aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--capabilities-map.yaml324
-rw-r--r--default_passwords.yaml25
-rw-r--r--deployed-server/README.rst129
-rw-r--r--deployed-server/ctlplane-port.yaml23
-rw-r--r--deployed-server/deployed-server-config.yaml22
-rw-r--r--deployed-server/deployed-server.yaml115
-rwxr-xr-xdeployed-server/scripts/get-occ-config.sh113
-rw-r--r--docker/compute-post.yaml20
-rw-r--r--docker/firstboot/install_docker_agents.yaml2
-rw-r--r--docker/firstboot/start_docker_agents.sh59
-rw-r--r--environments/ceph-radosgw.yaml5
-rw-r--r--environments/cinder-backup.yaml4
-rw-r--r--environments/deployed-server-environment.yaml4
-rw-r--r--environments/deployed-server-noop-ctlplane.yaml4
-rw-r--r--environments/docker.yaml2
-rw-r--r--environments/enable-tls.yaml46
-rw-r--r--environments/hyperconverged-ceph.yaml11
-rw-r--r--environments/inject-trust-anchor-hiera.yaml8
-rw-r--r--environments/ips-from-pool-all.yaml16
-rw-r--r--environments/logging-environment.yaml29
-rw-r--r--environments/low-memory-usage.yaml15
-rw-r--r--environments/major-upgrade-aodh-migration.yaml6
-rw-r--r--environments/major-upgrade-pacemaker-init.yaml9
-rw-r--r--environments/major-upgrade-pacemaker.yaml9
-rw-r--r--environments/manila-cephfsnative-config.yaml18
-rw-r--r--environments/manila-generic-config.yaml25
-rw-r--r--environments/manila-netapp-config.yaml30
-rw-r--r--environments/monitoring-environment.yaml30
-rw-r--r--environments/network-environment.yaml30
-rw-r--r--environments/network-isolation.yaml21
-rw-r--r--environments/network-management-v6.yaml25
-rw-r--r--environments/network-management.yaml3
-rw-r--r--environments/neutron-midonet.yaml6
-rw-r--r--environments/neutron-ml2-ovn.yaml18
-rw-r--r--environments/neutron-nuage-config.yaml7
-rw-r--r--environments/neutron-opencontrail.yaml11
-rw-r--r--environments/neutron-opendaylight-l3.yaml14
-rw-r--r--environments/neutron-opendaylight.yaml11
-rw-r--r--environments/neutron-ovs-dpdk.yaml18
-rw-r--r--environments/neutron-ovs-dvr.yaml39
-rwxr-xr-xenvironments/neutron-plumgrid.yaml11
-rwxr-xr-xenvironments/neutron-sriov.yaml22
-rw-r--r--environments/puppet-ceph-devel.yaml8
-rw-r--r--environments/puppet-ceph-external.yaml11
-rw-r--r--environments/puppet-pacemaker-no-restart.yaml3
-rw-r--r--environments/puppet-pacemaker.yaml24
-rw-r--r--environments/puppet-tenant-vlan.yaml2
-rw-r--r--environments/services/ironic.yaml4
-rw-r--r--environments/services/mistral.yaml4
-rw-r--r--environments/services/sahara.yaml3
-rw-r--r--environments/storage-environment.yaml13
-rw-r--r--environments/tls-endpoints-public-dns.yaml55
-rw-r--r--environments/tls-endpoints-public-ip.yaml55
-rw-r--r--environments/updates/update-from-keystone-admin-internal-api.yaml6
-rw-r--r--environments/updates/update-from-overcloud-compute-hostnames.yaml2
-rw-r--r--environments/use-dns-for-vips.yaml5
-rw-r--r--extraconfig/all_nodes/default.yaml27
-rw-r--r--extraconfig/all_nodes/mac_hostname.j2.yaml (renamed from extraconfig/all_nodes/mac_hostname.yaml)59
-rw-r--r--extraconfig/all_nodes/random_string.j2.yaml (renamed from extraconfig/all_nodes/random_string.yaml)20
-rw-r--r--extraconfig/all_nodes/swap-partition.j2.yaml44
-rw-r--r--extraconfig/all_nodes/swap-partition.yaml90
-rw-r--r--extraconfig/all_nodes/swap.j2.yaml58
-rw-r--r--extraconfig/all_nodes/swap.yaml108
-rw-r--r--extraconfig/tasks/aodh_data_migration.sh19
-rwxr-xr-xextraconfig/tasks/major_upgrade_ceph_mon.sh78
-rw-r--r--extraconfig/tasks/major_upgrade_ceph_storage.sh77
-rwxr-xr-xextraconfig/tasks/major_upgrade_check.sh104
-rw-r--r--extraconfig/tasks/major_upgrade_compute.sh2
-rwxr-xr-xextraconfig/tasks/major_upgrade_controller_pacemaker_1.sh155
-rwxr-xr-xextraconfig/tasks/major_upgrade_controller_pacemaker_2.sh42
-rwxr-xr-xextraconfig/tasks/major_upgrade_controller_pacemaker_3.sh22
-rw-r--r--extraconfig/tasks/major_upgrade_object_storage.sh1
-rw-r--r--extraconfig/tasks/major_upgrade_pacemaker.yaml82
-rw-r--r--extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml (renamed from extraconfig/tasks/major_upgrade_pacemaker_init.yaml)78
-rw-r--r--extraconfig/tasks/major_upgrade_pacemaker_migrations.sh192
-rw-r--r--extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml25
-rwxr-xr-xextraconfig/tasks/pacemaker_common_functions.sh281
-rwxr-xr-xextraconfig/tasks/pacemaker_resource_restart.sh49
-rw-r--r--extraconfig/tasks/post_puppet_pacemaker.yaml15
-rw-r--r--extraconfig/tasks/post_puppet_pacemaker_restart.yaml28
-rw-r--r--firstboot/os-net-config-mappings.yaml65
-rw-r--r--net-config-bond.yaml12
-rw-r--r--net-config-static-bridge-with-external-dhcp.yaml99
-rw-r--r--network/config/bond-with-vlans/ceph-storage.yaml31
-rw-r--r--network/config/bond-with-vlans/cinder-storage.yaml27
-rw-r--r--network/config/bond-with-vlans/compute-dpdk.yaml192
-rw-r--r--network/config/bond-with-vlans/compute.yaml27
-rw-r--r--network/config/bond-with-vlans/controller-no-external.yaml21
-rw-r--r--network/config/bond-with-vlans/controller-v6.yaml26
-rw-r--r--network/config/bond-with-vlans/controller.yaml19
-rw-r--r--network/config/bond-with-vlans/swift-storage.yaml27
-rw-r--r--network/config/multiple-nics/ceph-storage.yaml18
-rw-r--r--network/config/multiple-nics/cinder-storage.yaml18
-rw-r--r--network/config/multiple-nics/compute.yaml18
-rw-r--r--network/config/multiple-nics/controller-v6.yaml21
-rw-r--r--network/config/multiple-nics/controller.yaml19
-rw-r--r--network/config/multiple-nics/swift-storage.yaml18
-rw-r--r--network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml42
-rw-r--r--network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml38
-rw-r--r--network/config/single-nic-linux-bridge-vlans/compute.yaml39
-rw-r--r--network/config/single-nic-linux-bridge-vlans/controller-v6.yaml178
-rw-r--r--network/config/single-nic-linux-bridge-vlans/controller.yaml37
-rw-r--r--network/config/single-nic-linux-bridge-vlans/swift-storage.yaml38
-rw-r--r--network/config/single-nic-vlans/ceph-storage.yaml14
-rw-r--r--network/config/single-nic-vlans/cinder-storage.yaml14
-rw-r--r--network/config/single-nic-vlans/compute.yaml14
-rw-r--r--network/config/single-nic-vlans/controller-no-external.yaml45
-rw-r--r--network/config/single-nic-vlans/controller-v6.yaml28
-rw-r--r--network/config/single-nic-vlans/controller.yaml17
-rw-r--r--network/config/single-nic-vlans/swift-storage.yaml14
-rwxr-xr-xnetwork/endpoints/build_endpoint_map.py65
-rw-r--r--network/endpoints/endpoint_data.yaml141
-rw-r--r--network/endpoints/endpoint_map.yaml4135
-rw-r--r--network/management_v6.yaml69
-rw-r--r--network/networks.yaml3
-rw-r--r--network/ports/external_from_pool_v6.yaml2
-rw-r--r--network/ports/from_service.yaml6
-rw-r--r--network/ports/from_service_v6.yaml6
-rw-r--r--network/ports/internal_api_from_pool_v6.yaml2
-rw-r--r--network/ports/management_from_pool_v6.yaml52
-rw-r--r--network/ports/net_ip_list_map.yaml56
-rw-r--r--network/ports/net_ip_map.yaml38
-rw-r--r--network/ports/net_vip_map_external.yaml21
-rw-r--r--network/ports/net_vip_map_external_v6.yaml21
-rw-r--r--network/ports/storage_from_pool_v6.yaml2
-rw-r--r--network/ports/storage_mgmt_from_pool_v6.yaml2
-rw-r--r--network/ports/tenant_from_pool_v6.yaml2
-rw-r--r--network/service_net_map.yaml100
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml206
-rw-r--r--overcloud-resource-registry-puppet.yaml142
l---------overcloud-without-mergepy.yaml1
-rw-r--r--overcloud.j2.yaml570
-rw-r--r--overcloud.yaml1671
-rw-r--r--puppet/all-nodes-config.yaml432
-rw-r--r--puppet/blockstorage-config.yaml41
-rw-r--r--puppet/bootstrap-config.yaml28
-rw-r--r--puppet/ceph-cluster-config.yaml141
-rw-r--r--puppet/ceph-storage-post.yaml80
-rw-r--r--puppet/ceph-storage.yaml113
-rw-r--r--puppet/cephstorage-config.yaml41
-rw-r--r--puppet/cinder-storage-post.yaml53
-rw-r--r--puppet/cinder-storage.yaml200
-rw-r--r--puppet/compute-config.yaml41
-rw-r--r--puppet/compute-post.yaml92
-rw-r--r--puppet/compute.yaml512
-rw-r--r--puppet/controller-config-pacemaker.yaml2
-rw-r--r--puppet/controller-config.yaml5
-rw-r--r--puppet/controller-post.yaml117
-rw-r--r--puppet/controller.yaml1241
-rw-r--r--puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml22
-rw-r--r--puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml34
-rw-r--r--puppet/extraconfig/ceph/ceph-external-config.yaml115
-rw-r--r--puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml12
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml91
-rw-r--r--puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml62
-rwxr-xr-xpuppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml113
-rw-r--r--puppet/extraconfig/tls/no-ca.yaml17
-rw-r--r--puppet/extraconfig/tls/no-tls.yaml34
-rw-r--r--puppet/hieradata/RedHat.yaml9
-rw-r--r--puppet/hieradata/ceph.yaml12
-rw-r--r--puppet/hieradata/common.yaml51
-rw-r--r--puppet/hieradata/compute.yaml25
-rw-r--r--puppet/hieradata/controller.yaml304
-rw-r--r--puppet/hieradata/database.yaml77
-rw-r--r--puppet/hieradata/object.yaml21
-rw-r--r--puppet/hieradata/volume.yaml14
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp48
-rw-r--r--puppet/manifests/overcloud_compute.pp210
-rw-r--r--puppet/manifests/overcloud_controller.pp563
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp1381
-rw-r--r--puppet/manifests/overcloud_object.pp46
-rw-r--r--puppet/manifests/overcloud_volume.pp48
-rw-r--r--puppet/manifests/ringbuilder.pp99
-rw-r--r--puppet/objectstorage-config.yaml41
-rw-r--r--puppet/post.j2.yaml139
-rw-r--r--puppet/services/README.rst2
-rw-r--r--puppet/services/aodh-api.yaml80
-rw-r--r--puppet/services/aodh-base.yaml107
-rw-r--r--puppet/services/aodh-evaluator.yaml42
-rw-r--r--puppet/services/aodh-listener.yaml42
-rw-r--r--puppet/services/aodh-notifier.yaml42
-rw-r--r--puppet/services/apache.yaml52
-rw-r--r--puppet/services/ca-certs.yaml35
-rw-r--r--puppet/services/ceilometer-agent-central.yaml63
-rw-r--r--puppet/services/ceilometer-agent-compute.yaml42
-rw-r--r--puppet/services/ceilometer-agent-notification.yaml51
-rw-r--r--puppet/services/ceilometer-api.yaml83
-rw-r--r--puppet/services/ceilometer-base.yaml132
-rw-r--r--puppet/services/ceilometer-collector.yaml61
-rw-r--r--puppet/services/ceilometer-expirer.yaml42
-rw-r--r--puppet/services/ceph-base.yaml124
-rw-r--r--puppet/services/ceph-client.yaml42
-rw-r--r--puppet/services/ceph-external.yaml82
-rw-r--r--puppet/services/ceph-mon.yaml105
-rw-r--r--puppet/services/ceph-osd.yaml47
-rw-r--r--puppet/services/ceph-rgw.yaml79
-rw-r--r--puppet/services/cinder-api.yaml111
-rw-r--r--puppet/services/cinder-backup.yaml62
-rw-r--r--puppet/services/cinder-base.yaml72
-rw-r--r--puppet/services/cinder-scheduler.yaml53
-rw-r--r--puppet/services/cinder-volume.yaml112
-rw-r--r--puppet/services/database/mongodb-base.yaml46
-rw-r--r--puppet/services/database/mongodb.yaml68
-rw-r--r--puppet/services/database/mysql.yaml84
-rw-r--r--puppet/services/database/redis-base.yaml44
-rw-r--r--puppet/services/database/redis.yaml44
-rw-r--r--puppet/services/glance-api.yaml86
-rw-r--r--puppet/services/glance-registry.yaml65
-rw-r--r--puppet/services/gnocchi-api.yaml122
-rw-r--r--puppet/services/gnocchi-base.yaml95
-rw-r--r--puppet/services/gnocchi-metricd.yaml48
-rw-r--r--puppet/services/gnocchi-statsd.yaml43
-rw-r--r--puppet/services/haproxy.yaml68
-rw-r--r--puppet/services/heat-api-cfn.yaml51
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml38
-rw-r--r--puppet/services/heat-api.yaml51
-rw-r--r--puppet/services/heat-base.yaml39
-rw-r--r--puppet/services/heat-engine.yaml55
-rw-r--r--puppet/services/horizon.yaml83
-rw-r--r--puppet/services/ironic-api.yaml83
-rw-r--r--puppet/services/ironic-base.yaml69
-rw-r--r--puppet/services/ironic-conductor.yaml100
-rw-r--r--puppet/services/keepalived.yaml45
-rw-r--r--puppet/services/kernel.yaml49
-rw-r--r--puppet/services/keystone.yaml182
-rw-r--r--puppet/services/loadbalancer.yaml18
-rw-r--r--puppet/services/logging/fluentd-base.yaml37
-rw-r--r--puppet/services/logging/fluentd-client.yaml64
-rw-r--r--puppet/services/logging/fluentd-config.yaml154
-rw-r--r--puppet/services/manila-api.yaml82
-rw-r--r--puppet/services/manila-backend-cephfs.yaml61
-rw-r--r--puppet/services/manila-backend-generic.yaml93
-rw-r--r--puppet/services/manila-backend-netapp.yaml112
-rw-r--r--puppet/services/manila-base.yaml56
-rw-r--r--puppet/services/manila-scheduler.yaml70
-rw-r--r--puppet/services/manila-share.yaml44
-rw-r--r--puppet/services/memcached.yaml23
-rw-r--r--puppet/services/monitoring/sensu-base.yaml68
-rw-r--r--puppet/services/monitoring/sensu-client.yaml49
-rw-r--r--puppet/services/network/contrail-analytics.yaml90
-rw-r--r--puppet/services/network/contrail-base.yaml100
-rw-r--r--puppet/services/network/contrail-config.yaml72
-rw-r--r--puppet/services/network/contrail-control.yaml54
-rw-r--r--puppet/services/network/contrail-database.yaml51
-rw-r--r--puppet/services/network/contrail-webui.yaml69
-rw-r--r--puppet/services/neutron-api.yaml182
-rw-r--r--puppet/services/neutron-base.yaml58
-rw-r--r--puppet/services/neutron-compute-plugin-midonet.yaml29
-rw-r--r--puppet/services/neutron-compute-plugin-nuage.yaml36
-rw-r--r--puppet/services/neutron-compute-plugin-opencontrail.yaml29
-rw-r--r--puppet/services/neutron-compute-plugin-ovn.yaml45
-rw-r--r--puppet/services/neutron-compute-plugin-plumgrid.yaml29
-rw-r--r--puppet/services/neutron-dhcp.yaml71
-rw-r--r--puppet/services/neutron-l3-compute-dvr.yaml62
-rw-r--r--puppet/services/neutron-l3.yaml37
-rw-r--r--puppet/services/neutron-metadata.yaml41
-rw-r--r--puppet/services/neutron-midonet.yaml62
-rw-r--r--puppet/services/neutron-ovs-agent.yaml121
-rw-r--r--puppet/services/neutron-ovs-dpdk-agent.yaml75
-rw-r--r--puppet/services/neutron-plugin-ml2-ovn.yaml79
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml129
-rw-r--r--puppet/services/neutron-plugin-nuage.yaml89
-rw-r--r--puppet/services/neutron-plugin-opencontrail.yaml74
-rw-r--r--puppet/services/neutron-plugin-plumgrid.yaml121
-rw-r--r--puppet/services/neutron-sriov-agent.yaml69
-rw-r--r--puppet/services/nova-api.yaml132
-rw-r--r--puppet/services/nova-base.yaml117
-rw-r--r--puppet/services/nova-compute.yaml147
-rw-r--r--puppet/services/nova-conductor.yaml56
-rw-r--r--puppet/services/nova-consoleauth.yaml50
-rw-r--r--puppet/services/nova-ironic.yaml53
-rw-r--r--puppet/services/nova-libvirt.yaml55
-rw-r--r--puppet/services/nova-metadata.yaml34
-rw-r--r--puppet/services/nova-scheduler.yaml65
-rw-r--r--puppet/services/nova-vnc-proxy.yaml61
-rw-r--r--puppet/services/opendaylight-api.yaml80
-rw-r--r--puppet/services/opendaylight-ovs.yaml47
-rw-r--r--puppet/services/pacemaker.yaml116
-rw-r--r--puppet/services/pacemaker/ceilometer-agent-central.yaml45
-rw-r--r--puppet/services/pacemaker/ceilometer-agent-notification.yaml45
-rw-r--r--puppet/services/pacemaker/ceilometer-api.yaml45
-rw-r--r--puppet/services/pacemaker/ceilometer-collector.yaml45
-rw-r--r--puppet/services/pacemaker/cinder-api.yaml45
-rw-r--r--puppet/services/pacemaker/cinder-backup.yaml61
-rw-r--r--puppet/services/pacemaker/cinder-scheduler.yaml45
-rw-r--r--puppet/services/pacemaker/cinder-volume.yaml45
-rw-r--r--puppet/services/pacemaker/core.yaml29
-rw-r--r--puppet/services/pacemaker/database/mongodb.yaml42
-rw-r--r--puppet/services/pacemaker/database/mysql.yaml55
-rw-r--r--puppet/services/pacemaker/database/redis.yaml41
-rw-r--r--puppet/services/pacemaker/glance-api.yaml16
-rw-r--r--puppet/services/pacemaker/glance-registry.yaml15
-rw-r--r--puppet/services/pacemaker/gnocchi-api.yaml45
-rw-r--r--puppet/services/pacemaker/gnocchi-metricd.yaml47
-rw-r--r--puppet/services/pacemaker/gnocchi-statsd.yaml46
-rw-r--r--puppet/services/pacemaker/haproxy.yaml44
-rw-r--r--puppet/services/pacemaker/heat-api-cfn.yaml21
-rw-r--r--puppet/services/pacemaker/heat-api-cloudwatch.yaml21
-rw-r--r--puppet/services/pacemaker/heat-api.yaml17
-rw-r--r--puppet/services/pacemaker/heat-engine.yaml21
-rw-r--r--puppet/services/pacemaker/horizon.yaml41
-rw-r--r--puppet/services/pacemaker/keystone.yaml15
-rw-r--r--puppet/services/pacemaker/loadbalancer.yaml30
-rw-r--r--puppet/services/pacemaker/manila-share.yaml41
-rw-r--r--puppet/services/pacemaker/memcached.yaml15
-rw-r--r--puppet/services/pacemaker/neutron-dhcp.yaml15
-rw-r--r--puppet/services/pacemaker/neutron-l3.yaml15
-rw-r--r--puppet/services/pacemaker/neutron-metadata.yaml15
-rw-r--r--puppet/services/pacemaker/neutron-midonet.yaml41
-rw-r--r--puppet/services/pacemaker/neutron-ovs-agent.yaml42
-rw-r--r--puppet/services/pacemaker/neutron-plugin-ml2.yaml42
-rw-r--r--puppet/services/pacemaker/neutron-plugin-nuage.yaml40
-rw-r--r--puppet/services/pacemaker/neutron-plugin-opencontrail.yaml40
-rw-r--r--puppet/services/pacemaker/neutron-plugin-plumgrid.yaml40
-rw-r--r--puppet/services/pacemaker/neutron-server.yaml48
-rw-r--r--puppet/services/pacemaker/nova-api.yaml45
-rw-r--r--puppet/services/pacemaker/nova-conductor.yaml45
-rw-r--r--puppet/services/pacemaker/nova-consoleauth.yaml45
-rw-r--r--puppet/services/pacemaker/nova-scheduler.yaml45
-rw-r--r--puppet/services/pacemaker/nova-vnc-proxy.yaml45
-rw-r--r--puppet/services/pacemaker/rabbitmq.yaml13
-rw-r--r--puppet/services/pacemaker/sahara-api.yaml45
-rw-r--r--puppet/services/pacemaker/sahara-engine.yaml45
-rw-r--r--puppet/services/rabbitmq.yaml57
-rw-r--r--puppet/services/sahara-api.yaml92
-rw-r--r--puppet/services/sahara-base.yaml82
-rw-r--r--puppet/services/sahara-engine.yaml51
-rw-r--r--puppet/services/services.yaml88
-rw-r--r--puppet/services/snmp.yaml45
-rw-r--r--puppet/services/swift-base.yaml33
-rw-r--r--puppet/services/swift-proxy.yaml94
-rw-r--r--puppet/services/swift-ringbuilder.yaml65
-rw-r--r--puppet/services/swift-storage.yaml92
-rw-r--r--puppet/services/time/ntp.yaml41
-rw-r--r--puppet/services/time/timezone.yaml34
-rw-r--r--puppet/services/tripleo-firewall.yaml39
-rw-r--r--puppet/services/tripleo-packages.yaml34
-rw-r--r--puppet/services/vip-hosts.yaml56
-rw-r--r--puppet/swift-devices-and-proxy-config.yaml45
-rw-r--r--puppet/swift-storage-post.yaml91
-rw-r--r--puppet/swift-storage.yaml165
-rw-r--r--puppet/vip-config.yaml55
-rw-r--r--roles_data.yaml164
-rwxr-xr-xtools/yaml-validate.py56
347 files changed, 19260 insertions, 9516 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml
index c7816b7e..ae747621 100644
--- a/capabilities-map.yaml
+++ b/capabilities-map.yaml
@@ -41,17 +41,17 @@
root_template: overcloud.yaml
root_environment: overcloud-resource-registry-puppet.yaml
topics:
- - title: Basic Configuration
+ - title: Base Resources Configuration
description:
environment_groups:
- title:
- description: Enable basic configuration required for OpenStack Deployment
+ description: Enable base configuration for all resources required for OpenStack Deployment
environments:
- file: overcloud-resource-registry-puppet.yaml
- title: Default Configuration
+ title: Base resources configuration
description:
- - title: Deployment options
+ - title: Deployment Options
description:
environment_groups:
- title: High Availability
@@ -62,6 +62,15 @@ topics:
description: Enable configuration of an Overcloud controller with Pacemaker
requires:
- overcloud-resource-registry-puppet.yaml
+ - title: Pacemaker options
+ description:
+ environments:
+ - file: environments/puppet-pacemaker-no-restart.yaml
+ title: Pacemaker No Restart
+ description:
+ requires:
+ - environments/puppet-pacemaker.yaml
+ - overcloud-resource-registry-puppet.yaml
- title: Docker RDO
description: >
Docker container with heat agents for containerized compute node
@@ -71,26 +80,114 @@ topics:
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ - title: Enable TLS
+ description: >
+ environments:
+ - file: environments/enable-tls.yaml
+ title: TLS
+ description: >
+ Use this option to pass in certificates for SSL deployments.
+ For these values to take effect, one of the TLS endpoints
+ environments must also be used.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: TLS Endpoints
+ description: >
+ environments:
+ - file: environments/tls-endpoints-public-dns.yaml
+ title: SSL-enabled deployment with DNS name as public endpoint
+ description: >
+ Use this environment when deploying an SSL-enabled overcloud where the public
+ endpoint is a DNS name.
