges} - neutron_vni_ranges: - str_replace: - template: "['RANGES']" - params: - RANGES: - list_join: - - "','" - - {get_param: NeutronVniRanges} - neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: {get_param: NeutronBridgeMappings} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - neutron_physical_bridge: {get_param: NeutronPhysicalBridge} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_password: {get_param: NeutronPassword} - neutron_agent_mode: {get_param: NeutronAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_core_plugin: {get_param: NeutronCorePlugin} - neutron_service_plugins: - str_replace: - template: "['PLUGINS']" - params: - PLUGINS: - list_join: - - "','" - - {get_param: NeutronServicePlugins} - neutron_type_drivers: - str_replace: - template: "['DRIVERS']" - params: - DRIVERS: - list_join: - - "','" - - {get_param: NeutronTypeDrivers} - neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} - neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron_l3_ha: {get_param: NeutronL3HA} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - admin_password: {get_param: AdminPassword} - rabbit_host: {get_param: RabbitHost} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - ntp_server: {get_param: NtpServer} - - NovaComputePassthrough: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config} - - NovaComputePassthroughSpecific: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config_specific} - - NovaComputePassthroughDeployment: - depends_on: [NovaComputeDeployment] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: NovaComputePassthrough} - server: {get_resource: NovaCompute} - signal_transport: NO_SIGNAL - input_values: - passthrough_config: {get_param: ExtraConfig} - - NovaComputePassthroughDeploymentSpecific: - depends_on: [NovaComputePassthroughDeployment] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: NovaComputePassthroughSpecific} - server: {get_resource: NovaCompute} - signal_transport: NO_SIGNAL - input_values: - passthrough_config_specific: {get_param: NovaComputeExtraConfig} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [NovaCompute, networks, ctlplane, 0]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - hostname: - description: Hostname of the server - value: {get_attr: [NovaCompute, name]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: "IP HOST" - params: - IP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - HOST: {get_attr: [NovaCompute, name]} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: NovaCompute} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: "None - NO_SIGNAL" diff --git a/os-apply-config/controller-post.yaml b/os-apply-config/controller-post.yaml deleted file mode 100644 index aac96357..00000000 --- a/os-apply-config/controller-post.yaml +++ /dev/null @@ -1,20 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Controller Post Deployment' -# NOTE: this is a noop for os-apply-config style deployments because -# post deployment ordering is controlled by tripleo-image-elements - -parameters: - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - -resources: - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} diff --git a/os-apply-config/controller.yaml b/os-apply-config/controller.yaml deleted file mode 100644 index f289d9b5..00000000 --- a/os-apply-config/controller.yaml +++ /dev/null @@ -1,1213 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling. - -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AdminToken: - default: unset - description: The keystone auth secret and db password. - type: string - hidden: true - CeilometerBackend: - default: 'mongodb' - description: The ceilometer backend type. - type: string - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service and db account. - type: string - hidden: true - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - CinderISCSIHelper: - default: tgtadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 5000 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderNfsMountOptions: - default: '' - description: > - Mount options for NFS mounts used by Cinder NFS backend. Effective - when CinderEnableNfsBackend is true. - type: string - CinderNfsServers: - default: '' - description: > - NFS servers used by Cinder NFS backend. Effective when - CinderEnableNfsBackend is true. - type: comma_delimited_list - CinderPassword: - default: unset - description: The password for the cinder service and db account, used by cinder-api. - type: string - hidden: true - CloudName: - default: '' - description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org - type: string - ControllerExtraConfig: - default: {} - description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - EnableFencing: - default: false - description: Whether to enable fencing in Pacemaker or not. - type: boolean - EnableGalera: - default: true - description: Whether to use Galera instead of regular MariaDB. - type: boolean - EnableCephStorage: - default: false - description: Whether to deploy Ceph Storage (OSD) on the Controller - type: boolean - EnableSwiftStorage: - default: true - description: Whether to enable Swift Storage on the Controller - type: boolean - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "compute_manager", - "value": "ironic.nova.compute.manager.ClusterComputeManager" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - FencingConfig: - default: {} - description: | - Pacemaker fencing configuration. The JSON should have - the following structure: - { - "devices": [ - { - "agent": "AGENT_NAME", - "host_mac": "HOST_MAC_ADDRESS", - "params": {"PARAM_NAME": "PARAM_VALUE"} - } - ] - } - For instance: - { - "devices": [ - { - "agent": "fence_xvm", - "host_mac": "52:54:00:aa:bb:cc", - "params": { - "multicast_address": "225.0.0.12", - "port": "baremetal_0", - "manage_fw": true, - "manage_key_file": true, - "key_file": "/etc/fence_xvm.key", - "key_file_password": "abcdef" - } - } - ] - } - type: json - Flavor: - description: Flavor for control nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlancePassword: - default: unset - description: The password for the glance service and db account, used by the glance services. - type: string - hidden: true - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] - HeatPassword: - default: unset - description: The password for the Heat service and db account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. - type: string - default: '' - hidden: true - HeatAuthEncryptionKey: - description: Auth encryption key for heat-engine - type: string - hidden: true - HorizonSecret: - description: Secret key for Django - type: string - hidden: true - Image: - type: string - default: overcloud-control - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneNotificationDriver: - description: Comma-separated list of Oslo notification drivers used by Keystone - default: ['messaging'] - type: comma_delimited_list - KeystoneNotificationFormat: - description: The Keystone notification format - default: 'basic' - type: string - constraints: - - allowed_values: [ 'basic', 'cadf' ] - MysqlClusterUniquePart: - description: A unique identifier of the MySQL cluster the controller is in. - type: string - default: 'unset' # Has to be here because of the ignored empty value bug - # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 - # constraints: - # - length: {min: 4, max: 10} - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - MysqlMaxConnections: - description: Configures MySQL max_connections config setting - type: number - default: 4096 - MysqlRootPassword: - type: string - hidden: true - default: '' # Has to be here because of the ignored empty value bug - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: string - default: "datacentre:br-ex" - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,1400' - description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NeutronDVR: - default: 'False' - description: Whether to configure Neutron Distributed Virtual Routers - type: string - NeutronMetadataProxySharedSecret: - default: 'unset' - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronCorePlugin: - default: 'ml2' - description: | - The core plugin for Neutron. The value should be the entrypoint to be loaded - from neutron.core_plugins namespace. - type: string - NeutronServicePlugins: - default: "router" - description: | - Comma-separated list of service plugin entrypoints to be loaded from the - neutron.service_plugins namespace. - type: comma_delimited_list - NeutronTypeDrivers: - default: "vxlan,vlan,flat,gre" - description: | - Comma-separated list of network type driver entrypoints to be loaded. - type: comma_delimited_list - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronDhcpAgentsPerNetwork: - type: number - default: 3 - description: The number of neutron dhcp agents to schedule per network - NeutronEnableTunnelling: - type: string - default: "True" - NeutronFlatNetworks: - type: string - default: 'datacentre' - description: If set, flat networks to configure in neutron plugins. - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron, either gre or vxlan. - type: string - NeutronNetworkVLANRanges: - default: 'datacentre' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list - NeutronPassword: - default: unset - description: The password for the neutron service and db account, used by neutron agents. - type: string - hidden: true - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge for each control plane node, - and that port will be given the IP address returned by neutron from the - public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling - overcloud.yaml to include the deployment of VLAN ports to the control - plane. - type: string - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: A custom IP address to put onto the NeutronPublicInterface. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - type: string - NeutronTunnelIdRanges: - description: | - Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:1000", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:1000", ] - type: comma_delimited_list - NovaPassword: - default: unset - description: The password for the nova service and db account, used by nova-api. - type: string - hidden: true - MongoDbNoJournal: - default: false - description: Should MongoDb journaling be disabled - type: boolean - NtpServer: - type: string - default: '' - PcsdPassword: - type: string - description: The password for the 'pcsd' user. - hidden: true - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - PublicVirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - RabbitCookie: - type: string - default: '' # Has to be here because of the ignored empty value bug - hidden: true - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - RabbitFDLimit: - default: 16384 - description: Configures RabbitMQ FD limit - type: string - RedisVirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - SSLCACertificate: - default: '' - description: If set, the contents of an SSL certificate authority file. - type: string - SSLCertificate: - default: '' - description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. - type: string - hidden: true - SSLKey: - default: '' - description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. - type: string - hidden: true - SwiftHashSuffix: - default: unset - description: A random string to be used as a salt when hashing to determine mappings - in the ring. - hidden: true - type: string - SwiftMountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - SwiftMinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - SwiftPartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - SwiftPassword: - default: unset - description: The password for the swift service account, used by the swift proxy - services. - hidden: true - type: string - SwiftReplicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. - VirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - HeatApiVirtualIP: - type: string - default: '' - GlanceApiVirtualIP: - type: string - default: '' - MysqlVirtualIP: - type: string - default: '' - KeystoneAdminApiVirtualIP: - type: string - default: '' - KeystonePublicApiVirtualIP: - type: string - default: '' - NeutronApiVirtualIP: - type: string - default: '' - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - -resources: - - Controller: - type: OS::Nova::Server - properties: - image: {get_param: Image} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} - name: {get_param: Hostname} - - NodeUserData: - type: OS::TripleO::NodeUserData - - ExternalPort: - type: OS::TripleO::Controller::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - InternalApiPort: - type: OS::TripleO::Controller::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::Controller::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::Controller::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - TenantPort: - type: OS::TripleO::Controller::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - NetworkConfig: - type: OS::TripleO::Controller::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_resource: NetworkConfig} - server: {get_resource: Controller} - input_values: - bridge_name: br-ex - interface_name: {get_param: NeutronPublicInterface} - - ControllerPassthroughConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config} - - ControllerPassthroughConfigSpecific: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config_specific} - - ControllerConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - admin-password: {get_input: admin_password} - admin-token: {get_input: admin_token} - bootstack: - public_interface_ip: {get_input: neutron_public_interface_ip} - bootstrap_host: - nodeid: {get_input: bootstack_nodeid} - cinder: - db: {get_input: cinder_dsn} - debug: {get_input: debug} - volume_size_mb: {get_input: cinder_lvm_loop_device_size} - service-password: {get_input: cinder_password} - iscsi-helper: {get_input: CinderISCSIHelper} - controller-address: {get_input: controller_host} - corosync: - bindnetaddr: {get_input: controller_host} - mcastport: 5577 - pacemaker: - stonith_enabled : false - recheck_interval : 5 - quorum_policy : ignore - db-password: unset - glance: - registry: - host: {get_input: controller_virtual_ip} - backend: swift - db: {get_input: glance_dsn} - debug: {get_input: debug} - host: {get_input: controller_virtual_ip} - port: {get_input: glance_port} - protocol: {get_input: glance_protocol} - service-password: {get_input: glance_password} - swift-store-user: service:glance - swift-store-key: {get_input: glance_password} - notifier-strategy: {get_input: glance_notifier_strategy} - log-file: {get_input: glance_log_file} - heat: - admin_password: {get_input: heat_password} - admin_tenant_name: service - admin_user: heat - auth_encryption_key: {get_input: heat_auth_encryption_key} - db: {get_input: heat_dsn} - debug: {get_input: debug} - stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} - watch_server_url: {get_input: heat.watch_server_url} - metadata_server_url: {get_input: heat.metadata_server_url} - waitcondition_server_url: {get_input: heat.waitcondition_server_url} - keystone: - db: {get_input: keystone_dsn} - debug: {get_input: debug} - host: {get_input: controller_virtual_ip} - ca_certificate: {get_input: keystone_ca_certificate} - signing_key: {get_input: keystone_signing_key} - signing_certificate: {get_input: keystone_signing_certificate} - ssl: - certificate: {get_input: keystone_ssl_certificate} - certificate_key: {get_input: keystone_ssl_certificate_key} - mysql: - innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} - local_bind: true - root-password: {get_input: mysql_root_password} - cluster_name: {get_input: mysql_cluster_name} - neutron: - debug: {get_input: debug} - flat-networks: {get_input: neutron_flat_networks} - host: {get_input: controller_virtual_ip} - metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - agent_mode: {get_input: neutron_agent_mode} - router_distributed: {get_input: neutron_router_distributed} - core_plugin: {get_input: neutron_core_plugin} - service_plugins: {get_input: neutron_service_plugins} - type_drivers: {get_input: neutron_type_drivers} - mechanism_drivers: {get_input: neutron_mechanism_drivers} - allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} - l3_ha: {get_input: neutron_l3_ha} - dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network} - ovs: - enable_tunneling: {get_input: neutron_enable_tunneling} - local_ip: {get_input: controller_host} - network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - bridge_mappings: {get_input: neutron_bridge_mappings} - public_interface: {get_input: neutron_public_interface} - public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - public_interface_route: {get_input: neutron_public_interface_default_route} - public_interface_tag: {get_input: neutron_public_interface_tag} - physical_bridge: br-ex - tenant_network_type: {get_input: neutron_tenant_network_type} - tunnel_types: {get_input: neutron_tunnel_types} - tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} - vni_ranges: {get_input: neutron_vni_ranges} - ovs_db: {get_input: neutron_dsn} - service-password: {get_input: neutron_password} - dnsmasq-options: {get_input: neutron_dnsmasq_options} - ceilometer: - db: {get_input: ceilometer_dsn} - debug: {get_input: debug} - metering_secret: {get_input: ceilometer_metering_secret} - service-password: {get_input: ceilometer_password} - snmpd: - export_MIB: UCD-SNMP-MIB - readonly_user_name: {get_input: snmpd_readonly_user_name} - readonly_user_password: {get_input: snmpd_readonly_user_password} - nova: - compute_driver: libvirt.LibvirtDriver - db: {get_input: nova_dsn} - default_floating_pool: - ext-net - host: {get_input: controller_virtual_ip} - metadata-proxy: true - service-password: {get_input: nova_password} - mongodb: - nojournal: {get_input: mongodb_no_journal} - rabbit: - host: {get_input: controller_virtual_ip} - username: {get_input: rabbit_username} - password: {get_input: rabbit_password} - cookie: {get_input: rabbit_cookie} - rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl} - rabbit_port: {get_input: rabbit_client_port} - ntp: - servers: - - {server: {get_input: ntp_server}} - virtual_interfaces: - instances: - - vrrp_instance_name: VI_CONTROL - virtual_router_id: 51 - keepalive_interface: {get_input: control_virtual_interface} - priority: 101 - virtual_ips: - - ip: {get_input: controller_virtual_ip} - interface: {get_input: control_virtual_interface} - - vrrp_instance_name: VI_PUBLIC - virtual_router_id: 52 - keepalive_interface: {get_input: public_virtual_interface} - priority: 101 - virtual_ips: - - ip: {get_input: public_virtual_ip} - interface: {get_input: public_virtual_interface} - vrrp_sync_groups: - - name: VG1 - members: - - VI_CONTROL - - VI_PUBLIC - keepalived: - keepalive_interface: {get_input: public_virtual_interface} - priority: 101 - virtual_ips: - - - ip: {get_input: controller_virtual_ip} - interface: {get_input: control_virtual_interface} - - - ip: {get_input: public_virtual_ip} - interface: {get_input: public_virtual_interface} - haproxy: - net_binds: - - ip: {get_input: controller_virtual_ip} - options: - - option httpchk GET / - services: - - name: keystone_admin - port: 35357 - net_binds: &public_binds - - ip: {get_input: controller_virtual_ip} - - ip: {get_input: public_virtual_ip} - - name: keystone_public - port: 5000 - net_binds: *public_binds - - name: horizon - port: 80 - net_binds: *public_binds - - name: neutron - port: 9696 - net_binds: *public_binds - - name: cinder - port: 8776 - net_binds: *public_binds - - name: glance_api - port: 9292 - net_binds: *public_binds - - name: glance_registry - port: 9191 - net_binds: *public_binds - options: # overwrite options as glace_reg needs auth for http req - - name: heat_api - port: 8004 - net_binds: *public_binds - - name: heat_cloudwatch - port: 8003 - net_binds: *public_binds - - name: heat_cfn - port: 8000 - net_binds: *public_binds - - name: mysql - port: 3306 - extra_server_params: - - backup - options: - - timeout client 0 - - timeout server 0 - - name: nova_ec2 - port: 8773 - - name: nova_osapi - port: 8774 - net_binds: *public_binds - - name: nova_metadata - port: 8775 - net_binds: *public_binds - - name: nova_novncproxy - port: 6080 - net_binds: *public_binds - - name: ceilometer - port: 8777 - net_binds: *public_binds - options: # overwrite options as ceil needs auth for http req - - name: swift_proxy_server - port: 8080 - net_binds: *public_binds - options: - - option httpchk GET /info - - name: rabbitmq - port: 5672 - options: - - timeout client 0 - - timeout server 0 - - maxconn 1500 - - ControllerDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - signal_transport: NO_SIGNAL - config: {get_resource: ControllerConfig} - server: {get_resource: Controller} - input_values: - bootstack_nodeid: {get_attr: [Controller, name]} - controller_host: {get_attr: [Controller, networks, ctlplane, 0]} - controller_virtual_ip: {get_param: VirtualIP} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - heat.watch_server_url: - list_join: - - '' - - - 'http://' - - {get_param: VirtualIP} - - ':8003' - heat.metadata_server_url: - list_join: - - '' - - - 'http://' - - {get_param: VirtualIP} - - ':8000' - heat.waitcondition_server_url: - list_join: - - '' - - - 'http://' - - {get_param: VirtualIP} - - ':8000/v1/waitcondition' - admin_password: {get_param: AdminPassword} - admin_token: {get_param: AdminToken} - neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} - debug: {get_param: Debug} - cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} - cinder_password: {get_param: CinderPassword} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} - cinder_dsn: - list_join: - - '' - - - 'mysql://cinder:' - - {get_param: CinderPassword} - - '@' - - {get_param: VirtualIP} - - '/cinder' - glance_port: {get_param: GlancePort} - glance_protocol: {get_param: GlanceProtocol} - glance_password: {get_param: GlancePassword} - glance_notifier_strategy: {get_param: GlanceNotifierStrategy} - glance_log_file: {get_param: GlanceLogFile} - glance_dsn: - list_join: - - '' - - - 'mysql://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: VirtualIP} - - '/glance' - heat_password: {get_param: HeatPassword} - heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} - heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} - heat_dsn: - list_join: - - '' - - - 'mysql://heat:' - - {get_param: HeatPassword} - - '@' - - {get_param: VirtualIP} - - '/heat' - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} - keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} - keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} - keystone_dsn: - list_join: - - '' - - - 'mysql://keystone:' - - {get_param: AdminToken} - - '@' - - {get_param: VirtualIP} - - '/keystone' - mongodb_no_journal: {get_param: MongoDbNoJournal} - mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - mysql_root_password: {get_param: MysqlRootPassword} - mysql_cluster_name: - str_replace: - template: tripleo-CLUSTER - params: - CLUSTER: {get_param: MysqlClusterUniquePart} - neutron_flat_networks: {get_param: NeutronFlatNetworks} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_agent_mode: {get_param: NeutronAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_core_plugin: {get_param: NeutronCorePlugin} - neutron_service_plugins: - str_replace: - template: "['PLUGINS']" - params: - PLUGINS: - list_join: - - "','" - - {get_param: NeutronServicePlugins} - neutron_type_drivers: - str_replace: - template: "['DRIVERS']" - params: - DRIVERS: - list_join: - - "','" - - {get_param: NeutronTypeDrivers} - neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} - neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron_l3_ha: {get_param: NeutronL3HA} - neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} - neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: {get_param: NeutronBridgeMappings} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} - neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag} - neutron_tenant_network_type: {get_param: NeutronNetworkType} - neutron_tunnel_types: {get_param: NeutronTunnelTypes} - neutron_tunnel_id_ranges: - str_replace: - template: "['RANGES']" - params: - RANGES: - list_join: - - "','" - - {get_param: NeutronTunnelIdRanges} - neutron_vni_ranges: - str_replace: - template: "['RANGES']" - params: - RANGES: - list_join: - - "','" - - {get_param: NeutronVniRanges} - neutron_password: {get_param: NeutronPassword} - neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} - neutron_dsn: - list_join: - - '' - - - 'mysql://neutron:' - - {get_param: NeutronPassword} - - '@' - - {get_param: VirtualIP} - - '/ovs_neutron?charset=utf8' - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_dsn: - list_join: - - '' - - - 'mysql://ceilometer:' - - {get_param: CeilometerPassword} - - '@' - - {get_param: VirtualIP} - - '/ceilometer' - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - nova_password: {get_param: NovaPassword} - nova_dsn: - list_join: - - '' - - - 'mysql://nova:' - - {get_param: NovaPassword} - - '@' - - {get_param: VirtualIP} - - '/nova' - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_cookie: {get_param: RabbitCookie} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - ntp_server: {get_param: NtpServer} - control_virtual_interface: {get_param: ControlVirtualInterface} - public_virtual_interface: {get_param: PublicVirtualInterface} - public_virtual_ip: {get_param: PublicVirtualIP} - - SSLConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - ssl: - ca_certificate: {get_input: ssl_ca_certificate} - stunnel: - cert: {get_input: ssl_certificate} - key: {get_input: ssl_key} - cacert: {get_input: ssl_ca_certificate} - ports: - - name: 'ec2' - accept: 13773 - connect: 8773 - connect_host: {get_input: controller_host} - - name: 'image' - accept: 13292 - connect: 9292 - connect_host: {get_input: controller_host} - - name: 'identity' - accept: 13000 - connect: 5000 - connect_host: {get_input: controller_host} - - name: 'network' - accept: 13696 - connect: 9696 - connect_host: {get_input: controller_host} - - name: 'compute' - accept: 13774 - connect: 8774 - connect_host: {get_input: controller_host} - - name: 'swift-proxy' - accept: 13080 - connect: 8080 - connect_host: {get_input: controller_host} - - name: 'cinder' - accept: 13776 - connect: 8776 - connect_host: {get_input: controller_host} - - name: 'ceilometer' - accept: 13777 - connect: 8777 - connect_host: {get_input: controller_host} - - ControllerSSLDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: SSLConfig} - server: {get_resource: Controller} - signal_transport: NO_SIGNAL - input_values: - controller_host: {get_attr: [Controller, networks, ctlplane, 0]} - ssl_certificate: {get_param: SSLCertificate} - ssl_key: {get_param: SSLKey} - ssl_ca_certificate: {get_param: SSLCACertificate} - - ControllerPassthroughDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ControllerPassthroughConfig} - server: {get_resource: Controller} - signal_transport: NO_SIGNAL - input_values: - passthrough_config: {get_param: ExtraConfig} - - ControllerPassthroughSpecificDeployment: - depends_on: [ControllerPassthroughDeployment] - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ControllerPassthroughConfigSpecific} - server: {get_resource: Controller} - signal_transport: NO_SIGNAL - input_values: - passthrough_config_specific: {get_param: ControllerExtraConfig} - - SwiftConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - swift: - hash: { get_input: swift_hash_suffix } - part-power: { get_input: swift_part_power } - mount-check: { get_input: swift_mount_check } - min-part-hours: { get_input: swift_min_part_hours } - replicas: {get_input: swift_replicas } - service-password: { get_input: swift_password } - - SwiftStorageDeploy: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: Controller} - config: {get_resource: SwiftConfig} - signal_transport: NO_SIGNAL - input_values: - swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_mount_check: {get_param: SwiftMountCheck} - swift_password: {get_param: SwiftPassword} - swift_min_part_hours: {get_param: SwiftMinPartHours} - swift_part_power: {get_param: SwiftPartPower} - swift_replicas: { get_param: SwiftReplicas} - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [Controller, networks, ctlplane, 0]} - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - hostname: - description: Hostname of the server - value: {get_attr: [Controller, name]} - corosync_node: - description: > - Node object in the format {ip: ..., name: ...