+ requires:
+ - environments/enable-tls.yaml
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/tls-endpoints-public-ip.yaml
+ title: SSL-enabled deployment with IP address as public endpoint
+ description: >
+ Use this environment when deploying an SSL-enabled overcloud where the public
+ endpoint is an IP address.
+ requires:
+ - environments/enable-tls.yaml
+ - overcloud-resource-registry-puppet.yaml
+ - title: External load balancer
+ description: >
+ Enable external load balancer
+ environments:
+ - file: environments/external-loadbalancer-vip-v6.yaml
+ title: External load balancer IPv6
+ description: >
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/external-loadbalancer-vip.yaml
+ title: External load balancer IPv4
+ description: >
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+
+ - title: Additional Services
+ description: Deploy additional Overcloud services
+ environment_groups:
+ - title: Manila
+ description:
+ environments:
+ - file: environments/manila-generic-config.yaml
+ title: Manila
+ description: Enable Manila generic driver backend
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: Sahara
+ description:
+ environments:
+ - file: environments/services/sahara.yaml
+ title: Sahara
+ description: Deploy Sahara service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: Ironic
+ description:
+ environments:
+ - file: environments/services/ironic.yaml
+ title: Ironic
+ description: Deploy Ironic service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: Mistral
+ description:
+ environments:
+ - file: environments/services/mistral.yaml
+ title: Mistral
+ description: Deploy Mistral service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
# - title: Network Interface Configuration
# description:
# environment_groups:
- - title: Overlay network Configuration
+ - title: Overlay Network Configuration
description:
environment_groups:
- title: Network Isolation
- description: >
- Enable the creation of Neutron networks for
- isolated Overcloud traffic and configure each role to assign ports
- (related to that role) on these networks.
+ description:
environments:
- file: environments/network-isolation.yaml
title: Network Isolation
- description: Enable Network Isolation
+ description: >
+ Enable the creation of Neutron networks for
+ isolated Overcloud traffic and configure each role to assign ports
+ (related to that role) on these networks.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Single nic or Bonding
+ - file: environments/network-isolation-v6.yaml
+ title: Network Isolation IPv6
+ description: >
+ Enable the creation of IPv6 Neutron networks for isolated Overcloud
+ traffic and configure each role to assign ports (related
+ to that role) on these networks.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: Single NIC or Bonding
description: >
Configure roles to use pair of bonded nics or to use Vlans on a
single nic. This option assumes use of Network Isolation.
@@ -104,23 +201,105 @@ topics:
requires:
- environments/network-isolation.yaml
- overcloud-resource-registry-puppet.yaml
+ - file: environments/net-bond-with-vlans-no-external.yaml
+ title: Bond with Vlans No External Ports
+ description: >
+ Configure each role to use a pair of bonded nics (nic2 and
+ nic3) and configures an IP address on each relevant isolated network
+ for each role. This option assumes use of Network Isolation.
+ Sets external ports to noop.
+ requires:
+ - environments/network-isolation.yaml
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/net-bond-with-vlans-v6.yaml
+ title: Bond with Vlans IPv6
+ description: >
+ Configure each role to use a pair of bonded nics (nic2 and
+ nic3) and configures an IP address on each relevant isolated network
+ for each role, with IPv6 on the External network.
+ This option assumes use of Network Isolation IPv6.
+ requires:
+ - environments/network-isolation-v6.yaml
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/net-multiple-nics.yaml
+ title: Multiple NICs
+ description: >
+ Configures each role to use a separate NIC for
+ each isolated network.
+ This option assumes use of Network Isolation.
+ requires:
+ - environments/network-isolation.yaml
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/net-multiple-nics-v6.yaml
+ title: Multiple NICs IPv6
+ description: >
+ Configure each role to use a separate NIC for
+ each isolated network with IPv6 on the External network.
+ This option assumes use of Network Isolation IPv6.
+ requires:
+ - environments/network-isolation-v6.yaml
+ - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans.yaml
- title: Single nic with Vlans
+ title: Single NIC with Vlans
+ description: >
+ Configure each role to use Vlans on a single NIC for
+ each isolated network. This option assumes use of Network Isolation.
+ requires:
+ - environments/network-isolation.yaml
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/net-single-nic-with-vlans-no-external.yaml
+ title: Single NIC with Vlans No External Ports
+ description: >
+ Configure each role to use Vlans on a single NIC for
+ each isolated network. This option assumes use of Network Isolation.
+ Sets external ports to noop.
+ requires:
+ - environments/network-isolation.yaml
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
+ title: Single NIC with Linux Bridge Vlans
description: >
- Configure each role to use Vlans on a single nic for
+ Configure each role to use Vlans on a single NIC for
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- overcloud-resource-registry-puppet.yaml
+ - file: environments/net-single-nic-with-vlans-v6.yaml
+ title: Single NIC with Vlans IPv6
+ description: >
+ Configures each role to use Vlans on a single NIC for
+ each isolated network with IPv6 on the External network.
+ This option assumes use of Network Isolation IPv6
+ requires:
+ - environments/network-isolation-v6.yaml
+ - overcloud-resource-registry-puppet.yaml
+ - title: Management Network
+ description: >
+ Enable the creation of a system management network. This
+ creates a Neutron network for isolated Overcloud
+ system management traffic and configures each role to
+ assign a port (related to that role) on that network.
+ environments:
+ - file: environments/network-management.yaml
+ title: Management Network
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/network-management-v6.yaml
+ title: Management Network IPv6
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Neutron Plugin Configuration
description:
environment_groups:
- - title: BigSwitch extensions or Cisco N1KV backend
- description:
+ - title: Neutron Plugins
+ description: >
+ Enable various Neutron plugins and backends
environments:
- file: environments/neutron-ml2-bigswitch.yaml
- title: BigSwitch extensions
+ title: BigSwitch Extensions
description: >
Enable Big Switch extensions, configured via puppet
requires:
@@ -131,28 +310,101 @@ topics:
Enable a Cisco N1KV backend, configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Cisco Neutron plugin
- description: >
- Enable a Cisco Neutron plugin
- environments:
- file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
title: Cisco Neutron plugin
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ - file: environments/neutron-midonet.yaml
+ title: Deploy MidoNet Services
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/neutron-nuage-config.yaml
+ title: Neutron Nuage backend
+ description: Enables Neutron Nuage backend on the controller
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/neutron-opencontrail.yaml
+ title: OpenContrail Extensions
+ description: Enables OpenContrail extensions
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/neutron-opendaylight.yaml
+ title: OpenDaylight
+ description: Enables OpenDaylight
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/neutron-opendaylight-l3.yaml
+ title: OpenDaylight with L3 DVR
+ description: Enables OpenDaylight with L3 DVR
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/neutron-ovs-dpdk.yaml
+ title: DPDK with OVS
+ description: Deploy DPDK with OVS
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/neutron-ovs-dvr.yaml
+ title: DVR
+ description: Enables DVR in the Overcloud
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/neutron-plumgrid.yaml
+ title: PLUMgrid extensions
+ description: Enables PLUMgrid extensions
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+
+ - title: Nova Extensions
+ description:
+ environment_groups:
+ - title: Nova Extensions
+ description:
+ environments:
+ - file: environments/nova-nuage-config.yaml
+ title: Nuage backend
+ description: >
+ Enables Nuage backend on the Compute
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Storage
description:
environment_groups:
- - title: Cinder NetApp backend
+ - title: Cinder backup service
+ description:
+ environments:
+ - file: environments/cinder-backup.yaml
+ title: Cinder backup service
+ description: >
+ OpenStack Cinder Backup service with Pacemaker configured
+ with Puppet
+ requires:
+ - environments/puppet-pacemaker.yaml
+ - overcloud-resource-registry-puppet.yaml
+ - title: Cinder backend
description: >
- Enable a Cinder NetApp backend, configured via puppet
+ Enable various Cinder backends
environments:
- file: environments/cinder-netapp-config.yaml
title: Cinder NetApp backend
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ - file: environments/cinder-dellsc-config.yaml
+ title: Cinder Dell Storage Center ISCSI backend
+ description: >
+ Enables a Cinder Dell Storage Center ISCSI backend, configured
+ via puppet
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/cinder-eqlx-config.yaml
+ title: Cinder EQLX backend
+ description: >
+ Enables a Cinder EQLX backend, configured via puppet
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Externally managed Ceph
description: >
Enable the use of an externally managed Ceph cluster
@@ -224,3 +476,31 @@ topics:
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ - title: Manage Firewall
+ description:
+ environments:
+ - file: environments/manage-firewall.yaml
+ title: Manage Firewall
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+
+ - title: Operational Tools
+ description:
+ environment_groups:
+ - title: Monitoring agents
+ description: Enable monitoring agents
+ environments:
+ - file: environments/monitoring-environment.yaml
+ title: enable monitoring agents
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: Centralized logging support
+ description: Enable centralized logging clients (fluentd)
+ environments:
+ - file: environments/logging-environment.yaml
+ title: Enable fluentd client
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
diff --git a/default_passwords.yaml b/default_passwords.yaml
new file mode 100644
index 00000000..7a47f443
--- /dev/null
+++ b/default_passwords.yaml
@@ -0,0 +1,25 @@
+heat_template_version: 2016-10-14
+
+description: Passwords we manage at the top level
+
+parameters:
+ DefaultMysqlRootPassword:
+ type: string
+ DefaultRabbitCookie:
+ type: string
+ DefaultHeatAuthEncryptionKey:
+ type: string
+ DefaultPcsdPassword:
+ type: string
+ DefaultHorizonSecret:
+ type: string
+
+outputs:
+ passwords:
+ description: Password data
+ value:
+ mysql_root_password: {get_param: DefaultMysqlRootPassword}
+ rabbit_cookie: {get_param: DefaultRabbitCookie}
+ heat_auth_encryption_key: {get_param: DefaultHeatAuthEncryptionKey}
+ pcsd_password: {get_param: DefaultPcsdPassword}
+ horizon_secret: {get_param: DefaultHorizonSecret}
diff --git a/deployed-server/README.rst b/deployed-server/README.rst
new file mode 100644
index 00000000..ce74e77b
--- /dev/null
+++ b/deployed-server/README.rst
@@ -0,0 +1,129 @@
+TripleO with Deployed Servers
+=============================
+
+The deployed-server set of templates can be used to deploy TripleO via
+tripleo-heat-templates to servers that are already installed with a base
+operating system.
+
+When OS::TripleO::Server is mapped to the deployed-server.yaml template via the
+provided deployed-server-environment.yaml resource registry, Nova and Ironic
+are not used to create any server instances. Heat continues to create the
+SoftwareDeployment resources, and they are made available to the already
+deployed and running servers.
+
+Template Usage
+--------------
+To use these templates pass the included environment file to the deployment
+command::
+
+ -e deployed-server/deployed-server-environment.yaml
+
+Deployed Server configuration
+-----------------------------
+It is currently assumed that the deployed servers being used have the required
+set of software and packages already installed on them. These exact
+requirements must match how such a server would look if it were deployed the
+standard way via Ironic using the TripleO overcloud-full image.
+
+An easy way to help get this setup for development is to use an overcloud-full
+image from an already existing TripleO setup. Create the vm's for the already
+deployed server, and use the overcloud-full image as their disk.
+
+Each server must have a fqdn set that resolves to an IP address on a routable
+network (e.g., the hostname should not resolve to 127.0.0.1). The hostname
+will be detected on each server via the hostnamectl --static command.
+
+Each server also must have a route to the configured IP address on the
+undercloud where the OpenStack services are listening. This is the value for
+local_ip in the undercloud.conf.
+
+It's recommended that each server have at least 2 nic's. One used for external
+management such as ssh, and one used for the OpenStack deployment itself. Since
+the overcloud deployment will reconfigure networking on the configured nic to
+be used by OpenStack, the external management nic is needed as a fallback so
+that all connectivity is not lost in case of a configuration error. Be sure to
+use correct nic config templates as needed, since the nodes will not receive
+dhcp from the undercloud neutron-dhcp-agent service.
+
+For example, the net-config-static-bridge.yaml template could be used for
+controllers, and the net-config-static.yaml template could be used for computes
+by specifying:
+
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: /home/stack/deployed-server/tripleo-heat-templates/net-config-static-bridge.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: /home/stack/deployed-server/tripleo-heat-templates/net-config-static.yaml
+
+In a setup where the first nic on the servers is used for external management,
+set the nic's to be used for OpenStack to nic2:
+
+parameter_defaults:
+ NeutronPublicInterface: nic2
+ HypervisorNeutronPublicInterface: nic2
+
+The above nic config templates also require a route to the ctlplane network to
+be defined. Define the needed parameters as necessary for your environment, for
+example:
+
+parameter_defaults:
+ ControlPlaneDefaultRoute: 192.168.122.130
+ ControlPlaneSubnetCidr: "24"
+ EC2MetadataIp: "192.0.2.1"
+
+In this example, 192.168.122.130 is the external management IP of an
+undercloud, thus it is the default route for the configured local_ip value of
+192.0.2.1.
+
+
+os-collect-config
+-----------------
+os-collect-config on each deployed server must be manually configured to poll
+the Heat API for the available SoftwareDeployments. An example configuration
+for /etc/os-collect-config.conf looks like:
+
+ [DEFAULT]
+ collectors=heat
+ command=os-refresh-config
+
+ [heat]
+ # you can get these values from stackrc on the undercloud
+ user_id=<a user that can connect to heat> # note this must be the ID, not the username
+ password=<a password>
+ auth_url=<keystone url>
+ project_id=<project_id> # note, this must be the ID, not project name
+ stack_id=<stack_id>
+ resource_name=<resource_name>
+
+Note that the stack_id value is the id of the nested stack containing the
+resource (identified by resource_name) implemented by the deployed-server.yaml
+templates.
+
+Once the configuration for os-collect-config has been defined, the service
+needs to be restarted. Once restarted, it will start polling Heat and applying
+the SoftwareDeployments.
+
+A sample script at deployed-server/scripts/get-occ-config.sh is included that
+will automatically generate the os-collect-config configuration needed on each
+server, ssh to each server, copy the configuration, and restart the
+os-collect-config service.
+
+.. warning::
+ The get-occ-config.sh script is not intended for production use, as it
+ copies admin credentials to each of the deployed nodes.
+
+The script can only be used once the stack id's of the nested deployed-server
+stacks have been created via Heat. This usually only takes a couple of minutes
+once the deployment command has been started. Once the following output is seen
+from the deployment command, the script should be ready to run:
+
+ [Controller]: CREATE_IN_PROGRESS state changed
+ [NovaCompute]: CREATE_IN_PROGRESS state changed
+
+The user running the script must be able to ssh as root to each server. Define
+the hostnames of the deployed servers you intend to use for each role type::
+
+ export controller_hosts="controller0 controller1 controller2"
+ export compute_hosts="compute0"
+
+Then run the script on the undercloud with a stackrc file sourced, and
+the script will copy the needed os-collect-config.conf configuration to each
+server and restart the os-collect-config service.
diff --git a/deployed-server/ctlplane-port.yaml b/deployed-server/ctlplane-port.yaml
new file mode 100644
index 00000000..eb10fba0
--- /dev/null
+++ b/deployed-server/ctlplane-port.yaml
@@ -0,0 +1,23 @@
+heat_template_version: 2014-10-16
+
+parameters:
+ Hostname:
+ type: string
+
+resources:
+
+ ControlPlanePort:
+ type: OS::Neutron::Port
+ properties:
+ network: ctlplane
+ name:
+ list_join:
+ - '-'
+ - - {get_param: Hostname}
+ - ctlplane
+ - port
+ replacement_policy: AUTO
+
+outputs:
+ ip_address:
+ value: {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]}
diff --git a/deployed-server/deployed-server-config.yaml b/deployed-server/deployed-server-config.yaml
new file mode 100644
index 00000000..8c59dc72
--- /dev/null
+++ b/deployed-server/deployed-server-config.yaml
@@ -0,0 +1,22 @@
+heat_template_version: 2014-10-16
+parameters:
+ user_data_format:
+ type: string
+ default: SOFTWARE_CONFIG
+
+resources:
+ # We just need something which returns a unique ID, but we can't
+ # use RandomString because RefId returns the value, not the physical
+ # resource ID, SoftwareConfig should work as it returns a UUID
+ deployed-server-config:
+ type: OS::Heat::SoftwareConfig
+
+outputs:
+ # FIXME(shardy) this is needed because TemplateResource returns an
+ # ARN not a UUID, which overflows the Deployment server_id column..
+ user_data_format:
+ value: SOFTWARE_CONFIG
+ OS::stack_id:
+ value: {get_resource: deployed-server-config}
+
+
diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml
new file mode 100644
index 00000000..da5698e5
--- /dev/null
+++ b/deployed-server/deployed-server.yaml
@@ -0,0 +1,115 @@
+heat_template_version: 2014-10-16
+parameters:
+ image:
+ type: string
+ default: unused
+ flavor:
+ type: string
+ default: unused
+ key_name:
+ type: string
+ default: unused
+ security_groups:
+ type: json
+ default: []
+ # Require this so we can validate the parent passes the
+ # correct value
+ user_data_format:
+ type: string
+ user_data:
+ type: string
+ default: ''
+ name:
+ type: string
+ default: ''
+ image_update_policy:
+ type: string
+ default: ''
+ networks:
+ type: comma_delimited_list
+ default: ''
+ metadata:
+ type: json
+ default: {}
+ software_config_transport:
+ default: POLL_SERVER_CFN
+ type: string
+ scheduler_hints:
+ type: json
+ description: Optional scheduler hints to pass to nova
+ default: {}
+
+resources:
+ # We just need something which returns a unique ID, but we can't
+ # use RandomString because RefId returns the value, not the physical
+ # resource ID, SoftwareConfig should work as it returns a UUID
+ deployed-server:
+ type: OS::TripleO::DeployedServerConfig
+ properties:
+ user_data_format: SOFTWARE_CONFIG
+
+ InstanceIdConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ instance-id: {get_attr: [deployed-server, "OS::stack_id"]}
+
+ InstanceIdDeployment:
+ type: OS::Heat::StructuredDeployment
+ properties:
+ config: {get_resource: InstanceIdConfig}
+ server: {get_resource: deployed-server}
+
+ HostsEntryConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ set -eux
+ mkdir -p $heat_outputs_path
+ host=$(hostnamectl --static)
+ echo -n "$host " > $heat_outputs_path.hosts_entry
+ host_ip=$(python -c "import socket; print socket.gethostbyname(\"$host\")")
+ echo -n "$host_ip " >> $heat_outputs_path.hosts_entry
+ echo >> $heat_outputs_path.hosts_entry
+ cat $heat_outputs_path.hosts_entry
+ echo -n $host_ip > $heat_outputs_path.ip_address
+ cat $heat_outputs_path.ip_address
+ echo -n $host > $heat_outputs_path.hostname
+ cat $heat_outputs_path.hostname
+ outputs:
+ - name: hosts_entry
+ description: hosts_entry
+ - name: ip_address
+ description: ip_address
+ - name: hostname
+ description: hostname
+
+ HostsEntryDeployment:
+ type: OS::Heat::SoftwareDeployment
+ properties:
+ config: {get_resource: HostsEntryConfig}
+ server: {get_resource: deployed-server}
+
+ ControlPlanePort:
+ type: OS::TripleO::DeployedServer::ControlPlanePort
+ properties:
+ Hostname: {get_attr: [HostsEntryDeployment, hostname]}
+
+outputs:
+ # FIXME(shardy) this is needed because TemplateResource returns an
+ # ARN not a UUID, which overflows the Deployment server_id column..
+ OS::stack_id:
+ value: {get_attr: [deployed-server, "OS::stack_id"]}
+ networks:
+ value:
+ ctlplane:
+ - {get_attr: [ControlPlanePort, ip_address]}
+ name:
+ value: {get_attr: [HostsEntryDeployment, hostname]}
+ hosts_entry:
+ value: {get_attr: [HostsEntryDeployment, hosts_entry]}
+ ip_address:
+ value: {get_attr: [HostsEntryDeployment, ip_address]}
diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh
new file mode 100755
index 00000000..2c01174e
--- /dev/null
+++ b/deployed-server/scripts/get-occ-config.sh
@@ -0,0 +1,113 @@
+#!/bin/bash
+
+set -eux
+
+SLEEP_TIME=5
+
+CONTROLLER_HOSTS=${CONTROLLER_HOSTS:-""}
+COMPUTE_HOSTS=${COMPUTE_HOSTS:-""}
+BLOCKSTORAGE_HOSTS=${BLOCKSTORAGE_HOSTS:-""}
+OBJECTSTORAGE_HOSTS=${OBJECTSTORAGE_HOSTS:-""}
+CEPHSTORAGE_HOSTS=${CEPHSTORAGE_HOSTS:-""}
+SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"~/.ssh/id_rsa"}
+SSH_OPTIONS="-tt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Verbose -o PasswordAuthentication=no -o ConnectionAttempts=32"
+
+read -a Controller_hosts_a <<< $CONTROLLER_HOSTS
+read -a Compute_hosts_a <<< $COMPUTE_HOSTS
+read -a BlockStorage_hosts_a <<< $BLOCKSTORAGE_HOSTS
+read -a ObjectStorage_hosts_a <<< $OBJECTSTORAGE_HOSTS
+read -a CephStorage_hosts_a <<< $CEPHSTORAGE_HOSTS
+
+roles="Controller Compute BlockStorage ObjectStorage CephStorage"
+admin_user_id=$(openstack user show admin -c id -f value)
+admin_project_id=$(openstack project show admin -c id -f value)
+
+function check_stack {
+ local stack_to_check=$1
+
+ if [ "$stack_to_check" = "|" ]; then
+ echo Stack not created
+ return 1
+ fi
+
+ echo Checking if $1 stack is created
+ set +e
+ heat resource-list $stack_to_check
+ rc=$?
+ set -e
+
+ if [ ! "$rc" = "0" ]; then
+ echo Stack $1 not yet created
+ fi
+
+ return $rc
+}
+
+
+for role in $roles; do
+ while ! check_stack overcloud; do
+ sleep $SLEEP_TIME
+ done
+
+ rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}')
+ while ! check_stack $rg_stack; do
+ sleep $SLEEP_TIME
+ rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}')
+ done
+
+ stacks=$(heat resource-list $rg_stack | grep OS::TripleO::$role | awk '{print $4}')
+
+ i=0
+
+ for stack in $stacks; do
+ server_resource_name=$role
+ if [ "$server_resource_name" = "Compute" ]; then
+ server_resource_name="NovaCompute"
+ fi
+
+ server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}')
+ while ! check_stack $server_stack; do
+ sleep $SLEEP_TIME
+ server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}')
+ done
+
+ deployed_server_stack=$(heat resource-list $server_stack | grep "deployed-server" | awk '{print $4}')
+
+ echo "======================"
+ echo "$role$i os-collect-config.conf configuration:"
+
+ config="
+[DEFAULT]
+collectors=heat
+command=os-refresh-config
+polling_interval=30
+
+[heat]
+user_id=$admin_user_id
+password=$OS_PASSWORD
+auth_url=$OS_AUTH_URL
+project_id=$admin_project_id
+stack_id=$deployed_server_stack
+resource_name=deployed-server-config"
+
+ echo "$config"
+ echo "======================"
+ echo
+
+
+ host=
+ eval host=\${${role}_hosts_a[i]}
+ if [ -n "$host" ]; then
+ # Delete the os-collect-config.conf template so our file won't get
+ # overwritten
+ ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo /bin/rm -f /usr/libexec/os-apply-config/templates/etc/os-collect-config.conf
+ ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host "echo \"$config\" > os-collect-config.conf"
+ ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo cp os-collect-config.conf /etc/os-collect-config.conf
+ ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl restart os-collect-config
+ fi
+
+ let i+=1
+
+ done
+
+done
diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml
index 3c4a9413..60b831be 100644
--- a/docker/compute-post.yaml
+++ b/docker/compute-post.yaml
@@ -5,8 +5,8 @@ description: >
parameters:
servers:
type: json
- NodeConfigIdentifiers:
- type: json
+ DeployIdentifier:
+ type: string
description: Value which changes if the node configuration may need to be re-applied
DockerNamespace:
type: string
@@ -38,6 +38,14 @@ parameters:
NeutronOpenvswitchAgentOvsVolume:
type: string
default: " "
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
+ RoleData:
+ type: json
+ default: {}
+
resources:
@@ -56,7 +64,11 @@ resources:
outputs:
- name: result
config:
- get_file: ../puppet/manifests/overcloud_compute.pp
+ list_join:
+ - ''
+ - - get_file: ../puppet/manifests/overcloud_compute.pp
+ - {get_param: StepConfig}
+
ComputePuppetDeployment:
type: OS::Heat::SoftwareDeployments
@@ -65,7 +77,7 @@ resources:
servers: {get_param: servers}
config: {get_resource: ComputePuppetConfig}
input_values:
- update_identifier: {get_param: NodeConfigIdentifiers}
+ update_identifier: {get_param: DeployIdentifier}
tripleo::packages::enable_install: True
CopyEtcConfig:
diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml
index 2858552f..f6d61e2d 100644
--- a/docker/firstboot/install_docker_agents.yaml
+++ b/docker/firstboot/install_docker_agents.yaml
@@ -6,7 +6,7 @@ parameters:
default: heat-docker-agents
DockerNamespace:
type: string
- default: kollaglue
+ default: tripleoupstream
DockerNamespaceIsRegistry:
type: boolean
default: false
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index cb8b2a5d..65c4e6dc 100644
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -1,14 +1,38 @@
#!/bin/bash
set -eux
-# firstboot isn't split out by role yet so we handle it this way
-if ! hostname | grep compute &>/dev/null; then
- echo "Exiting. This script is only for the compute role."
- exit 0
+/sbin/setenforce 0
+/sbin/modprobe ebtables
+
+# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes
+chmod 666 /dev/pts/ptmx
+
+# We need hostname -f to return in a centos container for the puppet hook
+HOSTNAME=$(hostname)
+echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
+
+# update docker for local insecure registry(optional)
+# Note: This is different for different docker versions
+# For older docker versions < 1.4.x use commented line
+#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
+#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
+
+# Local docker registry 1.8
+if [ $docker_namespace_is_registry ]; then
+ /usr/bin/systemctl stop docker.service
+ # if namespace is used with local registry, trim all namespacing
+ trim_var=$docker_registry
+ registry_host="${trim_var%%/*}"
+ /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry[ ]'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker
+ /usr/bin/systemctl start --no-block docker.service
fi
+/usr/bin/docker pull $agent_image &
+DOCKER_PULL_PID=$!
+
mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container
+
# heat-docker-agents service
cat <<EOF > /etc/systemd/system/heat-docker-agents.service
@@ -22,7 +46,6 @@ User=root
Restart=on-failure
ExecStartPre=-/usr/bin/docker kill heat-agents
ExecStartPre=-/usr/bin/docker rm heat-agents
-ExecStartPre=/usr/bin/docker pull $agent_image
ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image
ExecStop=/usr/bin/docker stop heat-agents
@@ -31,30 +54,6 @@ WantedBy=multi-user.target
EOF
-# update docker for local insecure registry(optional)
-# Note: This is different for different docker versions
-# For older docker versions < 1.4.x use commented line
-#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
-#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
-
-# Local docker registry 1.8
-if [ $docker_namespace_is_registry ]; then
- # if namespace is used with local registry, trim all namespacing
- trim_var=$docker_registry
- registry_host="${trim_var%%/*}"
- /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker
-fi
-
-/sbin/setenforce 0
-/sbin/modprobe ebtables
-
-# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes
-chmod 666 /dev/pts/ptmx
-
-# We need hostname -f to return in a centos container for the puppet hook
-HOSTNAME=$(hostname)
-echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
-
# enable and start heat-docker-agents
chmod 0640 /etc/systemd/system/heat-docker-agents.service
/usr/bin/systemctl enable heat-docker-agents.service
@@ -82,3 +81,5 @@ AUTO_EXTEND_POOL=yes
POOL_AUTOEXTEND_PERCENT=30
POOL_AUTOEXTEND_THRESHOLD=70
EOF
+
+wait $DOCKER_PULL_PID
diff --git a/environments/ceph-radosgw.yaml b/environments/ceph-radosgw.yaml
new file mode 100644
index 00000000..a9221a2a
--- /dev/null
+++ b/environments/ceph-radosgw.yaml
@@ -0,0 +1,5 @@
+resource_registry:
+ OS::TripleO::Services::CephRgw: ../puppet/services/ceph-rgw.yaml
+ OS::TripleO::Services::SwiftProxy: OS::Heat::None
+ OS::TripleO::Services::SwiftStorage: OS::Heat::None
+ OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
diff --git a/environments/cinder-backup.yaml b/environments/cinder-backup.yaml
new file mode 100644
index 00000000..f01fcbd9
--- /dev/null
+++ b/environments/cinder-backup.yaml
@@ -0,0 +1,4 @@
+resource_registry:
+ OS::TripleO::Services::CinderBackup: ../puppet/services/pacemaker/cinder-backup.yaml
+ # For non-pcmk managed implementation
+ # OS::TripleO::Services::CinderBackup: ../puppet/services/cinder-backup.yaml \ No newline at end of file
diff --git a/environments/deployed-server-environment.yaml b/environments/deployed-server-environment.yaml
new file mode 100644
index 00000000..c63d399a
--- /dev/null
+++ b/environments/deployed-server-environment.yaml
@@ -0,0 +1,4 @@
+resource_registry:
+ OS::TripleO::Server: ../deployed-server/deployed-server.yaml
+ OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml
+ OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/ctlplane-port.yaml
diff --git a/environments/deployed-server-noop-ctlplane.yaml b/environments/deployed-server-noop-ctlplane.yaml
new file mode 100644
index 00000000..cfda314d
--- /dev/null
+++ b/environments/deployed-server-noop-ctlplane.yaml
@@ -0,0 +1,4 @@
+resource_registry:
+ OS::TripleO::Server: ../deployed-server/deployed-server.yaml
+ OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml
+ OS::TripleO::DeployedServer::ControlPlanePort: OS::Heat::None
diff --git a/environments/docker.yaml b/environments/docker.yaml
index a7e2504c..c03d8511 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -5,8 +5,6 @@ resource_registry:
parameter_defaults:
NovaImage: atomic-image
-
-parameter_defaults:
# Defaults to 'tripleoupstream'. Specify a local docker registry
# Example: 192.0.2.1:8787/tripleoupstream
DockerNamespace: tripleoupstream
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml
index b4c3f08b..39ded654 100644
--- a/environments/enable-tls.yaml
+++ b/environments/enable-tls.yaml
@@ -1,52 +1,12 @@
+# Use this environment to pass in certificates for SSL deployments.
+# For these values to take effect, one of the tls-endpoints-*.yaml environments
+# must also be used.
parameter_defaults:
SSLCertificate: |
The contents of your certificate go here
SSLIntermediateCertificate: ''
SSLKey: |
The contents of the private key go here
- EndpointMap:
- AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
- AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
- AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
- CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
- CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
- CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
- CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
- CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
- CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
- GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
- GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
- GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
- GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
- GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
- GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
- GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
- HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
- HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
- HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
- HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
- HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
- HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
- HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
- KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
- KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
- KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
- MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
- NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
- NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
- NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
- NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
- NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
- NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
- NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
- NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
- NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
- SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
- SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
- SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
- SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
resource_registry:
OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
new file mode 100644
index 00000000..cee4ae4a
--- /dev/null
+++ b/environments/hyperconverged-ceph.yaml
@@ -0,0 +1,11 @@
+# If not using an isolated StorageMgmt network, the following regitry mapping
+# should be commented.
+resource_registry:
+ OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
+
+parameter_defaults:
+ ComputeServices:
+ - OS::TripleO::Services::CephOSD
+
+parameter_merge_strategies:
+ ComputeServices: merge \ No newline at end of file
diff --git a/environments/inject-trust-anchor-hiera.yaml b/environments/inject-trust-anchor-hiera.yaml
new file mode 100644
index 00000000..b4908c1b
--- /dev/null
+++ b/environments/inject-trust-anchor-hiera.yaml
@@ -0,0 +1,8 @@
+parameter_defaults:
+ CAMap:
+ first-ca-name:
+ content: |
+ The content of the CA cert goes here
+ second-ca-name:
+ content: |
+ The content of the CA cert goes here
diff --git a/environments/ips-from-pool-all.yaml b/environments/ips-from-pool-all.yaml
index f660d501..87563753 100644
--- a/environments/ips-from-pool-all.yaml
+++ b/environments/ips-from-pool-all.yaml
@@ -5,30 +5,36 @@ resource_registry:
OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool.yaml
OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml
OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml
+ # Management network is optional and disabled by default
+ #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_from_pool.yaml
OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml
OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml
OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage_from_pool.yaml
OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml
OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml
+ #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management_from_pool.yaml
OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml
OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml
OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage_from_pool.yaml
OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml
OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml
+ #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management_from_pool.yaml
OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml
OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml
OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage_from_pool.yaml
OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml
OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml
+ #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management_from_pool.yaml
OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml
OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml
OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage_from_pool.yaml
OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml
OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml
+ #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management_from_pool.yaml
parameter_defaults:
ControllerIPs:
@@ -43,6 +49,8 @@ parameter_defaults:
- 172.16.3.251
tenant:
- 172.16.0.251
+ #management:
+ #- 172.16.4.251
NovaComputeIPs:
# Each compute will get an IP from the lists below, first compute, first IP
internal_api:
@@ -51,12 +59,16 @@ parameter_defaults:
- 172.16.1.252
tenant:
- 172.16.0.252
+ #management:
+ #- 172.16.4.252
CephStorageIPs:
# Each ceph node will get an IP from the lists below, first node, first IP
storage:
- 172.16.1.253
storage_mgmt:
- 172.16.3.253
+ #management:
+ #- 172.16.4.253
SwiftStorageIPs:
# Each swift node will get an IP from the lists below, first node, first IP
internal_api:
@@ -65,6 +77,8 @@ parameter_defaults:
- 172.16.1.254
storage_mgmt:
- 172.16.3.254
+ #management:
+ #- 172.16.4.254
BlockStorageIPs:
# Each cinder node will get an IP from the lists below, first node, first IP
internal_api:
@@ -73,3 +87,5 @@ parameter_defaults:
- 172.16.1.250
storage_mgmt:
- 172.16.3.250
+ #management:
+ #- 172.16.4.250
diff --git a/environments/logging-environment.yaml b/environments/logging-environment.yaml
new file mode 100644
index 00000000..eefa7026
--- /dev/null
+++ b/environments/logging-environment.yaml
@@ -0,0 +1,29 @@
+## A Heat environment file which can be used to set up
+## logging agents
+
+resource_registry:
+ OS::TripleO::Services::FluentdClient: ../puppet/services/logging/fluentd-client.yaml
+
+parameter_defaults:
+
+## Simple configuration
+#
+# LoggingServers:
+# - host: log0.example.com
+# port: 24224
+# - host: log1.example.com
+# port: 24224
+#
+## Example SSL configuration
+## (note the use of port 24284 for ssl connections)
+#
+# LoggingServers:
+# - host: 192.0.2.11
+# port: 24284
+# LoggingUsesSSL: true
+# LoggingSharedKey: secret
+# LoggingSSLCertificate: |
+# -----BEGIN CERTIFICATE-----
+# ...certificate data here...
+# -----END CERTIFICATE-----
+
diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml
new file mode 100644
index 00000000..ad428686
--- /dev/null
+++ b/environments/low-memory-usage.yaml
@@ -0,0 +1,15 @@
+# Lower the memory usage of overcloud.
+parameter_defaults:
+ CeilometerWorkers: 1
+ CinderWorkers: 1
+ GlanceWorkers: 1
+ HeatWorkers: 1
+ KeystoneWorkers: 1
+ NeutronWorkers: 1
+ NovaWorkers: 1
+ SaharaWorkers: 1
+ SwiftWorkers: 1
+ GnocchiMetricdWorkers: 1
+
+ ApacheMaxRequestWorkers: 32
+ ApacheServerLimit: 32
diff --git a/environments/major-upgrade-aodh-migration.yaml b/environments/major-upgrade-aodh-migration.yaml
new file mode 100644
index 00000000..9d6ce73e
--- /dev/null
+++ b/environments/major-upgrade-aodh-migration.yaml
@@ -0,0 +1,6 @@
+resource_registry:
+ # aodh data migration
+ OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml
+
+ # no-op the rest
+ OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/major-upgrade-pacemaker-init.yaml b/environments/major-upgrade-pacemaker-init.yaml
index d98a9cdd..f4f361df 100644
--- a/environments/major-upgrade-pacemaker-init.yaml
+++ b/environments/major-upgrade-pacemaker-init.yaml
@@ -1,11 +1,6 @@
parameter_defaults:
- UpgradeLevelNovaCompute: liberty
+ UpgradeLevelNovaCompute: mitaka
resource_registry:
OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml
- OS::TripleO::Tasks::PackageUpdate: ../extraconfig/tasks/yum_update_noop.yaml
- OS::TripleO::ControllerPostDeployment: OS::Heat::None
- OS::TripleO::ComputePostDeployment: OS::Heat::None
- OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None
- OS::TripleO::BlockStoragePostDeployment: OS::Heat::None
- OS::TripleO::CephStoragePostDeployment: OS::Heat::None
+ OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/major-upgrade-pacemaker.yaml b/environments/major-upgrade-pacemaker.yaml
index 61186bb0..9fb51a4d 100644
--- a/environments/major-upgrade-pacemaker.yaml
+++ b/environments/major-upgrade-pacemaker.yaml
@@ -1,11 +1,6 @@
parameter_defaults:
- UpgradeLevelNovaCompute: liberty
+ UpgradeLevelNovaCompute: mitaka
resource_registry:
OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker.yaml
- OS::TripleO::Tasks::PackageUpdate: ../extraconfig/tasks/yum_update_noop.yaml
- OS::TripleO::ControllerPostDeployment: OS::Heat::None
- OS::TripleO::ComputePostDeployment: OS::Heat::None
- OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None
- OS::TripleO::BlockStoragePostDeployment: OS::Heat::None
- OS::TripleO::CephStoragePostDeployment: OS::Heat::None
+ OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml
new file mode 100644
index 00000000..4115d8b2
--- /dev/null
+++ b/environments/manila-cephfsnative-config.yaml
@@ -0,0 +1,18 @@
+# A Heat environment file which can be used to enable a
+# a Manila CephFS Native driver backend.
+resource_registry:
+ OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml
+ OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+ OS::Tripleo::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml
+
+
+parameter_defaults:
+ ManilaCephFSNativeEnableBackend: true
+ ManilaCephFSNativeBackendName: cephfsnative
+ ManilaCephFSNativeDriverHandlesShareServers: false
+ ManilaCephFSNativeCephFSConfPath: '/etc/ceph/cephfs.conf'
+ ManilaCephFSNativeCephFSAuthId: 'manila'
+ ManilaCephFSNativeCephFSClusterName: 'ceph'
+ ManilaCephFSNativeCephFSEnableSnapshots: true
diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml
new file mode 100644
index 00000000..a847a02b
--- /dev/null
+++ b/environments/manila-generic-config.yaml
@@ -0,0 +1,25 @@
+# This environment file enables Manila with the Generic backend.
+resource_registry:
+ OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml
+ OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+ OS::Tripleo::Services::ManilaBackendGeneric: ../puppet/services/manila-backend-generic.yaml
+
+parameter_defaults:
+ ManilaServiceInstanceUser: ''
+ ManilaServiceInstancePassword: ''
+ ManilaServiceInstanceFlavorId: 2
+ ManilaServiceNetworkCidr: '172.16.0.0/16'
+ ManilaGenericEnableBackend: true
+ ManilaGenericBackendName: tripleo_generic
+ ManilaGenericDriverHandlesShareServers: true
+ ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf'
+ ManilaGenericVolumeNameTemplate: 'manila-share-%s'
+ ManilaGenericVolumeSnapshotNameTemplate: 'manila-snapshot-%s'
+ ManilaGenericShareMountPath: '/shares'
+ ManilaGenericMaxTimeToCreateVolume: '180'
+ ManilaGenericMaxTimeToAttach: '120'
+ ManilaGenericServiceInstanceSmbConfigPath: '$share_mount_path/smb.conf'
+ ManilaGenericShareVolumeFsType: 'ext4'
+ ManilaGenericCinderVolumeType: ''
diff --git a/environments/manila-netapp-config.yaml b/environments/manila-netapp-config.yaml
new file mode 100644
index 00000000..98de6adf
--- /dev/null
+++ b/environments/manila-netapp-config.yaml
@@ -0,0 +1,30 @@
+# This environment file enables Manila with the Netapp backend.
+resource_registry:
+ OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml
+ OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+ OS::Tripleo::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml
+
+parameter_defaults:
+ ManilaNetappEnableBackend: true
+ ManilaNetappBackendName: tripleo_netapp
+ ManilaNetappDriverHandlesShareServers: true
+ ManilaNetappLogin: ''
+ ManilaNetappPassword: ''
+ ManilaNetappServerHostname: ''
+ ManilaNetappTransportType: 'http'
+ ManilaNetappStorageFamily: 'ontap_cluster'
+ ManilaNetappServerPort: 80
+ ManilaNetappVolumeNameTemplate: 'share_%(share_id)s'
+ ManilaNetappVserver: ''
+ ManilaNetappVserverNameTemplate: 'os_%s'
+ ManilaNetappLifNameTemplate: 'os_%(net_allocation_id)s'
+ ManilaNetappAggrNameSearchPattern: '(.*)'
+ ManilaNetappRootVolumeAggr: ''
+ ManilaNetappRootVolume: 'root'
+ ManilaNetappPortNameSearchPattern: '(.*)'
+ ManilaNetappTraceFlags: ''
+ ManilaNetappEnabledShareProtocols: 'nfs3, nfs4.0'
+ ManilaNetappVolumeSnapshotReservePercent: 5
+ ManilaNetappSnapmirrorQuiesceTimeout: 3600
diff --git a/environments/monitoring-environment.yaml b/environments/monitoring-environment.yaml
new file mode 100644
index 00000000..a8ad2084
--- /dev/null
+++ b/environments/monitoring-environment.yaml
@@ -0,0 +1,30 @@
+## A Heat environment file which can be used to set up monitoring
+## and logging agents
+
+resource_registry:
+ OS::TripleO::Services::SensuClient: ../puppet/services/monitoring/sensu-client.yaml
+
+parameter_defaults:
+ #### Sensu settings ####
+ ##MonitoringRabbitHost: 10.10.10.10
+ ##MonitoringRabbitPort: 5672
+ ##MonitoringRabbitUserName: sensu
+ ##MonitoringRabbitPassword: sensu
+ ##MonitoringRabbitUseSSL: false
+ ##MonitoringRabbitVhost: "/sensu"
+ ##SensuClientCustomConfig:
+ ## - api:
+ ## - warning: 10
+ ## critical: 20
+ ## openstack:
+ ## - username: admin
+ ## password: changeme
+ ## project_name: admin
+ ## auth_url: http://controller:5000/v2.0
+ ## region_name: RegionOne
+
+ #### EFK settings ####
+ ## TBD
+
+ #### Grafana/Graphite settings ####
+ ## TBD
diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml
index 062c7bee..d0fc9ec6 100644
--- a/environments/network-environment.yaml
+++ b/environments/network-environment.yaml
@@ -15,14 +15,23 @@ resource_registry:
parameter_defaults:
# This section is where deployment-specific configuration is done
+ # CIDR subnet mask length for provisioning network
+ ControlPlaneSubnetCidr: '24'
+ # Gateway router for the provisioning network (or Undercloud IP)
+ ControlPlaneDefaultRoute: 192.0.2.254
+ EC2MetadataIp: 192.0.2.1 # Generally the IP of the Undercloud
# Customize the IP subnets to match the local environment
InternalApiNetCidr: 172.17.0.0/24
StorageNetCidr: 172.18.0.0/24
StorageMgmtNetCidr: 172.19.0.0/24
TenantNetCidr: 172.16.0.0/24
ExternalNetCidr: 10.0.0.0/24
- # CIDR subnet mask length for provisioning network
- ControlPlaneSubnetCidr: '24'
+ # Customize the VLAN IDs to match the local environment
+ InternalApiNetworkVlanID: 20
+ StorageNetworkVlanID: 30
+ StorageMgmtNetworkVlanID: 40
+ TenantNetworkVlanID: 50
+ ExternalNetworkVlanID: 10
# Customize the IP ranges on each network to use for static IPs and VIPs
InternalApiAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}]
StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}]
@@ -32,19 +41,16 @@ parameter_defaults:
ExternalAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.50'}]
# Gateway router for the external network
ExternalInterfaceDefaultRoute: 10.0.0.1
- # Gateway router for the provisioning network (or Undercloud IP)
- ControlPlaneDefaultRoute: 192.0.2.254
- # Generally the IP of the Undercloud
- EC2MetadataIp: 192.0.2.1
+ # Uncomment if using the Management Network (see network-management.yaml)
+ # ManagementNetCidr: 10.0.1.0/24
+ # ManagementAllocationPools: [{'start': '10.0.1.10', 'end', '10.0.1.50'}]
+ # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates
+ # ManagementInterfaceDefaultRoute: 10.0.1.1
# Define the DNS servers (maximum 2) for the overcloud nodes
DnsServers: ["8.8.8.8","8.8.4.4"]
- # Customize the VLAN IDs to match the local environment
- InternalApiNetworkVlanID: 10
- StorageNetworkVlanID: 20
- StorageMgmtNetworkVlanID: 30
- TenantNetworkVlanID: 40
- ExternalNetworkVlanID: 50
# Set to empty string to enable multiple external networks or VLANs
NeutronExternalNetworkBridge: "''"
+ # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling.
+ NeutronTunnelTypes: 'vxlan'
# Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100"
BondInterfaceOvsOptions: "bond_mode=active-backup"
diff --git a/environments/network-isolation.yaml b/environments/network-isolation.yaml
index c0420c5c..737d7d36 100644
--- a/environments/network-isolation.yaml
+++ b/environments/network-isolation.yaml
@@ -1,16 +1,15 @@
# Enable the creation of Neutron networks for isolated Overcloud
# traffic and configure each role to assign ports (related
# to that role) on these networks.
-# Many networks are disabled by default because they are not used
-# in a typical configuration. Override via parameter_defaults.
resource_registry:
OS::TripleO::Network::External: ../network/external.yaml
OS::TripleO::Network::InternalApi: ../network/internal_api.yaml
OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml
OS::TripleO::Network::Storage: ../network/storage.yaml
OS::TripleO::Network::Tenant: ../network/tenant.yaml
- # Management network is optional and disabled by default
- OS::TripleO::Network::Management: OS::Heat::None
+ # Management network is optional and disabled by default.
+ # To enable it, include environments/network-management.yaml
+ #OS::TripleO::Network::Management: ../network/management.yaml
# Port assignments for the VIPs
OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
@@ -19,13 +18,15 @@ resource_registry:
OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
+ # Port assignments for service virtual IPs for the controller role
+ OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml
# Port assignments for the controller role
OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml
OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml
OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml
OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml
- OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/noop.yaml
+ #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml
# Port assignments for the compute role
OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml
@@ -33,7 +34,7 @@ resource_registry:
OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml
OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml
OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml
- OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/noop.yaml
+ #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml
# Port assignments for the ceph storage role
OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml
@@ -41,7 +42,7 @@ resource_registry:
OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml
OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/noop.yaml
+ #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml
# Port assignments for the swift storage role
OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml
@@ -49,7 +50,7 @@ resource_registry:
OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml
OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/noop.yaml
+ #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml
# Port assignments for the block storage role
OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml
@@ -57,7 +58,5 @@ resource_registry:
OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml
OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/noop.yaml
+ #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml
- # Port assignments for service virtual IPs for the controller role
- OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml
diff --git a/environments/network-management-v6.yaml b/environments/network-management-v6.yaml
new file mode 100644
index 00000000..812e84f3
--- /dev/null
+++ b/environments/network-management-v6.yaml
@@ -0,0 +1,25 @@
+# Enable the creation of an IPv6 system management network. This
+# creates a Neutron network for isolated Overcloud
+# system management traffic and configures each role to
+# assign a port (related to that role) on that network.
+# Note that the basic sample NIC configuration templates
+# do not include the management network, see the
+# comments in the sample network config templates in
+# network/config/ for an example.
+resource_registry:
+ OS::TripleO::Network::Management: ../network/management_v6.yaml
+
+ # Port assignments for the controller role
+ OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_v6.yaml
+
+ # Port assignments for the compute role
+ OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management_v6.yaml
+
+ # Port assignments for the ceph storage role
+ OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml
+
+ # Port assignments for the swift storage role
+ OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml
+
+ # Port assignments for the block storage role
+ OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml
diff --git a/environments/network-management.yaml b/environments/network-management.yaml
index 2f0cff8b..041617be 100644
--- a/environments/network-management.yaml
+++ b/environments/network-management.yaml
@@ -4,7 +4,8 @@
# assign a port (related to that role) on that network.
# Note that the basic sample NIC configuration templates
# do not include the management network, see the
-# single-nic-vlans-mgmt templates for an example.