} format that the corosync - element expects - value: - ip: {get_attr: [Controller, networks, ctlplane, 0]} - name: {get_attr: [Controller, name]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: IP HOST CLOUDNAME - params: - IP: {get_attr: [Controller, networks, ctlplane, 0]} - HOST: {get_attr: [Controller, name]} - CLOUDNAME: {get_param: CloudName} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: Controller} - swift_device: - description: Swift device formatted for swift-ring-builder - value: - str_replace: - template: 'r1z1-IP:%PORT%/d1' - params: - IP: {get_attr: [Controller, networks, ctlplane, 0]} - swift_proxy_memcache: - description: Swift proxy-memcache value - value: - str_replace: - template: "IP:11211" - params: - IP: {get_attr: [Controller, networks, ctlplane, 0]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: "None - NO_SIGNAL" diff --git a/os-apply-config/swift-devices-and-proxy-config.yaml b/os-apply-config/swift-devices-and-proxy-config.yaml deleted file mode 100644 index 4f01dbea..00000000 --- a/os-apply-config/swift-devices-and-proxy-config.yaml +++ /dev/null @@ -1,38 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Swift Devices and Proxy Config' - -parameters: - controller_swift_devices: - type: comma_delimited_list - object_store_swift_devices: - type: comma_delimited_list - controller_swift_proxy_memcaches: - type: comma_delimited_list - -resources: - - SwiftDevicesAndProxyConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - swift: - devices: - list_join: - - ", " - - - list_join: - - ", " - - {get_param: controller_swift_devices} - - list_join: - - ", " - - {get_param: object_store_swift_devices} - proxy-memcache: - list_join: - - "," - - {get_param: controller_swift_proxy_memcaches} - -outputs: - config_id: - description: The ID of the SwiftDevicesAndProxyConfigImpl resource. - value: - {get_resource: SwiftDevicesAndProxyConfigImpl} diff --git a/os-apply-config/swift-storage-post.yaml b/os-apply-config/swift-storage-post.yaml deleted file mode 100644 index 1b1c406d..00000000 --- a/os-apply-config/swift-storage-post.yaml +++ /dev/null @@ -1,21 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Swift Storage Post Deployment' -# NOTE: this is a noop for os-apply-config style deployments because -# post deployment ordering is controlled by tripleo-image-elements - -parameters: - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - -resources: - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} - diff --git a/os-apply-config/swift-storage.yaml b/os-apply-config/swift-storage.yaml deleted file mode 100644 index d62d7d1a..00000000 --- a/os-apply-config/swift-storage.yaml +++ /dev/null @@ -1,209 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Common Swift Storage Configuration' -parameters: - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } - type: json - ObjectStorageExtraConfig: - default: {} - description: | - Role specific additional configuration to inject into the cluster. - type: json - Flavor: - description: Flavor for Swift storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - HashSuffix: - default: unset - description: A random string to be used as a salt when hashing to determine mappings - in the ring. - hidden: true - type: string - Image: - default: overcloud-swift-storage - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - MountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - MinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - PartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - Replicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - -resources: - SwiftConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - snmpd: - export_MIB: UCD-SNMP-MIB - readonly_user_name: {get_input: snmpd_readonly_user_name} - readonly_user_password: {get_input: snmpd_readonly_user_password} - swift: - hash: { get_input: swift_hash_suffix } - part-power: { get_input: swift_part_power } - min-part-hours: { get_input: swift_min_part_hours } - mount-check: { get_input: swift_mount_check } - replicas: {get_input: swift_replicas } - neutron: - ovs: - local_ip: { get_input: neutron_local_ip } - SwiftStorage: - type: OS::Nova::Server - properties: - image: {get_param: Image} - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} - name: {get_param: Hostname} - - NodeUserData: - type: OS::TripleO::NodeUserData - - InternalApiPort: - type: OS::TripleO::SwiftStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::SwiftStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - - NetworkConfig: - type: OS::TripleO::ObjectStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - config: {get_resource: NetworkConfig} - server: {get_resource: SwiftStorage} - - SwiftStorageDeploy: - type: OS::Heat::StructuredDeployment - properties: - server: {get_resource: SwiftStorage} - config: {get_resource: SwiftConfig} - signal_transport: NO_SIGNAL - input_values: - neutron_local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - swift_hash_suffix: {get_param: HashSuffix} - swift_mount_check: {get_param: MountCheck} - swift_min_part_hours: {get_param: MinPartHours} - swift_part_power: {get_param: PartPower} - swift_replicas: { get_param: Replicas} - -outputs: - hosts_entry: - value: - str_replace: - template: "IP HOST" - params: - IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - HOST: {get_attr: [SwiftStorage, name]} - nova_server_resource: - description: Heat resource handle for the swift storage server - value: - {get_resource: SwiftStorage} - swift_device: - description: Swift device formatted for swift-ring-builder - value: - str_replace: - template: 'r1z1-IP:%PORT%/d1' - params: - IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: "None - NO_SIGNAL" diff --git a/os-apply-config/vip-config.yaml b/os-apply-config/vip-config.yaml deleted file mode 100644 index 8f984ab7..00000000 --- a/os-apply-config/vip-config.yaml +++ /dev/null @@ -1,16 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - Configure hieradata for service -> virtual IP mappings. - -resources: - VipConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - # by default does nothing - -outputs: - OS::stack_id: - description: The VipConfigImpl resource. - value: {get_resource: VipConfigImpl} diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 7e65d4b1..c072c292 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -33,6 +33,8 @@ resource_registry: # NodeExtraConfig == All nodes configuration pre service deployment # NodeExtraConfigPost == All nodes configuration post service deployment OS::TripleO::NodeUserData: firstboot/userdata_default.yaml + OS::TripleO::NodeTLSCAData: puppet/extraconfig/tls/no-ca.yaml + OS::TripleO::NodeTLSData: puppet/extraconfig/tls/no-tls.yaml OS::TripleO::ControllerExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::ComputeExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::CephStorageExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml @@ -56,6 +58,7 @@ resource_registry: OS::TripleO::Network::Storage: network/noop.yaml OS::TripleO::Network::Tenant: network/noop.yaml + OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpSubnetMap: network/ports/net_ip_subnet_map.yaml OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml @@ -89,6 +92,10 @@ resource_registry: # Port assignments for service virtual IPs for the controller role OS::TripleO::Controller::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml + # Service Endpoint Mappings + OS::TripleO::Endpoint: network/endpoints/endpoint.yaml + OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml + # validation resources OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml diff --git a/overcloud-resource-registry.yaml b/overcloud-resource-registry.yaml index d6eb97f9..11a33599 100644 --- a/overcloud-resource-registry.yaml +++ b/overcloud-resource-registry.yaml @@ -39,6 +39,7 @@ resource_registry: OS::TripleO::Network::Storage: network/noop.yaml OS::TripleO::Network::Tenant: network/noop.yaml + OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpSubnetMap: network/ports/net_ip_subnet_map.yaml OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml @@ -72,5 +73,9 @@ resource_registry: # Port assignments for service virtual IPs for the controller role OS::TripleO::Controller::Ports::RedisVipPort: network/ports/noop.yaml + # Service Endpoint Mappings + OS::TripleO::Endpoint: network/endpoints/endpoint.yaml + OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml + # validation resources OS::TripleO::AllNodes::Validation: os-apply-config/all-nodes-validation.yaml diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index 9c915c4a..23dc6464 100644..120000 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -1,1452 +1 @@ -heat_template_version: 2015-04-30 - -description: > - Deploy an OpenStack environment, consisting of several node types (roles), - Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage - roles enable independent scaling of the storage components, but the minimal - deployment is one Controller and one Compute node. - - -# TODO(shadower): we should probably use the parameter groups to put -# some order in here. -parameters: - - # Common parameters (not specific to a role) - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - CeilometerBackend: - default: 'mongodb' - description: The ceilometer backend type. - type: string - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - # This has to be an UUID so for now we generate it outside the template - CephClusterFSID: - default: '' - type: string - description: The Ceph cluster FSID. Must be a UUID. - CephMonKey: - default: '' - description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. - type: string - hidden: true - CephAdminKey: - default: '' - description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. - type: string - hidden: true - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CephClientKey: - default: '' - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. - type: string - hidden: true - CephExternalMonHost: - default: '' - type: string - description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - CloudName: - default: '' - description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org - type: string - ControlFixedIPs: - default: [] - description: Should be used for arbitrary ips. - type: json - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - HAProxySyslogAddress: - default: /dev/log - description: Syslog address where HAproxy will send its log - type: string - HorizonAllowedHosts: - default: '*' - description: A list of IP/Hostname allowed to connect to horizon - type: comma_delimited_list - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: string - default: "datacentre:br-ex" - NeutronControlPlaneID: - default: 'ctlplane' - type: string - description: Neutron ID or name for ctlplane network. - NeutronEnableTunnelling: - type: string - default: "True" - NeutronFlatNetworks: - type: string - default: 'datacentre' - description: > - If set, flat networks to configure in neutron plugins. Defaults to - 'datacentre' to permit external network creation. - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron, either gre or vxlan. - type: string - NeutronPassword: - default: unset - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge for each control plane node, - and that port will be given the IP address returned by neutron from the - public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling - overcloud.yaml to include the deployment of VLAN ports to the control - plane. - type: string - NeutronComputeAgentMode: - default: 'dvr' - description: Agent mode for the neutron-l3-agent on the compute hosts - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NeutronDVR: - default: 'False' - description: Whether to configure Neutron Distributed Virtual Routers - type: string - NeutronMetadataProxySharedSecret: - default: 'unset' - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - type: string - NeutronTunnelIdRanges: - description: | - Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:1000", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:1000", ] - type: comma_delimited_list - NeutronCorePlugin: - default: 'ml2' - description: | - The core plugin for Neutron. The value should be the entrypoint to be loaded - from neutron.core_plugins namespace. - type: string - NeutronServicePlugins: - default: "router" - description: | - Comma-separated list of service plugin entrypoints to be loaded from the - neutron.service_plugins namespace. - type: comma_delimited_list - NeutronTypeDrivers: - default: "vxlan,vlan,flat,gre" - description: | - Comma-separated list of network type driver entrypoints to be loaded. - type: comma_delimited_list - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronDhcpAgentsPerNetwork: - type: number - default: 3 - description: The number of neutron dhcp agents to schedule per network - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NtpServer: - type: string - default: '' - MongoDbNoJournal: - default: false - description: Should MongoDb journaling be disabled - type: boolean - PublicVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the PublicVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - RabbitCookieSalt: - type: string - default: unset - description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - # FIXME: 'guest' is provisioned in RabbitMQ by default, we should create a user if these are changed - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - # We need to set this as string because 'unlimited' is a valid setting - RabbitFDLimit: - default: 16384 - description: Configures RabbitMQ FD limit - type: string - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - - # Controller-specific params - AdminToken: - default: unset - description: The keystone auth secret. - type: string - hidden: true - CinderLVMLoopDeviceSize: - default: 5000 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderNfsMountOptions: - default: '' - description: > - Mount options for NFS mounts used by Cinder NFS backend. Effective - when CinderEnableNfsBackend is true. - type: string - CinderNfsServers: - default: '' - description: > - NFS servers used by Cinder NFS backend. Effective when - CinderEnableNfsBackend is true. - type: comma_delimited_list - CinderPassword: - default: unset - description: The password for the cinder service account, used by cinder-api. - type: string - hidden: true - CinderISCSIHelper: - default: tgtadm - description: The iSCSI helper to use with cinder. - type: string - ControllerCount: - type: number - default: 1 - constraints: - - range: {min: 1} - controllerExtraConfig: - default: {} - description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - controllerImage: - type: string - default: overcloud-control - constraints: - - custom_constraint: glance.image - OvercloudControlFlavor: - description: Flavor for control nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - EnableFencing: - default: false - description: Whether to enable fencing in Pacemaker or not. - type: boolean - EnableGalera: - default: true - description: Whether to use Galera instead of regular MariaDB. - type: boolean - ControllerEnableCephStorage: - default: false - description: Whether to deploy Ceph Storage (OSD) on the Controller - type: boolean - ControllerEnableSwiftStorage: - default: true - description: Whether to enable Swift Storage on the Controller - type: boolean - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The format required - may be implementation specific, e.g puppet hieradata. Any role specific - ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig. - type: json - FencingConfig: - default: {} - description: | - Pacemaker fencing configuration. The JSON should have - the following structure: - { - "devices": [ - { - "agent": "AGENT_NAME", - "host_mac": "HOST_MAC_ADDRESS", - "params": {"PARAM_NAME": "PARAM_VALUE"} - } - ] - } - For instance: - { - "devices": [ - { - "agent": "fence_xvm", - "host_mac": "52:54:00:aa:bb:cc", - "params": { - "multicast_address": "225.0.0.12", - "port": "baremetal_0", - "manage_fw": true, - "manage_key_file": true, - "key_file": "/etc/fence_xvm.key", - "key_file_password": "abcdef" - } - } - ] - } - type: json - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlancePassword: - default: unset - description: The password for the glance service account, used by the glance services. - type: string - hidden: true - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] - HeatPassword: - default: unset - description: The password for the Heat service account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. - type: string - default: '' - hidden: true - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneNotificationDriver: - description: Comma-separated list of Oslo notification drivers used by Keystone - default: ['messaging'] - type: comma_delimited_list - KeystoneNotificationFormat: - description: The Keystone notification format - default: 'basic' - type: string - constraints: - - allowed_values: [ 'basic', 'cadf' ] - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - MysqlMaxConnections: - description: Configures MySQL max_connections config setting - type: number - default: 4096 - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,1400' - description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead. - type: string - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: A custom IP address to put onto the NeutronPublicInterface. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - SSLCertificate: - default: '' - description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. - type: string - hidden: true - SSLKey: - default: '' - description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. - type: string - hidden: true - SSLCACertificate: - default: '' - description: If set, the contents of an SSL certificate authority file. - type: string - SwiftHashSuffix: - default: unset - description: A random string to be used as a salt when hashing to determine mappings in the ring. - type: string - hidden: true - SwiftPassword: - default: unset - description: The password for the swift service account, used by the swift proxy services. - type: string - hidden: true - SwiftMountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - SwiftMinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - SwiftPartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - SwiftReplicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. - -# Compute-specific params - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - ComputeCount: - type: number - default: 1 - HypervisorNeutronPhysicalBridge: - default: 'br-ex' - description: > - An OVS bridge to create on each hypervisor. This defaults to br-ex the - same as the control plane nodes, as we have a uniform configuration of - the openvswitch agent. Typically should not need to be changed. - type: string - HypervisorNeutronPublicInterface: - default: nic1 - description: What interface to add to the HypervisorNeutronPhysicalBridge. - type: string - NeutronNetworkVLANRanges: - default: 'datacentre' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list - NovaComputeDriver: - type: string - default: libvirt.LibvirtDriver - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeLibvirtType: - default: '' - type: string - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean - NovaImage: - type: string - default: overcloud-compute - constraints: - - custom_constraint: glance.image - OvercloudComputeFlavor: - description: Use this flavor - type: string - constraints: - - custom_constraint: nova.flavor - ServiceNetMap: - default: - NeutronTenantNetwork: tenant - CeilometerApiNetwork: internal_api - MongoDbNetwork: internal_api - CinderApiNetwork: internal_api - CinderIscsiNetwork: storage - GlanceApiNetwork: storage - GlanceRegistryNetwork: internal_api - KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints - KeystonePublicApiNetwork: internal_api - NeutronApiNetwork: internal_api - HeatApiNetwork: internal_api - NovaApiNetwork: internal_api - NovaMetadataNetwork: internal_api - NovaVncProxyNetwork: internal_api - SwiftMgmtNetwork: storage_mgmt - SwiftProxyNetwork: storage - HorizonNetwork: internal_api - MemcachedNetwork: internal_api - RabbitMqNetwork: internal_api - RedisNetwork: internal_api - MysqlNetwork: internal_api - CephClusterNetwork: storage_mgmt - CephPublicNetwork: storage - ControllerHostnameResolveNetwork: internal_api - ComputeHostnameResolveNetwork: internal_api - BlockStorageHostnameResolveNetwork: internal_api - ObjectStorageHostnameResolveNetwork: internal_api - CephStorageHostnameResolveNetwork: storage - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - -# Block storage specific parameters - BlockStorageCount: - type: number - default: 0 - BlockStorageImage: - default: overcloud-cinder-volume - type: string - OvercloudBlockStorageFlavor: - description: Flavor for block storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - BlockStorageExtraConfig: - default: {} - description: | - BlockStorage specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - -# Object storage specific parameters - ObjectStorageCount: - type: number - default: 0 - OvercloudSwiftStorageFlavor: - description: Flavor for Swift storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - SwiftStorageImage: - default: overcloud-swift-storage - type: string - ObjectStorageExtraConfig: - default: {} - description: | - ObjectStorage specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - - -# Ceph storage specific parameters - CephStorageCount: - type: number - default: 0 - CephStorageImage: - default: overcloud-ceph-storage - type: string - OvercloudCephStorageFlavor: - default: baremetal - description: Flavor for Ceph storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - CephStorageExtraConfig: - default: {} - description: | - CephStorage specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - - # Hostname format for each role - # Note %index% is translated into the index of the node, e.g 0/1/2 etc - # and %stackname% is replaced with OS::stack_name in the template below. - # If you want to use the heat generated names, pass '' (empty string). - ControllerHostnameFormat: - type: string - description: Format for Controller node hostnames - default: '%stackname%-controller-%index%' - ComputeHostnameFormat: - type: string - description: Format for Compute node hostnames - default: '%stackname%-novacompute-%index%' - BlockStorageHostnameFormat: - type: string - description: Format for BlockStorage node hostnames - default: '%stackname%-blockstorage-%index%' - ObjectStorageHostnameFormat: - type: string - description: Format for SwiftStorage node hostnames - default: '%stackname%-objectstorage-%index%' - CephStorageHostnameFormat: - type: string - description: Format for CephStorage node hostnames - default: '%stackname%-cephstorage-%index%' - - # Identifiers to trigger tasks on nodes - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - - # If you want to remove a specific node from a resource group, you can pass - # the node name or id as a <Group>RemovalPolicies parameter, for example: - # ComputeRemovalPolicies: [{'resource_list': ['0']}] - ControllerRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ControllerResourceGroup when - doing an update which requires removal of specific resources. - ComputeRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ComputeResourceGroup when - doing an update which requires removal of specific resources. - BlockStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from BlockStorageResourceGroup when - doing an update which requires removal of specific resources. - ObjectStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ObjectStorageResourceGroup when - doing an update which requires removal of specific resources. - CephStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from CephStorageResourceGroup when - doing an update which requires removal of specific resources. - - -resources: - - HeatAuthEncryptionKey: - type: OS::Heat::RandomString - - PcsdPassword: - type: OS::Heat::RandomString - properties: - length: 16 - - HorizonSecret: - type: OS::Heat::RandomString - properties: - length: 10 - - Controller: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ControllerCount} - removal_policies: {get_param: ControllerRemovalPolicies} - resource_def: - type: OS::TripleO::Controller - properties: - AdminPassword: {get_param: AdminPassword} - AdminToken: {get_param: AdminToken} - CeilometerBackend: {get_param: CeilometerBackend} - CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} - CeilometerPassword: {get_param: CeilometerPassword} - CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} - CinderNfsMountOptions: {get_param: CinderNfsMountOptions} - CinderNfsServers: {get_param: CinderNfsServers} - CinderPassword: {get_param: CinderPassword} - CinderISCSIHelper: {get_param: CinderISCSIHelper} - CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} - CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} - CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} - CloudName: {get_param: CloudName} - ControlVirtualInterface: {get_param: ControlVirtualInterface} - ControllerExtraConfig: {get_param: controllerExtraConfig} - Debug: {get_param: Debug} - EnableFencing: {get_param: EnableFencing} - EnableGalera: {get_param: EnableGalera} - EnableCephStorage: {get_param: ControllerEnableCephStorage} - EnableSwiftStorage: {get_param: ControllerEnableSwiftStorage} - ExtraConfig: {get_param: ExtraConfig} - FencingConfig: {get_param: FencingConfig} - Flavor: {get_param: OvercloudControlFlavor} - GlancePort: {get_param: GlancePort} - GlanceProtocol: {get_param: GlanceProtocol} - GlancePassword: {get_param: GlancePassword} - GlanceBackend: {get_param: GlanceBackend} - GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy} - GlanceLogFile: {get_param: GlanceLogFile} - HAProxySyslogAddress: {get_param: HAProxySyslogAddress} - HeatPassword: {get_param: HeatPassword} - HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword} - HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} - HorizonAllowedHosts: {get_param: HorizonAllowedHosts} - HorizonSecret: {get_resource: HorizonSecret} - Image: {get_param: controllerImage} - ImageUpdatePolicy: {get_param: ImageUpdatePolicy} - KeyName: {get_param: KeyName} - KeystoneCACertificate: {get_param: KeystoneCACertificate} - KeystoneSigningCertificate: {get_param: KeystoneSigningCertificate} - KeystoneSigningKey: {get_param: KeystoneSigningKey} - KeystoneSSLCertificate: {get_param: KeystoneSSLCertificate} - KeystoneSSLCertificateKey: {get_param: KeystoneSSLCertificateKey} - KeystoneNotificationDriver: {get_param: KeystoneNotificationDriver} - KeystoneNotificationFormat: {get_param: KeystoneNotificationFormat} - MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]} - MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize} - MysqlMaxConnections: {get_param: MysqlMaxConnections} - MysqlRootPassword: {get_attr: [MysqlRootPassword, value]} - NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP} - NeutronFlatNetworks: {get_param: NeutronFlatNetworks} - NeutronBridgeMappings: {get_param: NeutronBridgeMappings} - NeutronExternalNetworkBridge: {get_param: NeutronExternalNetworkBridge} - NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} - NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges} - NeutronPublicInterface: {get_param: NeutronPublicInterface} - NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute} - NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} - NeutronPassword: {get_param: NeutronPassword} - NeutronDnsmasqOptions: {get_param: NeutronDnsmasqOptions} - NeutronDVR: {get_param: NeutronDVR} - NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} - NeutronAgentMode: {get_param: NeutronAgentMode} - NeutronCorePlugin: {get_param: NeutronCorePlugin} - NeutronServicePlugins: {get_param: NeutronServicePlugins} - NeutronTypeDrivers: {get_param: NeutronTypeDrivers} - NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers} - NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} - NeutronL3HA: {get_param: NeutronL3HA} - NeutronDhcpAgentsPerNetwork: {get_param: NeutronDhcpAgentsPerNetwork} - NeutronNetworkType: {get_param: NeutronNetworkType} - NeutronTunnelTypes: {get_param: NeutronTunnelTypes} - NovaPassword: {get_param: NovaPassword} - NtpServer: {get_param: NtpServer} - MongoDbNoJournal: {get_param: MongoDbNoJournal} - PcsdPassword: {get_resource: PcsdPassword} - PublicVirtualInterface: {get_param: PublicVirtualInterface} - RabbitPassword: {get_param: RabbitPassword} - RabbitUserName: {get_param: RabbitUserName} - RabbitCookie: {get_attr: [RabbitCookie, value]} - RabbitClientUseSSL: {get_param: RabbitClientUseSSL} - RabbitClientPort: {get_param: RabbitClientPort} - RabbitFDLimit: {get_param: RabbitFDLimit} - SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} - SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} - RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} - SSLCertificate: {get_param: SSLCertificate} - SSLKey: {get_param: SSLKey} - SSLCACertificate: {get_param: SSLCACertificate} - SwiftHashSuffix: {get_param: SwiftHashSuffix} - SwiftMountCheck: {get_param: SwiftMountCheck} - SwiftMinPartHours: {get_param: SwiftMinPartHours} - SwiftPartPower: {get_param: SwiftPartPower} - SwiftPassword: {get_param: SwiftPassword} - SwiftReplicas: { get_param: SwiftReplicas} - VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} # deprecated. Use per service VIP settings instead now. - PublicVirtualIP: {get_attr: [PublicVirtualIP, ip_address]} - ServiceNetMap: {get_param: ServiceNetMap} - CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: ControllerHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - - Compute: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ComputeCount} - removal_policies: {get_param: ComputeRemovalPolicies} - resource_def: - type: OS::TripleO::Compute - properties: - AdminPassword: {get_param: AdminPassword} - CeilometerComputeAgent: {get_param: CeilometerComputeAgent} - CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} - CeilometerPassword: {get_param: CeilometerPassword} - CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} - CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} - Debug: {get_param: Debug} - ExtraConfig: {get_param: ExtraConfig} - Flavor: {get_param: OvercloudComputeFlavor} - GlanceHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - GlancePort: {get_param: GlancePort} - GlanceProtocol: {get_param: GlanceProtocol} - Image: {get_param: NovaImage} - ImageUpdatePolicy: {get_param: ImageUpdatePolicy} - KeyName: {get_param: KeyName} - KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - NeutronBridgeMappings: {get_param: NeutronBridgeMappings} - NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} - NeutronFlatNetworks: {get_param: NeutronFlatNetworks} - NeutronHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - NeutronNetworkType: {get_param: NeutronNetworkType} - NeutronTunnelTypes: {get_param: NeutronTunnelTypes} - NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges} - NeutronPassword: {get_param: NeutronPassword} - NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge} - NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface} - NeutronDVR: {get_param: NeutronDVR} - NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} - NeutronAgentMode: {get_param: NeutronComputeAgentMode} - NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} - NeutronCorePlugin: {get_param: NeutronCorePlugin} - NeutronServicePlugins: {get_param: NeutronServicePlugins} - NeutronTypeDrivers: {get_param: NeutronTypeDrivers} - NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers} - # L3 HA and Failover is not relevant for Computes, should be removed - NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} - NeutronL3HA: {get_param: NeutronL3HA} - NovaApiHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - NovaComputeDriver: {get_param: NovaComputeDriver} - NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig} - NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType} - NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend} - NovaPublicIP: {get_attr: [PublicVirtualIP, ip_address]} - NovaPassword: {get_param: NovaPassword} - NtpServer: {get_param: NtpServer} - RabbitHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} - RabbitPassword: {get_param: RabbitPassword} - RabbitUserName: {get_param: RabbitUserName} - RabbitClientUseSSL: {get_param: RabbitClientUseSSL} - RabbitClientPort: {get_param: RabbitClientPort} - SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} - SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} - ServiceNetMap: {get_param: ServiceNetMap} - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: ComputeHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - - BlockStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: BlockStorageCount} - removal_policies: {get_param: BlockStorageRemovalPolicies} - resource_def: - type: OS::TripleO::BlockStorage - properties: - Debug: {get_param: Debug} - Image: {get_param: BlockStorageImage} - CinderISCSIHelper: {get_param: CinderISCSIHelper} - CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} - # Purpose of the dedicated BlockStorage nodes should be to use their local LVM - CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} - CinderPassword: {get_param: CinderPassword} - KeyName: {get_param: KeyName} - Flavor: {get_param: OvercloudBlockStorageFlavor} - VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - GlancePort: {get_param: GlancePort} - GlanceProtocol: {get_param: GlanceProtocol} - GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - RabbitPassword: {get_param: RabbitPassword} - RabbitUserName: {get_param: RabbitUserName} - RabbitClientUseSSL: {get_param: RabbitClientUseSSL} - RabbitClientPort: {get_param: RabbitClientPort} - NtpServer: {get_param: NtpServer} - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: BlockStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - ServiceNetMap: {get_param: ServiceNetMap} - MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - ExtraConfig: {get_param: ExtraConfig} - BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig} - - ObjectStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ObjectStorageCount} - removal_policies: {get_param: ObjectStorageRemovalPolicies} - resource_def: - type: OS::TripleO::ObjectStorage - properties: - KeyName: {get_param: KeyName} - Flavor: {get_param: OvercloudSwiftStorageFlavor} - HashSuffix: {get_param: SwiftHashSuffix} - MountCheck: {get_param: SwiftMountCheck} - MinPartHours: {get_param: SwiftMinPartHours} - PartPower: {get_param: SwiftPartPower} - Image: {get_param: SwiftStorageImage} - Replicas: { get_param: SwiftReplicas} - NtpServer: {get_param: NtpServer} - UpdateIdentifier: {get_param: UpdateIdentifier} - ServiceNetMap: {get_param: ServiceNetMap} - Hostname: - str_replace: - template: {get_param: ObjectStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - ExtraConfig: {get_param: ExtraConfig} - ObjectStorageExtraConfig: {get_param: ObjectStorageExtraConfig} - - CephStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: CephStorageCount} - removal_policies: {get_param: CephStorageRemovalPolicies} - resource_def: - type: OS::TripleO::CephStorage - properties: - Image: {get_param: CephStorageImage} - KeyName: {get_param: KeyName} - Flavor: {get_param: OvercloudCephStorageFlavor} - NtpServer: {get_param: NtpServer} - ServiceNetMap: {get_param: ServiceNetMap} - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: CephStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - ExtraConfig: {get_param: ExtraConfig} - CephStorageExtraConfig: {get_param: CephStorageExtraConfig} - - ControllerIpListMap: - type: OS::TripleO::Network::Ports::NetIpListMap - properties: - ControlPlaneIpList: {get_attr: [Controller, ip_address]} - ExternalIpList: {get_attr: [Controller, external_ip_address]} - InternalApiIpList: {get_attr: [Controller, internal_api_ip_address]} - StorageIpList: {get_attr: [Controller, storage_ip_address]} - StorageMgmtIpList: {get_attr: [Controller, storage_mgmt_ip_address]} - TenantIpList: {get_attr: [Controller, tenant_ip_address]} - - allNodesConfig: - type: OS::TripleO::AllNodes::SoftwareConfig - properties: - compute_hosts: {get_attr: [Compute, hosts_entry]} - controller_hosts: {get_attr: [Controller, hosts_entry]} - controller_ips: {get_attr: [Controller, ip_address]} - block_storage_hosts: {get_attr: [BlockStorage, hosts_entry]} - object_storage_hosts: {get_attr: [ObjectStorage, hosts_entry]} - ceph_storage_hosts: {get_attr: [CephStorage, hosts_entry]} - controller_names: {get_attr: [Controller, hostname]} - rabbit_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} - mongo_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} - redis_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} - memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} - mysql_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - horizon_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - heat_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - swift_proxy_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - ceilometer_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - nova_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - nova_metadata_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} - glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - glance_registry_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - cinder_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - neutron_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - - MysqlRootPassword: - type: OS::Heat::RandomString - properties: - length: 10 - - MysqlClusterUniquePart: - type: OS::Heat::RandomString - properties: - length: 10 - - RabbitCookie: - type: OS::Heat::RandomString - properties: - length: 20 - salt: {get_param: RabbitCookieSalt} - - # creates the network architecture - Networks: - type: OS::TripleO::Network - - ControlVirtualIP: - type: OS::Neutron::Port - depends_on: Networks - properties: - name: control_virtual_ip - network: {get_param: NeutronControlPlaneID} - fixed_ips: {get_param: ControlFixedIPs} - replacement_policy: AUTO - - RedisVirtualIP: - depends_on: Networks - type: OS::TripleO::Controller::Ports::RedisVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ControlPlaneNetwork: {get_param: NeutronControlPlaneID} - PortName: redis_virtual_ip - NetworkName: {get_param: [ServiceNetMap, RedisNetwork]} - - # The public VIP is on the External net, falls back to ctlplane - PublicVirtualIP: - depends_on: Networks - type: OS::TripleO::Controller::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ControlPlaneNetwork: {get_param: NeutronControlPlaneID} - PortName: public_virtual_ip - FixedIPs: {get_param: PublicVirtualFixedIPs} - - InternalApiVirtualIP: - depends_on: Networks - type: OS::TripleO::Controller::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: internal_api_virtual_ip - - StorageVirtualIP: - depends_on: Networks - type: OS::TripleO::Controller::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: storage_virtual_ip - - StorageMgmtVirtualIP: - depends_on: Networks - type: OS::TripleO::Controller::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: storage_management_virtual_ip - - VipMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} - InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} - StorageIp: {get_attr: [StorageVirtualIP, ip_address]} - StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]} - # No tenant VIP required - - VipConfig: - type: OS::TripleO::VipConfig - - VipDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_resource: VipConfig} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - input_values: - # service VIP mappings - keystone_admin_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - keystone_public_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - neutron_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - cinder_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - glance_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - glance_registry_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - swift_proxy_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - nova_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - nova_metadata_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} - ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - redis_vip: {get_attr: [RedisVirtualIP, ip_address]} - mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} - # direct configuration of Virtual IPs for each network - control_virtual_ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - public_virtual_ip: {get_attr: [PublicVirtualIP, ip_address]} - internal_api_virtual_ip: {get_attr: [InternalApiVirtualIP, ip_address]} - storage_virtual_ip: {get_attr: [StorageVirtualIP, ip_address]} - storage_mgmt_virtual_ip: {get_attr: [StorageMgmtVirtualIP, ip_address]} - - ControllerBootstrapNodeConfig: - type: OS::TripleO::BootstrapNode::SoftwareConfig - properties: - bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]} - bootstrap_nodeid_ip: {get_attr: [Controller, resource.0.ip_address]} - - ControllerBootstrapNodeDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [ControllerBootstrapNodeConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ControllerSwiftDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ObjectStorageSwiftDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]} - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - - SwiftDevicesAndProxyConfig: - type: OS::TripleO::SwiftDevicesAndProxy::SoftwareConfig - properties: - controller_swift_devices: {get_attr: [Controller, swift_device]} - object_store_swift_devices: {get_attr: [ObjectStorage, swift_device]} - controller_swift_proxy_memcaches: {get_attr: [Controller, swift_proxy_memcache]} - - ComputeCephDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [CephClusterConfig, config_id]} - servers: {get_attr: [Compute, attributes, nova_server_resource]} - - ControllerCephDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [CephClusterConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - CephStorageCephDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [CephClusterConfig, config_id]} - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - - CephClusterConfig: - type: OS::TripleO::CephClusterConfig::SoftwareConfig - properties: - ceph_storage_count: {get_param: CephStorageCount} - ceph_fsid: {get_param: CephClusterFSID} - ceph_mon_key: {get_param: CephMonKey} - ceph_admin_key: {get_param: CephAdminKey} - ceph_client_key: {get_param: CephClientKey} - ceph_external_mon_ips: {get_param: CephExternalMonHost} - ceph_mon_names: {get_attr: [Controller, hostname]} - ceph_mon_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} - - ControllerClusterConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - corosync: - nodes: {get_attr: [Controller, corosync_node]} - horizon: - caches: - memcached: - nodes: {get_attr: [Controller, hostname]} - mysql: - nodes: {get_attr: [Controller, corosync_node]} - haproxy: - nodes: {get_attr: [Controller, corosync_node]} - - ControllerClusterDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_resource: ControllerClusterConfig} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ControllerAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ComputeAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [Compute, attributes, nova_server_resource]} - - BlockStorageAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - - ObjectStorageAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - - CephStorageAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - - # All Nodes Validations - AllNodesValidationConfig: - type: OS::TripleO::AllNodes::Validation - properties: - PingTestIps: - list_join: - - ' ' - - - {get_attr: [Controller, resource.0.external_ip_address]} - - {get_attr: [Controller, resource.0.internal_api_ip_address]} - - {get_attr: [Controller, resource.0.storage_ip_address]} - - {get_attr: [Controller, resource.0.storage_mgmt_ip_address]} - - {get_attr: [Controller, resource.0.tenant_ip_address]} - - ControllerAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: ControllerAllNodesDeployment - properties: - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ComputeAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: ComputeAllNodesDeployment - properties: - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [Compute, attributes, nova_server_resource]} - - BlockStorageAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: BlockStorageAllNodesDeployment - properties: - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - - ObjectStorageAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: ObjectStorageAllNodesDeployment - properties: - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - - CephStorageAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: CephStorageAllNodesDeployment - properties: - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - - # Optional ExtraConfig for all nodes - all roles are passed in here, but - # the nested template may configure each role differently (or not at all) - AllNodesExtraConfig: - type: OS::TripleO::AllNodesExtraConfig - properties: - controller_servers: {get_attr: [Controller, attributes, nova_server_resource]} - compute_servers: {get_attr: [Compute, attributes, nova_server_resource]} - blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - - # Nested stack deployment runs after all other controller deployments - ControllerNodesPostDeployment: - type: OS::TripleO::ControllerPostDeployment - depends_on: [ControllerBootstrapNodeDeployment, ControllerAllNodesDeployment, ControllerSwiftDeployment, ControllerCephDeployment] - properties: - servers: {get_attr: [Controller, attributes, nova_server_resource]} - NodeConfigIdentifiers: - allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} - controller_config: {get_attr: [Controller, attributes, config_identifier]} - - ComputeNodesPostDeployment: - type: OS::TripleO::ComputePostDeployment - depends_on: [ComputeAllNodesDeployment, ComputeCephDeployment] - properties: - servers: {get_attr: [Compute, attributes, nova_server_resource]} - NodeConfigIdentifiers: - allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} - compute_config: {get_attr: [Compute, attributes, config_identifier]} - - ObjectStorageNodesPostDeployment: - type: OS::TripleO::ObjectStoragePostDeployment - depends_on: [ObjectStorageSwiftDeployment, ObjectStorageAllNodesDeployment] - properties: - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - NodeConfigIdentifiers: - allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} - objectstorage_config: {get_attr: [ObjectStorage, attributes, config_identifier]} - - BlockStorageNodesPostDeployment: - type: OS::TripleO::BlockStoragePostDeployment - depends_on: [ControllerNodesPostDeployment, BlockStorageAllNodesDeployment] - properties: - servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - NodeConfigIdentifiers: - allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} - blockstorage_config: {get_attr: [BlockStorage, attributes, config_identifier]} - - CephStorageNodesPostDeployment: - type: OS::TripleO::CephStoragePostDeployment - depends_on: [ControllerNodesPostDeployment, CephStorageCephDeployment, CephStorageAllNodesDeployment] - properties: - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - NodeConfigIdentifiers: - allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} - cephstorage_config: {get_attr: [CephStorage, attributes, config_identifier]} - -outputs: - KeystoneURL: - description: URL for the Overcloud Keystone service - value: - list_join: - - '' - - - http:// - - {get_attr: [PublicVirtualIP, ip_address]} - - :5000/v2.0/ - KeystoneAdminVip: - description: Keystone Admin VIP endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - PublicVip: - description: Controller VIP for public API endpoints - value: {get_attr: [PublicVirtualIP, ip_address]} - CeilometerInternalVip: - description: VIP for Ceilometer API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - CinderInternalVip: - description: VIP for Cinder API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - GlanceInternalVip: - description: VIP for Glance API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - HeatInternalVip: - description: VIP for Heat API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - KeystoneInternalVip: - description: VIP for Keystone API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - NeutronInternalVip: - description: VIP for Neutron API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - NovaInternalVip: - description: VIP for Nova API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - SwiftInternalVip: - description: VIP for Swift Proxy internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} +overcloud.yaml
\ No newline at end of file diff --git a/overcloud.yaml b/overcloud.yaml new file mode 100644 index 00000000..67636182 --- /dev/null +++ b/overcloud.yaml @@ -0,0 +1,1498 @@ +heat_template_version: 2015-04-30 + +description: > + Deploy an OpenStack environment, consisting of several node types (roles), + Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage + roles enable independent scaling of the storage components, but the minimal + deployment is one Controller and one Compute node. + + +# TODO(shadower): we should probably use the parameter groups to put +# some order in here. +parameters: + + # Common parameters (not specific to a role) + AdminPassword: + default: unset + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + CeilometerBackend: + default: 'mongodb' + description: The ceilometer backend type. + type: string + CeilometerMeteringSecret: + default: unset + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + default: unset + description: The password for the ceilometer service account. + type: string + hidden: true + # This has to be an UUID so for now we generate it outside the template + CephClusterFSID: + default: '' + type: string + description: The Ceph cluster FSID. Must be a UUID. + CephMonKey: + default: '' + description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CephAdminKey: + default: '' + description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CephClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephExternalMonHost: + default: '' + type: string + description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + CloudName: + default: '' + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + type: string + ControlFixedIPs: + default: [] + description: Should be used for arbitrary ips. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + constraints: + - custom_constraint: nova.keypair + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. + type: string + default: 'br-ex' + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: string + default: "datacentre:br-ex" + NeutronControlPlaneID: + default: 'ctlplane' + type: string + description: Neutron ID or name for ctlplane network. + NeutronEnableIsolatedMetadata: + default: 'False' + description: If True, DHCP provide metadata route to VM. + type: string + NeutronEnableTunnelling: + type: string + default: "True" + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" + NeutronFlatNetworks: + type: string + default: 'datacentre' + description: > + If set, flat networks to configure in neutron plugins. Defaults to + 'datacentre' to permit external network creation. + NeutronNetworkType: + default: 'vxlan' + description: The tenant network type for Neutron, either gre or vxlan. + type: string + NeutronPassword: + default: unset + description: The password for the neutron service account, used by neutron agents. + type: string + hidden: true + NeutronPublicInterface: + default: nic1 + description: What interface to bridge onto br-ex for network nodes. + type: string + NeutronPublicInterfaceTag: + default: '' + description: > + VLAN tag for creating a public VLAN. The tag will be used to + create an access port on the exterior bridge for each control plane node, + and that port will be given the IP address returned by neutron from the + public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling + overcloud.yaml to include the deployment of VLAN ports to the control + plane. + type: string + NeutronComputeAgentMode: + default: 'dvr' + description: Agent mode for the neutron-l3-agent on the compute hosts + type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + hidden: true + NeutronTunnelTypes: + default: 'vxlan' + description: | + The tunnel types for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'gre,vxlan' + type: string + NeutronTunnelIdRanges: + description: | + Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges + of GRE tunnel IDs that are available for tenant network allocation + default: ["1:1000", ] + type: comma_delimited_list + NeutronVniRanges: + description: | + Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges + of VXLAN VNI IDs that are available for tenant network allocation + default: ["1:1000", ] + type: comma_delimited_list + NeutronCorePlugin: + default: 'ml2' + description: | + The core plugin for Neutron. The value should be the entrypoint to be loaded + from neutron.core_plugins namespace. + type: string + NeutronServicePlugins: + default: "router" + description: | + Comma-separated list of service plugin entrypoints to be loaded from the + neutron.service_plugins namespace. + type: comma_delimited_list + NeutronTypeDrivers: + default: "vxlan,vlan,flat,gre" + description: | + Comma-separated list of network type driver entrypoints to be loaded. + type: comma_delimited_list + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'False' + description: Allow automatic l3-agent failover + type: string + NeutronL3HA: + default: 'False' + description: Whether to enable l3-agent HA + type: string + NeutronDhcpAgentsPerNetwork: + type: number + default: 1 + description: The number of neutron dhcp agents to schedule per network + NovaPassword: + default: unset + description: The password for the nova service account, used by nova-api. + type: string + hidden: true + NtpServer: + default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list + MongoDbNoJournal: + default: false + description: Should MongoDb journaling be disabled + type: boolean + PublicVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the PublicVirtualInterface port. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + RabbitCookieSalt: + type: string + default: unset + description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. + # FIXME: 'guest' is provisioned in RabbitMQ by default, we should create a user if these are changed + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitPassword: + default: guest + description: The password for RabbitMQ + type: string + hidden: true + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + # We need to set this as string because 'unlimited' is a valid setting + RabbitFDLimit: + default: 16384 + description: Configures RabbitMQ FD limit + type: string + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + CloudDomain: + default: 'localdomain' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. + + # Controller-specific params + AdminToken: + default: unset + description: The keystone auth secret. + type: string + hidden: true + CinderLVMLoopDeviceSize: + default: 5000 + description: The size of the loopback file used by the cinder LVM driver. + type: number + CinderNfsMountOptions: + default: '' + description: > + Mount options for NFS mounts used by Cinder NFS backend. Effective + when CinderEnableNfsBackend is true. + type: string + CinderNfsServers: + default: '' + description: > + NFS servers used by Cinder NFS backend. Effective when + CinderEnableNfsBackend is true. + type: comma_delimited_list + CinderPassword: + default: unset + description: The password for the cinder service account, used by cinder-api. + type: string + hidden: true + CinderISCSIHelper: + default: tgtadm + description: The iSCSI helper to use with cinder. + type: string + ControllerCount: + type: number + default: 1 + constraints: + - range: {min: 1} + controllerExtraConfig: + default: {} + description: | + Controller specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + controllerImage: + type: string + default: overcloud-control + constraints: + - custom_constraint: glance.image + OvercloudControlFlavor: + description: Flavor for control nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string + EnableFencing: + default: false + description: Whether to enable fencing in Pacemaker or not. + type: boolean + EnableGalera: + default: true + description: Whether to use Galera instead of regular MariaDB. + type: boolean + ControllerEnableCephStorage: + default: false + description: Whether to deploy Ceph Storage (OSD) on the Controller + type: boolean + ControllerEnableSwiftStorage: + default: true + description: Whether to enable Swift Storage on the Controller + type: boolean + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The format required + may be implementation specific, e.g puppet hieradata. Any role specific + ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig. + type: json + FencingConfig: + default: {} + description: | + Pacemaker fencing configuration. The JSON should have + the following structure: + { + "devices": [ + { + "agent": "AGENT_NAME", + "host_mac": "HOST_MAC_ADDRESS", + "params": {"PARAM_NAME": "PARAM_VALUE"} + } + ] + } + For instance: + { + "devices": [ + { + "agent": "fence_xvm", + "host_mac": "52:54:00:aa:bb:cc", + "params": { + "multicast_address": "225.0.0.12", + "port": "baremetal_0", + "manage_fw": true, + "manage_key_file": true, + "key_file": "/etc/fence_xvm.key", + "key_file_password": "abcdef" + } + } + ] + } + type: json + GlanceLogFile: + description: The filepath of the file to use for logging messages from Glance. + type: string + default: '' + GlanceNotifierStrategy: + description: Strategy to use for Glance notification queue + type: string + default: noop + GlancePassword: + default: unset + description: The password for the glance service account, used by the glance services. + type: string + hidden: true + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + HeatPassword: + default: unset + description: The password for the Heat service account, used by the Heat services. + type: string + hidden: true + HeatStackDomainAdminPassword: + description: Password for heat_domain_admin user. + type: string + default: '' + hidden: true + KeystoneCACertificate: + default: '' + description: Keystone self-signed certificate authority certificate. + type: string + KeystoneSigningCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSigningKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the ones. + type: boolean + MysqlInnodbBufferPoolSize: + description: > + Specifies the size of the buffer pool in megabytes. Setting to + zero should be interpreted as "no value" and will defer to the + lower level default. + type: number + default: 0 + MysqlMaxConnections: + description: Configures MySQL max_connections config setting + type: number + default: 4096 + NeutronDnsmasqOptions: + default: 'dhcp-option-force=26,1400' + description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead. + type: string + NeutronPublicInterfaceDefaultRoute: + default: '' + description: A custom default route for the NeutronPublicInterface. + type: string + NeutronPublicInterfaceIP: + default: '' + description: A custom IP address to put onto the NeutronPublicInterface. + type: string + NeutronPublicInterfaceRawDevice: + default: '' + description: If set, the public interface is a vlan with this device as the raw device. + type: string + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string + SwiftHashSuffix: + default: unset + description: A random string to be used as a salt when hashing to determine mappings in the ring. + type: string + hidden: true + SwiftPassword: + default: unset + description: The password for the swift service account, used by the swift proxy services. + type: string + hidden: true + SwiftMountCheck: + default: 'false' + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + SwiftMinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + SwiftPartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + SwiftReplicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + +# Compute-specific params + CeilometerComputeAgent: + description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly + type: string + default: '' + constraints: + - allowed_values: ['', Present] + ComputeCount: + type: number + default: 1 + HypervisorNeutronPhysicalBridge: + default: 'br-ex' + description: > + An OVS bridge to create on each hypervisor. This defaults to br-ex the + same as the control plane nodes, as we have a uniform configuration of + the openvswitch agent. Typically should not need to be changed. + type: string + HypervisorNeutronPublicInterface: + default: nic1 + description: What interface to add to the HypervisorNeutronPhysicalBridge. + type: string + NeutronNetworkVLANRanges: + default: 'datacentre' + description: > + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + type: comma_delimited_list + NovaComputeDriver: + type: string + default: libvirt.LibvirtDriver + NovaComputeExtraConfig: + default: {} + description: | + NovaCompute specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + NovaComputeLibvirtType: + default: '' + type: string + NovaComputeLibvirtVifDriver: + default: '' + description: Libvirt VIF driver configuration for the network + type: string + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + NovaImage: + type: string + default: overcloud-compute + constraints: + - custom_constraint: glance.image + NovaOVSBridge: + default: 'br-int' + description: Name of integration bridge used by Open vSwitch + type: string + NovaSecurityGroupAPI: + default: 'neutron' + description: The full class name of the security API class + type: string + OvercloudComputeFlavor: + description: Use this flavor + type: string + constraints: + - custom_constraint: nova.flavor + ServiceNetMap: + default: + NeutronTenantNetwork: tenant + CeilometerApiNetwork: internal_api + MongoDbNetwork: internal_api + CinderApiNetwork: internal_api + CinderIscsiNetwork: storage + GlanceApiNetwork: storage + GlanceRegistryNetwork: internal_api + KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints + KeystonePublicApiNetwork: internal_api + NeutronApiNetwork: internal_api + HeatApiNetwork: internal_api + NovaApiNetwork: internal_api + NovaMetadataNetwork: internal_api + NovaVncProxyNetwork: internal_api + SwiftMgmtNetwork: storage_mgmt + SwiftProxyNetwork: storage + HorizonNetwork: internal_api + MemcachedNetwork: internal_api + RabbitMqNetwork: internal_api + RedisNetwork: internal_api + MysqlNetwork: internal_api + CephClusterNetwork: storage_mgmt + CephPublicNetwork: storage + ControllerHostnameResolveNetwork: internal_api + ComputeHostnameResolveNetwork: internal_api + BlockStorageHostnameResolveNetwork: internal_api + ObjectStorageHostnameResolveNetwork: internal_api + CephStorageHostnameResolveNetwork: storage + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. + type: json + +# Block storage specific parameters + BlockStorageCount: + type: number + default: 0 + BlockStorageImage: + default: overcloud-cinder-volume + type: string + OvercloudBlockStorageFlavor: + description: Flavor for block storage nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + BlockStorageExtraConfig: + default: {} + description: | + BlockStorage specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + +# Object storage specific parameters + ObjectStorageCount: + type: number + default: 0 + OvercloudSwiftStorageFlavor: + description: Flavor for Swift storage nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + SwiftStorageImage: + default: overcloud-swift-storage + type: string + ObjectStorageExtraConfig: + default: {} + description: | + ObjectStorage specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + + +# Ceph storage specific parameters + CephStorageCount: + type: number + default: 0 + CephStorageImage: + default: overcloud-ceph-storage + type: string + OvercloudCephStorageFlavor: + default: baremetal + description: Flavor for Ceph storage nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + CephStorageExtraConfig: + default: {} + description: | + CephStorage specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + + # Hostname format for each role + # Note %index% is translated into the index of the node, e.g 0/1/2 etc + # and %stackname% is replaced with OS::stack_name in the template below. + # If you want to use the heat generated names, pass '' (empty string). + ControllerHostnameFormat: + type: string + description: Format for Controller node hostnames + default: '%stackname%-controller-%index%' + ComputeHostnameFormat: + type: string + description: Format for Compute node hostnames + default: '%stackname%-novacompute-%index%' + BlockStorageHostnameFormat: + type: string + description: Format for BlockStorage node hostnames + default: '%stackname%-blockstorage-%index%' + ObjectStorageHostnameFormat: + type: string + description: Format for SwiftStorage node hostnames + default: '%stackname%-objectstorage-%index%' + CephStorageHostnameFormat: + type: string + description: Format for CephStorage node hostnames + default: '%stackname%-cephstorage-%index%' + + # Identifiers to trigger tasks on nodes + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. + + # If you want to remove a specific node from a resource group, you can pass + # the node name or id as a <Group>RemovalPolicies parameter, for example: + # ComputeRemovalPolicies: [{'resource_list': ['0']}] + ControllerRemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from ControllerResourceGroup when + doing an update which requires removal of specific resources. + ComputeRemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from ComputeResourceGroup when + doing an update which requires removal of specific resources. + BlockStorageRemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from BlockStorageResourceGroup when + doing an update which requires removal of specific resources. + ObjectStorageRemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from ObjectStorageResourceGroup when + doing an update which requires removal of specific resources. + CephStorageRemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from CephStorageResourceGroup when + doing an update which requires removal of specific resources. + + +resources: + + HeatAuthEncryptionKey: + type: OS::Heat::RandomString + + PcsdPassword: + type: OS::Heat::RandomString + properties: + length: 16 + + HorizonSecret: + type: OS::Heat::RandomString + properties: + length: 10 + + EndpointMap: + type: OS::TripleO::EndpointMap + properties: + CloudName: {get_param: CloudName} + CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} + GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} + GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} + HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} + KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} + NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} + SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} + PublicVirtualIP: {get_attr: [VipMap, net_ip_map, external]} + + Controller: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: ControllerCount} + removal_policies: {get_param: ControllerRemovalPolicies} + resource_def: + type: OS::TripleO::Controller + properties: + AdminPassword: {get_param: AdminPassword} + AdminToken: {get_param: AdminToken} + CeilometerBackend: {get_param: CeilometerBackend} + CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} + CeilometerPassword: {get_param: CeilometerPassword} + CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} + CinderNfsMountOptions: {get_param: CinderNfsMountOptions} + CinderNfsServers: {get_param: CinderNfsServers} + CinderPassword: {get_param: CinderPassword} + CinderISCSIHelper: {get_param: CinderISCSIHelper} + CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} + CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} + CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} + CloudName: {get_param: CloudName} + CloudDomain: {get_param: CloudDomain} + ControlVirtualInterface: {get_param: ControlVirtualInterface} + ControllerExtraConfig: {get_param: controllerExtraConfig} + Debug: {get_param: Debug} + EnableFencing: {get_param: EnableFencing} + ManageFirewall: {get_param: ManageFirewall} + PurgeFirewallRules: {get_param: PurgeFirewallRules} + EnableGalera: {get_param: EnableGalera} + EnableCephStorage: {get_param: ControllerEnableCephStorage} + EnableSwiftStorage: {get_param: ControllerEnableSwiftStorage} + ExtraConfig: {get_param: ExtraConfig} + FencingConfig: {get_param: FencingConfig} + Flavor: {get_param: OvercloudControlFlavor} + GlancePassword: {get_param: GlancePassword} + GlanceBackend: {get_param: GlanceBackend} + GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy} + GlanceLogFile: {get_param: GlanceLogFile} + HAProxySyslogAddress: {get_param: HAProxySyslogAddress} + HeatPassword: {get_param: HeatPassword} + HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword} + HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} + HorizonAllowedHosts: {get_param: HorizonAllowedHosts} + HorizonSecret: {get_resource: HorizonSecret} + Image: {get_param: controllerImage} + ImageUpdatePolicy: {get_param: ImageUpdatePolicy} + KeyName: {get_param: KeyName} + KeystoneCACertificate: {get_param: KeystoneCACertificate} + KeystoneSigningCertificate: {get_param: KeystoneSigningCertificate} + KeystoneSigningKey: {get_param: KeystoneSigningKey} + KeystoneSSLCertificate: {get_param: KeystoneSSLCertificate} + KeystoneSSLCertificateKey: {get_param: KeystoneSSLCertificateKey} + KeystoneNotificationDriver: {get_param: KeystoneNotificationDriver} + KeystoneNotificationFormat: {get_param: KeystoneNotificationFormat} + MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]} + MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize} + MysqlMaxConnections: {get_param: MysqlMaxConnections} + MysqlRootPassword: {get_attr: [MysqlRootPassword, value]} + NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP} + NeutronFlatNetworks: {get_param: NeutronFlatNetworks} + NeutronBridgeMappings: {get_param: NeutronBridgeMappings} + NeutronExternalNetworkBridge: {get_param: NeutronExternalNetworkBridge} + NeutronEnableIsolatedMetadata: {get_param: NeutronEnableIsolatedMetadata} + NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} + NeutronEnableL2Pop: {get_param: NeutronEnableL2Pop} + NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges} + NeutronPublicInterface: {get_param: NeutronPublicInterface} + NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute} + NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} + NeutronPassword: {get_param: NeutronPassword} + NeutronDnsmasqOptions: {get_param: NeutronDnsmasqOptions} + NeutronDVR: {get_param: NeutronDVR} + NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} + NeutronAgentMode: {get_param: NeutronAgentMode} + NeutronCorePlugin: {get_param: NeutronCorePlugin} + NeutronServicePlugins: {get_param: NeutronServicePlugins} + NeutronTypeDrivers: {get_param: NeutronTypeDrivers} + NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers} + NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} + NeutronL3HA: {get_param: NeutronL3HA} + NeutronDhcpAgentsPerNetwork: {get_param: NeutronDhcpAgentsPerNetwork} + NeutronNetworkType: {get_param: NeutronNetworkType} + NeutronTunnelTypes: {get_param: NeutronTunnelTypes} + NovaPassword: {get_param: NovaPassword} + NtpServer: {get_param: NtpServer} + MongoDbNoJournal: {get_param: MongoDbNoJournal} + PcsdPassword: {get_resource: PcsdPassword} + PublicVirtualInterface: {get_param: PublicVirtualInterface} + RabbitPassword: {get_param: RabbitPassword} + RabbitUserName: {get_param: RabbitUserName} + RabbitCookie: {get_attr: [RabbitCookie, value]} + RabbitClientUseSSL: {get_param: RabbitClientUseSSL} + RabbitClientPort: {get_param: RabbitClientPort} + RabbitFDLimit: {get_param: RabbitFDLimit} + SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} + SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} + RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} + SwiftHashSuffix: {get_param: SwiftHashSuffix} + SwiftMountCheck: {get_param: SwiftMountCheck} + SwiftMinPartHours: {get_param: SwiftMinPartHours} + SwiftPartPower: {get_param: SwiftPartPower} + SwiftPassword: {get_param: SwiftPassword} + SwiftReplicas: { get_param: SwiftReplicas} + VirtualIP: {get_attr: [VipMap, net_ip_map, ctlplane]} # deprecated. Use per service VIP settings instead now. + PublicVirtualIP: {get_attr: [VipMap, net_ip_map, external]} + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} + HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} + GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} + GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} + NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} + SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} + MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} + NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} + UpdateIdentifier: {get_param: UpdateIdentifier} + Hostname: + str_replace: + template: {get_param: ControllerHostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + NodeIndex: '%index%' + + Compute: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: ComputeCount} + removal_policies: {get_param: ComputeRemovalPolicies} + resource_def: + type: OS::TripleO::Compute + properties: + AdminPassword: {get_param: AdminPassword} + CeilometerComputeAgent: {get_param: CeilometerComputeAgent} + CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} + CeilometerPassword: {get_param: CeilometerPassword} + CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} + CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} + Debug: {get_param: Debug} + ExtraConfig: {get_param: ExtraConfig} + Flavor: {get_param: OvercloudComputeFlavor} + GlanceHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} + Image: {get_param: NovaImage} + ImageUpdatePolicy: {get_param: ImageUpdatePolicy} + KeyName: {get_param: KeyName} + KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + NeutronBridgeMappings: {get_param: NeutronBridgeMappings} + NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} + NeutronEnableL2Pop : {get_param: NeutronEnableL2Pop} + NeutronFlatNetworks: {get_param: NeutronFlatNetworks} + NeutronHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} + NeutronNetworkType: {get_param: NeutronNetworkType} + NeutronTunnelTypes: {get_param: NeutronTunnelTypes} + NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges} + NeutronPassword: {get_param: NeutronPassword} + NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge} + NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface} + NeutronDVR: {get_param: NeutronDVR} + NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} + NeutronAgentMode: {get_param: NeutronComputeAgentMode} + NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} + NeutronCorePlugin: {get_param: NeutronCorePlugin} + NeutronServicePlugins: {get_param: NeutronServicePlugins} + NeutronTypeDrivers: {get_param: NeutronTypeDrivers} + NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers} + # L3 HA and Failover is not relevant for Computes, should be removed + NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} + NeutronL3HA: {get_param: NeutronL3HA} + NovaApiHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} + NovaComputeDriver: {get_param: NovaComputeDriver} + NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig} + NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType} + NovaComputeLibvirtVifDriver: {get_param: NovaComputeLibvirtVifDriver} + NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend} + NovaPublicIP: {get_attr: [VipMap, net_ip_map, external]} + NovaPassword: {get_param: NovaPassword} + NovaOVSBridge: {get_param: NovaOVSBridge} + NovaSecurityGroupAPI: {get_param: NovaSecurityGroupAPI} + NtpServer: {get_param: NtpServer} + RabbitHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} + RabbitPassword: {get_param: RabbitPassword} + RabbitUserName: {get_param: RabbitUserName} + RabbitClientUseSSL: {get_param: RabbitClientUseSSL} + RabbitClientPort: {get_param: RabbitClientPort} + SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} + SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + UpdateIdentifier: {get_param: UpdateIdentifier} + Hostname: + str_replace: + template: {get_param: ComputeHostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + CloudDomain: {get_param: CloudDomain} + + BlockStorage: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: BlockStorageCount} + removal_policies: {get_param: BlockStorageRemovalPolicies} + resource_def: + type: OS::TripleO::BlockStorage + properties: + Debug: {get_param: Debug} + Image: {get_param: BlockStorageImage} + CinderISCSIHelper: {get_param: CinderISCSIHelper} + CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} + # Purpose of the dedicated BlockStorage nodes should be to use their local LVM + CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} + CinderPassword: {get_param: CinderPassword} + KeyName: {get_param: KeyName} + Flavor: {get_param: OvercloudBlockStorageFlavor} + VirtualIP: {get_attr: [VipMap, net_ip_map, ctlplane]} + GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} + RabbitPassword: {get_param: RabbitPassword} + RabbitUserName: {get_param: RabbitUserName} + RabbitClientUseSSL: {get_param: RabbitClientUseSSL} + RabbitClientPort: {get_param: RabbitClientPort} + NtpServer: {get_param: NtpServer} + UpdateIdentifier: {get_param: UpdateIdentifier} + Hostname: + str_replace: + template: {get_param: BlockStorageHostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + ExtraConfig: {get_param: ExtraConfig} + BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig} + CloudDomain: {get_param: CloudDomain} + + ObjectStorage: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: ObjectStorageCount} + removal_policies: {get_param: ObjectStorageRemovalPolicies} + resource_def: + type: OS::TripleO::ObjectStorage + properties: + KeyName: {get_param: KeyName} + Flavor: {get_param: OvercloudSwiftStorageFlavor} + HashSuffix: {get_param: SwiftHashSuffix} + MountCheck: {get_param: SwiftMountCheck} + MinPartHours: {get_param: SwiftMinPartHours} + PartPower: {get_param: SwiftPartPower} + Image: {get_param: SwiftStorageImage} + Replicas: { get_param: SwiftReplicas} + NtpServer: {get_param: NtpServer} + UpdateIdentifier: {get_param: UpdateIdentifier} + ServiceNetMap: {get_param: ServiceNetMap} + Hostname: + str_replace: + template: {get_param: ObjectStorageHostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + ExtraConfig: {get_param: ExtraConfig} + ObjectStorageExtraConfig: {get_param: ObjectStorageExtraConfig} + CloudDomain: {get_param: CloudDomain} + + CephStorage: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: CephStorageCount} + removal_policies: {get_param: CephStorageRemovalPolicies} + resource_def: + type: OS::TripleO::CephStorage + properties: + Image: {get_param: CephStorageImage} + KeyName: {get_param: KeyName} + Flavor: {get_param: OvercloudCephStorageFlavor} + NtpServer: {get_param: NtpServer} + ServiceNetMap: {get_param: ServiceNetMap} + UpdateIdentifier: {get_param: UpdateIdentifier} + Hostname: + str_replace: + template: {get_param: CephStorageHostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + ExtraConfig: {get_param: ExtraConfig} + CephStorageExtraConfig: {get_param: CephStorageExtraConfig} + CloudDomain: {get_param: CloudDomain} + + ControllerIpListMap: + type: OS::TripleO::Network::Ports::NetIpListMap + properties: + ControlPlaneIpList: {get_attr: [Controller, ip_address]} + ExternalIpList: {get_attr: [Controller, external_ip_address]} + InternalApiIpList: {get_attr: [Controller, internal_api_ip_address]} + StorageIpList: {get_attr: [Controller, storage_ip_address]} + StorageMgmtIpList: {get_attr: [Controller, storage_mgmt_ip_address]} + TenantIpList: {get_attr: [Controller, tenant_ip_address]} + + allNodesConfig: + type: OS::TripleO::AllNodes::SoftwareConfig + properties: + compute_hosts: {get_attr: [Compute, hosts_entry]} + controller_hosts: {get_attr: [Controller, hosts_entry]} + controller_ips: {get_attr: [Controller, ip_address]} + block_storage_hosts: {get_attr: [BlockStorage, hosts_entry]} + object_storage_hosts: {get_attr: [ObjectStorage, hosts_entry]} + ceph_storage_hosts: {get_attr: [CephStorage, hosts_entry]} + controller_names: {get_attr: [Controller, hostname]} + rabbit_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} + mongo_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} + redis_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} + mysql_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + horizon_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} + heat_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} + swift_proxy_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} + ceilometer_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + nova_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} + nova_metadata_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} + glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} + glance_registry_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} + cinder_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} + neutron_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} + keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + + MysqlRootPassword: + type: OS::Heat::RandomString + properties: + length: 10 + + MysqlClusterUniquePart: + type: OS::Heat::RandomString + properties: + length: 10 + + RabbitCookie: + type: OS::Heat::RandomString + properties: + length: 20 + salt: {get_param: RabbitCookieSalt} + + # creates the network architecture + Networks: + type: OS::TripleO::Network + + ControlVirtualIP: + type: OS::Neutron::Port + depends_on: Networks + properties: + name: control_virtual_ip + network: {get_param: NeutronControlPlaneID} + fixed_ips: {get_param: ControlFixedIPs} + replacement_policy: AUTO + + RedisVirtualIP: + depends_on: Networks + type: OS::TripleO::Controller::Ports::RedisVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + ControlPlaneNetwork: {get_param: NeutronControlPlaneID} + PortName: redis_virtual_ip + NetworkName: {get_param: [ServiceNetMap, RedisNetwork]} + + # The public VIP is on the External net, falls back to ctlplane + PublicVirtualIP: + depends_on: Networks + type: OS::TripleO::Controller::Ports::ExternalPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + ControlPlaneNetwork: {get_param: NeutronControlPlaneID} + PortName: public_virtual_ip + FixedIPs: {get_param: PublicVirtualFixedIPs} + + InternalApiVirtualIP: + depends_on: Networks + type: OS::TripleO::Controller::Ports::InternalApiPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + PortName: internal_api_virtual_ip + + StorageVirtualIP: + depends_on: Networks + type: OS::TripleO::Controller::Ports::StoragePort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + PortName: storage_virtual_ip + + StorageMgmtVirtualIP: + depends_on: Networks + type: OS::TripleO::Controller::Ports::StorageMgmtPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + PortName: storage_management_virtual_ip + + VipMap: + type: OS::TripleO::Network::Ports::NetVipMap + properties: + ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} + InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} + StorageIp: {get_attr: [StorageVirtualIP, ip_address]} + StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]} + # No tenant VIP required + + VipConfig: + type: OS::TripleO::VipConfig + + VipDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_resource: VipConfig} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + input_values: + # service VIP mappings + keystone_admin_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + keystone_public_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + neutron_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} + cinder_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} + glance_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} + glance_registry_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} + swift_proxy_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} + nova_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} + nova_metadata_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} + ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} + horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} + redis_vip: {get_attr: [RedisVirtualIP, ip_address]} + mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} + # direct configuration of Virtual IPs for each network + control_virtual_ip: {get_attr: [VipMap, net_ip_map, ctlplane]} + public_virtual_ip: {get_attr: [VipMap, net_ip_map, external]} + internal_api_virtual_ip: {get_attr: [VipMap, net_ip_map, internal_api]} + storage_virtual_ip: {get_attr: [VipMap, net_ip_map, storage]} + storage_mgmt_virtual_ip: {get_attr: [VipMap, net_ip_map, storage_mgmt]} + + ControllerBootstrapNodeConfig: + type: OS::TripleO::BootstrapNode::SoftwareConfig + properties: + bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [Controller, resource.0.ip_address]} + + ControllerBootstrapNodeDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [ControllerBootstrapNodeConfig, config_id]} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + + ControllerSwiftDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + + ObjectStorageSwiftDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]} + servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + + SwiftDevicesAndProxyConfig: + type: OS::TripleO::SwiftDevicesAndProxy::SoftwareConfig + properties: + controller_swift_devices: {get_attr: [Controller, swift_device]} + object_store_swift_devices: {get_attr: [ObjectStorage, swift_device]} + controller_swift_proxy_memcaches: {get_attr: [Controller, swift_proxy_memcache]} + + ComputeCephDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [CephClusterConfig, config_id]} + servers: {get_attr: [Compute, attributes, nova_server_resource]} + + ControllerCephDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [CephClusterConfig, config_id]} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + + CephStorageCephDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [CephClusterConfig, config_id]} + servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + + CephClusterConfig: + type: OS::TripleO::CephClusterConfig::SoftwareConfig + properties: + ceph_storage_count: {get_param: CephStorageCount} + ceph_fsid: {get_param: CephClusterFSID} + ceph_mon_key: {get_param: CephMonKey} + ceph_admin_key: {get_param: CephAdminKey} + ceph_client_key: {get_param: CephClientKey} + ceph_external_mon_ips: {get_param: CephExternalMonHost} + ceph_mon_names: {get_attr: [Controller, hostname]} + ceph_mon_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + + ControllerClusterConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + corosync: + nodes: {get_attr: [Controller, corosync_node]} + horizon: + caches: + memcached: + nodes: {get_attr: [Controller, hostname]} + mysql: + nodes: {get_attr: [Controller, corosync_node]} + haproxy: + nodes: {get_attr: [Controller, corosync_node]} + + ControllerClusterDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_resource: ControllerClusterConfig} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + + ControllerAllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + + ComputeAllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [Compute, attributes, nova_server_resource]} + + BlockStorageAllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} + + ObjectStorageAllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + + CephStorageAllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + + # All Nodes Validations + AllNodesValidationConfig: + type: OS::TripleO::AllNodes::Validation + properties: + PingTestIps: + list_join: + - ' ' + - - {get_attr: [Controller, resource.0.external_ip_address]} + - {get_attr: [Controller, resource.0.internal_api_ip_address]} + - {get_attr: [Controller, resource.0.storage_ip_address]} + - {get_attr: [Controller, resource.0.storage_mgmt_ip_address]} + - {get_attr: [Controller, resource.0.tenant_ip_address]} + + ControllerAllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: ControllerAllNodesDeployment + properties: + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + + ComputeAllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: ComputeAllNodesDeployment + properties: + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [Compute, attributes, nova_server_resource]} + + BlockStorageAllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: BlockStorageAllNodesDeployment + properties: + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} + + ObjectStorageAllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: ObjectStorageAllNodesDeployment + properties: + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + + CephStorageAllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: CephStorageAllNodesDeployment + properties: + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + + # Optional ExtraConfig for all nodes - all roles are passed in here, but + # the nested template may configure each role differently (or not at all) + AllNodesExtraConfig: + type: OS::TripleO::AllNodesExtraConfig + properties: + controller_servers: {get_attr: [Controller, attributes, nova_server_resource]} + compute_servers: {get_attr: [Compute, attributes, nova_server_resource]} + blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} + objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + + # Nested stack deployment runs after all other controller deployments + ControllerNodesPostDeployment: + type: OS::TripleO::ControllerPostDeployment + depends_on: [ControllerBootstrapNodeDeployment, ControllerAllNodesDeployment, ControllerSwiftDeployment, ControllerCephDeployment] + properties: + servers: {get_attr: [Controller, attributes, nova_server_resource]} + NodeConfigIdentifiers: + allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} + controller_config: {get_attr: [Controller, attributes, config_identifier]} + deployment_identifier: {get_param: DeployIdentifier} + + ComputeNodesPostDeployment: + type: OS::TripleO::ComputePostDeployment + depends_on: [ComputeAllNodesDeployment, ComputeCephDeployment] + properties: + servers: {get_attr: [Compute, attributes, nova_server_resource]} + NodeConfigIdentifiers: + allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} + compute_config: {get_attr: [Compute, attributes, config_identifier]} + deployment_identifier: {get_param: DeployIdentifier} + + ObjectStorageNodesPostDeployment: + type: OS::TripleO::ObjectStoragePostDeployment + depends_on: [ObjectStorageSwiftDeployment, ObjectStorageAllNodesDeployment] + properties: + servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + NodeConfigIdentifiers: + allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} + objectstorage_config: {get_attr: [ObjectStorage, attributes, config_identifier]} + deployment_identifier: {get_param: DeployIdentifier} + + BlockStorageNodesPostDeployment: + type: OS::TripleO::BlockStoragePostDeployment + depends_on: [ControllerNodesPostDeployment, BlockStorageAllNodesDeployment] + properties: + servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} + NodeConfigIdentifiers: + allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} + blockstorage_config: {get_attr: [BlockStorage, attributes, config_identifier]} + deployment_identifier: {get_param: DeployIdentifier} + + CephStorageNodesPostDeployment: + type: OS::TripleO::CephStoragePostDeployment + depends_on: [ControllerNodesPostDeployment, CephStorageCephDeployment, CephStorageAllNodesDeployment] + properties: + servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + NodeConfigIdentifiers: + allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} + cephstorage_config: {get_attr: [CephStorage, attributes, config_identifier]} + deployment_identifier: {get_param: DeployIdentifier} + +outputs: + KeystoneURL: + description: URL for the Overcloud Keystone service + value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]} + KeystoneAdminVip: + description: Keystone Admin VIP endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + PublicVip: + description: Controller VIP for public API endpoints + value: {get_attr: [VipMap, net_ip_map, external]} + CeilometerInternalVip: + description: VIP for Ceilometer API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + CinderInternalVip: + description: VIP for Cinder API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} + GlanceInternalVip: + description: VIP for Glance API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} + HeatInternalVip: + description: VIP for Heat API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} + KeystoneInternalVip: + description: VIP for Keystone API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + NeutronInternalVip: + description: VIP for Neutron API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} + NovaInternalVip: + description: VIP for Nova API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} + SwiftInternalVip: + description: VIP for Swift Proxy internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 99265493..96198c3f 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -13,7 +13,7 @@ parameters: ceph_client_key: default: '' type: string - description: Ceph key used to create the 'openstack' user keyring. + description: Ceph key used to create the client user keyring. ceph_fsid: default: '' type: string @@ -27,6 +27,18 @@ parameters: type: comma_delimited_list ceph_mon_ips: type: comma_delimited_list + NovaRbdPoolName: + default: vms + type: string + CinderRbdPoolName: + default: volumes + type: string + GlanceRbdPoolName: + default: images + type: string + CephClientUserName: + default: openstack + type: string resources: CephClusterConfigImpl: @@ -65,15 +77,34 @@ resources: keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', cap_mon: 'allow profile bootstrap-osd' }, - client.openstack: { + client.CLIENT_USER: { secret: 'ADMIN_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' } }" params: + CLIENT_USER: {get_param: CephClientUserName} ADMIN_KEY: {get_param: ceph_admin_key} + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} + cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + ceph_client_user_name: {get_param: CephClientUserName} + ceph_pools: + - {get_param: CinderRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} outputs: config_id: diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 75294599..1dc20a50 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -22,8 +22,9 @@ parameters: constraints: - custom_constraint: nova.keypair NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -53,6 +54,17 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + CloudDomain: + default: '' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. resources: @@ -125,6 +137,7 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: CephStorage} + actions: {get_param: NetworkDeploymentActions} CephStorageDeployment: type: OS::Heat::StructuredDeployment @@ -133,11 +146,7 @@ resources: config: {get_resource: CephStorageConfig} server: {get_resource: CephStorage} input_values: - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} @@ -174,6 +183,13 @@ resources: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: CephStorageDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: CephStorage} + # Hook for site-specific additional pre-deployment config, e.g extra hieradata CephStorageExtraConfigPre: depends_on: CephStorageDeployment @@ -184,7 +200,7 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: CephStorageExtraConfigPre + depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: CephStorage} @@ -205,9 +221,10 @@ outputs: hosts_entry: value: str_replace: - template: "IP HOST.localdomain HOST" + template: "IP HOST.DOMAIN HOST" params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} HOST: {get_attr: [CephStorage, name]} nova_server_resource: description: Heat resource handle for the ceph storage server @@ -225,5 +242,6 @@ outputs: list_join: - ',' - - {get_attr: [CephStorageDeployment, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} - {get_attr: [CephStorageExtraConfigPre, deploy_stdout]} - {get_param: UpdateIdentifier} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 6a869219..f1d25e78 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -44,14 +44,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string KeyName: default: default description: Name of an existing EC2 KeyPair to enable SSH access to the instances @@ -83,8 +75,9 @@ parameters: type: string hidden: true NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -103,12 +96,29 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json GlanceApiVirtualIP: type: string default: '' MysqlVirtualIP: type: string default: '' + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + CloudDomain: + default: '' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. + resources: BlockStorage: @@ -180,6 +190,7 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: BlockStorage} + actions: {get_param: NetworkDeploymentActions} BlockStorageDeployment: type: OS::Heat::StructuredDeployment @@ -200,23 +211,12 @@ resources: cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} cinder_iscsi_helper: {get_param: CinderISCSIHelper} cinder_iscsi_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} + glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} @@ -264,10 +264,17 @@ resources: snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: BlockStorageDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: BlockStorage} + # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: BlockStorageDeployment + depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: BlockStorage} @@ -288,9 +295,10 @@ outputs: hosts_entry: value: str_replace: - template: "IP HOST.localdomain HOST" + template: "IP HOST.DOMAIN HOST" params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} HOST: {get_attr: [BlockStorage, name]} nova_server_resource: description: Heat resource handle for the block storage server @@ -311,4 +319,5 @@ outputs: list_join: - '' - - {get_attr: [BlockStorageDeployment, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} - {get_param: UpdateIdentifier} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 2b635357..c33373d1 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -51,14 +51,6 @@ parameters: GlanceHost: type: string default: '' # Has to be here because of the ignored empty value bug - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string Image: type: string default: overcloud-compute @@ -93,6 +85,11 @@ parameters: NeutronEnableTunnelling: type: string default: "True" + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" NeutronFlatNetworks: type: string default: 'datacentre' @@ -206,6 +203,10 @@ parameters: NovaComputeLibvirtType: type: string default: '' + NovaComputeLibvirtVifDriver: + default: '' + description: Libvirt VIF driver configuration for the network + type: string NovaEnableRbdBackend: default: false description: Whether to enable or not the Rbd backend for Nova @@ -218,9 +219,18 @@ parameters: NovaPublicIP: type: string default: '' # Has to be here because of the ignored empty value bug - NtpServer: + NovaOVSBridge: + default: 'br-int' + description: Name of integration bridge used by Open vSwitch type: string + NovaSecurityGroupAPI: + default: 'neutron' + description: The full class name of the security API class + type: string + NtpServer: default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list RabbitHost: type: string default: '' # Has to be here because of the ignored empty value bug @@ -261,6 +271,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json UpdateIdentifier: default: '' type: string @@ -270,6 +285,18 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + CloudDomain: + default: '' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. + resources: @@ -344,6 +371,7 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: NovaCompute} + actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} @@ -366,6 +394,7 @@ resources: - '"%{::osfamily}"' - common - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre + - nova_nuage_data # Optionally provided by ComputeExtraConfigPre datafiles: compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} @@ -386,12 +415,15 @@ resources: nova::rabbit_port: {get_input: rabbit_client_port} nova_compute_driver: {get_input: nova_compute_driver} nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} + nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver} nova_api_host: {get_input: nova_api_host} nova::compute::vncproxy_host: {get_input: nova_public_ip} nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} nova_password: {get_input: nova_password} nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} + nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge} + nova::network::neutron::security_group_api: {get_input: nova_security_group_api} ceilometer::debug: {get_input: debug} ceilometer::rabbit_userid: {get_input: rabbit_username} ceilometer::rabbit_password: {get_input: rabbit_password} @@ -406,7 +438,7 @@ resources: nova::glance_api_servers: {get_input: glance_api_servers} neutron::debug: {get_input: debug} neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_user} + neutron::rabbit_user: {get_input: rabbit_username} neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} neutron::rabbit_port: {get_input: rabbit_client_port} neutron_flat_networks: {get_input: neutron_flat_networks} @@ -420,10 +452,11 @@ resources: neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} neutron_bridge_mappings: {get_input: neutron_bridge_mappings} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} neutron_physical_bridge: {get_input: neutron_physical_bridge} neutron_public_interface: {get_input: neutron_public_interface} nova::network::neutron::neutron_admin_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_url} + nova::network::neutron::neutron_url: {get_input: neutron_internal_url} nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} neutron_router_distributed: {get_input: neutron_router_distributed} neutron_agent_mode: {get_input: neutron_agent_mode} @@ -449,31 +482,22 @@ resources: debug: {get_param: Debug} nova_compute_driver: {get_param: NovaComputeDriver} nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} + nova_compute_libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} nova_public_ip: {get_param: NovaPublicIP} nova_api_host: {get_param: NovaApiHost} nova_password: {get_param: NovaPassword} nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} + nova_ovs_bridge: {get_param: NovaOVSBridge} + nova_security_group_api: {get_param: NovaSecurityGroupAPI} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} ceilometer_compute_agent: {get_param: CeilometerComputeAgent} - ceilometer_agent_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0' + ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceHost} - - ':' - - {get_param: GlancePort} + glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} neutron_flat_networks: {get_param: NeutronFlatNetworks} neutron_host: {get_param: NeutronHost} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} @@ -505,6 +529,7 @@ resources: - {get_param: NeutronNetworkVLANRanges} neutron_bridge_mappings: {get_param: NeutronBridgeMappings} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} neutron_physical_bridge: {get_param: NeutronPhysicalBridge} neutron_public_interface: {get_param: NeutronPublicInterface} neutron_password: {get_param: NeutronPassword} @@ -530,31 +555,24 @@ resources: - {get_param: NeutronTypeDrivers} neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronHost} - - ':9696' - neutron_admin_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/v2.0' + neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]} + neutron_admin_auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri]} admin_password: {get_param: AdminPassword} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: NovaComputeDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: NovaCompute} + # Hook for site-specific additional pre-deployment config, e.g extra hieradata ComputeExtraConfigPre: depends_on: NovaComputeDeployment @@ -565,7 +583,7 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: ComputeExtraConfigPre + depends_on: [ComputeExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: NovaCompute} @@ -603,9 +621,10 @@ outputs: Server's IP address and hostname in the /etc/hosts format value: str_replace: - template: "IP HOST.localdomain HOST" + template: "IP HOST.DOMAIN HOST" params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} HOST: {get_attr: [NovaCompute, name]} nova_server_resource: description: Heat resource handle for the Nova compute server @@ -617,5 +636,6 @@ outputs: list_join: - ',' - - {get_attr: [NovaComputeDeployment, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} - {get_attr: [ComputeExtraConfigPre, deploy_stdout]} - {get_param: UpdateIdentifier} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 009199d4..2c1c18a3 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -106,6 +106,10 @@ parameters: default: true description: Whether to use Galera instead of regular MariaDB. type: boolean + EnableLoadBalancer: + default: true + description: Whether to deploy a LoadBalancer on the Controller + type: boolean EnableCephStorage: default: false description: Whether to deploy Ceph Storage (OSD) on the Controller @@ -170,14 +174,6 @@ parameters: description: The password for the glance service and db account, used by the glance services. type: string hidden: true - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string GlanceBackend: default: swift description: The short name of the Glance backend to use. Should be one @@ -286,6 +282,14 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the new ones. + type: boolean MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -326,6 +330,22 @@ parameters: default: 'dhcp-option-force=26,1400' description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. type: string + NeutronEnableDHCPAgent: + description: Knob to enable/disable DHCP Agent + type: boolean + default: true + NeutronEnableL3Agent: + description: Knob to enable/disable L3 agent + type: boolean + default: true + NeutronEnableMetadataAgent: + description: Knob to enable/disable Metadata agent + type: boolean + default: true + NeutronEnableOVSAgent: + description: Knob to enable/disable OVS Agent + type: boolean + default: true NeutronAgentMode: default: 'dvr_snat' description: Agent mode for the neutron-l3-agent on the controller hosts @@ -374,9 +394,18 @@ parameters: default: 'True' description: Allow automatic l3-agent failover type: string + NeutronEnableIsolatedMetadata: + default: 'False' + description: If True, DHCP provide metadata route to VM. + type: string NeutronEnableTunnelling: type: string default: "True" + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" NeutronFlatNetworks: type: string default: 'datacentre' @@ -458,8 +487,9 @@ parameters: description: Should MongoDb journaling be disabled type: boolean NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list PcsdPassword: type: string description: The password for the 'pcsd' user. @@ -512,20 +542,6 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true - SSLCACertificate: - default: '' - description: If set, the contents of an SSL certificate authority file. - type: string - SSLCertificate: - default: '' - description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. - type: string - hidden: true - SSLKey: - default: '' - description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. - type: string - hidden: true SwiftHashSuffix: default: unset description: A random string to be used as a salt when hashing to determine mappings @@ -590,6 +606,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json UpdateIdentifier: default: '' type: string @@ -599,6 +620,20 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + NodeIndex: + type: number + default: 0 + CloudDomain: + default: '' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. resources: @@ -695,10 +730,26 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: Controller} + actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: NetworkDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: Controller} + + # Resource for site-specific passing of private keys/certificates + NodeTLSData: + depends_on: NodeTLSCAData + type: OS::TripleO::NodeTLSData + properties: + server: {get_resource: Controller} + NodeIndex: {get_param: NodeIndex} + ControllerDeployment: type: OS::TripleO::SoftwareDeployment depends_on: NetworkDeployment @@ -708,6 +759,8 @@ resources: input_values: bootstack_nodeid: {get_attr: [Controller, name]} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} + neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} haproxy_log_address: {get_param: HAProxySyslogAddress} heat.watch_server_url: list_join: @@ -727,24 +780,6 @@ resources: - - 