+# comments in the sample network config templates in
+# network/config/ for an example.
resource_registry:
OS::TripleO::Network::Management: ../network/management.yaml
diff --git a/environments/neutron-midonet.yaml b/environments/neutron-midonet.yaml
index 463c1874..c120d0b3 100644
--- a/environments/neutron-midonet.yaml
+++ b/environments/neutron-midonet.yaml
@@ -3,13 +3,17 @@ resource_registry:
OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
OS::TripleO::Controller::Net::SoftwareConfig: ../net-config-linux-bridge.yaml # We have to avoid any ovs bridge. MidoNet is incompatible with its datapath
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ # Override the NeutronCorePlugin to use Nuage
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginMidonet
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-midonet.yaml
parameter_defaults:
EnableZookeeperOnController: true
EnableCassandraOnController: true
NeutronCorePlugin: 'midonet.neutron.plugin_v1.MidonetPluginV2' # Overriding default core_plugin in Neutron. Don't touch it
NeutronEnableIsolatedMetadata: true # MidoNet 1.9 needs this one to work. Don't change it
- NeutronEnableOVSAgent: false
# Other available options for MidoNet Services
# TunnelZoneName: 'tunnelname'
diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml
new file mode 100644
index 00000000..821ad0c2
--- /dev/null
+++ b/environments/neutron-ml2-ovn.yaml
@@ -0,0 +1,18 @@
+# A Heat environment file which can be used to enable OVN
+# extensions, configured via puppet
+resource_registry:
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml
+
+parameter_defaults:
+ NeutronMechanismDrivers: ovn
+ OVNDbHost: '0.0.0.0'
+ OVNSouthboundServerPort: 6642
+ OVNNorthboundServerPort: 6641
+ OVNDbConnectionTimeout: 60
+ OVNVifType: ovs
+ OVNNeutronSyncMode: log
+ OVNQosDriver: ovn-qos
+ OVNTunnelEncapType: geneve
diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml
index 0cd49a20..e157ae35 100644
--- a/environments/neutron-nuage-config.yaml
+++ b/environments/neutron-nuage-config.yaml
@@ -1,9 +1,13 @@
# A Heat environment file which can be used to enable a
# a Neutron Nuage backend on the controller, configured via puppet
resource_registry:
- OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ # Override the NeutronCorePlugin to use Nuage
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNuage
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml
parameter_defaults:
NeutronNuageOSControllerIp: '0.0.0.0'
@@ -17,7 +21,6 @@ parameter_defaults:
UseForwardedFor: true
NeutronCorePlugin: 'neutron.plugins.nuage.plugin.NuagePlugin'
NeutronEnableDHCPAgent: false
- NeutronEnableOVSAgent: false
NeutronServicePlugins: []
NovaOVSBridge: 'alubr0'
controllerExtraConfig:
diff --git a/environments/neutron-opencontrail.yaml b/environments/neutron-opencontrail.yaml
index ceccd132..51575b86 100644
--- a/environments/neutron-opencontrail.yaml
+++ b/environments/neutron-opencontrail.yaml
@@ -1,17 +1,20 @@
# A Heat environment file which can be used to enable OpenContrail
# extensions, configured via puppet
resource_registry:
- OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml
OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ # Override the NeutronCorePlugin to use Nuage
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginOpencontrail
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-opencontrail.yaml
parameter_defaults:
NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
- NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin
- NeutronEnableOVSAgent: false
- NeutronEnableTunnelling: false
+ NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
+ NeutronTunnelTypes: ''
# required params:
#ContrailApiServerIp:
diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml
new file mode 100644
index 00000000..d61270b2
--- /dev/null
+++ b/environments/neutron-opendaylight-l3.yaml
@@ -0,0 +1,14 @@
+# A Heat environment that can be used to deploy OpenDaylight with L3 DVR
+resource_registry:
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml
+ OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+
+parameter_defaults:
+ EnableOpenDaylightOnController: true
+ NeutronEnableForceMetadata: true
+ NeutronMechanismDrivers: 'opendaylight'
+ NeutronServicePlugins: "networking_odl.l3.l3_odl.OpenDaylightL3RouterPlugin"
+ OpenDaylightEnableL3: "'yes'"
diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml
new file mode 100644
index 00000000..8fa2e542
--- /dev/null
+++ b/environments/neutron-opendaylight.yaml
@@ -0,0 +1,11 @@
+# A Heat environment that can be used to deploy OpenDaylight
+resource_registry:
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml
+ OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml
+
+parameter_defaults:
+ EnableOpenDaylightOnController: true
+ NeutronEnableForceMetadata: true
+ NeutronMechanismDrivers: 'opendaylight'
diff --git a/environments/neutron-ovs-dpdk.yaml b/environments/neutron-ovs-dpdk.yaml
new file mode 100644
index 00000000..004b8ac0
--- /dev/null
+++ b/environments/neutron-ovs-dpdk.yaml
@@ -0,0 +1,18 @@
+## A Heat environment that can be used to deploy DPDK with OVS
+resource_registry:
+ OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-dpdk-agent.yaml
+
+parameter_defaults:
+ ## NeutronDpdkCoreList and NeutronDpdkMemoryChannels are REQUIRED settings.
+ ## Attempting to deploy DPDK without appropriate values will cause deployment to fail or lead to unstable deployments.
+ #NeutronDpdkCoreList: ""
+ #NeutronDpdkMemoryChannels: ""
+
+ NeutronDatapathType: "netdev"
+ NeutronVhostuserSocketDir: "/var/run/openvswitch"
+
+ #NeutronDpdkSocketMemory: ""
+ #NeutronDpdkDriverType: "vfio-pci"
+ #NovaReservedHostMemory: 4096
+ #NovaVcpuPinSet: ""
+
diff --git a/environments/neutron-ovs-dvr.yaml b/environments/neutron-ovs-dvr.yaml
new file mode 100644
index 00000000..b658d3a5
--- /dev/null
+++ b/environments/neutron-ovs-dvr.yaml
@@ -0,0 +1,39 @@
+# A Heat environment file that enables DVR in the overcloud.
+# This works by configuring L3 and Metadata agents on the
+# compute nodes.
+resource_registry:
+ OS::TripleO::Services::ComputeNeutronL3Agent: ../puppet/services/neutron-l3-compute-dvr.yaml
+ OS::TripleO::Services::ComputeNeutronMetadataAgent: ../puppet/services/neutron-metadata.yaml
+
+ # With DVR enabled, the Compute nodes also need the br-ex bridge to be
+ # connected to a physical network.
+ OS::TripleO::Compute::Net::SoftwareConfig: ../net-config-bridge.yaml
+
+ # DVR requires a port on the external network for each compute node.
+ # This will usually match the one currently in use for
+ # OS::TripleO::Controller::Ports::ExternalPort.
+ # Please review your network configuration before deploying to ensure that
+ # this is appropriate.
+ OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml
+
+parameter_defaults:
+
+ # DVR requires that the L2 population feature is enabled
+ NeutronMechanismDrivers: ['openvswitch', 'l2population']
+ NeutronEnableL2Pop: 'True'
+
+ # Setting NeutronEnableDVR enables distributed routing support in the
+ # ML2 plugin and agents that support this feature
+ NeutronEnableDVR: true
+
+ # We also need to set the proper agent mode for the L3 agent. This will only
+ # affect the agent on the controller node.
+ NeutronL3AgentMode: 'dvr_snat'
+
+ # L3 HA isn't supported for DVR enabled routers. If upgrading from a system
+ # where L3 HA is enabled and has neutron routers configured, it is
+ # recommended setting this value to true until such time all routers can be
+ # migrated to DVR routers. Once migration of the routers is complete,
+ # NeutronL3HA can be returned to false. All new systems should be deployed
+ # with NeutronL3HA set to false.
+ NeutronL3HA: false
diff --git a/environments/neutron-plumgrid.yaml b/environments/neutron-plumgrid.yaml
index 19f51cfc..87946211 100755
--- a/environments/neutron-plumgrid.yaml
+++ b/environments/neutron-plumgrid.yaml
@@ -1,11 +1,15 @@
# A Heat environment file which can be used to enable PLUMgrid
# extensions, configured via puppet
resource_registry:
- OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml
- # PLUMgrid doesn't require dhcp, l3, and metadata agents
+ # PLUMgrid doesn't require dhcp, l3, metadata, and ovs agents
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ # Override the Neutron core plugin to use PLUMgrid
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginPlumgrid
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-plumgrid.yaml
parameter_defaults:
NeutronCorePlugin: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2
@@ -25,6 +29,3 @@ parameter_defaults:
#Optional Parameters
#PLUMgridNeutronPluginVersion: present
#PLUMgridPlumlibVersion: present
-
- # PLUMgrid doesn't require the ovs agent
- NeutronEnableOVSAgent: false
diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml
new file mode 100755
index 00000000..9b7e51f9
--- /dev/null
+++ b/environments/neutron-sriov.yaml
@@ -0,0 +1,22 @@
+## A Heat environment that can be used to deploy SR-IOV
+resource_registry:
+ OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml
+
+parameter_defaults:
+ NeutronMechanismDrivers: ['openvswitch','sriovnicswitch']
+
+ # Add PciPassthroughFilter to the scheduler default filters
+ #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
+ #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
+
+ # Provide the vendorid:productid of the VFs
+ #NeutronSupportedPCIVendorDevs: ['8086:154c','8086:10ca','8086:1520']
+
+ #NeutronPhysicalDevMappings: "datacentre:ens20f2"
+
+ # Number of VFs that needs to be configured for a physical interface
+ #NeutronSriovNumVFs: "ens20f2:5"
+
+ #NovaPCIPassthrough:
+ # - devname: "ens20f2"
+ # physical_network: "datacentre"
diff --git a/environments/puppet-ceph-devel.yaml b/environments/puppet-ceph-devel.yaml
index a2d1100f..9c8abbb4 100644
--- a/environments/puppet-ceph-devel.yaml
+++ b/environments/puppet-ceph-devel.yaml
@@ -1,6 +1,11 @@
# A Heat environment file which can be used to enable a Ceph
# storage cluster using the controller and ceph nodes.
# Rbd backends are enabled for Cinder, Glance, Gnocchi and Nova.
+resource_registry:
+ OS::TripleO::Services::CephMon: ../puppet/services/ceph-mon.yaml
+ OS::TripleO::Services::CephOSD: ../puppet/services/ceph-osd.yaml
+ OS::TripleO::Services::CephClient: ../puppet/services/ceph-client.yaml
+
parameter_defaults:
#NOTE: These ID's and keys should be regenerated for
# a production deployment. What is here is suitable for
@@ -8,9 +13,10 @@ parameter_defaults:
CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
+ CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
+ CinderBackupBackend: ceph
GlanceBackend: rbd
GnocchiBackend: rbd
CinderEnableIscsiBackend: false
- ControllerEnableCephStorage: true
diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml
index 865e0b98..06e4f7aa 100644
--- a/environments/puppet-ceph-external.yaml
+++ b/environments/puppet-ceph-external.yaml
@@ -1,10 +1,13 @@
# A Heat environment file which can be used to enable the
# use of an externally managed Ceph cluster.
resource_registry:
- OS::TripleO::CephClusterConfig::SoftwareConfig: ../puppet/extraconfig/ceph/ceph-external-config.yaml
+ OS::TripleO::Services::CephExternal: ../puppet/services/ceph-external.yaml
+ OS::TripleO::Services::CephMon: OS::Heat::None
+ OS::TripleO::Services::CephClient: OS::Heat::None
+ OS::TripleO::Services::CephOSD: OS::Heat::None
parameter_defaults:
- # NOTE: These example parameters are required when using Ceph External
+ # NOTE: These example parameters are required when using CephExternal
#CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
#CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
#CephExternalMonHost: '172.16.1.7, 172.16.1.8'
@@ -12,6 +15,7 @@ parameter_defaults:
# the following parameters enable Ceph backends for Cinder, Glance, Gnocchi and Nova
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
+ CinderBackupBackend: ceph
GlanceBackend: rbd
GnocchiBackend: rbd
# If the Ceph pools which host VMs, Volumes and Images do not match these
@@ -25,3 +29,6 @@ parameter_defaults:
# finally we disable the Cinder LVM backend
CinderEnableIscsiBackend: false
+
+ # Backward compatibility setting, will be removed in the future
+ CephAdminKey: ''
diff --git a/environments/puppet-pacemaker-no-restart.yaml b/environments/puppet-pacemaker-no-restart.yaml
new file mode 100644
index 00000000..67d8692d
--- /dev/null
+++ b/environments/puppet-pacemaker-no-restart.yaml
@@ -0,0 +1,3 @@
+# use this file *in addition* to puppet-pacemaker.yaml
+resource_registry:
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: OS::Heat::None
diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml
index 679b79cb..8cfbab6d 100644
--- a/environments/puppet-pacemaker.yaml
+++ b/environments/puppet-pacemaker.yaml
@@ -4,21 +4,15 @@ resource_registry:
OS::TripleO::ControllerConfig: ../puppet/controller-config-pacemaker.yaml
OS::TripleO::Tasks::ControllerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# custom pacemaker services
- # NOTE: For now we will need to specify overrides to all services
- # which use pacemaker. In the future (with upcoming HA light work) this
- # list will hopefully be much smaller however.
- OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml
- OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml
- OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml
- OS::TripleO::Services::HeatApi: ../puppet/services/pacemaker/heat-api.yaml
- OS::TripleO::Services::HeatApiCfn: ../puppet/services/pacemaker/heat-api-cfn.yaml
- OS::TripleO::Services::HeatApiCloudwatch: ../puppet/services/pacemaker/heat-api-cloudwatch.yaml
- OS::TripleO::Services::HeatEngine: ../puppet/services/pacemaker/heat-engine.yaml
- OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/pacemaker/neutron-dhcp.yaml
- OS::TripleO::Services::NeutronL3Agent: ../puppet/services/pacemaker/neutron-l3.yaml
- OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/pacemaker/neutron-metadata.yaml
+ # NOTE: Please before adding any pacemaker-managed services, get in touch
+ # with bandini, Ng or beekhof
+ OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml
OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml
- OS::TripleO::Services::Loadbalancer: ../puppet/services/pacemaker/loadbalancer.yaml
- OS::TripleO::Services::Memcached: ../puppet/services/pacemaker/memcached.yaml
+ OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml
+ OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml
+ OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml
+ OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml
+ # Services that are disabled by default (use relevant environment files):
diff --git a/environments/puppet-tenant-vlan.yaml b/environments/puppet-tenant-vlan.yaml
index ed948bc5..45d2117a 100644
--- a/environments/puppet-tenant-vlan.yaml
+++ b/environments/puppet-tenant-vlan.yaml
@@ -1,4 +1,4 @@
parameter_defaults:
NeutronNetworkType: vlan
- NeutronEnableTunnelling: false
+ NeutronTunnelTypes: ''
NeutronNetworkVLANRanges: datacentre:1:1000
diff --git a/environments/services/ironic.yaml b/environments/services/ironic.yaml
new file mode 100644
index 00000000..8359f4a7
--- /dev/null
+++ b/environments/services/ironic.yaml
@@ -0,0 +1,4 @@
+resource_registry:
+ OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml
+ OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml
+ OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml
diff --git a/environments/services/mistral.yaml b/environments/services/mistral.yaml
new file mode 100644
index 00000000..4e99fa01
--- /dev/null
+++ b/environments/services/mistral.yaml
@@ -0,0 +1,4 @@
+resource_registry:
+ OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml
+ OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml
+ OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml
diff --git a/environments/services/sahara.yaml b/environments/services/sahara.yaml
new file mode 100644
index 00000000..82205dd1
--- /dev/null
+++ b/environments/services/sahara.yaml
@@ -0,0 +1,3 @@
+resource_registry:
+ OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml
+ OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml
diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml
index da33acfd..8cf34622 100644
--- a/environments/storage-environment.yaml
+++ b/environments/storage-environment.yaml
@@ -1,6 +1,11 @@
## A Heat environment file which can be used to set up storage
## backends. Defaults to Ceph used as a backend for Cinder, Glance and
## Nova ephemeral storage.
+resource_registry:
+ OS::TripleO::Services::CephMon: ../puppet/services/ceph-mon.yaml
+ OS::TripleO::Services::CephOSD: ../puppet/services/ceph-osd.yaml
+ OS::TripleO::Services::CephClient: ../puppet/services/ceph-client.yaml
+
parameter_defaults:
#### BACKEND SELECTION ####
@@ -9,6 +14,8 @@ parameter_defaults:
CinderEnableIscsiBackend: false
## Whether to enable rbd (Ceph) backend for Cinder.
CinderEnableRbdBackend: true
+ ## Cinder Backup backend can be either 'ceph' or 'swift'.
+ CinderBackupBackend: ceph
## Whether to enable NFS backend for Cinder.
# CinderEnableNfsBackend: false
## Whether to enable rbd (Ceph) backend for Nova ephemeral storage.
@@ -43,10 +50,6 @@ parameter_defaults:
#### CEPH SETTINGS ####
- ## Whether to deploy Ceph OSDs on the controller nodes. By default
- ## OSDs are deployed on dedicated ceph-storage nodes only.
- # ControllerEnableCephStorage: false
-
## When deploying Ceph Nodes through the oscplugin CLI, the following
## parameters are set automatically by the CLI. When deploying via
## heat stack-create or ceph on the controller nodes only,
@@ -60,3 +63,5 @@ parameter_defaults:
# CephMonKey: ''
## Ceph admin key, e.g. 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
# CephAdminKey: ''
+ ## Ceph client key, e.g 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+ # CephClientKey: ''
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
new file mode 100644
index 00000000..0a0996d3
--- /dev/null
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -0,0 +1,55 @@
+# Use this environment when deploying an SSL-enabled overcloud where the public
+# endpoint is a DNS name.
+parameter_defaults:
+ EndpointMap:
+ AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+ CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
+ GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
+ GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
+ HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+ NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
new file mode 100644
index 00000000..5a2b8839
--- /dev/null
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -0,0 +1,55 @@
+# Use this environment when deploying an SSL-enabled overcloud where the public
+# endpoint is an IP address.
+parameter_defaults:
+ EndpointMap:
+ AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
+ CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
+ GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
+ GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
+ HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
+ IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
+ NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
+ SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
diff --git a/environments/updates/update-from-keystone-admin-internal-api.yaml b/environments/updates/update-from-keystone-admin-internal-api.yaml
index a9fa2bea..a5075300 100644
--- a/environments/updates/update-from-keystone-admin-internal-api.yaml
+++ b/environments/updates/update-from-keystone-admin-internal-api.yaml
@@ -2,10 +2,10 @@
# Keystone Admin API service is running on the Internal API network
parameter_defaults:
- ServiceNetMap:
+ ServiceNetMapDefaults:
NeutronTenantNetwork: tenant
CeilometerApiNetwork: internal_api
- MongoDbNetwork: internal_api
+ MongodbNetwork: internal_api
CinderApiNetwork: internal_api
CinderIscsiNetwork: storage
GlanceApiNetwork: storage
@@ -21,7 +21,7 @@ parameter_defaults:
SwiftProxyNetwork: storage
HorizonNetwork: internal_api
MemcachedNetwork: internal_api
- RabbitMqNetwork: internal_api
+ RabbitmqNetwork: internal_api
RedisNetwork: internal_api
MysqlNetwork: internal_api
CephClusterNetwork: storage_mgmt
diff --git a/environments/updates/update-from-overcloud-compute-hostnames.yaml b/environments/updates/update-from-overcloud-compute-hostnames.yaml
new file mode 100644
index 00000000..f628f0de
--- /dev/null
+++ b/environments/updates/update-from-overcloud-compute-hostnames.yaml
@@ -0,0 +1,2 @@
+parameter_defaults:
+ ComputeHostnameFormat: '%stackname%-compute-%index%'
diff --git a/environments/use-dns-for-vips.yaml b/environments/use-dns-for-vips.yaml
new file mode 100644
index 00000000..daf07bc7
--- /dev/null
+++ b/environments/use-dns-for-vips.yaml
@@ -0,0 +1,5 @@
+# A Heat environment file which can be used to disable the writing of the VIPs
+# to the /etc/hosts file in the overcloud. Use this in case you have a working
+# DNS server that you will provide for the overcloud.
+resource_registry:
+ OS::TripleO::Services::VipHosts: OS::Heat::None
diff --git a/extraconfig/all_nodes/default.yaml b/extraconfig/all_nodes/default.yaml
deleted file mode 100644
index 68f9eadd..00000000
--- a/extraconfig/all_nodes/default.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-heat_template_version: 2014-10-16
-
-description: >
- Noop extra config for allnodes extra cluster config
-
-# Parameters passed from the parent template - note if you maintain
-# out-of-tree templates they may require additional parameters if the
-# in-tree templates add a new role.
-parameters:
- controller_servers:
- type: json
- compute_servers:
- type: json
- blockstorage_servers:
- type: json
- objectstorage_servers:
- type: json
- cephstorage_servers:
- type: json
-# Note extra parameters can be defined, then passed data via the
-# environment parameter_defaults, without modifying the parent template
-
-outputs:
- # This value should change if the configuration data has changed
- # It is used to e.g re-apply puppet after hieradata values change.
- config_identifier:
- value: none
diff --git a/extraconfig/all_nodes/mac_hostname.yaml b/extraconfig/all_nodes/mac_hostname.j2.yaml
index 5883e06a..75ffc9e6 100644
--- a/extraconfig/all_nodes/mac_hostname.yaml
+++ b/extraconfig/all_nodes/mac_hostname.j2.yaml
@@ -9,15 +9,7 @@ description: >
# out-of-tree templates they may require additional parameters if the
# in-tree templates add a new role.
parameters:
- controller_servers:
- type: json
- compute_servers:
- type: json
- blockstorage_servers:
- type: json
- objectstorage_servers:
- type: json
- cephstorage_servers:
+ servers:
type: json
# Note extra parameters can be defined, then passed data via the
# environment parameter_defaults, without modifying the parent template
@@ -37,47 +29,17 @@ resources:
# FIXME(shardy): Long term it'd be better if Heat SoftwareDeployments accepted
# list instead of a map, then we could join the lists of servers into one
# deployment instead of requiring one deployment per-role.
- CollectMacDeploymentsController:
+{% for role in roles %}
+ CollectMacDeployments{{role.name}}:
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsController
- servers: {get_param: controller_servers}
- config: {get_resource: CollectMacConfig}
- actions: ['CREATE'] # Only do this on CREATE
-
- CollectMacDeploymentsCompute:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: CollectMacDeploymentsCompute
- servers: {get_param: compute_servers}
- config: {get_resource: CollectMacConfig}
- actions: ['CREATE'] # Only do this on CREATE
-
- CollectMacDeploymentsBlockStorage:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: CollectMacDeploymentsBlockStorage
- servers: {get_param: blockstorage_servers}
+ servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
+{% endfor %}
- CollectMacDeploymentsObjectStorage:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: CollectMacDeploymentsObjectStorage
- servers: {get_param: objectstorage_servers}
- config: {get_resource: CollectMacConfig}
- actions: ['CREATE'] # Only do this on CREATE
-
- CollectMacDeploymentsCephStorage:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: CollectMacDeploymentsCephStorage
- servers: {get_param: cephstorage_servers}
- config: {get_resource: CollectMacConfig}
- actions: ['CREATE'] # Only do this on CREATE
-
- # Now we distribute all-the-macs to all nodes
+ # Now we distribute all-the-macs to all Controller nodes
DistributeMacConfig:
type: OS::Heat::SoftwareConfig
properties:
@@ -101,7 +63,7 @@ resources:
type: OS::Heat::SoftwareDeployments
properties:
name: DistributeMacDeploymentsController
- servers: {get_param: controller_servers}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: DistributeMacConfig}
input_values:
# FIXME(shardy): It'd be more convenient if we could join these
@@ -113,10 +75,3 @@ resources:
objectstorage_mappings: {get_attr: [CollectMacDeploymentsObjectStorage, deploy_stdouts]}
cephstorage_mappings: {get_attr: [CollectMacDeploymentsCephStorage, deploy_stdouts]}
actions: ['CREATE'] # Only do this on CREATE
-
-outputs:
- # This value should change if the configuration data has changed
- # It is used to e.g re-apply puppet after hieradata values change.
- config_identifier:
- value: {get_attr: [DistributeMacDeploymentsController, deploy_stdouts]}
-
diff --git a/extraconfig/all_nodes/random_string.yaml b/extraconfig/all_nodes/random_string.j2.yaml
index 49d2d8b6..9ce2ca8a 100644
--- a/extraconfig/all_nodes/random_string.yaml
+++ b/extraconfig/all_nodes/random_string.j2.yaml
@@ -10,15 +10,7 @@ description: >
# out-of-tree templates they may require additional parameters if the
# in-tree templates add a new role.
parameters:
- controller_servers:
- type: json
- compute_servers:
- type: json
- blockstorage_servers:
- type: json
- objectstorage_servers:
- type: json
- cephstorage_servers:
+ servers:
type: json
# Note extra parameters can be defined, then passed data via the
# environment parameter_defaults, without modifying the parent template
@@ -42,7 +34,7 @@ resources:
type: OS::Heat::SoftwareDeployments
properties:
name: RandomDeploymentsController
- servers: {get_param: controller_servers}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: RandomConfig}
actions: ['CREATE'] # Only do this on CREATE
input_values:
@@ -52,14 +44,8 @@ resources:
type: OS::Heat::SoftwareDeployments
properties:
name: RandomDeploymentsCompute
- servers: {get_param: compute_servers}
+ servers: {get_param: [servers, Compute]}
config: {get_resource: RandomConfig}
actions: ['CREATE'] # Only do this on CREATE
input_values:
random_value: {get_attr: [Random, value]}
-
-outputs:
- # This value should change if the configuration data has changed
- # It is used to e.g re-apply puppet after hieradata values change.
- config_identifier:
- value: {get_attr: [Random, value]}
diff --git a/extraconfig/all_nodes/swap-partition.j2.yaml b/extraconfig/all_nodes/swap-partition.j2.yaml
new file mode 100644
index 00000000..36076b0c
--- /dev/null
+++ b/extraconfig/all_nodes/swap-partition.j2.yaml
@@ -0,0 +1,44 @@
+heat_template_version: 2014-10-16
+
+description: >
+ Extra config to add swap space to nodes.
+
+# Parameters passed from the parent template - note if you maintain
+# out-of-tree templates they may require additional parameters if the
+# in-tree templates add a new role.
+parameters:
+ servers:
+ type: json
+ swap_partition_label:
+ type: string
+ description: Swap partition label
+ default: 'swap1'
+
+
+resources:
+
+ SwapConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ set -eux
+ swap_partition=$(realpath /dev/disk/by-label/$swap_partition_label)
+ swapon $swap_partition
+ echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab
+ inputs:
+ - name: swap_partition_label
+ description: Swap partition label
+ default: 'swap1'
+
+{% for role in roles %}
+ {{role.name}}SwapDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ config: {get_resource: SwapConfig}
+ servers: {get_param: [servers, {{role.name}}]}
+ input_values:
+ swap_partition_label: {get_param: swap_partition_label}
+ actions: ["CREATE"]
+{% endfor %}
diff --git a/extraconfig/all_nodes/swap-partition.yaml b/extraconfig/all_nodes/swap-partition.yaml
deleted file mode 100644
index 89a2adb0..00000000
--- a/extraconfig/all_nodes/swap-partition.yaml
+++ /dev/null
@@ -1,90 +0,0 @@
-heat_template_version: 2014-10-16
-
-description: >
- Extra config to add swap space to nodes.
-
-# Parameters passed from the parent template - note if you maintain
-# out-of-tree templates they may require additional parameters if the
-# in-tree templates add a new role.
-parameters:
- controller_servers:
- type: json
- compute_servers:
- type: json
- blockstorage_servers:
- type: json
- objectstorage_servers:
- type: json
- cephstorage_servers:
- type: json
- swap_partition_label:
- type: string
- description: Swap partition label
- default: 'swap1'
-
-
-resources:
-
- SwapConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config: |
- #!/bin/bash
- set -eux
- swap_partition=$(realpath /dev/disk/by-label/$swap_partition_label)
- swapon $swap_partition
- echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab
- inputs:
- - name: swap_partition_label
- description: Swap partition label
- default: 'swap1'
-
- ControllerSwapDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: SwapConfig}
- servers: {get_param: controller_servers}
- input_values:
- swap_partition_label: {get_param: swap_partition_label}
- actions: ["CREATE"]
-
- ComputeSwapDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: SwapConfig}
- servers: {get_param: compute_servers}
- input_values:
- swap_partition_label: {get_param: swap_partition_label}
- actions: ["CREATE"]
-
- BlockStorageSwapDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: SwapConfig}
- servers: {get_param: blockstorage_servers}
- input_values:
- swap_partition_label: {get_param: swap_partition_label}
- actions: ["CREATE"]
-
- ObjectStorageSwapDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: SwapConfig}
- servers: {get_param: objectstorage_servers}
- input_values:
- swap_partition_label: {get_param: swap_partition_label}
- actions: ["CREATE"]
-
- CephStorageSwapDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: SwapConfig}
- servers: {get_param: cephstorage_servers}
- input_values:
- swap_partition_label: {get_param: swap_partition_label}
- actions: ["CREATE"]
-
-outputs:
- config_identifier:
- value: none
diff --git a/extraconfig/all_nodes/swap.j2.yaml b/extraconfig/all_nodes/swap.j2.yaml
new file mode 100644
index 00000000..ce65dacb
--- /dev/null
+++ b/extraconfig/all_nodes/swap.j2.yaml
@@ -0,0 +1,58 @@
+heat_template_version: 2014-10-16
+
+description: >
+ Extra config to add swap space to nodes.
+
+# Parameters passed from the parent template - note if you maintain
+# out-of-tree templates they may require additional parameters if the
+# in-tree templates add a new role.
+parameters:
+ servers:
+ type: json
+ swap_size_megabytes:
+ type: string
+ description: Amount of swap space to allocate in megabytes
+ default: '4096'
+ swap_path:
+ type: string
+ description: Full path to location of swap file
+ default: '/swap'
+
+
+resources:
+
+ SwapConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ set -eux
+ if [ ! -f $swap_path ]; then
+ dd if=/dev/zero of=$swap_path count=$swap_size_megabytes bs=1M
+ chmod 0600 $swap_path
+ mkswap $swap_path
+ swapon $swap_path
+ else
+ echo "$swap_path already exists"
+ fi
+ echo "$swap_path swap swap defaults 0 0" >> /etc/fstab
+ inputs:
+ - name: swap_size_megabytes
+ description: Amount of swap space to allocate in megabytes
+ default: '4096'
+ - name: swap_path
+ description: Full path to location of swap file
+ default: '/swap'
+
+{% for role in roles %}
+ {{role.name}}SwapDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ config: {get_resource: SwapConfig}
+ servers: {get_param: [servers, {{role.name}}]}
+ input_values:
+ swap_size_megabytes: {get_param: swap_size_megabytes}
+ swap_path: {get_param: swap_path}
+ actions: ["CREATE"]
+{% endfor %}
diff --git a/extraconfig/all_nodes/swap.yaml b/extraconfig/all_nodes/swap.yaml
deleted file mode 100644
index 374b1e5d..00000000
--- a/extraconfig/all_nodes/swap.yaml
+++ /dev/null
@@ -1,108 +0,0 @@
-heat_template_version: 2014-10-16
-
-description: >
- Extra config to add swap space to nodes.
-
-# Parameters passed from the parent template - note if you maintain
-# out-of-tree templates they may require additional parameters if the
-# in-tree templates add a new role.
-parameters:
- controller_servers:
- type: json
- compute_servers:
- type: json
- blockstorage_servers:
- type: json
- objectstorage_servers:
- type: json
- cephstorage_servers:
- type: json
- swap_size_megabytes:
- type: string
- description: Amount of swap space to allocate in megabytes
- default: '4096'
- swap_path:
- type: string
- description: Full path to location of swap file
- default: '/swap'
-
-
-resources:
-
- SwapConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config: |
- #!/bin/bash
- set -eux
- if [ ! -f $swap_path ]; then
- dd if=/dev/zero of=$swap_path count=$swap_size_megabytes bs=1M
- chmod 0600 $swap_path
- mkswap $swap_path
- swapon $swap_path
- else
- echo "$swap_path already exists"
- fi
- echo "$swap_path swap swap defaults 0 0" >> /etc/fstab
- inputs:
- - name: swap_size_megabytes
- description: Amount of swap space to allocate in megabytes
- default: '4096'
- - name: swap_path
- description: Full path to location of swap file
- default: '/swap'
-
- ControllerSwapDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: SwapConfig}
- servers: {get_param: controller_servers}
- input_values:
- swap_size_megabytes: {get_param: swap_size_megabytes}
- swap_path: {get_param: swap_path}
- actions: ["CREATE"]
-
- ComputeSwapDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: SwapConfig}
- servers: {get_param: compute_servers}
- input_values:
- swap_size_megabytes: {get_param: swap_size_megabytes}
- swap_path: {get_param: swap_path}
- actions: ["CREATE"]
-
- BlockStorageSwapDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: SwapConfig}
- servers: {get_param: blockstorage_servers}
- input_values:
- swap_size_megabytes: {get_param: swap_size_megabytes}
- swap_path: {get_param: swap_path}
- actions: ["CREATE"]
-
- ObjectStorageSwapDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: SwapConfig}
- servers: {get_param: objectstorage_servers}
- input_values:
- swap_size_megabytes: {get_param: swap_size_megabytes}
- swap_path: {get_param: swap_path}
- actions: ["CREATE"]
-
- CephStorageSwapDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- config: {get_resource: SwapConfig}
- servers: {get_param: cephstorage_servers}
- input_values:
- swap_size_megabytes: {get_param: swap_size_megabytes}
- swap_path: {get_param: swap_path}
- actions: ["CREATE"]
-
-outputs:
- config_identifier:
- value: none
diff --git a/extraconfig/tasks/aodh_data_migration.sh b/extraconfig/tasks/aodh_data_migration.sh
new file mode 100644
index 00000000..d4c29673
--- /dev/null
+++ b/extraconfig/tasks/aodh_data_migration.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# This delivers the aodh data migration script to be invoked as part of the tripleo
+# major upgrade workflow to migrate all the alarm data from mongodb to mysql.
+# This needs to run post controller node upgrades so new aodh mysql db configured and
+# running.
+#
+set -eu
+
+#Get existing mongodb connection
+MONGO_DB_CONNECTION="$(crudini --get /etc/ceilometer/ceilometer.conf database connection)"
+
+# Get the aodh database string from hiera data
+MYSQL_DB_CONNECTION="$(crudini --get /etc/aodh/aodh.conf database connection)"
+
+#Run migration
+/usr/bin/aodh-data-migration --nosql-conn $MONGO_DB_CONNECTION --sql-conn $MYSQL_DB_CONNECTION
+
+
diff --git a/extraconfig/tasks/major_upgrade_ceph_mon.sh b/extraconfig/tasks/major_upgrade_ceph_mon.sh
new file mode 100755
index 00000000..b633e658
--- /dev/null
+++ b/extraconfig/tasks/major_upgrade_ceph_mon.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+set -eu
+set -o pipefail
+
+echo INFO: starting $(basename "$0")
+
+# Exit if not running
+if ! pidof ceph-mon; then
+ echo INFO: ceph-mon is not running, skipping
+ exit 0
+fi
+
+# Exit if not Hammer
+INSTALLED_VERSION=$(ceph --version | awk '{print $3}')
+if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then
+ echo INFO: version of Ceph installed is not 0.94, skipping
+ exit 0
+fi
+
+CEPH_STATUS=$(ceph health | awk '{print $1}')
+if [ ${CEPH_STATUS} = HEALTH_ERR ]; then
+ echo ERROR: Ceph cluster status is HEALTH_ERR, cannot be upgraded
+ exit 1
+fi
+
+# Useful when upgrading with OSDs num < replica size
+if [[ ${ignore_ceph_upgrade_warnings:-False} != [Tt]rue ]]; then
+ timeout 300 bash -c "while [ ${CEPH_STATUS} != HEALTH_OK ]; do
+ echo WARNING: Waiting for Ceph cluster status to go HEALTH_OK;
+ sleep 30;
+ CEPH_STATUS=$(ceph health | awk '{print $1}')
+ done"
+fi
+
+MON_PID=$(pidof ceph-mon)
+MON_ID=$(hostname -s)
+
+# Stop daemon using Hammer sysvinit script
+service ceph stop mon.${MON_ID}
+
+# Ensure it's stopped
+timeout 60 bash -c "while kill -0 ${MON_PID} 2> /dev/null; do
+ sleep 2;
+done"
+
+# Update to Jewel
+yum -y -q update ceph-mon ceph
+
+# Restart/Exit if not on Jewel, only in that case we need the changes
+UPDATED_VERSION=$(ceph --version | awk '{print $3}')
+if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then
+ echo WARNING: Ceph was not upgraded, restarting daemons
+ service ceph start mon.${MON_ID}
+elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
+ # RPM could own some of these but we can't take risks on the pre-existing files
+ for d in /var/lib/ceph/mon /var/log/ceph /var/run/ceph /etc/ceph; do
+ chown -R ceph:ceph $d || echo WARNING: chown of $d failed
+ done
+
+ # Replay udev events with newer rules
+ udevadm trigger
+
+ # Enable systemd unit
+ systemctl enable ceph-mon.target
+ systemctl enable ceph-mon@${MON_ID}
+ systemctl start ceph-mon@${MON_ID}
+
+ # Wait for daemon to be back in the quorum
+ timeout 300 bash -c "until (ceph quorum_status | jq .quorum_names | grep -sq ${MON_ID}); do
+ echo WARNING: Waiting for mon.${MON_ID} to re-join quorum;
+ sleep 10;
+ done"
+
+ echo INFO: Ceph was upgraded to Jewel
+else
+ echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention
+ exit 1
+fi
diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh
index de42b16d..dc80a724 100644
--- a/extraconfig/tasks/major_upgrade_ceph_storage.sh
+++ b/extraconfig/tasks/major_upgrade_ceph_storage.sh
@@ -4,32 +4,89 @@
# major upgrade workflow.
#
set -eu
+set -o pipefail
UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh
-cat > $UPGRADE_SCRIPT << ENDOFCAT
+cat > $UPGRADE_SCRIPT << 'ENDOFCAT'
+#!/bin/bash
### DO NOT MODIFY THIS FILE
### This file is automatically delivered to the ceph-storage nodes as part of the
### tripleo upgrades workflow
+set -eu
+
+echo INFO: starting $(basename "$0")
+# Exit if not running
+if ! pidof ceph-osd; then
+ echo INFO: ceph-osd is not running, skipping
+ exit 0
+fi
-function systemctl_ceph {
- action=\$1
- systemctl \$action ceph
-}
+# Exit if not Hammer
+INSTALLED_VERSION=$(ceph --version | awk '{print $3}')
+if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then
+ echo INFO: version of Ceph installed is not 0.94, skipping
+ exit 0
+fi
-# "so that mirrors aren't rebalanced as if the OSD died" - gfidente
+OSD_PIDS=$(pidof ceph-osd)
+OSD_IDS=$(ls /var/lib/ceph/osd | awk 'BEGIN { FS = "-" } ; { print $2 }')
+
+# "so that mirrors aren't rebalanced as if the OSD died" - gfidente / leseb
ceph osd set noout
+ceph osd set norebalance
+ceph osd set nodeep-scrub
+ceph osd set noscrub
+
+# Stop daemon using Hammer sysvinit script
+for OSD_ID in $OSD_IDS; do
+ service ceph stop osd.${OSD_ID}
+done
+
+# Nice guy will return non-0 only when all failed
+timeout 60 bash -c "while kill -0 ${OSD_PIDS} 2> /dev/null; do
+ sleep 2;
+done"
-systemctl_ceph stop
+# Update (Ceph to Jewel)
yum -y install python-zaqarclient # needed for os-collect-config
yum -y update
-systemctl_ceph start
-ceph osd unset noout
+# Restart/Exit if not on Jewel, only in that case we need the changes
+UPDATED_VERSION=$(ceph --version | awk '{print $3}')
+if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then
+ echo WARNING: Ceph was not upgraded, restarting daemon
+ for OSD_ID in $OSD_IDS; do
+ service ceph start osd.${OSD_ID}
+ done
+elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
+ # RPM could own some of these but we can't take risks on the pre-existing files
+ for d in /var/lib/ceph/osd /var/log/ceph /var/run/ceph /etc/ceph; do
+ chown -R ceph:ceph $d || echo WARNING: chown of $d failed
+ done
+
+ # Replay udev events with newer rules
+ udevadm trigger && udevadm settle
+
+ # Enable systemd unit
+ systemctl enable ceph-osd.target
+ for OSD_ID in $OSD_IDS; do
+ systemctl enable ceph-osd@${OSD_ID}
+ systemctl start ceph-osd@${OSD_ID}
+ done
+ echo INFO: Ceph was upgraded to Jewel
+else
+ echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention
+ exit 1
+fi
+
+ceph osd unset noout
+ceph osd unset norebalance
+ceph osd unset nodeep-scrub
+ceph osd unset noscrub
ENDOFCAT
# ensure the permissions are OK
chmod 0755 $UPGRADE_SCRIPT
-
diff --git a/extraconfig/tasks/major_upgrade_check.sh b/extraconfig/tasks/major_upgrade_check.sh
new file mode 100755
index 00000000..b65f6915
--- /dev/null
+++ b/extraconfig/tasks/major_upgrade_check.sh
@@ -0,0 +1,104 @@
+#!/bin/bash
+
+set -eu
+
+check_cluster()
+{
+ if pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; then
+ echo_error "ERROR: upgrade cannot start with some cluster nodes being offline"
+ exit 1
+ fi
+}
+
+check_pcsd()
+{
+ if pcs status 2>&1 | grep -E 'Offline'; then
+ echo_error "ERROR: upgrade cannot start with some pcsd daemon offline"
+ exit 1
+ fi
+}
+
+check_disk_for_mysql_dump()
+{
+ # Where to backup current database if mysql need to be upgraded
+ MYSQL_BACKUP_DIR=/var/tmp/mysql_upgrade_osp
+ MYSQL_TEMP_UPGRADE_BACKUP_DIR=/var/lib/mysql-temp-upgrade-backup
+ # Spare disk ratio for extra safety
+ MYSQL_BACKUP_SIZE_RATIO=1.2
+
+ # Shall we upgrade mysql data directory during the stack upgrade?
+ if [ "$mariadb_do_major_upgrade" = "auto" ]; then
+ ret=$(is_mysql_upgrade_needed)
+ if [ $ret = "1" ]; then
+ DO_MYSQL_UPGRADE=1
+ else
+ DO_MYSQL_UPGRADE=0
+ fi
+ echo "mysql upgrade required: $DO_MYSQL_UPGRADE"
+ elif [ "$mariadb_do_major_upgrade" = "no" ]; then
+ DO_MYSQL_UPGRADE=0
+ else
+ DO_MYSQL_UPGRADE=1
+ fi
+
+ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then
+ if [ $DO_MYSQL_UPGRADE -eq 1 ]; then
+
+ if [ -d "$MYSQL_BACKUP_DIR" ]; then
+ echo_error "Error: $MYSQL_BACKUP_DIR exists already. Likely an upgrade failed previously"
+ exit 1
+ fi
+ mkdir "$MYSQL_BACKUP_DIR"
+ if [ $? -ne 0 ]; then
+ echo_error "Error: could not create temporary backup directory $MYSQL_BACKUP_DIR"
+ exit 1
+ fi
+
+ # the /root/.my.cnf is needed because we set the mysql root
+ # password from liberty onwards
+ backup_flags="--defaults-extra-file=/root/.my.cnf -u root --flush-privileges --all-databases --single-transaction"
+ # While not ideal, this step allows us to calculate exactly how much space the dump
+ # will need. Our main goal here is avoiding any chance of corruption due to disk space
+ # exhaustion
+ backup_size=$(mysqldump $backup_flags 2>/dev/null | wc -c)
+ database_size=$(du -cb /var/lib/mysql | tail -1 | awk '{ print $1 }')
+ free_space=$(df -B1 --output=avail "$MYSQL_BACKUP_DIR" | tail -1)
+
+ # we need at least space for a new mysql database + dump of the existing one,
+ # times a small factor for additional safety room
+ # note: bash doesn't do floating point math or floats in if statements,
+ # so use python to apply the ratio and cast it back to integer
+ required_space=$(python -c "from __future__ import print_function; print(\"%d\" % int((($database_size + $backup_size) * $MYSQL_BACKUP_SIZE_RATIO)))")
+ if [ $required_space -ge $free_space ]; then
+ echo_error "Error: not enough free space in $MYSQL_BACKUP_DIR ($required_space bytes required)"
+ exit 1
+ fi
+ fi
+ fi
+}
+
+check_python_rpm()
+{
+ # If for some reason rpm-python are missing we want to error out early enough
+ if ! rpm -q rpm-python &> /dev/null; then
+ echo_error "ERROR: upgrade cannot start without rpm-python installed"
+ exit 1
+ fi
+}
+
+check_clean_cluster()
+{
+ if pcs status | grep -q Stopped:; then
+ echo_error "ERROR: upgrade cannot start with stopped resources on the cluster. Make sure that all the resources are up and running."
+ exit 1
+ fi
+}
+
+check_galera_root_password()
+{
+ # BZ: 1357112
+ if [ ! -e /root/.my.cnf ]; then
+ echo_error "ERROR: upgrade cannot be started, the galera password is missing. The overcloud needs update."
+ exit 1
+ fi
+}
diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh
index 78628c8c..a1df695f 100644
--- a/extraconfig/tasks/major_upgrade_compute.sh
+++ b/extraconfig/tasks/major_upgrade_compute.sh
@@ -12,6 +12,8 @@ cat > $UPGRADE_SCRIPT << ENDOFCAT
### This file is automatically delivered to the compute nodes as part of the
### tripleo upgrades workflow
+set -eu
+
# pin nova to kilo (messaging +-1) for the nova-compute service
crudini --set /etc/nova/nova.conf upgrade_levels compute $upgrade_level_nova_compute
diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
index f5399222..d4200e5f 100755
--- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
+++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
@@ -2,28 +2,83 @@
set -eu
-cluster_sync_timeout=600
+cluster_sync_timeout=1800
-if pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; then
- echo_error "ERROR: upgrade cannot start with some cluster nodes being offline"
- exit 1
+check_cluster
+check_pcsd
+if [[ -n $(is_bootstrap_node) ]]; then
+ check_clean_cluster
fi
+check_python_rpm
+check_galera_root_password
+check_disk_for_mysql_dump
+
+# We want to disable fencing during the cluster --stop as it might fence
+# nodes where a service fails to stop, which could be fatal during an upgrade
+# procedure. So we remember the stonith state. If it was enabled we reenable it
+# at the end of this script
+STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }')
+pcs property set stonith-enabled=false
+
+# Migrate to HA NG
+if [[ -n $(is_bootstrap_node) ]]; then
+ migrate_full_to_ng_ha
+fi
+
+# After migrating the cluster to HA-NG the services not under pacemaker's control
+# are still up and running. We need to stop them explicitely otherwise during the yum
+# upgrade the rpm %post sections will try to do a systemctl try-restart <service>, which
+# is going to take a long time because rabbit is down. By having the service stopped
+# systemctl try-restart is a noop
+
+for service in $(services_to_migrate); do
+ manage_systemd_service stop "${service%%-clone}"
+ # So the reason for not reusing check_resource_systemd is that
+ # I have observed systemctl is-active returning unknown with at least
+ # one service that was stopped (See LP 1627254)
+ timeout=600
+ tstart=$(date +%s)
+ tend=$(( $tstart + $timeout ))
+ check_interval=3
+ while (( $(date +%s) < $tend )); do
+ if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then
+ echo "$service still active, sleeping $check_interval seconds."
+ sleep $check_interval
+ else
+ # we do not care if it is inactive, unknown or failed as long as it is
+ # not running
+ break
+ fi
+
+ done
+done
+
+# In case the mysql package is updated, the database on disk must be
+# upgraded as well. This typically needs to happen during major
+# version upgrades (e.g. 5.5 -> 5.6, 5.5 -> 10.1...)
+#
+# Because in-place upgrades are not supported across 2+ major versions
+# (e.g. 5.5 -> 10.1), we rely on logical upgrades via dump/restore cycle
+# https://bugzilla.redhat.com/show_bug.cgi?id=1341968
+#
+# The default is to determine automatically if upgrade is needed based
+# on mysql package versionning, but this can be overriden manually
+# to support specific upgrade scenario
+
+if [[ -n $(is_bootstrap_node) ]]; then
+ if [ $DO_MYSQL_UPGRADE -eq 1 ]; then
+ mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql"
+ cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR"
+ fi
-if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then
- pcs resource disable httpd
- check_resource httpd stopped 1800
- pcs resource disable openstack-core
- check_resource openstack-core stopped 1800
pcs resource disable redis
check_resource redis stopped 600
- pcs resource disable mongod
- check_resource mongod stopped 600
pcs resource disable rabbitmq
check_resource rabbitmq stopped 600
- pcs resource disable memcached
- check_resource memcached stopped 600
pcs resource disable galera
check_resource galera stopped 600
+ pcs resource disable openstack-cinder-volume
+ check_resource openstack-cinder-volume stopped 600
# Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address:
# https://bugzilla.redhat.com/show_bug.cgi?id=1330688
for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do
@@ -33,7 +88,8 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)
pcs cluster stop --all
fi
-# Swift isn't controled by pacemaker
+
+# Swift isn't controlled by pacemaker
systemctl_swift stop
tstart=$(date +%s)
@@ -46,9 +102,74 @@ while systemctl is-active pacemaker; do
fi
done
+# The reason we do an sql dump *and* we move the old dir out of
+# the way is because it gives us an extra level of safety in case
+# something goes wrong during the upgrade. Once the restore is
+# successful we go ahead and remove it. If the directory exists
+# we bail out as it means the upgrade process had issues in the last
+# run.
+if [ $DO_MYSQL_UPGRADE -eq 1 ]; then
+ if [ -d $MYSQL_TEMP_UPGRADE_BACKUP_DIR ]; then
+ echo_error "ERROR: mysql backup dir already exist"
+ exit 1
+ fi
+ mv /var/lib/mysql $MYSQL_TEMP_UPGRADE_BACKUP_DIR
+fi
+
yum -y install python-zaqarclient # needed for os-collect-config
yum -y -q update
+# We need to ensure at least those two configuration settings, otherwise
+# mariadb 10.1+ won't activate galera replication.