'http://' - {get_param: HeatApiVirtualIP} - ':8000/v1/waitcondition' - heat_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8004/v1/%(tenant_id)s' - heat_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIP} - - ':8004/v1/%(tenant_id)s' - heat_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIP} - - ':8004/v1/%(tenant_id)s' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} @@ -777,43 +812,7 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/cinder' - cinder_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8776/v1/%(tenant_id)s' - cinder_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v1/%(tenant_id)s' - cinder_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v1/%(tenant_id)s' - cinder_public_url_v2: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8776/v2/%(tenant_id)s' - cinder_internal_url_v2: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v2/%(tenant_id)s' - cinder_admin_url_v2: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v2/%(tenant_id)s' - glance_port: {get_param: GlancePort} + glance_port: {get_param: [EndpointMap, GlanceInternal, port]} glance_password: {get_param: GlancePassword} glance_backend: {get_param: GlanceBackend} glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} @@ -840,7 +839,6 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/heat' - keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]} keystone_ca_certificate: {get_param: KeystoneCACertificate} keystone_signing_key: {get_param: KeystoneSigningKey} keystone_signing_certificate: {get_param: KeystoneSigningCertificate} @@ -856,40 +854,18 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/keystone' - keystone_identity_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357' - keystone_auth_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0/' - keystone_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':5000' - keystone_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000' - keystone_ec2_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0/ec2tokens' + keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] } + keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} enable_galera: {get_param: EnableGalera} + enable_load_balancer: {get_param: EnableLoadBalancer} enable_ceph_storage: {get_param: EnableCephStorage} enable_swift_storage: {get_param: EnableSwiftStorage} + manage_firewall: {get_param: ManageFirewall} + purge_firewall_rules: {get_param: PurgeFirewallRules} mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} mysql_max_connections: {get_param: MysqlMaxConnections} mysql_root_password: {get_param: MysqlRootPassword} @@ -919,6 +895,10 @@ resources: list_join: - "','" - {get_param: NeutronTypeDrivers} + neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent} + neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent} + neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent} + neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent} neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron_l3_ha: {get_param: NeutronL3HA} @@ -965,30 +945,11 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/ovs_neutron?charset=utf8' - neutron_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronApiVirtualIP} - - ':9696' - neutron_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':9696' - neutron_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronApiVirtualIP} - - ':9696' - neutron_admin_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/v2.0' + neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } + neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] } + nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} @@ -1006,24 +967,6 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/ceilometer' - ceilometer_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8777' - ceilometer_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: CeilometerApiVirtualIP} - - ':8777' - ceilometer_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: CeilometerApiVirtualIP} - - ':8777' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} nova_password: {get_param: NovaPassword} @@ -1035,60 +978,6 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/nova' - nova_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8774/v2/%(tenant_id)s' - nova_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v2/%(tenant_id)s' - nova_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v2/%(tenant_id)s' - nova_v3_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8774/v3' - nova_v3_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v3' - nova_v3_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v3' - nova_ec2_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8773/services/Cloud' - nova_ec2_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8773/services/Cloud' - nova_ec2_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8773/services/Admin' fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} @@ -1105,11 +994,7 @@ resources: template: "'LIMIT'" params: LIMIT: {get_param: RabbitFDLimit} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} @@ -1118,42 +1003,6 @@ resources: swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} - swift_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8080/v1/AUTH_%(tenant_id)s' - swift_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080/v1/AUTH_%(tenant_id)s' - swift_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080' - swift_public_url_s3: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8080' - swift_internal_url_s3: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080' - swift_admin_url_s3: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080' enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} @@ -1162,39 +1011,8 @@ resources: cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} + glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} glance_registry_host: {get_param: GlanceRegistryVirtualIP} - glance_public_url: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: PublicVirtualIP} - - ':' - - {get_param: GlancePort} - glance_internal_url: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} - glance_admin_url: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} @@ -1243,6 +1061,7 @@ resources: - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre + - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre datafiles: controller_extraconfig: mapped_data: {get_param: ControllerExtraConfig} @@ -1267,6 +1086,7 @@ resources: # Pacemaker enable_fencing: {get_input: enable_fencing} + enable_load_balancer: {get_input: enable_load_balancer} hacluster_pwd: {get_input: pcsd_password} tripleo::fencing::config: {get_input: fencing_config} @@ -1281,14 +1101,6 @@ resources: tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} - swift::keystone::auth::public_url: {get_input: swift_public_url } - swift::keystone::auth::internal_url: {get_input: swift_internal_url } - swift::keystone::auth::admin_url: {get_input: swift_admin_url } - swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 } - swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 } - swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 } - swift::keystone::auth::password: {get_input: swift_password } - swift::keystone::auth::region: {get_input: keystone_region} # NOTE(dprince): build_ring support is currently not wired in. # See: https://review.openstack.org/#/c/109225/ @@ -1316,14 +1128,6 @@ resources: cinder::glance::glance_api_servers: {get_input: glance_api_servers} cinder_backend_config: {get_input: CinderBackendConfig} cinder::db::mysql::password: {get_input: cinder_password} - cinder::keystone::auth::public_url: {get_input: cinder_public_url } - cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } - cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } - cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 } - cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 } - cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 } - cinder::keystone::auth::password: {get_input: cinder_password } - cinder::keystone::auth::region: {get_input: keystone_region} # Glance glance::api::bind_port: {get_input: glance_port} @@ -1343,16 +1147,11 @@ resources: glance::registry::auth_uri: {get_input: keystone_auth_uri} glance::registry::identity_uri: {get_input: keystone_identity_uri} glance::registry::debug: {get_input: debug} - glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address} + glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri} glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_input: glance_password} glance_backend: {get_input: glance_backend} glance::db::mysql::password: {get_input: glance_password} - glance::keystone::auth::public_url: {get_input: glance_public_url } - glance::keystone::auth::internal_url: {get_input: glance_internal_url } - glance::keystone::auth::admin_url: {get_input: glance_admin_url } - glance::keystone::auth::password: {get_input: glance_password } - glance::keystone::auth::region: {get_input: keystone_region} glance_file_pcmk_device: {get_input: glance_file_pcmk_device} glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} @@ -1378,11 +1177,6 @@ resources: heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} - heat::keystone::auth::public_url: {get_input: heat_public_url } - heat::keystone::auth::internal_url: {get_input: heat_internal_url } - heat::keystone::auth::admin_url: {get_input: heat_admin_url } - heat::keystone::auth::password: {get_input: heat_password } - heat::keystone::auth::region: {get_input: keystone_region} # Keystone keystone::admin_token: {get_input: admin_token} @@ -1426,7 +1220,7 @@ resources: # Neutron neutron::bind_host: {get_input: neutron_api_network} neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_user} + neutron::rabbit_user: {get_input: rabbit_username} neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} neutron::rabbit_port: {get_input: rabbit_client_port} neutron::debug: {get_input: debug} @@ -1435,6 +1229,8 @@ resources: neutron::server::database_connection: {get_input: neutron_dsn} neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} + neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron_flat_networks: {get_input: neutron_flat_networks} neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} @@ -1443,6 +1239,10 @@ resources: neutron_router_distributed: {get_input: neutron_router_distributed} neutron::core_plugin: {get_input: neutron_core_plugin} neutron::service_plugins: {get_input: neutron_service_plugins} + neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent} + neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent} + neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent} + neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent} neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} @@ -1469,6 +1269,10 @@ resources: neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } neutron::keystone::auth::password: {get_input: neutron_password } neutron::keystone::auth::region: {get_input: keystone_region} + neutron::server::notifications::nova_url: {get_input: nova_internal_url} + neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url} + neutron::server::notifications::tenant_name: 'service' + neutron::server::notifications::password: {get_input: nova_password} # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} @@ -1484,14 +1288,9 @@ resources: ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address} + ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} ceilometer::db::mysql::password: {get_input: ceilometer_password} - ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url } - ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url } - ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url } - ceilometer::keystone::auth::password: {get_input: ceilometer_password } - ceilometer::keystone::auth::region: {get_input: keystone_region} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -1514,17 +1313,6 @@ resources: nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova::db::mysql::password: {get_input: nova_password} - nova::keystone::auth::public_url: {get_input: nova_public_url} - nova::keystone::auth::internal_url: {get_input: nova_internal_url} - nova::keystone::auth::admin_url: {get_input: nova_admin_url} - nova::keystone::auth::public_url_v3: {get_input: nova_v3_public_url} - nova::keystone::auth::internal_url_v3: {get_input: nova_v3_internal_url} - nova::keystone::auth::admin_url_v3: {get_input: nova_v3_admin_url} - nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url} - nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url} - nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url} - nova::keystone::auth::password: {get_input: nova_password } - nova::keystone::auth::region: {get_input: keystone_region} # Horizon apache::ip: {get_input: horizon_network} @@ -1538,9 +1326,14 @@ resources: rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} rabbitmq::file_limit: {get_input: rabbit_fd_limit} + rabbitmq::default_user: {get_input: rabbit_username} + rabbitmq::default_pass: {get_input: rabbit_password} # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} + # Firewall + tripleo::firewall::manage_firewall: {get_input: manage_firewall} + tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc memcached::listen_ip: {get_input: memcached_network} neutron_public_interface_ip: {get_input: neutron_public_interface_ip} @@ -1550,6 +1343,12 @@ resources: tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} + # NOTE(jaosorior): The service certificate configuration for + # HAProxy was left commented because to properly use this, we + # need to be able to set up the keystone endpoints. And + # currently that is not possible, but is being addressed by + # other commits. A subsequent commit will uncomment this. + #tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -1563,7 +1362,7 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: ControllerExtraConfigPre + depends_on: [ControllerExtraConfigPre, NodeTLSData] type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: Controller} @@ -1614,9 +1413,10 @@ outputs: Server's IP address and hostname in the /etc/hosts format value: str_replace: - template: IP HOST.localdomain HOST CLOUDNAME + template: IP HOST.DOMAIN HOST CLOUDNAME params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} HOST: {get_attr: [Controller, name]} CLOUDNAME: {get_param: CloudName} nova_server_resource: @@ -1643,5 +1443,13 @@ outputs: list_join: - ',' - - {get_attr: [ControllerDeployment, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} + - {get_attr: [NodeTLSData, deploy_stdout]} - {get_attr: [ControllerExtraConfigPre, deploy_stdout]} - {get_param: UpdateIdentifier} + tls_key_modulus_md5: + description: MD5 checksum of the TLS Key Modulus + value: {get_attr: [NodeTLSData, key_modulus_md5]} + tls_cert_modulus_md5: + description: MD5 checksum of the TLS Certificate Modulus + value: {get_attr: [NodeTLSData, cert_modulus_md5]} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 62907104..7cefc24b 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -29,6 +29,18 @@ parameters: type: comma_delimited_list ceph_mon_ips: type: comma_delimited_list + NovaRbdPoolName: + default: vms + type: string + CinderRbdPoolName: + default: volumes + type: string + GlanceRbdPoolName: + default: images + type: string + CephClientUserName: + default: openstack + type: string resources: CephClusterConfigImpl: @@ -47,16 +59,34 @@ resources: ceph::profile::params::client_keys: str_replace: template: "{ - client.openstack: { + client.CLIENT_USER: { secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' } }" params: + CLIENT_USER: {get_param: CephClientUserName} CLIENT_KEY: {get_param: ceph_client_key} - + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} + cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + ceph_client_user_name: {get_param: CephClientUserName} + ceph_pools: + - {get_param: CinderRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} outputs: config_id: diff --git a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml new file mode 100644 index 00000000..96368e37 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml @@ -0,0 +1,92 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Nuage configuration on the Compute + +parameters: + server: + description: ID of the compute node to apply this config to + type: string + + NuageActiveController: + description: IP address of the Active Virtualized Services Controller (VSC) + type: string + NuageStandbyController: + description: IP address of the Standby Virtualized Services Controller (VSC) + type: string + NuageMetadataPort: + description: TCP Port to listen for metadata server requests + type: string + default: '9697' + NuageNovaMetadataPort: + description: TCP Port used by Nova metadata server + type: string + default: '8775' + NuageMetadataProxySharedSecret: + description: Shared secret to sign the instance-id request + type: string + NuageNovaClientVersion: + description: Client Version Nova + type: string + default: '2' + NuageNovaOsUsername: + description: Nova username in keystone_authtoken + type: string + default: 'nova' + NuageMetadataAgentStartWithOvs: + description: Set to True if nuage-metadata-agent needs to be started with nuage-openvswitch-switch + type: string + default: 'True' + NuageNovaApiEndpoint: + description: One of publicURL, internalURL, adminURL in "keystone endpoint-list" + type: string + default: 'publicURL' + NuageNovaRegionName: + description: Region name in "keystone endpoint-list" + type: string + default: 'regionOne' + +# Declaration of resources for the template. +resources: + NovaNuageConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + nova_nuage_data: + mapped_data: + nuage::vrs::active_controller: {get_input: ActiveController} + nuage::vrs::standby_controller: {get_input: StandbyController} + nuage::metadataagent::metadata_port: {get_input: MetadataPort} + nuage::metadataagent::nova_metadata_port: {get_input: NovaMetadataPort} + nuage::metadataagent::metadata_secret: {get_input: SharedSecret} + nuage::metadataagent::nova_client_version: {get_input: NovaClientVersion} + nuage::metadataagent::nova_os_username: {get_input: NovaOsUsername} + nuage::metadataagent::metadata_agent_start_with_ovs: {get_input: MetadataAgentStartWithOvs} + nuage::metadataagent::nova_api_endpoint_type: {get_input: NovaApiEndpointType} + nuage::metadataagent::nova_region_name: {get_input: NovaRegionName} + + NovaNuageDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: NovaNuageConfig} + server: {get_param: server} + input_values: + ActiveController: {get_param: NuageActiveController} + StandbyController: {get_param: NuageStandbyController} + MetadataPort: {get_param: NuageMetadataPort} + NovaMetadataPort: {get_param: NuageNovaMetadataPort} + SharedSecret: {get_param: NuageMetadataProxySharedSecret} + NovaClientVersion: {get_param: NuageNovaClientVersion} + NovaOsUsername: {get_param: NuageNovaOsUsername} + MetadataAgentStartWithOvs: {get_param: NuageMetadataAgentStartWithOvs} + NovaApiEndpointType: {get_param: NuageNovaApiEndpoint} + NovaRegionName: {get_param: NuageNovaRegionName} + +# Specify output parameters that will be available +# after the template is instantiated. +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [NovaNuageDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml new file mode 100644 index 00000000..60f02bf8 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml @@ -0,0 +1,83 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Nuage configuration on the Controller + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + + # Config specific parameters, to be provided via parameter_defaults + NeutronNuageOSControllerIp: + description: IP address of the OpenStack Controller + type: string + + NeutronNuageNetPartitionName: + description: Specifies the title that you will see on the VSD + type: string + default: 'default_name' + + NeutronNuageVSDIp: + description: IP address and port of the Virtual Services Directory + type: string + + NeutronNuageVSDUsername: + description: Username to be used to log into VSD + type: string + + NeutronNuageVSDPassword: + description: Password to be used to log into VSD + type: string + + NeutronNuageVSDOrganization: + description: Organization parameter required to log into VSD + type: string + default: 'organization' + + NeutronNuageBaseURIVersion: + description: URI version to be used based on the VSD release + type: string + default: 'default_uri_version' + + NeutronNuageCMSId: + description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD + type: string + +resources: + NeutronNuageConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_nuage_data: + mapped_data: + neutron::plugins::nuage::nuage_oscontroller_ip: {get_input: NuageOSControllerIp} + neutron::plugins::nuage::nuage_net_partition_name: {get_input: NuageNetPartitionName} + neutron::plugins::nuage::nuage_vsd_ip: {get_input: NuageVSDIp} + neutron::plugins::nuage::nuage_vsd_username: {get_input: NuageVSDUsername} + neutron::plugins::nuage::nuage_vsd_password: {get_input: NuageVSDPassword} + neutron::plugins::nuage::nuage_vsd_organization: {get_input: NuageVSDOrganization} + neutron::plugins::nuage::nuage_base_uri_version: {get_input: NuageBaseURIVersion} + neutron::plugins::nuage::nuage_cms_id: {get_input: NuageCMSId} + + NeutronNuageDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: NeutronNuageConfig} + server: {get_param: server} + input_values: + NuageOSControllerIp: {get_param: NeutronNuageOSControllerIp} + NuageNetPartitionName: {get_param: NeutronNuageNetPartitionName} + NuageVSDIp: {get_param: NeutronNuageVSDIp} + NuageVSDUsername: {get_param: NeutronNuageVSDUsername} + NuageVSDPassword: {get_param: NeutronNuageVSDPassword} + NuageVSDOrganization: {get_param: NeutronNuageVSDOrganization} + NuageBaseURIVersion: {get_param: NeutronNuageBaseURIVersion} + NuageCMSId: {get_param: NeutronNuageCMSId} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [NeutronNuageDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml new file mode 100644 index 00000000..7e34f071 --- /dev/null +++ b/puppet/extraconfig/tls/ca-inject.yaml @@ -0,0 +1,66 @@ +heat_template_version: 2015-04-30 + +description: > + This is a template which will inject the trusted anchor. + +parameters: + # Can be overriden via parameter_defaults in the environment + SSLRootCertificate: + description: > + The content of a CA's SSL certificate file in PEM format. + This is evaluated on the client side. + type: string + SSLRootCertificatePath: + default: '/etc/pki/ca-trust/source/anchors/ca.crt.pem' + description: > + The filepath of the root certificate as it will be stored in the nodes. + Note that the path has to be one that can be picked up by the update + trust anchor command. e.g. in RHEL it would be + /etc/pki/ca-trust/source/anchors/ca.crt.pem + type: string + UpdateTrustAnchorsCommand: + default: update-ca-trust extract + description: > + command that will be executed to update the trust anchors. + type: string + + # Passed in by controller.yaml + server: + description: ID of the node to apply this config to + type: string + +resources: + CAConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: cacert_path + - name: cacert_content + - name: update_anchor_command + outputs: + - name: root_cert_md5sum + config: | + #!/bin/sh + cat > ${cacert_path} << EOF + ${cacert_content} + EOF + chmod 0440 ${cacert_path} + chown root:root ${cacert_path} + ${update_anchor_command} + md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum + + CADeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: CAConfig} + server: {get_param: server} + input_values: + cacert_path: {get_param: SSLRootCertificatePath} + cacert_content: {get_param: SSLRootCertificate} + update_anchor_command: {get_param: UpdateTrustAnchorsCommand} + +outputs: + deploy_stdout: + description: Deployment reference + value: {get_attr: [CADeployment, root_cert_md5sum]} diff --git a/puppet/extraconfig/tls/no-ca.yaml b/puppet/extraconfig/tls/no-ca.yaml new file mode 100644 index 00000000..5862a85c --- /dev/null +++ b/puppet/extraconfig/tls/no-ca.yaml @@ -0,0 +1,17 @@ +heat_template_version: 2015-04-30 + +description: > + This is a default no-op template which can be passed to the + OS::Nova::Server resources. This template can be replaced with + a different implementation via the resource registry, such that + deployers may customize their configuration. + +parameters: + server: # Here for compatibility with controller.yaml + description: ID of the controller node to apply this config to + type: string + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: 'Root CA cert injection not enabled.' diff --git a/puppet/extraconfig/tls/no-tls.yaml b/puppet/extraconfig/tls/no-tls.yaml new file mode 100644 index 00000000..a2b5c569 --- /dev/null +++ b/puppet/extraconfig/tls/no-tls.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2015-04-30 + +description: > + This is a default no-op template. This defines the parameters that + need to be passed in order to have TLS enabled in the controller + nodes. This template can be replaced with a different + implementation via the resource registry, such that deployers + may customize their configuration. + +parameters: + DeployedSSLCertificatePath: + default: '' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string + NodeIndex: # Here for compatibility with puppet/controller.yaml + default: 0 + type: number + server: # Here for compatibility with puppet/controller.yaml + description: ID of the controller node to apply this config to + type: string + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: 'TLS not enabled.' + deployed_ssl_certificate_path: + value: '' + key_modulus_md5: + description: Key SSL Modulus + value: '' + cert_modulus_md5: + description: Certificate SSL Modulus + value: '' diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml new file mode 100644 index 00000000..ce524ba9 --- /dev/null +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -0,0 +1,93 @@ +heat_template_version: 2015-04-30 + +description: > + This is a template which will build the TLS Certificates necessary + for the load balancer using the given parameters. + +parameters: + # Can be overriden via parameter_defaults in the environment + SSLCertificate: + description: > + The content of the SSL certificate (without Key) in PEM format. + type: string + SSLIntermediateCertificate: + default: '' + description: > + The content of an SSL intermediate CA certificate in PEM format. + type: string + SSLKey: + description: > + The content of the SSL Key in PEM format. + type: string + hidden: true + + # Can be overriden by parameter_defaults if the user wants to try deploying + # this in a distro that doesn't support this path. + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string + + # Passed in by the controller + NodeIndex: + default: 0 + type: number + server: + description: ID of the controller node to apply this config to + type: string + +resources: + ControllerTLSConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: cert_path + - name: cert_chain_content + outputs: + - name: chain_md5sum + - name: cert_modulus + - name: key_modulus + config: | + #!