+# wsrep_cluster_address must only be set though, its value does not
+# matter because it's overriden by the galera resource agent.
+cat >> /etc/my.cnf.d/galera.cnf <<EOF
+[mysqld]
+wsrep_on = ON
+wsrep_cluster_address = gcomm://localhost
+EOF
+
+if [ $DO_MYSQL_UPGRADE -eq 1 ]; then
+ # Scripts run via heat have no HOME variable set and this confuses
+ # mysqladmin
+ export HOME=/root
+
+ mkdir /var/lib/mysql || /bin/true
+ chown mysql:mysql /var/lib/mysql
+ chmod 0755 /var/lib/mysql
+ restorecon -R /var/lib/mysql/
+ mysql_install_db --datadir=/var/lib/mysql --user=mysql
+ chown -R mysql:mysql /var/lib/mysql/
+
+ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then
+ mysqld_safe --wsrep-new-cluster &
+ # We have a populated /root/.my.cnf with root/password here so
+ # we need to temporarily rename it because the newly created
+ # db is empty and no root password is set
+ mv /root/.my.cnf /root/.my.cnf.temporary
+ timeout 60 sh -c 'while ! mysql -e "" &> /dev/null; do sleep 1; done'
+ mysql -u root < "$MYSQL_BACKUP_DIR/openstack_database.sql"
+ mv /root/.my.cnf.temporary /root/.my.cnf
+ mysqladmin -u root shutdown
+ # The import was successful so we may remove the folder
+ rm -r "$MYSQL_BACKUP_DIR"
+ fi
+fi
+
+# If we reached here without error we can safely blow away the origin
+# mysql dir from every controller
+
+# TODO: What if the upgrade fails on the bootstrap node, but not on
+# this controller. Data may be lost.
+if [ $DO_MYSQL_UPGRADE -eq 1 ]; then
+ rm -r $MYSQL_TEMP_UPGRADE_BACKUP_DIR
+fi
+
+# Let's reset the stonith back to true if it was true, before starting the cluster
+if [ $STONITH_STATE == "true" ]; then
+ pcs -f /var/lib/pacemaker/cib/cib.xml property set stonith-enabled=true
+fi
+
# Pin messages sent to compute nodes to kilo, these will be upgraded later
crudini --set /etc/nova/nova.conf upgrade_levels compute "$upgrade_level_nova_compute"
# https://bugzilla.redhat.com/show_bug.cgi?id=1284047
@@ -57,3 +178,9 @@ crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit
# https://bugzilla.redhat.com/show_bug.cgi?id=1284058
# Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists
crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server"
+# LP: 1615035, required only for M/N upgrade.
+crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager
+# LP: 1627450, required only for M/N upgrade
+crudini --set /etc/nova/nova.conf DEFAULT scheduler_driver filter_scheduler
+
+crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm
diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh
index 643ae57f..fc365939 100755
--- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh
+++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh
@@ -3,10 +3,10 @@
set -eu
cluster_form_timeout=600
-cluster_settle_timeout=600
+cluster_settle_timeout=1800
galera_sync_timeout=600
-if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then
+if [[ -n $(is_bootstrap_node) ]]; then
pcs cluster start --all
tstart=$(date +%s)
@@ -26,14 +26,23 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)
for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Stopped | awk '{ print $1 }'); do
pcs resource enable $vip
- check_resource $vip started 60
+ check_resource_pacemaker $vip started 60
done
+fi
- pcs resource enable galera
- check_resource galera started 600
- pcs resource enable mongod
- check_resource mongod started 600
+start_or_enable_service galera
+check_resource galera started 600
+start_or_enable_service redis
+check_resource galera started 600
+# We need mongod which is now a systemd service up and running before calling
+# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes
+# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely
+# we should be good.
+# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm
+systemctl start mongod
+check_resource mongod started 600
+if [[ -n $(is_bootstrap_node) ]]; then
tstart=$(date +%s)
while ! clustercheck; do
sleep 5
@@ -53,18 +62,9 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)
keystone-manage db_sync
neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head
nova-manage db sync
-
- pcs resource enable memcached
- check_resource memcached started 600
- pcs resource enable rabbitmq
- check_resource rabbitmq started 600
- pcs resource enable redis
- check_resource redis started 600
- pcs resource enable openstack-core
- check_resource openstack-core started 1800
- pcs resource enable httpd
- check_resource httpd started 1800
+ nova-manage api_db sync
+ nova-manage db online_data_migrations
+ gnocchi-upgrade
+ #TODO(marios):someone from sahara needs to check this:
+ # sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head
fi
-
-# Swift isn't controled by heat
-systemctl_swift start
diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh
new file mode 100755
index 00000000..4d72fbd8
--- /dev/null
+++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -eu
+
+start_or_enable_service rabbitmq
+check_resource rabbitmq started 600
+start_or_enable_service redis
+check_resource redis started 600
+start_or_enable_service openstack-cinder-volume
+check_resource openstack-cinder-volume started 600
+
+
+# Swift isn't controled by pacemaker
+systemctl_swift start
+
+# We need to start the systemd services we explicitely stopped at step _1.sh
+# FIXME: Should we let puppet during the convergence step do the service enabling or
+# should we add it here?
+for service in $(services_to_migrate); do
+ manage_systemd_service start "${service%%-clone}"
+ check_resource_systemd "${service%%-clone}" started 600
+done
diff --git a/extraconfig/tasks/major_upgrade_object_storage.sh b/extraconfig/tasks/major_upgrade_object_storage.sh
index 931f4f42..f82457ce 100644
--- a/extraconfig/tasks/major_upgrade_object_storage.sh
+++ b/extraconfig/tasks/major_upgrade_object_storage.sh
@@ -12,6 +12,7 @@ cat > $UPGRADE_SCRIPT << ENDOFCAT
### This file is automatically delivered to the swift-storage nodes as part of the
### tripleo upgrades workflow
+set -eu
function systemctl_swift {
action=\$1
diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml
index 4af3186c..30ae8d1e 100644
--- a/extraconfig/tasks/major_upgrade_pacemaker.yaml
+++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml
@@ -1,16 +1,8 @@
-heat_template_version: 2014-10-16
+heat_template_version: 2016-10-14
description: 'Upgrade for Pacemaker deployments'
parameters:
- controller_servers:
- type: json
- compute_servers:
- type: json
- blockstorage_servers:
- type: json
- objectstorage_servers:
- type: json
- cephstorage_servers:
+ servers:
type: json
input_values:
type: json
@@ -20,12 +12,49 @@ parameters:
type: string
description: Nova Compute upgrade level
default: ''
+ MySqlMajorUpgrade:
+ type: string
+ description: Can be auto,yes,no and influences if the major upgrade should do or detect an automatic mysql upgrade
+ constraints:
+ - allowed_values: ['auto', 'yes', 'no']
+ default: 'auto'
+ IgnoreCephUpgradeWarnings:
+ type: boolean
+ default: false
+ description: If enabled, Ceph upgrade will be forced even though cluster or PGs status is not clean
resources:
# TODO(jistr): for Mitaka->Newton upgrades and further we can use
# map_merge with input_values instead of feeding params into scripts
# via str_replace on bash snippets
+ CephMonUpgradeConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - str_replace:
+ template: |
+ #!/bin/bash
+ ignore_ceph_upgrade_warnings='IGNORE_CEPH_UPGRADE_WARNINGS'
+ params:
+ IGNORE_CEPH_UPGRADE_WARNINGS: {get_param: IgnoreCephUpgradeWarnings}
+ - get_file: major_upgrade_ceph_mon.sh
+
+ CephMonUpgradeDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: CephMonUpgradeConfig}
+ input_values: {get_param: input_values}
+ update_policy:
+ batch_create:
+ max_batch_size: 1
+ rolling_update:
+ max_batch_size: 1
+
ControllerPacemakerUpgradeConfig_Step1:
type: OS::Heat::SoftwareConfig
properties:
@@ -39,14 +68,22 @@ resources:
upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE'
params:
UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute}
+ - str_replace:
+ template: |
+ #!/bin/bash
+ mariadb_do_major_upgrade='MYSQL_MAJOR_UPGRADE'
+ params:
+ MYSQL_MAJOR_UPGRADE: {get_param: MySqlMajorUpgrade}
- get_file: pacemaker_common_functions.sh
+ - get_file: major_upgrade_check.sh
- get_file: major_upgrade_pacemaker_migrations.sh
- get_file: major_upgrade_controller_pacemaker_1.sh
ControllerPacemakerUpgradeDeployment_Step1:
type: OS::Heat::SoftwareDeploymentGroup
+ depends_on: CephMonUpgradeDeployment
properties:
- servers: {get_param: controller_servers}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPacemakerUpgradeConfig_Step1}
input_values: {get_param: input_values}
@@ -60,7 +97,7 @@ resources:
BlockStorageUpgradeDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
- servers: {get_param: blockstorage_servers}
+ servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeConfig}
input_values: {get_param: input_values}
@@ -79,7 +116,26 @@ resources:
type: OS::Heat::SoftwareDeploymentGroup
depends_on: BlockStorageUpgradeDeployment
properties:
- servers: {get_param: controller_servers}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPacemakerUpgradeConfig_Step2}
input_values: {get_param: input_values}
+ ControllerPacemakerUpgradeConfig_Step3:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - get_file: pacemaker_common_functions.sh
+ - get_file: major_upgrade_pacemaker_migrations.sh
+ - get_file: major_upgrade_controller_pacemaker_3.sh
+
+ ControllerPacemakerUpgradeDeployment_Step3:
+ type: OS::Heat::SoftwareDeploymentGroup
+ depends_on: ControllerPacemakerUpgradeDeployment_Step2
+ properties:
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: ControllerPacemakerUpgradeConfig_Step3}
+ input_values: {get_param: input_values}
+
diff --git a/extraconfig/tasks/major_upgrade_pacemaker_init.yaml b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml
index 623549a0..f6aa3066 100644
--- a/extraconfig/tasks/major_upgrade_pacemaker_init.yaml
+++ b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml
@@ -3,15 +3,7 @@ description: 'Upgrade for Pacemaker deployments'
parameters:
- controller_servers:
- type: json
- compute_servers:
- type: json
- blockstorage_servers:
- type: json
- objectstorage_servers:
- type: json
- cephstorage_servers:
+ servers:
type: json
input_values:
type: json
@@ -43,45 +35,12 @@ resources:
- "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- get_param: UpgradeInitCommand
- UpgradeInitControllerDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: controller_servers}
- config: {get_resource: UpgradeInitConfig}
- input_values: {get_param: input_values}
-
- UpgradeInitComputeDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: compute_servers}
- config: {get_resource: UpgradeInitConfig}
- input_values: {get_param: input_values}
-
- UpgradeInitBlockStorageDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: blockstorage_servers}
- config: {get_resource: UpgradeInitConfig}
- input_values: {get_param: input_values}
-
- UpgradeInitObjectStorageDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: objectstorage_servers}
- config: {get_resource: UpgradeInitConfig}
- input_values: {get_param: input_values}
-
- UpgradeInitCephStorageDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: cephstorage_servers}
- config: {get_resource: UpgradeInitConfig}
- input_values: {get_param: input_values}
-
# TODO(jistr): for Mitaka->Newton upgrades and further we can use
# map_merge with input_values instead of feeding params into scripts
# via str_replace on bash snippets
+ # FIXME(shardy) we have hard-coded per-role *ScriptConfig's here
+ # Would be better to have a common config for all roles
ComputeDeliverUpgradeScriptConfig:
type: OS::Heat::SoftwareConfig
properties:
@@ -97,35 +56,32 @@ resources:
UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute}
- get_file: major_upgrade_compute.sh
- ComputeDeliverUpgradeScriptDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: compute_servers}
- config: {get_resource: ComputeDeliverUpgradeScriptConfig}
- input_values: {get_param: input_values}
-
ObjectStorageDeliverUpgradeScriptConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
config: {get_file: major_upgrade_object_storage.sh}
- ObjectStorageDeliverUpgradeScriptDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: objectstorage_servers}
- config: {get_resource: ObjectStorageDeliverUpgradeScriptConfig}
- input_values: {get_param: input_values}
-
CephStorageDeliverUpgradeScriptConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
config: {get_file: major_upgrade_ceph_storage.sh}
- CephStorageDeliverUpgradeScriptDeployment:
+{% for role in roles %}
+ UpgradeInit{{role.name}}Deployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: UpgradeInitConfig}
+ input_values: {get_param: input_values}
+
+ {% if not role.name in ['Controller', 'BlockStorage'] %}
+ {{role.name}}DeliverUpgradeScriptDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
- servers: {get_param: cephstorage_servers}
- config: {get_resource: CephStorageDeliverUpgradeScriptConfig}
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig}
input_values: {get_param: input_values}
+ {% endif %}
+{% endfor %}
diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
index b63198db..cd78f838 100644
--- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
+++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
@@ -13,63 +13,159 @@
# been already applied, it should be possible to call the function
# again without damaging the deployment or failing the upgrade.
-function add_missing_openstack_core_constraints {
- # The CIBs are saved under /root as they might contain sensitive data
- CIB="/root/migration.cib"
- CIB_BACKUP="/root/backup.cib"
- CIB_PUSH_NEEDED=n
-
- rm -f "$CIB" "$CIB_BACKUP" || /bin/true
- pcs cluster cib "$CIB"
- cp "$CIB" "$CIB_BACKUP"
-
- if ! pcs -f "$CIB" constraint --full | grep 'start openstack-sahara-api-clone then start openstack-sahara-engine-clone'; then
- pcs -f "$CIB" constraint order start openstack-sahara-api-clone then start openstack-sahara-engine-clone
- CIB_PUSH_NEEDED=y
+# If the major version of mysql is going to change after the major
+# upgrade, the database must be upgraded on disk to avoid failures
+# due to internal incompatibilities between major mysql versions
+# https://bugs.launchpad.net/tripleo/+bug/1587449
+# This function detects whether a database upgrade is required
+# after a mysql package upgrade. It returns 0 when no major upgrade
+# has to take place, 1 otherwise.
+function is_mysql_upgrade_needed {
+ # The name of the package which provides mysql might differ
+ # after the upgrade. Consider the generic package name, which
+ # should capture the major version change (e.g. 5.5 -> 10.1)
+ local name="mariadb"
+ local output
+ local ret
+ set +e
+ output=$(yum -q check-update $name)
+ ret=$?
+ set -e
+ if [ $ret -ne 100 ]; then
+ # no updates so we exit
+ echo "0"
+ return
fi
- if ! pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-ceilometer-notification-clone'; then
- pcs -f "$CIB" constraint order start openstack-core-clone then start openstack-ceilometer-notification-clone
- CIB_PUSH_NEEDED=y
- fi
-
- if ! pcs -f "$CIB" constraint --full | grep 'start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone'; then
- pcs -f "$CIB" constraint order start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone
- CIB_PUSH_NEEDED=y
- fi
+ local currentepoch=$(rpm -q --qf "%{epoch}" $name)
+ local currentversion=$(rpm -q --qf "%{version}" $name | cut -d. -f-2)
+ local currentrelease=$(rpm -q --qf "%{release}" $name)
+ local newoutput=$(repoquery -a --pkgnarrow=updates --qf "%{epoch} %{version} %{release}\n" $name)
+ local newepoch=$(echo "$newoutput" | awk '{ print $1 }')
+ local newversion=$(echo "$newoutput" | awk '{ print $2 }' | cut -d. -f-2)
+ local newrelease=$(echo "$newoutput" | awk '{ print $3 }')
- if pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone'; then
- CID=$(pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone' | sed -e 's/.*id\://g' -e 's/)//g')
- pcs -f "$CIB" constraint remove $CID
- CIB_PUSH_NEEDED=y
+ # With this we trigger the dump restore/path if we change either epoch or
+ # version in the package If only the release tag changes we do not do it
+ # FIXME: we could refine this by trying to parse the mariadb version
+ # into X.Y.Z and trigger the update only if X and/or Y change.
+ output=$(python -c "import rpm; rc = rpm.labelCompare((\"$currentepoch\", \"$currentversion\", None), (\"$newepoch\", \"$newversion\", None)); print rc")
+ if [ "$output" != "-1" ]; then
+ echo "0"
+ return
fi
+ echo "1"
+}
- if [ "$CIB_PUSH_NEEDED" = 'y' ]; then
- pcs cluster cib-push "$CIB"
- fi
+# This function returns the list of services to be migrated away from pacemaker
+# and to systemd. The reason to have these services in a separate function is because
+# this list is needed in three different places: major_upgrade_controller_pacemaker_{1,2}
+# and in the function to migrate the cluster from full HA to HA NG
+function services_to_migrate {
+ # The following PCMK resources the ones the we are going to delete
+ PCMK_RESOURCE_TODELETE="
+ httpd-clone
+ memcached-clone
+ mongod-clone
+ neutron-dhcp-agent-clone
+ neutron-l3-agent-clone
+ neutron-metadata-agent-clone
+ neutron-netns-cleanup-clone
+ neutron-openvswitch-agent-clone
+ neutron-ovs-cleanup-clone
+ neutron-server-clone
+ openstack-aodh-evaluator-clone
+ openstack-aodh-listener-clone
+ openstack-aodh-notifier-clone
+ openstack-ceilometer-api-clone
+ openstack-ceilometer-central-clone
+ openstack-ceilometer-collector-clone
+ openstack-ceilometer-notification-clone
+ openstack-cinder-api-clone
+ openstack-cinder-scheduler-clone
+ openstack-glance-api-clone
+ openstack-glance-registry-clone
+ openstack-gnocchi-metricd-clone
+ openstack-gnocchi-statsd-clone
+ openstack-heat-api-cfn-clone
+ openstack-heat-api-clone
+ openstack-heat-api-cloudwatch-clone
+ openstack-heat-engine-clone
+ openstack-nova-api-clone
+ openstack-nova-conductor-clone
+ openstack-nova-consoleauth-clone
+ openstack-nova-novncproxy-clone
+ openstack-nova-scheduler-clone
+ openstack-sahara-api-clone
+ openstack-sahara-engine-clone
+ "
+ echo $PCMK_RESOURCE_TODELETE
}
-function remove_ceilometer_alarm {
- if pcs status | grep openstack-ceilometer-alarm; then
- # Disable pacemaker resources for ceilometer-alarms
- pcs resource disable openstack-ceilometer-alarm-evaluator
- check_resource openstack-ceilometer-alarm-evaluator stopped 600
- pcs resource delete openstack-ceilometer-alarm-evaluator
- pcs resource disable openstack-ceilometer-alarm-notifier
- check_resource openstack-ceilometer-alarm-notifier stopped 600
- pcs resource delete openstack-ceilometer-alarm-notifier
+# This function will migrate a mitaka system where all the resources are managed
+# via pacemaker to a newton setup where only a few services will be managed by pacemaker
+# On a high-level it will operate as follows:
+# 1. Set the cluster in maintenance-mode so no start/stop action will actually take place
+# during the conversion
+# 2. Remove all the colocation constraints and then the ordering constraints, except the
+# ones related to haproxy/VIPs which exist in Newton as well
+# 3. Take the cluster out of maintenance-mode
+# 4. Remove all the resources that won't be managed by pacemaker in newton. The
+# outcome will be
+# that they are stopped and removed from pacemakers control
+# 5. Do a resource cleanup to make sure the cluster is in a clean state
+function migrate_full_to_ng_ha {
+ if [[ -n $(pcmk_running) ]]; then
+ pcs property set maintenance-mode=true
- # remove constraints
- pcs constraint remove ceilometer-delay-then-ceilometer-alarm-evaluator-constraint
- pcs constraint remove ceilometer-alarm-evaluator-with-ceilometer-delay-colocation
- pcs constraint remove ceilometer-alarm-evaluator-then-ceilometer-alarm-notifier-constraint
- pcs constraint remove ceilometer-alarm-notifier-with-ceilometer-alarm-evaluator-colocation
- pcs constraint remove ceilometer-alarm-notifier-then-ceilometer-notification-constraint
- pcs constraint remove ceilometer-notification-with-ceilometer-alarm-notifier-colocation
+ # First we go through all the colocation constraints (except the ones
+ # we want to keep, i.e. the haproxy/ip ones) and we remove those
+ COL_CONSTRAINTS=$(pcs config show | sed -n '/^Colocation Constraints:$/,/^$/p' | grep -v "Colocation Constraints:" | egrep -v "ip-.*haproxy" | awk '{print $NF}' | cut -f2 -d: |cut -f1 -d\))
+ for constraint in $COL_CONSTRAINTS; do
+ log_debug "Deleting colocation constraint $constraint from CIB"
+ pcs constraint remove "$constraint"
+ done
- fi
+ # Now we kill all the ordering constraints (except the haproxy/ip ones)
+ ORD_CONSTRAINTS=$(pcs config show | sed -n '/^Ordering Constraints:/,/^Colocation Constraints:$/p' | grep -v "Ordering Constraints:" | awk '{print $NF}' | cut -f2 -d: |cut -f1 -d\))
+ for constraint in $ORD_CONSTRAINTS; do
+ log_debug "Deleting ordering constraint $constraint from CIB"
+ pcs constraint remove "$constraint"
+ done
+ # At this stage all the pacemaker resources are removed from the CIB.
+ # Once we remove the maintenance-mode those systemd resources will keep
+ # on running. They shall be systemd enabled via the puppet converge
+ # step later on
+ pcs property set maintenance-mode=false
- # uninstall openstack-ceilometer-alarm package
- yum -y remove openstack-ceilometer-alarm
+ # At this stage there are no constraints whatsoever except the haproxy/ip ones
+ # which we want to keep. We now disable and then delete each resource
+ # that will move to systemd.
+ # We want the systemd resources be stopped before doing "yum update",
+ # that way "systemctl try-restart <service>" is no-op because the
+ # service was down already
+ PCS_STATUS_OUTPUT="$(pcs status)"
+ for resource in $(services_to_migrate) "delay-clone" "openstack-core-clone"; do
+ if echo "$PCS_STATUS_OUTPUT" | grep "$resource"; then
+ log_debug "Deleting $resource from the CIB"
+ if ! pcs resource disable "$resource" --wait=600; then
+ echo_error "ERROR: resource $resource failed to be disabled"
+ exit 1
+ fi
+ pcs resource delete --force "$resource"
+ else
+ log_debug "Service $service not found as a pacemaker resource, not trying to delete."
+ fi
+ done
+ # We need to do a pcs resource cleanup here + crm_resource --wait to
+ # make sure the cluster is in a clean state before we stop everything,
+ # upgrade and restart everything
+ pcs resource cleanup
+ # We are making sure here that the cluster is stable before proceeding
+ if ! timeout -k 10 600 crm_resource --wait; then
+ echo_error "ERROR: cluster remained unstable after resource cleanup for more than 600 seconds, exiting."
+ exit 1
+ fi
+ fi
}
diff --git a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml
new file mode 100644
index 00000000..b9a87d33
--- /dev/null
+++ b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml
@@ -0,0 +1,25 @@
+heat_template_version: 2014-10-16
+
+description: >
+ Software-config for performing aodh data migration
+
+parameters:
+ servers:
+ type: json
+ input_values:
+ type: json
+ description: input values for the software deployments
+resources:
+
+ AodhMysqlMigrationScriptConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: {get_file: aodh_data_migration.sh}
+
+ AodhMysqlMigrationScriptDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: AodhMysqlMigrationScriptConfig}
+ input_values: {get_param: input_values}
diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh
index 7d794c97..4f17b69a 100755
--- a/extraconfig/tasks/pacemaker_common_functions.sh
+++ b/extraconfig/tasks/pacemaker_common_functions.sh
@@ -2,51 +2,286 @@
set -eu
-function check_resource {
+DEBUG="true" # set false if the verbosity is a problem
+SCRIPT_NAME=$(basename $0)
+function log_debug {
+ if [[ $DEBUG = "true" ]]; then
+ echo "`date` $SCRIPT_NAME tripleo-upgrade $(facter hostname) $1"
+ fi
+}
+
+function is_bootstrap_node {
+ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then
+ log_debug "Node is bootstrap"
+ echo "true"
+ fi
+}
+function check_resource_pacemaker {
if [ "$#" -ne 3 ]; then
- echo_error "ERROR: check_resource function expects 3 parameters, $# given"
- exit 1
+ echo_error "ERROR: check_resource function expects 3 parameters, $# given"
+ exit 1
fi
- service=$1
- state=$2
- timeout=$3
+ local service=$1
+ local state=$2
+ local timeout=$3
+
+ if [[ -z $(is_bootstrap_node) ]] ; then
+ log_debug "Node isn't bootstrap, skipping check for $service to be $state here "
+ return
+ else
+ log_debug "Node is bootstrap checking $service to be $state here"
+ fi
if [ "$state" = "stopped" ]; then
- match_for_incomplete='Started'
+ match_for_incomplete='Started'
else # started
- match_for_incomplete='Stopped'
+ match_for_incomplete='Stopped'
fi
nodes_local=$(pcs status | grep ^Online | sed 's/.*\[ \(.*\) \]/\1/g' | sed 's/ /\|/g')
if timeout -k 10 $timeout crm_resource --wait; then
- node_states=$(pcs status --full | grep "$service" | grep -v Clone | { egrep "$nodes_local" || true; } )
- if echo "$node_states" | grep -q "$match_for_incomplete"; then
- echo_error "ERROR: cluster finished transition but $service was not in $state state, exiting."
- exit 1
- else
- echo "$service has $state"
- fi
- else
- echo_error "ERROR: cluster remained unstable for more than $timeout seconds, exiting."
+ node_states=$(pcs status --full | grep "$service" | grep -v Clone | { egrep "$nodes_local" || true; } )
+ if echo "$node_states" | grep -q "$match_for_incomplete"; then
+ echo_error "ERROR: cluster finished transition but $service was not in $state state, exiting."
exit 1
+ else
+ echo "$service has $state"
+ fi
+ else
+ echo_error "ERROR: cluster remained unstable for more than $timeout seconds, exiting."
+ exit 1
+ fi
+
+}
+
+function pcmk_running {
+ if [[ $(systemctl is-active pacemaker) = "active" ]] ; then
+ echo "true"
+ fi
+}
+
+function is_systemd_unknown {
+ local service=$1
+ if [[ $(systemctl is-active "$service") = "unknown" ]]; then
+ log_debug "$service found to be unkown to systemd"
+ echo "true"
+ fi
+}
+
+function grep_is_cluster_controlled {
+ local service=$1
+ if [[ -n $(systemctl status $service -l | grep Drop-In -A 5 | grep pacemaker) ||
+ -n $(systemctl status $service -l | grep "Cluster Controlled $service") ]] ; then
+ log_debug "$service is pcmk managed from systemctl grep"
+ echo "true"
+ fi
+}
+
+
+function is_systemd_managed {
+ local service=$1
+ #if we have pcmk check to see if it is managed there
+ if [[ -n $(pcmk_running) ]]; then
+ if [[ -z $(pcs status --full | grep $service) && -z $(is_systemd_unknown $service) ]] ; then
+ log_debug "$service found to be systemd managed from pcs status"
+ echo "true"
+ fi
+ else
+ # if it is "unknown" to systemd, then it is pacemaker managed
+ if [[ -n $(is_systemd_unknown $service) ]] ; then
+ return
+ elif [[ -z $(grep_is_cluster_controlled $service) ]] ; then
+ echo "true"
+ fi
+ fi
+}
+
+function is_pacemaker_managed {
+ local service=$1
+ #if we have pcmk check to see if it is managed there
+ if [[ -n $(pcmk_running) ]]; then
+ if [[ -n $(pcs status --full | grep $service) ]]; then
+ log_debug "$service found to be pcmk managed from pcs status"
+ echo "true"
+ fi
+ else
+ # if it is unknown to systemd, then it is pcmk managed
+ if [[ -n $(is_systemd_unknown $service) ]]; then
+ echo "true"
+ elif [[ -n $(grep_is_cluster_controlled $service) ]] ; then
+ echo "true"
+ fi
+ fi
+}
+
+function is_managed {
+ local service=$1
+ if [[ -n $(is_pacemaker_managed $service) || -n $(is_systemd_managed $service) ]]; then
+ echo "true"
+ fi
+}
+
+function check_resource_systemd {
+
+ if [ "$#" -ne 3 ]; then
+ echo_error "ERROR: check_resource function expects 3 parameters, $# given"
+ exit 1
fi
+ local service=$1
+ local state=$2
+ local timeout=$3
+ local check_interval=3
+
+ if [ "$state" = "stopped" ]; then
+ match_for_incomplete='active'
+ else # started
+ match_for_incomplete='inactive'
+ fi
+
+ log_debug "Going to check_resource_systemd for $service to be $state"
+
+ #sanity check is systemd managed:
+ if [[ -z $(is_systemd_managed $service) ]]; then
+ echo "ERROR - $service not found to be systemd managed."
+ exit 1
+ fi
+
+ tstart=$(date +%s)
+ tend=$(( $tstart + $timeout ))
+ while (( $(date +%s) < $tend )); do
+ if [[ "$(systemctl is-active $service)" = $match_for_incomplete ]]; then
+ echo "$service not yet $state, sleeping $check_interval seconds."
+ sleep $check_interval
+ else
+ echo "$service is $state"
+ return
+ fi
+ done
+
+ echo "Timed out waiting for $service to go to $state after $timeout seconds"
+ exit 1
+}
+
+
+function check_resource {
+ local service=$1
+ local pcmk_managed=$(is_pacemaker_managed $service)
+ local systemd_managed=$(is_systemd_managed $service)
+
+ if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then
+ log_debug "ERROR $service managed by both systemd and pcmk - SKIPPING"
+ return
+ fi
+
+ if [[ -n $pcmk_managed ]]; then
+ check_resource_pacemaker $@
+ return
+ elif [[ -n $systemd_managed ]]; then
+ check_resource_systemd $@
+ return
+ fi
+ log_debug "ERROR cannot check_resource for $service, not managed here?"
+}
+
+function manage_systemd_service {
+ local action=$1
+ local service=$2
+ log_debug "Going to systemctl $action $service"
+ systemctl $action $service
+}
+
+function manage_pacemaker_service {
+ local action=$1
+ local service=$2
+ # not if pacemaker isn't running!
+ if [[ -z $(pcmk_running) ]]; then
+ echo "$(facter hostname) pacemaker not active, skipping $action $service here"
+ elif [[ -n $(is_bootstrap_node) ]]; then
+ log_debug "Going to pcs resource $action $service"
+ pcs resource $action $service
+ fi
+}
+
+function stop_or_disable_service {
+ local service=$1
+ local pcmk_managed=$(is_pacemaker_managed $service)
+ local systemd_managed=$(is_systemd_managed $service)
+
+ if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then
+ log_debug "Skipping stop_or_disable $service due to management conflict"
+ return
+ fi
+
+ log_debug "Stopping or disabling $service"
+ if [[ -n $pcmk_managed ]]; then
+ manage_pacemaker_service disable $service
+ return
+ elif [[ -n $systemd_managed ]]; then
+ manage_systemd_service stop $service
+ return
+ fi
+ log_debug "ERROR: $service not managed here?"
+}
+
+function start_or_enable_service {
+ local service=$1
+ local pcmk_managed=$(is_pacemaker_managed $service)
+ local systemd_managed=$(is_systemd_managed $service)
+
+ if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then
+ log_debug "Skipping start_or_enable $service due to management conflict"
+ return
+ fi
+
+ log_debug "Starting or enabling $service"
+ if [[ -n $pcmk_managed ]]; then
+ manage_pacemaker_service enable $service
+ return
+ elif [[ -n $systemd_managed ]]; then
+ manage_systemd_service start $service
+ return
+ fi
+ log_debug "ERROR $service not managed here?"
+}
+
+function restart_service {
+ local service=$1
+ local pcmk_managed=$(is_pacemaker_managed $service)
+ local systemd_managed=$(is_systemd_managed $service)
+
+ if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then
+ log_debug "ERROR $service managed by both systemd and pcmk - SKIPPING"
+ return
+ fi
+
+ log_debug "Restarting $service"
+ if [[ -n $pcmk_managed ]]; then
+ manage_pacemaker_service restart $service
+ return
+ elif [[ -n $systemd_managed ]]; then
+ manage_systemd_service restart $service
+ return
+ fi
+ log_debug "ERROR $service not managed here?"
}
function echo_error {
echo "$@" | tee /dev/fd2
}
+# swift is a special case because it is/was never handled by pacemaker
+# when stand-alone swift is used, only swift-proxy is running on controllers
function systemctl_swift {
services=( openstack-swift-account-auditor openstack-swift-account-reaper openstack-swift-account-replicator openstack-swift-account \
openstack-swift-container-auditor openstack-swift-container-replicator openstack-swift-container-updater openstack-swift-container \
openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object openstack-swift-proxy )
- action=$1
+ local action=$1
case $action in
stop)
- services=$(systemctl | grep swift | grep running | awk '{print $1}')
+ services=$(systemctl | grep openstack-swift- | grep running | awk '{print $1}')
;;
start)
enable_swift_storage=$(hiera -c /etc/puppet/hiera.yaml 'enable_swift_storage')
@@ -54,9 +289,11 @@ function systemctl_swift {
services=( openstack-swift-proxy )
fi
;;
- *) services=() ;; # for safetly, should never happen
+ *) echo "Unknown action $action passed to systemctl_swift"
+ exit 1
+ ;; # shouldn't ever happen...
esac
- for S in ${services[@]}; do
- systemctl $action $S
+ for service in ${services[@]}; do
+ manage_systemd_service $action $service
done
}
diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh
index b2e5be16..3da7efec 100755
--- a/extraconfig/tasks/pacemaker_resource_restart.sh
+++ b/extraconfig/tasks/pacemaker_resource_restart.sh
@@ -2,37 +2,24 @@
set -eux
-pacemaker_status=$(systemctl is-active pacemaker)
-
# Run if pacemaker is running, we're the bootstrap node,
# and we're updating the deployment (not creating).
-if [ "$pacemaker_status" = "active" -a \
- "$(hiera bootstrap_nodeid)" = "$(facter hostname)" -a \
- "$(hiera stack_action)" = "UPDATE" ]; then
-
- #ensure neutron constraints like
- #https://review.openstack.org/#/c/245093/
- if pcs constraint order show | grep "start neutron-server-clone then start neutron-ovs-cleanup-clone"; then
- pcs constraint remove order-neutron-server-clone-neutron-ovs-cleanup-clone-mandatory
- fi
-
- pcs resource disable httpd
- check_resource httpd stopped 300
- pcs resource disable openstack-core
- check_resource openstack-core stopped 1800
-
- if pcs status | grep haproxy-clone; then
- pcs resource restart haproxy-clone
- fi
- pcs resource restart redis-master
- pcs resource restart mongod-clone
- pcs resource restart rabbitmq-clone
- pcs resource restart memcached-clone
- pcs resource restart galera-master
-
- pcs resource enable openstack-core
- check_resource openstack-core started 1800
- pcs resource enable httpd
- check_resource httpd started 800
-
+if [[ -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then
+
+ TIMEOUT=600
+ SERVICES_TO_RESTART="$(ls /var/lib/tripleo/pacemaker-restarts)"
+ PCS_STATUS_OUTPUT="$(pcs status)"
+
+ for service in $SERVICES_TO_RESTART; do
+ if ! echo "$PCS_STATUS_OUTPUT" | grep $service; then
+ echo "Service $service not found as a pacemaker resource, cannot restart it."
+ exit 1
+ fi
+ done
+
+ for service in $SERVICES_TO_RESTART; do
+ echo "Restarting $service..."
+ pcs resource restart --wait=$TIMEOUT $service
+ rm -f /var/lib/tripleo/pacemaker-restarts/$service
+ done
fi
diff --git a/extraconfig/tasks/post_puppet_pacemaker.yaml b/extraconfig/tasks/post_puppet_pacemaker.yaml
index fbed9ce5..b62502f8 100644
--- a/extraconfig/tasks/post_puppet_pacemaker.yaml
+++ b/extraconfig/tasks/post_puppet_pacemaker.yaml
@@ -29,20 +29,9 @@ resources:
config: {get_resource: ControllerPostPuppetMaintenanceModeConfig}
input_values: {get_param: input_values}
- ControllerPostPuppetRestartConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - get_file: pacemaker_common_functions.sh
- - get_file: pacemaker_resource_restart.sh
-
- ControllerPostPuppetRestartDeployment:
- type: OS::Heat::SoftwareDeployments
+ ControllerPostPuppetRestart:
+ type: OS::TripleO::Tasks::ControllerPostPuppetRestart
depends_on: ControllerPostPuppetMaintenanceModeDeployment
properties:
servers: {get_param: servers}
- config: {get_resource: ControllerPostPuppetRestartConfig}
input_values: {get_param: input_values}
diff --git a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml
new file mode 100644
index 00000000..52760c87
--- /dev/null
+++ b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml
@@ -0,0 +1,28 @@
+heat_template_version: 2014-10-16
+description: 'Post-Puppet restart config for Pacemaker deployments'
+
+parameters:
+ servers:
+ type: json
+ input_values:
+ type: json
+ description: input values for the software deployments
+
+resources:
+
+ ControllerPostPuppetRestartConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - get_file: pacemaker_common_functions.sh
+ - get_file: pacemaker_resource_restart.sh
+
+ ControllerPostPuppetRestartDeployment:
+ type: OS::Heat::SoftwareDeployments
+ properties:
+ servers: {get_param: servers}
+ config: {get_resource: ControllerPostPuppetRestartConfig}
+ input_values: {get_param: input_values}
diff --git a/firstboot/os-net-config-mappings.yaml b/firstboot/os-net-config-mappings.yaml
new file mode 100644
index 00000000..833c3bc2
--- /dev/null
+++ b/firstboot/os-net-config-mappings.yaml
@@ -0,0 +1,65 @@
+heat_template_version: 2015-10-15
+
+description: >
+ Configure os-net-config mappings for specific nodes
+ Your environment file needs to look like:
+ parameter_defaults:
+ NetConfigDataLookup:
+ node1:
+ nic1: "00:c8:7c:e6:f0:2e"
+ node2:
+ nic1: "00:18:7d:99:0c:b6"
+ This will result in the first nodeN entry where a mac matches a
+ local device being written as a mapping file for os-net-config in
+ /etc/os-net-config/mapping.yaml
+
+parameters:
+ # Note this requires a liberty heat or newer in the undercloud due to
+ # the 2015-10-15 (which is required to enable str_replace serializing
+ # the json parameter to json, another approch with a string parameter
+ # will be required for older heat versions)
+ NetConfigDataLookup:
+ type: json
+ default: {}
+ description: per-node configuration map
+
+resources:
+ userdata:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: {get_resource: OsNetConfigMappings}
+
+ OsNetConfigMappings:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: ungrouped
+ config:
+ str_replace:
+ template: |
+ #!/bin/sh
+ eth_addr=$(/sbin/ifconfig eth0 | grep ether | awk '{print $2}')
+ mkdir -p /etc/os-net-config
+
+ # Create an os-net-config mapping file, note this defaults to
+ # /etc/os-net-config/mapping.yaml, so we use that name despite
+ # rendering the result as json
+ echo '$node_lookup' | python -c "
+ import json
+ import sys
+ import yaml
+ input = sys.stdin.readline() or '{}'
+ data = json.loads(input)
+ for node in data:
+ if '${eth_addr}' in data[node].values():
+ interface_mapping = {'interface_mapping': data[node]}
+ with open('/etc/os-net-config/mapping.yaml', 'w') as f:
+ yaml.safe_dump(interface_mapping, f, default_flow_style=False)
+ break
+ "
+ params:
+ $node_lookup: {get_param: NetConfigDataLookup}
+
+outputs:
+ OS::stack_id:
+ value: {get_resource: userdata}
diff --git a/net-config-bond.yaml b/net-config-bond.yaml
index 0a162e77..ec881bdc 100644
--- a/net-config-bond.yaml
+++ b/net-config-bond.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: 2016-10-14
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge.
@@ -6,9 +6,15 @@ description: >
parameters:
BondInterfaceOvsOptions:
default: ''
- description: The ovs_options string for the bond interface. Set things like
- lacp=active and/or bond_mode=balance-slb using this option.
+ description: |
+ The ovs_options string for the bond interface. Set things like
+ lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ constraints:
+ - allowed_pattern: "^((?!balance.tcp).)*$"
+ description: |
+ The balance-tcp bond mode is known to cause packet loss and
+ should not be used in BondInterfaceOvsOptions.
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml
new file mode 100644
index 00000000..6dbe5982
--- /dev/null
+++ b/net-config-static-bridge-with-external-dhcp.yaml
@@ -0,0 +1,99 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config for a simple bridge configured
+ with a static IP address for the ctlplane network.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet:
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: ovs_bridge
+ name: {get_input: bridge_name}
+ use_dhcp: true
+ members:
+ -
+ type: interface
+ name: {get_input: interface_name}
+ # force the MAC address of the bridge to this interface
+ primary: true
+ -
+ type: interface
+ # would like to do the following, but can't b/c of:
+ # https://bugs.launchpad.net/heat/+bug/1344284
+ # name:
+ # list_join:
+ # - '/'
+ # - - {get_input: bridge_name}
+ # - ':0'
+ # So, just hardcode to br-ex:0 for now, br-ex is hardcoded in
+ # controller.yaml anyway.
+ name: br-ex:0
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml
index 93db8666..9f537c02 100644
--- a/network/config/bond-with-vlans/ceph-storage.yaml
+++ b/network/config/bond-with-vlans/ceph-storage.yaml
@@ -38,6 +38,19 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ constraints:
+ - allowed_pattern: "^((?!balance.tcp).)*$"
+ description: |
+ The balance-tcp bond mode is known to cause packet loss and
+ should not be used in BondInterfaceOvsOptions.
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
@@ -46,6 +59,10 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
@@ -57,6 +74,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -123,6 +148,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -130,6 +157,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml
index bea98c19..b4d71fa3 100644
--- a/network/config/bond-with-vlans/cinder-storage.yaml
+++ b/network/config/bond-with-vlans/cinder-storage.yaml
@@ -38,6 +38,15 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ constraints:
+ - allowed_pattern: "^((?!balance.tcp).)*$"
+ description: |
+ The balance-tcp bond mode is known to cause packet loss and
+ should not be used in BondInterfaceOvsOptions.
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -50,6 +59,10 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
@@ -61,6 +74,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -134,6 +155,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -141,6 +164,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/compute-dpdk.yaml b/network/config/bond-with-vlans/compute-dpdk.yaml
new file mode 100644
index 00000000..3fc764be
--- /dev/null
+++ b/network/config/bond-with-vlans/compute-dpdk.yaml
@@ -0,0 +1,192 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config with 2 bonded nics on a bridge
+ with VLANs attached for the compute role.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ BondInterfaceOvsOptions:
+ default: ''
+ description: The ovs_options string for the bond interface. Set things like
+ lacp=active and/or bond_mode=balance-slb using this option.
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
+ -
+ type: ovs_bridge
+ name: {get_input: bridge_name}
+ members:
+ -
+ type: ovs_bond
+ name: bond1
+ ovs_options: {get_param: BondInterfaceOvsOptions}
+ members:
+ -
+ type: interface
+ name: nic2
+ primary: true
+ -
+ type: interface
+ name: nic3
+ -
+ type: vlan
+ device: bond1
+ vlan_id: {get_param: InternalApiNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+ -
+ type: vlan
+ device: bond1
+ vlan_id: {get_param: StorageNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: vlan
+ device: bond1
+ vlan_id: {get_param: TenantNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # device: bond1
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
+ -
+ type: ovs_user_bridge
+ name: br-link
+ members:
+ -
+ type: ovs_dpdk_bond
+ name: dpdkbond0
+ members:
+ -
+ type: ovs_dpdk_port
+ name: dpdk0
+ members:
+ -
+ type: interface
+ name: nic4
+ -
+ type: ovs_dpdk_port
+ name: dpdk1
+ members:
+ -
+ type: interface
+ name: nic5
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml
index 774bf02d..b2cfb0a2 100644
--- a/network/config/bond-with-vlans/compute.yaml
+++ b/network/config/bond-with-vlans/compute.yaml
@@ -38,6 +38,15 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ constraints:
+ - allowed_pattern: "^((?!balance.tcp).)*$"
+ description: |
+ The balance-tcp bond mode is known to cause packet loss and
+ should not be used in BondInterfaceOvsOptions.
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -46,6 +55,10 @@ parameters:
default: 30
description: Vlan ID for the storage network traffic.
type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
@@ -61,6 +74,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -134,6 +155,8 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -141,6 +164,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml
index d9532439..4c3e59fa 100644
--- a/network/config/bond-with-vlans/controller-no-external.yaml
+++ b/network/config/bond-with-vlans/controller-no-external.yaml
@@ -38,6 +38,11 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ constraints:
+ - allowed_pattern: "^((?!balance.tcp).)*$"
+ description: |
+ The balance-tcp bond mode is known to cause packet loss and
+ should not be used in BondInterfaceOvsOptions.
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
@@ -62,10 +67,17 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -102,6 +114,9 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
-
type: ovs_bridge
name: {get_input: bridge_name}
@@ -148,6 +163,8 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -155,6 +172,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml
index 7869ebfc..1361d969 100644
--- a/network/config/bond-with-vlans/controller-v6.yaml
+++ b/network/config/bond-with-vlans/controller-v6.yaml
@@ -40,6 +40,11 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ constraints:
+ - allowed_pattern: "^((?!balance.tcp).)*$"
+ description: |
+ The balance-tcp bond mode is known to cause packet loss and
+ should not be used in BondInterfaceOvsOptions.
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
@@ -64,10 +69,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -75,6 +76,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -106,6 +115,7 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -134,6 +144,7 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -166,6 +177,9 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: vlan
# device: bond1
@@ -173,6 +187,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml
index d3627ead..677c90c5 100644
--- a/network/config/bond-with-vlans/controller.yaml
+++ b/network/config/bond-with-vlans/controller.yaml
@@ -38,6 +38,11 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ constraints:
+ - allowed_pattern: "^((?!balance.tcp).)*$"
+ description: |
+ The balance-tcp bond mode is known to cause packet loss and
+ should not be used in BondInterfaceOvsOptions.
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
@@ -62,10 +67,17 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -158,6 +170,9 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: vlan
# device: bond1
@@ -165,6 +180,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml
index de9121e5..e16d6b6e 100644
--- a/network/config/bond-with-vlans/swift-storage.yaml
+++ b/network/config/bond-with-vlans/swift-storage.yaml
@@ -38,6 +38,15 @@ parameters:
description: The ovs_options string for the bond interface. Set things like
lacp=active and/or bond_mode=balance-slb using this option.
type: string
+ constraints:
+ - allowed_pattern: "^((?!balance.tcp).)*$"
+ description: |
+ The balance-tcp bond mode is known to cause packet loss and
+ should not be used in BondInterfaceOvsOptions.
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -50,6 +59,10 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
@@ -61,6 +74,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -134,6 +155,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
@@ -141,6 +164,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml
index 84cb0f12..c31c6e65 100644
--- a/network/config/multiple-nics/ceph-storage.yaml
+++ b/network/config/multiple-nics/ceph-storage.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -118,6 +122,8 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -125,6 +131,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml
index 0b0218c5..4f8b7f64 100644
--- a/network/config/multiple-nics/cinder-storage.yaml
+++ b/network/config/multiple-nics/cinder-storage.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -125,6 +129,8 @@ resources:
-
ip_netmask: {get_param: InternalApiIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -132,6 +138,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml
index 97eef52b..77514745 100644
--- a/network/config/multiple-nics/compute.yaml
+++ b/network/config/multiple-nics/compute.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -133,6 +137,8 @@ resources:
# force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -140,6 +146,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml
index b69879fb..da1f95f1 100644
--- a/network/config/multiple-nics/controller-v6.yaml
+++ b/network/config/multiple-nics/controller-v6.yaml
@@ -59,10 +59,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -70,6 +66,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -102,6 +106,7 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -150,6 +155,7 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -160,6 +166,9 @@ resources:
# force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: interface
# name: nic7
@@ -167,6 +176,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml
index 377fd116..7a1f9e5f 100644
--- a/network/config/multiple-nics/controller.yaml
+++ b/network/config/multiple-nics/controller.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -155,6 +159,9 @@ resources:
# force the MAC address of the bridge to this interface
primary: true
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
#-
# type: interface
# name: nic7
@@ -162,6 +169,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml
index b75bbd6e..05083105 100644
--- a/network/config/multiple-nics/swift-storage.yaml
+++ b/network/config/multiple-nics/swift-storage.yaml
@@ -57,10 +57,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -68,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -125,6 +129,8 @@ resources:
-
ip_netmask: {get_param: InternalApiIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: interface
# name: nic7
@@ -132,6 +138,10 @@ resources:
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
index a46d7e20..fc8e8b6f 100644
--- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
@@ -29,6 +29,18 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
@@ -37,6 +49,14 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -44,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -99,6 +127,20 @@ resources:
addresses:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: br-storage
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
index 08613a3b..6fb247ed 100644
--- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
@@ -29,6 +29,14 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -41,6 +49,14 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -48,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -110,6 +134,20 @@ resources:
addresses:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: br-storage
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml
index b6522c67..e31720d8 100644
--- a/network/config/single-nic-linux-bridge-vlans/compute.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml
@@ -29,6 +29,14 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -37,10 +45,18 @@ parameters:
default: 30
description: Vlan ID for the storage network traffic.
type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -48,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -81,7 +105,6 @@ resources:
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
-
- ip_netmask: 0.0.0.0/0
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
members:
@@ -111,6 +134,20 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: {get_input: bridge_name}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
new file mode 100644
index 00000000..80125149
--- /dev/null
+++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
@@ -0,0 +1,178 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config to configure VLANs for the
+ controller role with IPv6 on the External network. The IPv6 default
+ route is on the External network, and the IPv4 default route is on
+ the Control Plane.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: linux_bridge
+ name: {get_input: bridge_name}
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
+ members:
+ -
+ type: interface
+ name: {get_input: interface_name}
+ # force the MAC address of the bridge to this interface
+ primary: true
+ -
+ type: vlan
+ vlan_id: {get_param: ExternalNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: ExternalIpSubnet}
+ routes:
+ # IPv6 Default Route
+ -
+ default: true
+ next_hop: {get_param: ExternalInterfaceDefaultRoute}
+ -
+ type: vlan
+ vlan_id: {get_param: InternalApiNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: StorageNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: StorageMgmtNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageMgmtIpSubnet}
+ -
+ type: vlan
+ vlan_id: {get_param: TenantNetworkVlanID}
+ device: {get_input: bridge_name}
+ addresses:
+ -
+ ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: {get_input: bridge_name}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml
index 72105481..aef5d4e3 100644
--- a/network/config/single-nic-linux-bridge-vlans/controller.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml
@@ -29,6 +29,10 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
@@ -49,10 +53,21 @@ parameters:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -64,9 +79,6 @@ parameters:
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
- ControlPlaneDefaultRoute: # Override this via parameter_defaults
- description: The default route of the control plane network.