/bin/sh + cat > ${cert_path} << EOF + ${cert_chain_content} + EOF + chmod 0440 ${cert_path} + chown root:haproxy ${cert_path} + md5sum ${cert_path} > ${heat_outputs_path}.chain_md5sum + openssl x509 -noout -modulus -in ${cert_path} \ + | openssl md5 | cut -c 10- \ + > ${heat_outputs_path}.cert_modulus + openssl rsa -noout -modulus -in ${cert_path} \ + | openssl md5 | cut -c 10- \ + > ${heat_outputs_path}.key_modulus + + ControllerTLSDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: ControllerTLSConfig} + server: {get_param: server} + input_values: + cert_path: {get_param: DeployedSSLCertificatePath} + cert_chain_content: + list_join: + - '' + - - {get_param: SSLCertificate} + - {get_param: SSLIntermediateCertificate} + - {get_param: SSLKey} + +outputs: + deploy_stdout: + description: Deployment reference + value: {get_attr: [ControllerTLSDeployment, chain_md5sum]} + deployed_ssl_certificate_path: + description: The location that the TLS certificate was deployed to. + value: {get_param: DeployedSSLCertificatePath} + key_modulus_md5: + description: MD5 checksum of the Key SSL Modulus + value: {get_attr: [ControllerTLSDeployment, key_modulus]} + cert_modulus_md5: + description: MD5 checksum of the Certificate SSL Modulus + value: {get_attr: [ControllerTLSDeployment, cert_modulus]} diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index 18a48622..1e480e60 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -1,17 +1,12 @@ ceph::profile::params::osd_journal_size: 1024 -ceph::profile::params::osd_pool_default_pg_num: 128 -ceph::profile::params::osd_pool_default_pgp_num: 128 +ceph::profile::params::osd_pool_default_pg_num: 32 +ceph::profile::params::osd_pool_default_pgp_num: 32 ceph::profile::params::osd_pool_default_size: 3 ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::osds: {/srv/data: {}} ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx -ceph_pools: - - volumes - - vms - - images - ceph_classes: [] ceph_osd_selinux_permissive: true diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 030f661d..95f5ccb8 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -9,8 +9,6 @@ ceilometer::agent::auth::auth_tenant_name: 'admin' nova::network::neutron::neutron_admin_tenant_name: 'service' nova::network::neutron::neutron_admin_username: 'neutron' -nova::network::neutron::vif_plugging_is_fatal: false -nova::network::neutron::vif_plugging_timeout: 30 nova::network::neutron::dhcp_domain: '' neutron::allow_overlapping_ips: true diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 16aeb98c..fa8dcc81 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -10,11 +10,14 @@ nova::compute::vnc_enabled: true nova::compute::libvirt::vncserver_listen: '0.0.0.0' nova::compute::libvirt::migration_support: true -nova::compute::rbd::libvirt_rbd_user: 'openstack' -nova::compute::rbd::rbd_keyring: 'client.openstack' -nova::compute::rbd::libvirt_images_rbd_pool: 'vms' nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" +# Changing the default from 512MB. The current templates can not deploy +# overclouds with swap. On an idle compute node, we see ~1024MB of RAM +# used. 2048 is suggested to account for other possible operations for +# example openvswitch. +nova::compute::reserved_host_memory: 2048 + ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 07bfe543..f42ddf6c 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -39,13 +39,6 @@ cinder::api::keystone_tenant: 'service' swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' -glance::keystone::auth::tenant: 'service' -nova::keystone::auth::tenant: 'service' -neutron::keystone::auth::tenant: 'service' -cinder::keystone::auth::tenant: 'service' -swift::keystone::auth::tenant: 'service' -ceilometer::keystone::auth::tenant: 'service' -heat::keystone::auth::tenant: 'service' # keystone keystone::cron::token_flush::maxdelay: 3600 @@ -67,13 +60,10 @@ swift::proxy::pipeline: - 'proxy-server' swift::proxy::account_autocreate: true -swift::keystone::auth::configure_s3_endpoint: false -swift::keystone::auth::operator_roles: - - admin - - swiftoperator # glance glance::api::pipeline: 'keystone' +glance::api::show_image_direct_url: true glance::registry::pipeline: 'keystone' glance::backend::swift::swift_store_create_container_on_put: true glance::backend::rbd::rbd_store_user: 'openstack' @@ -88,7 +78,6 @@ nova::notify_on_state_change: 'vm_and_task_state' nova::api::default_floating_pool: 'public' nova::api::osapi_v3: true nova::scheduler::filter::ram_allocation_ratio: '1.0' -nova::keystone::auth::configure_ec2_endpoint: false # ceilometer ceilometer::agent::auth::auth_endpoint_type: 'internalURL' @@ -138,3 +127,109 @@ tripleo::loadbalancer::heat_cfn: true tripleo::loadbalancer::horizon: true controller_classes: [] +# firewall +tripleo::firewall::firewall_rules: + '101 mongodb_config': + port: 27019 + '102 mongodb_sharding': + port: 27018 + '103 mongod': + port: 27017 + '104 mysql galera': + port: + - 873 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 + '105 ntp': + port: 123 + proto: udp + '106 vrrp': + proto: vrrp + '107 haproxy stats': + port: 1993 + '108 redis': + port: + - 6379 + - 26379 + '109 rabbitmq': + port: + - 5672 + - 35672 + '110 ceph': + port: + - 6789 + - '6800-6810' + '111 keystone': + port: + - 5000 + - 13000 + - 35357 + - 13357 + '112 glance': + port: + - 9292 + - 9191 + - 13292 + '113 nova': + port: + - 6080 + - 13080 + - 8773 + - 3773 + - 8774 + - 13774 + - 8775 + '114 neutron server': + port: + - 9696 + - 13696 + '115 neutron dhcp input': + proto: 'udp' + port: 67 + '116 neutron dhcp output': + proto: 'udp' + chain: 'OUTPUT' + port: 68 + '118 neutron vxlan networks': + proto: 'udp' + port: 4789 + '119 cinder': + port: + - 8776 + - 13776 + '120 iscsi initiator': + port: 3260 + '121 memcached': + port: 11211 + '122 swift proxy': + port: + - 8080 + - 13808 + '123 swift storage': + port: + - 873 + - 6000 + - 6001 + - 6002 + '124 ceilometer': + port: + - 8777 + - 13777 + '125 heat': + port: + - 8000 + - 13800 + - 8003 + - 13003 + - 8004 + - 13004 + '126 horizon': + port: + - 80 + - 443 + '127 snmp': + port: 161 + proto: 'udp' diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 51f5e88d..7f8970cc 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -14,6 +14,7 @@ # under the License. include ::tripleo::packages +include ::tripleo::firewall create_resources(sysctl::value, hiera('sysctl_settings'), {}) diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 4c927569..f3a02eba 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -14,6 +14,7 @@ # under the License. include ::tripleo::packages +include ::tripleo::firewall create_resources(sysctl::value, hiera('sysctl_settings'), {}) @@ -49,8 +50,9 @@ if $rbd_ephemeral_storage or $rbd_persistent_storage { include ::ceph::profile::client $client_keys = hiera('ceph::profile::params::client_keys') + $client_user = join(['client.', hiera('ceph_client_user_name')]) class { '::nova::compute::rbd': - libvirt_rbd_secret_key => $client_keys['client.openstack']['secret'], + libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], } } @@ -69,20 +71,35 @@ include ::nova::compute::libvirt include ::nova::network::neutron include ::neutron -class { '::neutron::plugins::ml2': - flat_networks => split(hiera('neutron_flat_networks'), ','), - tenant_network_types => [hiera('neutron_tenant_network_type')], -} +# If the value of core plugin is set to 'nuage', +# include nuage agent, +# else use the default value of 'ml2' +if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { + include ::nuage::vrs + include ::nova::compute::neutron + + class { '::nuage::metadataagent': + nova_os_tenant_name => hiera('nova::api::admin_tenant_name'), + nova_os_password => hiera('nova_password'), + nova_metadata_ip => hiera('nova_metadata_node_ips'), + nova_auth_ip => hiera('keystone_public_api_virtual_ip'), + } +} else { + class { '::neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), + tenant_network_types => [hiera('neutron_tenant_network_type')], + } -class { '::neutron::agents::ml2::ovs': - bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), - tunnel_types => split(hiera('neutron_tunnel_types'), ','), -} + class { '::neutron::agents::ml2::ovs': + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), + } -if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + class { '::neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } } } diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 14044789..a8abbb77 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -14,6 +14,9 @@ # under the License. include ::tripleo::packages +include ::tripleo::firewall + +$enable_load_balancer = hiera('enable_load_balancer', true) if hiera('step') >= 1 { @@ -21,9 +24,11 @@ if hiera('step') >= 1 { $controller_node_ips = split(hiera('controller_node_ips'), ',') - class { '::tripleo::loadbalancer' : - controller_hosts => $controller_node_ips, - manage_vip => true, + if $enable_load_balancer { + class { '::tripleo::loadbalancer' : + controller_hosts => $controller_node_ips, + manage_vip => true, + } } } @@ -227,64 +232,73 @@ if hiera('step') >= 3 { include ::neutron include ::neutron::server - include ::neutron::agents::l3 - include ::neutron::agents::dhcp - include ::neutron::agents::metadata + include ::neutron::server::notifications - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], - } + # If the value of core plugin is set to 'nuage', + # include nuage core plugin, + # else use the default value of 'ml2' + if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { + include ::neutron::plugins::nuage + } else { + include ::neutron::agents::l3 + include ::neutron::agents::dhcp + include ::neutron::agents::metadata + + file { '/etc/neutron/dnsmasq-neutron.conf': + content => hiera('neutron_dnsmasq_options'), + owner => 'neutron', + group => 'neutron', + notify => Service['neutron-dhcp-service'], + require => Package['neutron'], + } - class { '::neutron::plugins::ml2': - flat_networks => split(hiera('neutron_flat_networks'), ','), - tenant_network_types => [hiera('neutron_tenant_network_type')], - mechanism_drivers => [hiera('neutron_mechanism_drivers')], - } - class { '::neutron::agents::ml2::ovs': - bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), - tunnel_types => split(hiera('neutron_tunnel_types'), ','), - } - if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus1000v + class { '::neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), + tenant_network_types => [hiera('neutron_tenant_network_type')], + mechanism_drivers => [hiera('neutron_mechanism_drivers')], + } + class { '::neutron::agents::ml2::ovs': + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), + } + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::nexus1000v - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), + class { '::neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } + + class { '::n1k_vsm': + n1kv_source => hiera('n1kv_vsm_source', undef), + n1kv_version => hiera('n1kv_vsm_version', undef), + pacemaker_control => false, + } } - class { '::n1k_vsm': - n1kv_source => hiera('n1kv_vsm_source', undef), - n1kv_version => hiera('n1kv_vsm_version', undef), - pacemaker_control => false, + if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::ucsm + } + if 'cisco_nexus' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::nexus + include ::neutron::plugins::ml2::cisco::type_nexus_vxlan } - } - if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::ucsm - } - if 'cisco_nexus' in hiera('neutron_mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus - include ::neutron::plugins::ml2::cisco::type_nexus_vxlan - } + if hiera('neutron_enable_bigswitch_ml2', false) { + include ::neutron::plugins::ml2::bigswitch::restproxy + } + neutron_l3_agent_config { + 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); + } + neutron_dhcp_agent_config { + 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); + } - if hiera('neutron_enable_bigswitch_ml2', false) { - include ::neutron::plugins::ml2::bigswitch::restproxy - } - neutron_l3_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); + Service['neutron-server'] -> Service['neutron-dhcp-service'] + Service['neutron-server'] -> Service['neutron-l3'] + Service['neutron-server'] -> Service['neutron-ovs-agent-service'] + Service['neutron-server'] -> Service['neutron-metadata'] } - neutron_dhcp_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } - - Service['neutron-server'] -> Service['neutron-dhcp-service'] - Service['neutron-server'] -> Service['neutron-l3'] - Service['neutron-server'] -> Service['neutron-ovs-agent-service'] - Service['neutron-server'] -> Service['neutron-metadata'] include ::cinder include ::cinder::api @@ -307,16 +321,14 @@ if hiera('step') >= 3 { if $enable_ceph { - Ceph_pool { + $ceph_pools = hiera('ceph_pools') + ceph::pool { $ceph_pools : pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), size => hiera('ceph::profile::params::osd_pool_default_size'), } - $ceph_pools = hiera('ceph_pools') - ceph::pool { $ceph_pools : } - - $cinder_pool_requires = [Ceph::Pool['volumes']] + $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] } else { $cinder_pool_requires = [] @@ -326,8 +338,8 @@ if hiera('step') >= 3 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : - rbd_pool => 'volumes', - rbd_user => 'openstack', + rbd_pool => hiera('cinder_rbd_pool_name'), + rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), require => $cinder_pool_requires, } @@ -381,7 +393,7 @@ if hiera('step') >= 3 { package {'nfs-utils': } -> cinder::backend::nfs { $cinder_nfs_backend : nfs_servers => hiera('cinder_nfs_servers'), - nfs_mount_options => hiera('cinder_nfs_mount_options'), + nfs_mount_options => hiera('cinder_nfs_mount_options',''), nfs_shares_config => '/etc/cinder/shares-nfs.conf', } } @@ -485,15 +497,6 @@ if hiera('step') >= 3 { if hiera('step') >= 4 { include ::keystone::cron::token_flush - - include ::ceilometer::keystone::auth - include ::cinder::keystone::auth - include ::glance::keystone::auth - include ::heat::keystone::auth - include ::neutron::keystone::auth - include ::nova::keystone::auth - include ::swift::keystone::auth - } #END STEP 4 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 5cadc6dd..8459f1a3 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -19,6 +19,7 @@ Pcmk_resource <| |> { } include ::tripleo::packages +include ::tripleo::firewall if $::hostname == downcase(hiera('bootstrap_nodeid')) { $pacemaker_master = true @@ -29,6 +30,7 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) { } $enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5 +$enable_load_balancer = hiera('enable_load_balancer', true) # When to start and enable services which haven't been Pacemakerized # FIXME: remove when we start all OpenStack services using Pacemaker @@ -45,12 +47,14 @@ if hiera('step') >= 1 { $controller_node_ips = split(hiera('controller_node_ips'), ',') $controller_node_names = split(downcase(hiera('controller_node_names')), ',') - class { '::tripleo::loadbalancer' : - controller_hosts => $controller_node_ips, - controller_hosts_names => $controller_node_names, - manage_vip => false, - mysql_clustercheck => true, - haproxy_service_manage => false, + if $enable_load_balancer { + class { '::tripleo::loadbalancer' : + controller_hosts => $controller_node_ips, + controller_hosts_names => $controller_node_names, + manage_vip => false, + mysql_clustercheck => true, + haproxy_service_manage => false, + } } $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) @@ -74,11 +78,11 @@ if hiera('step') >= 1 { Class['tripleo::fencing'] -> Class['pacemaker::stonith'] } - # FIXME(gfidente): sets 90secs as default start timeout op + # FIXME(gfidente): sets 100secs as default start timeout op # param; until we can use pcmk global defaults we'll still # need to add it to every resource which redefines op params Pacemaker::Resource::Service { - op_params => 'start timeout=90s', + op_params => 'start timeout=100s stop timeout=100s', } # Only configure RabbitMQ in this step, don't start it yet to @@ -178,156 +182,160 @@ if hiera('step') >= 2 { if $pacemaker_master { - include ::pacemaker::resource_defaults - - # FIXME: we should not have to access tripleo::loadbalancer class - # parameters here to configure pacemaker VIPs. The configuration - # of pacemaker VIPs could move into puppet-tripleo or we should - # make use of less specific hiera parameters here for the settings. - pacemaker::resource::service { 'haproxy': - clone_params => true, - } + if $enable_load_balancer { - $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip') - pacemaker::resource::ip { 'control_vip': - ip_address => $control_vip, - } - pacemaker::constraint::base { 'control_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${control_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['control_vip']], - } - pacemaker::constraint::colocation { 'control_vip-with-haproxy': - source => "ip-${control_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['control_vip']], - } + include ::pacemaker::resource_defaults - $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip') - if $public_vip and $public_vip != $control_vip { - pacemaker::resource::ip { 'public_vip': - ip_address => $public_vip, - } - pacemaker::constraint::base { 'public_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${public_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['public_vip']], - } - pacemaker::constraint::colocation { 'public_vip-with-haproxy': - source => "ip-${public_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['public_vip']], + # FIXME: we should not have to access tripleo::loadbalancer class + # parameters here to configure pacemaker VIPs. The configuration + # of pacemaker VIPs could move into puppet-tripleo or we should + # make use of less specific hiera parameters here for the settings. + pacemaker::resource::service { 'haproxy': + clone_params => true, } - } - $redis_vip = hiera('redis_vip') - if $redis_vip and $redis_vip != $control_vip { - pacemaker::resource::ip { 'redis_vip': - ip_address => $redis_vip, + $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip') + pacemaker::resource::ip { 'control_vip': + ip_address => $control_vip, } - pacemaker::constraint::base { 'redis_vip-then-haproxy': + pacemaker::constraint::base { 'control_vip-then-haproxy': constraint_type => 'order', - first_resource => "ip-${redis_vip}", + first_resource => "ip-${control_vip}", second_resource => 'haproxy-clone', first_action => 'start', second_action => 'start', constraint_params => 'kind=Optional', require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['redis_vip']], + Pacemaker::Resource::Ip['control_vip']], } - pacemaker::constraint::colocation { 'redis_vip-with-haproxy': - source => "ip-${redis_vip}", + pacemaker::constraint::colocation { 'control_vip-with-haproxy': + source => "ip-${control_vip}", target => 'haproxy-clone', score => 'INFINITY', require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['redis_vip']], + Pacemaker::Resource::Ip['control_vip']], } - } - $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip') - if $internal_api_vip and $internal_api_vip != $control_vip { - pacemaker::resource::ip { 'internal_api_vip': - ip_address => $internal_api_vip, - } - pacemaker::constraint::base { 'internal_api_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${internal_api_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['internal_api_vip']], - } - pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy': - source => "ip-${internal_api_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['internal_api_vip']], + $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip') + if $public_vip and $public_vip != $control_vip { + pacemaker::resource::ip { 'public_vip': + ip_address => $public_vip, + } + pacemaker::constraint::base { 'public_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${public_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['public_vip']], + } + pacemaker::constraint::colocation { 'public_vip-with-haproxy': + source => "ip-${public_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['public_vip']], + } } - } - $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip') - if $storage_vip and $storage_vip != $control_vip { - pacemaker::resource::ip { 'storage_vip': - ip_address => $storage_vip, - } - pacemaker::constraint::base { 'storage_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${storage_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_vip']], - } - pacemaker::constraint::colocation { 'storage_vip-with-haproxy': - source => "ip-${storage_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_vip']], + $redis_vip = hiera('redis_vip') + if $redis_vip and $redis_vip != $control_vip { + pacemaker::resource::ip { 'redis_vip': + ip_address => $redis_vip, + } + pacemaker::constraint::base { 'redis_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${redis_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['redis_vip']], + } + pacemaker::constraint::colocation { 'redis_vip-with-haproxy': + source => "ip-${redis_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['redis_vip']], + } } - } - $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip') - if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip { - pacemaker::resource::ip { 'storage_mgmt_vip': - ip_address => $storage_mgmt_vip, + $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip') + if $internal_api_vip and $internal_api_vip != $control_vip { + pacemaker::resource::ip { 'internal_api_vip': + ip_address => $internal_api_vip, + } + pacemaker::constraint::base { 'internal_api_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${internal_api_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['internal_api_vip']], + } + pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy': + source => "ip-${internal_api_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['internal_api_vip']], + } } - pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${storage_mgmt_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_mgmt_vip']], + + $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip') + if $storage_vip and $storage_vip != $control_vip { + pacemaker::resource::ip { 'storage_vip': + ip_address => $storage_vip, + } + pacemaker::constraint::base { 'storage_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${storage_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_vip']], + } + pacemaker::constraint::colocation { 'storage_vip-with-haproxy': + source => "ip-${storage_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_vip']], + } } - pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy': - source => "ip-${storage_mgmt_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_mgmt_vip']], + + $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip') + if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip { + pacemaker::resource::ip { 'storage_mgmt_vip': + ip_address => $storage_mgmt_vip, + } + pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${storage_mgmt_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_mgmt_vip']], + } + pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy': + source => "ip-${storage_mgmt_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_mgmt_vip']], + } } + } pacemaker::resource::service { $::memcached::params::service_name : @@ -344,7 +352,7 @@ if hiera('step') >= 2 { if downcase(hiera('ceilometer_backend')) == 'mongodb' { pacemaker::resource::service { $::mongodb::params::service_name : - op_params => 'start timeout=120s', + op_params => 'start timeout=120s stop timeout=100s', clone_params => true, require => Class['::mongodb::server'], } @@ -591,37 +599,48 @@ if hiera('step') >= 3 { manage_service => false, enabled => false, } - class { '::neutron::agents::dhcp' : - manage_service => false, - enabled => false, - } - class { '::neutron::agents::l3' : - manage_service => false, - enabled => false, + include ::neutron::server::notifications + if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { + include ::neutron::plugins::nuage } - class { '::neutron::agents::metadata': - manage_service => false, - enabled => false, + if hiera('neutron::enable_dhcp_agent',true) { + class { '::neutron::agents::dhcp' : + manage_service => false, + enabled => false, + } + file { '/etc/neutron/dnsmasq-neutron.conf': + content => hiera('neutron_dnsmasq_options'), + owner => 'neutron', + group => 'neutron', + notify => Service['neutron-dhcp-service'], + require => Package['neutron'], + } } - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], + if hiera('neutron::enable_l3_agent',true) { + class { '::neutron::agents::l3' : + manage_service => false, + enabled => false, + } } - class { '::neutron::plugins::ml2': - flat_networks => split(hiera('neutron_flat_networks'), ','), - tenant_network_types => [hiera('neutron_tenant_network_type')], - mechanism_drivers => [hiera('neutron_mechanism_drivers')], + if hiera('neutron::enable_metadata_agent',true) { + class { '::neutron::agents::metadata': + manage_service => false, + enabled => false, + } } - class { '::neutron::agents::ml2::ovs': - manage_service => false, - enabled => false, - bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), - tunnel_types => split(hiera('neutron_tunnel_types'), ','), + if hiera('neutron::core_plugin') == 'ml2' { + class { '::neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), + tenant_network_types => [hiera('neutron_tenant_network_type')], + mechanism_drivers => [hiera('neutron_mechanism_drivers')], + } + class { '::neutron::agents::ml2::ovs': + manage_service => false, + enabled => false, + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), + } } - if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { include ::neutron::plugins::ml2::cisco::ucsm } @@ -684,16 +703,14 @@ if hiera('step') >= 3 { if $enable_ceph { - Ceph_pool { + $ceph_pools = hiera('ceph_pools') + ceph::pool { $ceph_pools : pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), size => hiera('ceph::profile::params::osd_pool_default_size'), } - $ceph_pools = hiera('ceph_pools') - ceph::pool { $ceph_pools : } - - $cinder_pool_requires = [Ceph::Pool['volumes']] + $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] } else { $cinder_pool_requires = [] @@ -703,8 +720,8 @@ if hiera('step') >= 3 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : - rbd_pool => 'volumes', - rbd_user => 'openstack', + rbd_pool => hiera('cinder_rbd_pool_name'), + rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), require => $cinder_pool_requires, } @@ -758,7 +775,7 @@ if hiera('step') >= 3 { package { 'nfs-utils': } -> cinder::backend::nfs { $cinder_nfs_backend: nfs_servers => hiera('cinder_nfs_servers'), - nfs_mount_options => hiera('cinder_nfs_mount_options'), + nfs_mount_options => hiera('cinder_nfs_mount_options',''), nfs_shares_config => '/etc/cinder/shares-nfs.conf', } } @@ -925,15 +942,16 @@ if hiera('step') >= 4 { File['/etc/keystone/ssl/private/signing_key.pem'], File['/etc/keystone/ssl/certs/signing_cert.pem']], } - - pacemaker::constraint::base { 'haproxy-then-keystone-constraint': - constraint_type => 'order', - first_resource => 'haproxy-clone', - second_resource => "${::keystone::params::service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + if $enable_load_balancer { + pacemaker::constraint::base { 'haproxy-then-keystone-constraint': + constraint_type => 'order', + first_resource => 'haproxy-clone', + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } } pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint': constraint_type => 'order', @@ -1060,59 +1078,69 @@ if hiera('step') >= 4 { clone_params => 'interleave=true', require => Pacemaker::Resource::Service[$::keystone::params::service_name], } - pacemaker::resource::service { $::neutron::params::l3_agent_service: - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::neutron::params::dhcp_agent_service: - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::neutron::params::ovs_agent_service: - clone_params => 'interleave=true', + if hiera('neutron::enable_l3_agent', true) { + pacemaker::resource::service { $::neutron::params::l3_agent_service: + clone_params => 'interleave=true', + } } - pacemaker::resource::service { $::neutron::params::metadata_agent_service: - clone_params => 'interleave=true', + if hiera('neutron::enable_dhcp_agent', true) { + pacemaker::resource::service { $::neutron::params::dhcp_agent_service: + clone_params => 'interleave=true', + } } - pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service: - ocf_agent_name => 'neutron:OVSCleanup', - clone_params => 'interleave=true', + if hiera('neutron::enable_ovs_agent', true) { + pacemaker::resource::service { $::neutron::params::ovs_agent_service: + clone_params => 'interleave=true', + } } - pacemaker::resource::ocf { 'neutron-netns-cleanup': - ocf_agent_name => 'neutron:NetnsCleanup', - clone_params => 'interleave=true', + if hiera('neutron::enable_metadata_agent', true) { + pacemaker::resource::service { $::neutron::params::metadata_agent_service: + clone_params => 'interleave=true', + } } + if hiera('neutron::enable_ovs_agent', true) { + pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service: + ocf_agent_name => 'neutron:OVSCleanup', + clone_params => 'interleave=true', + } + pacemaker::resource::ocf { 'neutron-netns-cleanup': + ocf_agent_name => 'neutron:NetnsCleanup', + clone_params => 'interleave=true', + } - # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent - pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_cleanup_service}-clone", - second_resource => 'neutron-netns-cleanup-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], - } - pacemaker::constraint::colocation { 'neutron-ovs-cleanup-to-netns-cleanup-colocation': - source => 'neutron-netns-cleanup-clone', - target => "${::neutron::params::ovs_cleanup_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], - } - pacemaker::constraint::base { 'neutron-netns-cleanup-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => 'neutron-netns-cleanup-clone', - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - pacemaker::constraint::colocation { 'neutron-netns-cleanup-to-openvswitch-agent-colocation': - source => "${::neutron::params::ovs_agent_service}-clone", - target => 'neutron-netns-cleanup-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent + pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::ovs_cleanup_service}-clone", + second_resource => 'neutron-netns-cleanup-clone', + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], + Pacemaker::Resource::Ocf['neutron-netns-cleanup']], + } + pacemaker::constraint::colocation { 'neutron-ovs-cleanup-to-netns-cleanup-colocation': + source => 'neutron-netns-cleanup-clone', + target => "${::neutron::params::ovs_cleanup_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], + Pacemaker::Resource::Ocf['neutron-netns-cleanup']], + } + pacemaker::constraint::base { 'neutron-netns-cleanup-to-openvswitch-agent-constraint': + constraint_type => 'order', + first_resource => 'neutron-netns-cleanup-clone', + second_resource => "${::neutron::params::ovs_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + } + pacemaker::constraint::colocation { 'neutron-netns-cleanup-to-openvswitch-agent-colocation': + source => "${::neutron::params::ovs_agent_service}-clone", + target => 'neutron-netns-cleanup-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + } } #another chain keystone-->neutron-server-->ovs-agent-->dhcp-->l3 @@ -1125,86 +1153,94 @@ if hiera('step') >= 4 { require => [Pacemaker::Resource::Service[$::keystone::params::service_name], Pacemaker::Resource::Service[$::neutron::params::server_service]], } - pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + if hiera('neutron::enable_ovs_agent',true) { + pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::server_service}-clone", + second_resource => "${::neutron::params::ovs_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::server_service], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + } } - pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_agent_service}-clone", - second_resource => "${::neutron::params::dhcp_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], + if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) { + pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::ovs_agent_service}-clone", + second_resource => "${::neutron::params::dhcp_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], + Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], + } + pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': + source => "${::neutron::params::dhcp_agent_service}-clone", + target => "${::neutron::params::ovs_agent_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], + Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], + } } - pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': - source => "${::neutron::params::dhcp_agent_service}-clone", - target => "${::neutron::params::ovs_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::dhcp_agent_service}-clone", - second_resource => "${::neutron::params::l3_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]], - } - pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation': - source => "${::neutron::params::l3_agent_service}-clone", - target => "${::neutron::params::dhcp_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]], - } - pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::l3_agent_service}-clone", - second_resource => "${::neutron::params::metadata_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]], + if hiera('neutron::enable_dhcp_agent',true) and hiera('l3_agent_service',true) { + pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::dhcp_agent_service}-clone", + second_resource => "${::neutron::params::l3_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], + Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] + } + pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation': + source => "${::neutron::params::l3_agent_service}-clone", + target => "${::neutron::params::dhcp_agent_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], + Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] + } } - pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation': - source => "${::neutron::params::metadata_agent_service}-clone", - target => "${::neutron::params::l3_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]], + if hiera('neutron::enable_l3_agent',true) and hiera('neutron::enable_metadata_agent',true) { + pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::l3_agent_service}-clone", + second_resource => "${::neutron::params::metadata_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], + Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] + } + pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation': + source => "${::neutron::params::metadata_agent_service}-clone", + target => "${::neutron::params::l3_agent_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], + Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] + } } # Nova pacemaker::resource::service { $::nova::params::api_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=90s monitor start-delay=10s', + op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::conductor_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=90s monitor start-delay=10s', + op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::consoleauth_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=90s monitor start-delay=10s', + op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s', require => Pacemaker::Resource::Service[$::keystone::params::service_name], } pacemaker::resource::service { $::nova::params::vncproxy_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=90s monitor start-delay=10s', + op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::scheduler_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=90s monitor start-delay=10s', + op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s', } pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': @@ -1566,27 +1602,6 @@ if hiera('step') >= 5 { } -> class {'::keystone::endpoint' : require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::ceilometer::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::cinder::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::glance::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::heat::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::neutron::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::nova::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::swift::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], } } diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 5f0b4c82..1eabddf1 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -14,6 +14,7 @@ # under the License. include ::tripleo::packages +include ::tripleo::firewall create_resources(sysctl::value, hiera('sysctl_settings'), {}) diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 7f24959a..2bdd8a9c 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -14,6 +14,7 @@ # under the License. include ::tripleo::packages +include ::tripleo::firewall create_resources(sysctl::value, hiera('sysctl_settings'), {}) diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 22ec6096..fbb2b878 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -45,8 +45,9 @@ parameters: type: string hidden: true NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -76,6 +77,17 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + CloudDomain: + default: '' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. resources: @@ -148,6 +160,7 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: SwiftStorage} + actions: {get_param: NetworkDeploymentActions} SwiftStorageHieraConfig: type: OS::Heat::StructuredConfig @@ -207,19 +220,22 @@ resources: swift_min_part_hours: {get_param: MinPartHours} swift_part_power: {get_param: PartPower} swift_replicas: { get_param: Replicas} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: SwiftStorageHieraDeploy + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: SwiftStorage} + # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: SwiftStorageHieraDeploy + depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: SwiftStorage} @@ -240,9 +256,10 @@ outputs: hosts_entry: value: str_replace: - template: "IP HOST.localdomain HOST" + template: "IP HOST.DOMAIN HOST" params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} HOST: {get_attr: [SwiftStorage, name]} nova_server_resource: description: Heat resource handle for the swift storage server @@ -270,4 +287,5 @@ outputs: list_join: - ',' - - {get_attr: [SwiftStorageHieraDeploy, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} - {get_param: UpdateIdentifier} @@ -14,10 +14,3 @@ classifier = Operating System :: POSIX :: Linux Programming Language :: Other Environment :: Console - -[files] -packages = - tripleo_heat_merge -[entry_points] -console_scripts = - tripleo-heat-merge = tripleo_heat_merge.merge:main diff --git a/test_merge.bash b/test_merge.bash deleted file mode 100755 index de29d075..00000000 --- a/test_merge.bash +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -set -ue -result="" -cleanup() { - if [ -n "$result" ] ; then - rm -f $result - fi -} -trap cleanup EXIT -run_test() { - local cmd=$1 - local expected=$2 - result=$(mktemp /tmp/test_merge.XXXXXX) - fail=0 - $cmd --output $result - if ! cmp $result $expected ; then - diff -u $expected $result || : - echo FAIL - $cmd result does not match expected - fail=1 - else - echo PASS - $cmd - fi - cleanup -} -echo -merge_py="./tripleo_heat_merge/merge.py" -run_test "python $merge_py examples/source.yaml" examples/source_lib_result.yaml -run_test "python $merge_py examples/source2.yaml" examples/source2_lib_result.yaml -run_test "python $merge_py examples/source_include_subkey.yaml" examples/source_include_subkey_result.yaml -run_test "python $merge_py examples/launchconfig1.yaml examples/launchconfig2.yaml" examples/launchconfig_result.yaml -run_test "python $merge_py --scale NovaCompute=3 examples/scale1.yaml" examples/scale_result.yaml -run_test "python $merge_py --scale NovaCompute=3 examples/scale_map.yaml" examples/scale_map_result.yaml -run_test "python $merge_py --hot examples/source_hot.yaml" examples/source_lib_result_hot.yaml -run_test "python $merge_py --hot examples/source2_hot.yaml" examples/source2_lib_result_hot.yaml -run_test "python $merge_py --hot examples/source_include_subkey_hot.yaml" examples/source_include_subkey_result_hot.yaml -run_test "python $merge_py --hot examples/launchconfig1_hot.yaml examples/launchconfig2_hot.yaml" examples/launchconfig_result_hot.yaml -run_test "python $merge_py --hot --scale NovaCompute=3 examples/scale1_hot.yaml" examples/scale_result_hot.yaml -run_test "python $merge_py --hot --scale NovaCompute=3 examples/scale_map_hot.yaml" examples/scale_map_result_hot.yaml -run_test "python $merge_py --hot --scale NovaCompute=5,1,2 examples/scale_map_hot.yaml" examples/scale_map_result_hot_blacklist.yaml -run_test "python $merge_py --hot --scale NovaCompute=3, examples/scale_map_hot.yaml" examples/scale_map_result_hot.yaml -echo -trap - EXIT -exit $fail diff --git a/tripleo_heat_merge/__init__.py b/tripleo_heat_merge/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/tripleo_heat_merge/__init__.py +++ /dev/null diff --git a/tripleo_heat_merge/merge.py b/tripleo_heat_merge/merge.py deleted file mode 100644 index b5bec0f4..00000000 --- a/tripleo_heat_merge/merge.py +++ /dev/null @@ -1,436 +0,0 @@ -import os -import sys -import yaml -import argparse - - -class Cfn(object): - - base_template = { - 'HeatTemplateFormatVersion': '2012-12-12', - 'Description': [] - } - get_resource = 'Ref' - get_param = 'Ref' - description = 'Description' - parameters = 'Parameters' - outputs = 'Outputs' - resources = 'Resources' - type = 'Type' - properties = 'Properties' - metadata = 'Metadata' - depends_on = 'DependsOn' - get_attr = 'Fn::GetAtt' - - -class Hot(object): - - base_template = { - 'heat_template_version': '2013-05-23', - 'description': [] - } - get_resource = 'get_resource' - get_param = 'get_param' - description = 'description' - parameters = 'parameters' - outputs = 'outputs' - resources = 'resources' - type = 'type' - properties = 'properties' - metadata = 'metadata' - depends_on = 'depends_on' - get_attr = 'get_attr' - - -lang = Cfn() - - -def apply_maps(template): - """Apply Merge::Map within template. - - Any dict {'Merge::Map': {'Foo': 'Bar', 'Baz': 'Quux'}} - will resolve to ['Bar', 'Quux'] - that is a dict with key - 'Merge::Map' is replaced entirely by that dict['Merge::Map'].values(). - """ - if isinstance(template, dict): - if 'Merge::Map' in template: - return sorted( - apply_maps(value) for value in template['Merge::Map'].values() - ) - else: - return dict((key, apply_maps(value)) - for key, value in template.items()) - elif isinstance(template, list): - return [apply_maps(item) for item in template] - else: - return template - - -def apply_scaling(template, scaling, in_copies=None): - """Apply a set of scaling operations to template. - - This is a single pass recursive function: for each call we process one - dict or list and recurse to handle children containers. - - Values are handled via scale_value. - - Keys in dicts are copied per the scaling rule. - Values are either replaced or copied depending on whether the given - scaling rule is in in_copies. - - in_copies is reset to None when a dict {'Merge::Map': someobject} is - encountered. - - :param scaling: A dict of prefix -> (count, blacklists). - """ - in_copies = dict(in_copies or {}) - # Shouldn't be needed but to avoid unexpected side effects/bugs we short - # circuit no-ops. - if not scaling: - return template - if isinstance(template, dict): - if 'Merge::Map' in template: - in_copies = None - new_template = {} - for key, value in template.items(): - for prefix, copy_num, new_key in scale_value( - key, scaling, in_copies): - if prefix: - # e.g. Compute0, 1, Compute1Foo - in_copies[prefix] = prefix[:-1] + str(copy_num) - if isinstance(value, (dict, list)): - new_value = apply_scaling(value, scaling, in_copies) - new_template[new_key] = new_value - else: - new_values = list(scale_value(value, scaling, in_copies)) - # We have nowhere to multiply a non-container value of a - # dict, so it may be copied or unchanged but not scaled. - assert len(new_values) == 1 - new_template[new_key] = new_values[0][2] - if prefix: - del in_copies[prefix] - return new_template - elif isinstance(template, list): - new_template = [] - for value in template: - if isinstance(value, (dict, list)): - new_template.append(apply_scaling(value, scaling, in_copies)) - else: - for _, _, new_value in scale_value(value, scaling, in_copies): - new_template.append(new_value) - return new_template - else: - raise Exception("apply_scaling called with non-container %r" % template) - - -def scale_value(value, scaling, in_copies): - """Scale out a value. - - :param value: The value to scale (not a container). - :param scaling: The scaling map (prefix-> (copies, blacklist) to use. - :param in_copies: What containers we're currently copying. - :return: An iterator of the new values for the value as tuples: - (prefix, copy_num, value). E.g. Compute0, 1, Compute1Foo - prefix and copy_num are only set when: - - a prefix in scaling matches value - - and that prefix is not in in_copies - """ - if isinstance(value, (str, unicode)): - for prefix, (copies, blacklist) in scaling.items(): - if not value.startswith(prefix): - continue - suffix = value[len(prefix):] - if prefix in in_copies: - # Adjust to the copy number we're on - yield None, None, in_copies[prefix] + suffix - return - else: - for n in range(copies): - if n not in blacklist: - yield prefix, n, prefix[:-1] + str(n) + suffix - return - yield None, None, value - else: - yield None, None, value - - -def parse_scaling(scaling_args): - """Translate a list of scaling requests to a dict prefix:count.""" - scaling_args = scaling_args or [] - result = {} - for item in scaling_args: - key, values = item.split('=') - values = values.split(',') - value = int(values[0]) - blacklist = frozenset(int(v) for v in values[1:] if v) - result[key + '0'] = value, blacklist - return result - - -def _translate_role(role, master_role, slave_roles): - if not master_role: - return role - if role == master_role: - return role - if role not in slave_roles: - return role - return master_role - -def translate_role(role, master_role, slave_roles): - r = _translate_role(role, master_role, slave_roles) - if not isinstance(r, basestring): - raise Exception('%s -> %r' % (role, r)) - return r - -def resolve_params(item, param, value): - if item in ({lang.get_param: param}, {lang.get_resource: param}): - return value - if isinstance(item, dict): - copy_item = dict(item) - for k, v in iter(copy_item.items()): - item[k] = resolve_params(v, param, value) - elif isinstance(item, list): - copy_item = list(item) - new_item = [] - for v in copy_item: - new_item.append(resolve_params(v, param, value)) - item = new_item - return item - -MERGABLE_TYPES = {'OS::Nova::Server': - {'image': 'image'}, - 'AWS::EC2::Instance': - {'image': 'ImageId'}, - 'AWS::AutoScaling::LaunchConfiguration': - {}, - } -INCLUDED_TEMPLATE_DIR = os.getcwd() - - -def resolve_includes(template, params=None): - new_template = {} - if params is None: - params = {} - for key, value in iter(template.items()): - if key == '__include__': - new_params = dict(params) # do not propagate up the stack - if not isinstance(value, dict): - raise ValueError('__include__ must be a mapping') - if 'path' not in value: - raise ValueError('__include__ must have path') - if 'params' in value: - if not isinstance(value['params'], dict): - raise ValueError('__include__ params must be a mapping') - new_params.update(value['params']) - with open(value['path']) as include_file: - sub_template = yaml.safe_load(include_file.read()) - if 'subkey' in value: - if ((not isinstance(value['subkey'], int) - and not isinstance(sub_template, dict))): - raise RuntimeError('subkey requires mapping root or' - ' integer for list root') - sub_template = sub_template[value['subkey']] - for k, v in iter(new_params.items()): - sub_template = resolve_params(sub_template, k, v) - new_template.update(resolve_includes(sub_template)) - else: - if isinstance(value, dict): - new_template[key] = resolve_includes(value) - else: - new_template[key] = value - return new_template - -def main(argv=None): - if argv is None: - argv = sys.argv[1:] - parser = argparse.ArgumentParser() - parser.add_argument('templates', nargs='+') - parser.add_argument('--master-role', nargs='?', - help='Translate slave_roles to this') - parser.add_argument('--slave-roles', nargs='*', - help='Translate all of these to master_role') - parser.add_argument('--included-template-dir', nargs='?', - default=INCLUDED_TEMPLATE_DIR, - help='Path for resolving included templates') - parser.add_argument('--output', - help='File to write output to. - for stdout', - default='-') - parser.add_argument('--scale', action="append", - help="Names to scale out. Pass Prefix=2 to cause a key Prefix0Foo to " - "be copied to Prefix1Foo in the output, and value Prefix0Bar to be" - "renamed to Prefix1Bar inside that copy, or copied to Prefix1Bar " - "outside of any copy. Pass Prefix=3,1 to cause Prefix1* to be elided" - "when scaling Prefix out. Prefix=4,1,2 will likewise elide Prefix1 and" - "Prefix2.") - parser.add_argument( - '--change-image-params', action='store_true', default=False, - help="Change parameters in templates to match resource names. This was " - " the default at one time but it causes issues when parameter " - " names need to remain stable.") - parser.add_argument( - '--hot', action='store_true', default=False, - help="Assume source templates are in the HOT format, and generate a " - "HOT template artifact.") - args = parser.parse_args(argv) - if args.hot: - global lang - lang = Hot() - - templates = args.templates - scaling = parse_scaling(args.scale) - merged_template = merge(templates, args.master_role, args.slave_roles, - args.included_template_dir, scaling=scaling, - change_image_params=args.change_image_params) - if args.output == '-': - out_file = sys.stdout - else: - out_file = file(args.output, 'wt') - out_file.write(merged_template) - - -def merge(templates, master_role=None, slave_roles=None, - included_template_dir=INCLUDED_TEMPLATE_DIR, - scaling=None, change_image_params=None): - scaling = scaling or {} - errors = [] - end_template = dict(lang.base_template) - resource_changes=[] - for template_path in templates: - template = yaml.safe_load(open(template_path)) - # Resolve __include__ tags - template = resolve_includes(template) - end_template[lang.description].append(template.get(lang.description, - template_path)) - new_parameters = template.get(lang.parameters, {}) - for p, pbody in sorted(new_parameters.items()): - if p in end_template.get(lang.parameters, {}): - if pbody != end_template[lang.parameters][p]: - errors.append('Parameter %s from %s conflicts.' % (p, - template_path)) - continue - if lang.parameters not in end_template: - end_template[lang.parameters] = {} - end_template[lang.parameters][p] = pbody - - new_outputs = template.get(lang.outputs, {}) - for o, obody in sorted(new_outputs.items()): - if o in end_template.get(lang.outputs, {}): - if pbody != end_template[lang.outputs][p]: - errors.append('Output %s from %s conflicts.' % (o, - template_path)) - continue - if lang.outputs not in end_template: - end_template[lang.outputs] = {} - end_template[lang.outputs][o] = obody - - new_resources = template.get(lang.resources, {}) - for r, rbody in sorted(new_resources.items()): - if rbody[lang.type] in MERGABLE_TYPES: - if change_image_params: - if 'image' in MERGABLE_TYPES[rbody[lang.type]]: - image_key = MERGABLE_TYPES[rbody[lang.type]]['image'] - # XXX Assuming ImageId is always a Ref - ikey_val = end_template[lang.parameters][rbody[lang.properties][image_key][lang.get_param]] - del end_template[lang.parameters][rbody[lang.properties][image_key][lang.get_param]] - if 'OpenStack::Role' in rbody.get(lang.metadata, {}): - sys.stderr.write("WARNING: OpenStack::Role is deprecated" - " and will be removed in a later release\n"); - role = rbody.get(lang.metadata, {}).get('OpenStack::Role', r) - role = translate_role(role, master_role, slave_roles) - if role != r: - resource_changes.append((r, role)) - if role in end_template.get(lang.resources, {}): - new_metadata = rbody.get(lang.metadata, {}) - for m, mbody in iter(new_metadata.items()): - if m in end_template[lang.resources][role].get(lang.metadata, {}): - if m == 'OpenStack::ImageBuilder::Elements': - end_template[lang.resources][role][lang.metadata][m].extend(mbody) - sys.stderr.write( - "WARNING: OpenStack::ImageBuilder::Elements" - " is deprecated and will be removed in a" - " later release\n"); - continue - if mbody != end_template[lang.resources][role][lang.metadata][m]: - errors.append('Role %s metadata key %s conflicts.' % - (role, m)) - continue - role_res = end_template[lang.resources][role] - if role_res[lang.type] == 'OS::Heat::StructuredConfig': - end_template[lang.resources][role][lang.properties]['config'][m] = mbody - else: - end_template[lang.resources][role][lang.metadata][m] = mbody - continue - if lang.resources not in end_template: - end_template[lang.resources] = {} - end_template[lang.resources][role] = rbody - if change_image_params: - if 'image' in MERGABLE_TYPES[rbody[lang.type]]: - ikey = '%sImage' % (role) - end_template[lang.resources][role][lang.properties][image_key] = {lang.get_param: ikey} - end_template[lang.parameters][ikey] = ikey_val - elif rbody[lang.type] == 'FileInclude': - # we trust os.path.join to DTRT: if FileInclude path isn't - # absolute, join to included_template_dir (./) - with open(os.path.join(included_template_dir, rbody['Path'])) as rfile: - include_content = yaml.safe_load(rfile.read()) - subkeys = rbody.get('SubKey','').split('.') - while len(subkeys) and subkeys[0]: - include_content = include_content[subkeys.pop(0)] - for replace_param, replace_value in iter(rbody.get(lang.parameters, - {}).items()): - include_content = resolve_params(include_content, - replace_param, - replace_value) - if lang.resources not in end_template: - end_template[lang.resources] = {} - end_template[lang.resources][r] = include_content - else: - if r in end_template.get(lang.resources, {}): - if rbody != end_template[lang.resources][r]: - errors.append('Resource %s from %s conflicts' % (r, - template_path)) - continue - if lang.resources not in end_template: - end_template[lang.resources] = {} - end_template[lang.resources][r] = rbody - - end_template = apply_scaling(end_template, scaling) - end_template = apply_maps(end_template) - - def fix_ref(item, old, new): - if isinstance(item, dict): - copy_item = dict(item) - for k, v in sorted(copy_item.items()): - if k == lang.get_resource and v == old: - item[k] = new - continue - if k == lang.depends_on and v == old: - item[k] = new - continue - if k == lang.get_attr and isinstance(v, list) and v[0] == old: - new_list = list(v) - new_list[0] = new - item[k] = new_list - continue - if k == 'AllowedResources' and isinstance(v, list) and old in v: - while old in v: - pos = v.index(old) - v[pos] = new - continue - fix_ref(v, old, new) - elif isinstance(item, list): - copy_item = list(item) - for v in item: - fix_ref(v, old, new) - - for change in resource_changes: - fix_ref(end_template, change[0], change[1]) - - if errors: - for e in errors: - sys.stderr.write("ERROR: %s\n" % e) - end_template[lang.description] = ','.join(end_template[lang.description]) - return yaml.safe_dump(end_template, default_flow_style=False) - -if __name__ == "__main__": - main() |