- type: string
resources:
OsNetConfigImpl:
@@ -92,8 +104,8 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
- ip_netmask: 0.0.0.0/0
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
members:
@@ -110,8 +122,8 @@ resources:
-
ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
- ip_netmask: 0.0.0.0/0
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
-
@@ -142,6 +154,21 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: {get_input: bridge_name}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
index 962b9890..a5d2f966 100644
--- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
@@ -29,6 +29,14 @@ parameters:
default: ''
description: IP address/subnet on the tenant network
type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
@@ -41,6 +49,14 @@ parameters:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -48,6 +64,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -110,6 +134,20 @@ resources:
addresses:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # device: br-storage
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml
index 80bc32d3..6fa288af 100644
--- a/network/config/single-nic-vlans/ceph-storage.yaml
+++ b/network/config/single-nic-vlans/ceph-storage.yaml
@@ -52,6 +52,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -106,12 +114,18 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml
index e509443a..d1135776 100644
--- a/network/config/single-nic-vlans/cinder-storage.yaml
+++ b/network/config/single-nic-vlans/cinder-storage.yaml
@@ -56,6 +56,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -116,12 +124,18 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml
index 8cf6825d..bd3cef34 100644
--- a/network/config/single-nic-vlans/compute.yaml
+++ b/network/config/single-nic-vlans/compute.yaml
@@ -56,6 +56,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -116,12 +124,18 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml
index eb5e1e5a..8e8b0f5d 100644
--- a/network/config/single-nic-vlans/controller-no-external.yaml
+++ b/network/config/single-nic-vlans/controller-no-external.yaml
@@ -5,6 +5,10 @@ description: >
controller role. No external IP is configured.
parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
@@ -53,10 +57,28 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
resources:
OsNetConfigImpl:
@@ -69,7 +91,22 @@ resources:
-
type: ovs_bridge
name: {get_input: bridge_name}
- use_dhcp: true
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
members:
-
type: interface
@@ -101,12 +138,18 @@ resources:
-
ip_netmask: {get_param: TenantIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml
index 472e539d..ecbf2efb 100644
--- a/network/config/single-nic-vlans/controller-v6.yaml
+++ b/network/config/single-nic-vlans/controller-v6.yaml
@@ -59,10 +59,6 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -70,6 +66,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -102,6 +106,7 @@ resources:
-
ip_netmask: 169.254.169.254/32
next_hop: {get_param: EC2MetadataIp}
+ # IPv4 Default Route
-
default: true
next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -115,9 +120,10 @@ resources:
type: vlan
vlan_id: {get_param: ExternalNetworkVlanID}
addresses:
- -
- ip_netmask: {get_param: ExternalIpSubnet}
+ -
+ ip_netmask: {get_param: ExternalIpSubnet}
routes:
+ # IPv6 Default Route
-
default: true
next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -145,12 +151,20 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
- #- # Uncomment when including environments/network-management.yaml
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml
index a5a0745d..c5979a89 100644
--- a/network/config/single-nic-vlans/controller.yaml
+++ b/network/config/single-nic-vlans/controller.yaml
@@ -57,10 +57,17 @@ parameters:
default: 60
description: Vlan ID for the management network traffic.
type: number
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
ExternalInterfaceDefaultRoute:
default: '10.0.0.1'
description: default route for the external network
type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
@@ -137,12 +144,20 @@ resources:
addresses:
-
ip_netmask: {get_param: TenantIpSubnet}
- #- # Uncomment when including environments/network-management.yaml
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the External interface. This will
+ # make the External API unreachable from remote subnets.
+ #-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml
index efc03393..7b06580c 100644
--- a/network/config/single-nic-vlans/swift-storage.yaml
+++ b/network/config/single-nic-vlans/swift-storage.yaml
@@ -56,6 +56,14 @@ parameters:
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -116,12 +124,18 @@ resources:
-
ip_netmask: {get_param: StorageMgmtIpSubnet}
# Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
#-
# type: vlan
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
diff --git a/network/endpoints/build_endpoint_map.py b/network/endpoints/build_endpoint_map.py
index d8cdee3d..964f58f7 100755
--- a/network/endpoints/build_endpoint_map.py
+++ b/network/endpoints/build_endpoint_map.py
@@ -30,7 +30,9 @@ import yaml
(IN_FILE, OUT_FILE) = ('endpoint_data.yaml', 'endpoint_map.yaml')
SUBST = (SUBST_IP_ADDRESS, SUBST_CLOUDNAME) = ('IP_ADDRESS', 'CLOUDNAME')
-PARAMS = (PARAM_CLOUDNAME, PARAM_ENDPOINTMAP) = ('CloudName', 'EndpointMap')
+PARAMS = (PARAM_CLOUD_ENDPOINTS, PARAM_ENDPOINTMAP, PARAM_NETIPMAP,
+ PARAM_SERVICENETMAP) = (
+ 'CloudEndpoints', 'EndpointMap', 'NetIpMap', 'ServiceNetMap')
FIELDS = (F_PORT, F_PROTOCOL, F_HOST) = ('port', 'protocol', 'host')
ENDPOINT_TYPES = frozenset(['Internal', 'Public', 'Admin'])
@@ -56,16 +58,8 @@ def load_endpoint_data(infile=None):
return yaml.safe_load(f)
-def vip_param_name(endpoint_type_defn):
- return endpoint_type_defn['vip_param'] + 'VirtualIP'
-
-
-def vip_param_names(config):
- def ep_types(svc):
- return (v for k, v in svc.items() if k in ENDPOINT_TYPES or not k)
-
- return set(vip_param_name(defn)
- for svc in config.values() for defn in ep_types(svc))
+def net_param_name(endpoint_type_defn):
+ return endpoint_type_defn['net_param'] + 'Network'
def endpoint_map_default(config):
@@ -91,9 +85,9 @@ def make_parameter(ptype, default, description=None):
def template_parameters(config):
- params = collections.OrderedDict((n, make_parameter('string', ''))
- for n in sorted(vip_param_names(config)))
-
+ params = collections.OrderedDict()
+ params[PARAM_NETIPMAP] = make_parameter('json', {}, 'The Net IP map')
+ params[PARAM_SERVICENETMAP] = make_parameter('json', {}, 'The Service Net map')
params[PARAM_ENDPOINTMAP] = make_parameter('json',
endpoint_map_default(config),
'Mapping of service endpoint '
@@ -101,17 +95,18 @@ def template_parameters(config):
'via parameter_defaults in the '
'resource registry.')
- params[PARAM_CLOUDNAME] = make_parameter('string',
- 'overcloud',
- 'The DNS name of this cloud. '
- 'e.g. ci-overcloud.tripleo.org')
+ params[PARAM_CLOUD_ENDPOINTS] = make_parameter(
+ 'json',
+ {},
+ ('A map containing the DNS names for the different endpoints '
+ '(external, internal_api, etc.)'))
return params
def template_output_definition(endpoint_name,
endpoint_variant,
endpoint_type,
- vip_param,
+ net_param,
uri_suffix=None,
name_override=None):
def extract_field(field):
@@ -122,12 +117,36 @@ def template_output_definition(endpoint_name,
port = extract_field(F_PORT)
protocol = extract_field(F_PROTOCOL)
+ host_nobrackets = {
+ 'str_replace': collections.OrderedDict([
+ ('template', extract_field(F_HOST)),
+ ('params', {
+ SUBST_IP_ADDRESS: {'get_param':
+ ['NetIpMap',
+ {'get_param': ['ServiceNetMap',
+ net_param]}]},
+ SUBST_CLOUDNAME: {'get_param':
+ [PARAM_CLOUD_ENDPOINTS,
+ {'get_param': ['ServiceNetMap',
+ net_param]}]},
+ })
+ ])
+ }
host = {
'str_replace': collections.OrderedDict([
('template', extract_field(F_HOST)),
('params', {
- SUBST_IP_ADDRESS: {'get_param': vip_param},
- SUBST_CLOUDNAME: {'get_param': PARAM_CLOUDNAME},
+ SUBST_IP_ADDRESS: {'get_param':
+ ['NetIpMap',
+ {'str_replace':
+ {'template': 'NETWORK_uri',
+ 'params': {'NETWORK':
+ {'get_param': ['ServiceNetMap',
+ net_param]}}}}]},
+ SUBST_CLOUDNAME: {'get_param':
+ [PARAM_CLOUD_ENDPOINTS,
+ {'get_param': ['ServiceNetMap',
+ net_param]}]},
})
])
}
@@ -140,6 +159,7 @@ def template_output_definition(endpoint_name,
endpoint_type)
return name, {
+ 'host_nobrackets': host_nobrackets,
'host': host,
'port': extract_field('port'),
'protocol': extract_field('protocol'),
@@ -160,10 +180,9 @@ def template_endpoint_items(config):
{'': None}).items():
name_override = defn.get('names', {}).get(variant)
yield template_output_definition(ep_name, variant, ep_type,
- vip_param_name(defn),
+ net_param_name(defn),
suffix,
name_override)
-
return itertools.chain.from_iterable(sorted(get_svc_endpoints(ep_name,
svc))
for (ep_name,
diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml
index c76e1360..fb01925b 100644
--- a/network/endpoints/endpoint_data.yaml
+++ b/network/endpoints/endpoint_data.yaml
@@ -3,102 +3,105 @@
Aodh:
Internal:
- vip_param: AodhApi
+ net_param: AodhApi
Public:
- vip_param: Public
+ net_param: Public
Admin:
- vip_param: AodhApi
+ net_param: AodhApi
port: 8042
Ceilometer:
Internal:
- vip_param: CeilometerApi
+ net_param: CeilometerApi
Public:
- vip_param: Public
+ net_param: Public
Admin:
- vip_param: CeilometerApi
+ net_param: CeilometerApi
port: 8777
Gnocchi:
Internal:
- vip_param: GnocchiApi
+ net_param: GnocchiApi
Public:
- vip_param: Public
+ net_param: Public
Admin:
- vip_param: GnocchiApi
+ net_param: GnocchiApi
port: 8041
Cinder:
Internal:
- vip_param: CinderApi
+ net_param: CinderApi
uri_suffixes:
'': /v1/%(tenant_id)s
V2: /v2/%(tenant_id)s
+ V3: /v3/%(tenant_id)s
Public:
- vip_param: Public
+ net_param: Public
uri_suffixes:
'': /v1/%(tenant_id)s
V2: /v2/%(tenant_id)s
+ V3: /v3/%(tenant_id)s
Admin:
- vip_param: CinderApi
+ net_param: CinderApi
uri_suffixes:
'': /v1/%(tenant_id)s
V2: /v2/%(tenant_id)s
+ V3: /v3/%(tenant_id)s
port: 8776
Glance:
Internal:
- vip_param: GlanceApi
+ net_param: GlanceApi
Public:
- vip_param: Public
+ net_param: Public
Admin:
- vip_param: GlanceApi
+ net_param: GlanceApi
port: 9292
GlanceRegistry:
Internal:
- vip_param: GlanceRegistry
+ net_param: GlanceRegistry
port: 9191
Mysql:
Internal:
- vip_param: Mysql
+ net_param: Mysql
protocol: mysql+pymysql
port: 3306
Heat:
Internal:
- vip_param: HeatApi
+ net_param: HeatApi
uri_suffixes:
'': /v1/%(tenant_id)s
Public:
- vip_param: Public
+ net_param: Public
uri_suffixes:
'': /v1/%(tenant_id)s
Admin:
- vip_param: HeatApi
+ net_param: HeatApi
uri_suffixes:
'': /v1/%(tenant_id)s
port: 8004
HeatCfn:
Internal:
- vip_param: HeatApi
+ net_param: HeatApi
uri_suffixes:
'': /v1
Public:
- vip_param: Public
+ net_param: Public
uri_suffixes:
'': /v1
Admin:
- vip_param: HeatApi
+ net_param: HeatApi
uri_suffixes:
'': /v1
port: 8000
Horizon:
Public:
- vip_param: Public
+ net_param: Public
uri_suffixes:
'': /dashboard
port: 80
@@ -107,7 +110,7 @@ Horizon:
# Required for https://bugs.launchpad.net/puppet-nova/+bug/1542486
Keystone:
Internal:
- vip_param: KeystonePublicApi
+ net_param: KeystonePublicApi
uri_suffixes:
'': /v2.0
EC2: /v2.0/ec2tokens
@@ -115,80 +118,128 @@ Keystone:
names:
EC2: KeystoneEC2
Public:
- vip_param: Public
+ net_param: Public
uri_suffixes:
'': /v2.0
V3: /v3
Admin:
- vip_param: KeystoneAdminApi
+ net_param: KeystoneAdminApi
uri_suffixes:
'': /v2.0
V3: /v3
port: 35357
port: 5000
+Manila:
+ Internal:
+ net_param: ManilaApi
+ uri_suffixes:
+ '': /v2/%(tenant_id)s
+ V1: /v1/%(tenant_id)s
+ Public:
+ net_param: Public
+ uri_suffixes:
+ '': /v2/%(tenant_id)s
+ V1: /v1/%(tenant_id)s
+ Admin:
+ net_param: ManilaApi
+ uri_suffixes:
+ '': /v2/%(tenant_id)s
+ V1: /v1/%(tenant_id)s
+ port: 8786
+
Neutron:
Internal:
- vip_param: NeutronApi
+ net_param: NeutronApi
Public:
- vip_param: Public
+ net_param: Public
Admin:
- vip_param: NeutronApi
+ net_param: NeutronApi
port: 9696
Nova:
Internal:
- vip_param: NovaApi
+ net_param: NovaApi
uri_suffixes:
- '': /v2.1/%(tenant_id)s
+ '': /v2.1
Public:
- vip_param: Public
+ net_param: Public
uri_suffixes:
- '': /v2.1/%(tenant_id)s
+ '': /v2.1
Admin:
- vip_param: NovaApi
+ net_param: NovaApi
uri_suffixes:
- '': /v2.1/%(tenant_id)s
+ '': /v2.1
port: 8774
NovaVNCProxy:
Internal:
- vip_param: NovaApi
+ net_param: NovaApi
Public:
- vip_param: Public
+ net_param: Public
Admin:
- vip_param: NovaApi
+ net_param: NovaApi
port: 6080
Swift:
Internal:
- vip_param: SwiftProxy
+ net_param: SwiftProxy
uri_suffixes:
'': /v1/AUTH_%(tenant_id)s
S3:
Public:
- vip_param: Public
+ net_param: Public
uri_suffixes:
'': /v1/AUTH_%(tenant_id)s
S3:
Admin:
- vip_param: SwiftProxy
+ net_param: SwiftProxy
uri_suffixes:
'':
S3:
port: 8080
+CephRgw:
+ Internal:
+ net_param: CephRgw
+ uri_suffixes:
+ '': /swift/v1
+ Public:
+ net_param: Public
+ uri_suffixes:
+ '': /swift/v1
+ Admin:
+ net_param: CephRgw
+ uri_suffixes:
+ '': /swift/v1
+ port: 8080
+
Sahara:
Internal:
- vip_param: SaharaApi
+ net_param: SaharaApi
uri_suffixes:
'': /v1.1/%(tenant_id)s
Public:
- vip_param: Public
+ net_param: Public
uri_suffixes:
'': /v1.1/%(tenant_id)s
Admin:
- vip_param: SaharaApi
+ net_param: SaharaApi
uri_suffixes:
'': /v1.1/%(tenant_id)s
port: 8386
+
+Ironic:
+ Internal:
+ net_param: IronicApi
+ uri_suffixes:
+ '': /v1
+ Public:
+ net_param: Public
+ uri_suffixes:
+ '': /v1
+ Admin:
+ net_param: IronicApi
+ uri_suffixes:
+ '': /v1
+ port: 6385
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
index fbfa0a15..734b6431 100644
--- a/network/endpoints/endpoint_map.yaml
+++ b/network/endpoints/endpoint_map.yaml
@@ -8,21 +8,14 @@ description: A map of OpenStack endpoints. Since the endpoints are URLs,
parameters come from net_ip_uri_map, which will include these brackets
in IPv6 addresses.
parameters:
- AodhApiVirtualIP: {type: string, default: ''}
- CeilometerApiVirtualIP: {type: string, default: ''}
- CinderApiVirtualIP: {type: string, default: ''}
- GlanceApiVirtualIP: {type: string, default: ''}
- GlanceRegistryVirtualIP: {type: string, default: ''}
- GnocchiApiVirtualIP: {type: string, default: ''}
- HeatApiVirtualIP: {type: string, default: ''}
- KeystoneAdminApiVirtualIP: {type: string, default: ''}
- KeystonePublicApiVirtualIP: {type: string, default: ''}
- MysqlVirtualIP: {type: string, default: ''}
- NeutronApiVirtualIP: {type: string, default: ''}
- NovaApiVirtualIP: {type: string, default: ''}
- PublicVirtualIP: {type: string, default: ''}
- SaharaApiVirtualIP: {type: string, default: ''}
- SwiftProxyVirtualIP: {type: string, default: ''}
+ NetIpMap:
+ type: json
+ default: {}
+ description: The Net IP map
+ ServiceNetMap:
+ type: json
+ default: {}
+ description: The Service Net map
EndpointMap:
type: json
default:
@@ -32,6 +25,9 @@ parameters:
CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS}
CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS}
CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS}
+ CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
+ CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
+ CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS}
@@ -49,9 +45,15 @@ parameters:
HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS}
HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS}
+ IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
+ IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
+ IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS}
KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
+ ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS}
+ ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS}
+ ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS}
MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS}
NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS}
@@ -70,8 +72,11 @@ parameters:
SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
- CloudName: {type: string, default: overcloud, description: The DNS name
- of this cloud. e.g. ci-overcloud.tripleo.org}
+ CloudEndpoints:
+ type: json
+ default: {}
+ description: A map containing the DNS names for the different endpoints
+ (external, internal_api, etc.)
outputs:
endpoint_map:
value:
@@ -81,8 +86,31 @@ outputs:
template:
get_param: [EndpointMap, AodhAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: AodhApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, AodhApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, AodhApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, AodhAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, AodhApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, AodhApiNetwork]
port:
get_param: [EndpointMap, AodhAdmin, port]
protocol:
@@ -96,8 +124,18 @@ outputs:
template:
get_param: [EndpointMap, AodhAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: AodhApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, AodhApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, AodhApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, AodhAdmin, port]
uri_no_suffix:
@@ -109,8 +147,18 @@ outputs:
template:
get_param: [EndpointMap, AodhAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: AodhApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, AodhApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, AodhApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, AodhAdmin, port]
AodhInternal:
@@ -119,8 +167,31 @@ outputs:
template:
get_param: [EndpointMap, AodhInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: AodhApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, AodhApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, AodhApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, AodhInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, AodhApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, AodhApiNetwork]
port:
get_param: [EndpointMap, AodhInternal, port]
protocol:
@@ -134,8 +205,18 @@ outputs:
template:
get_param: [EndpointMap, AodhInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: AodhApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, AodhApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, AodhApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, AodhInternal, port]
uri_no_suffix:
@@ -147,8 +228,18 @@ outputs:
template:
get_param: [EndpointMap, AodhInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: AodhApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, AodhApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, AodhApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, AodhInternal, port]
AodhPublic:
@@ -157,8 +248,31 @@ outputs:
template:
get_param: [EndpointMap, AodhPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, AodhPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, AodhPublic, port]
protocol:
@@ -172,8 +286,18 @@ outputs:
template:
get_param: [EndpointMap, AodhPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, AodhPublic, port]
uri_no_suffix:
@@ -185,8 +309,18 @@ outputs:
template:
get_param: [EndpointMap, AodhPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, AodhPublic, port]
CeilometerAdmin:
@@ -195,8 +329,31 @@ outputs:
template:
get_param: [EndpointMap, CeilometerAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CeilometerApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CeilometerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CeilometerApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CeilometerAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CeilometerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CeilometerApiNetwork]
port:
get_param: [EndpointMap, CeilometerAdmin, port]
protocol:
@@ -210,8 +367,18 @@ outputs:
template:
get_param: [EndpointMap, CeilometerAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CeilometerApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CeilometerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CeilometerApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CeilometerAdmin, port]
uri_no_suffix:
@@ -223,8 +390,18 @@ outputs:
template:
get_param: [EndpointMap, CeilometerAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CeilometerApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CeilometerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CeilometerApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CeilometerAdmin, port]
CeilometerInternal:
@@ -233,8 +410,31 @@ outputs:
template:
get_param: [EndpointMap, CeilometerInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CeilometerApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CeilometerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CeilometerApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CeilometerInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CeilometerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CeilometerApiNetwork]
port:
get_param: [EndpointMap, CeilometerInternal, port]
protocol:
@@ -248,8 +448,18 @@ outputs:
template:
get_param: [EndpointMap, CeilometerInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CeilometerApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CeilometerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CeilometerApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CeilometerInternal, port]
uri_no_suffix:
@@ -261,8 +471,18 @@ outputs:
template:
get_param: [EndpointMap, CeilometerInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CeilometerApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CeilometerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CeilometerApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CeilometerInternal, port]
CeilometerPublic:
@@ -271,8 +491,31 @@ outputs:
template:
get_param: [EndpointMap, CeilometerPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CeilometerPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, CeilometerPublic, port]
protocol:
@@ -286,8 +529,18 @@ outputs:
template:
get_param: [EndpointMap, CeilometerPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CeilometerPublic, port]
uri_no_suffix:
@@ -299,18 +552,297 @@ outputs:
template:
get_param: [EndpointMap, CeilometerPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CeilometerPublic, port]
+ CephRgwAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CephRgwNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CephRgwNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CephRgwNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CephRgwNetwork]
+ port:
+ get_param: [EndpointMap, CephRgwAdmin, port]
+ protocol:
+ get_param: [EndpointMap, CephRgwAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CephRgwAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CephRgwNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CephRgwNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CephRgwAdmin, port]
+ - /swift/v1
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CephRgwAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CephRgwNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CephRgwNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CephRgwAdmin, port]
+ CephRgwInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CephRgwNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CephRgwNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CephRgwNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CephRgwNetwork]
+ port:
+ get_param: [EndpointMap, CephRgwInternal, port]
+ protocol:
+ get_param: [EndpointMap, CephRgwInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CephRgwInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CephRgwNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CephRgwNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CephRgwInternal, port]
+ - /swift/v1
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CephRgwInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CephRgwNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CephRgwNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CephRgwInternal, port]
+ CephRgwPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, CephRgwPublic, port]
+ protocol:
+ get_param: [EndpointMap, CephRgwPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CephRgwPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CephRgwPublic, port]
+ - /swift/v1
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CephRgwPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CephRgwPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CephRgwPublic, port]
CinderAdmin:
host:
str_replace:
template:
get_param: [EndpointMap, CinderAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CinderApiNetwork]
port:
get_param: [EndpointMap, CinderAdmin, port]
protocol:
@@ -324,8 +856,18 @@ outputs:
template:
get_param: [EndpointMap, CinderAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderAdmin, port]
- /v1/%(tenant_id)s
@@ -338,8 +880,18 @@ outputs:
template:
get_param: [EndpointMap, CinderAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderAdmin, port]
CinderInternal:
@@ -348,8 +900,31 @@ outputs:
template:
get_param: [EndpointMap, CinderInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CinderApiNetwork]
port:
get_param: [EndpointMap, CinderInternal, port]
protocol:
@@ -363,8 +938,18 @@ outputs:
template:
get_param: [EndpointMap, CinderInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderInternal, port]
- /v1/%(tenant_id)s
@@ -377,8 +962,18 @@ outputs:
template:
get_param: [EndpointMap, CinderInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderInternal, port]
CinderPublic:
@@ -387,8 +982,31 @@ outputs:
template:
get_param: [EndpointMap, CinderPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, CinderPublic, port]
protocol:
@@ -402,8 +1020,18 @@ outputs:
template:
get_param: [EndpointMap, CinderPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderPublic, port]
- /v1/%(tenant_id)s
@@ -416,8 +1044,18 @@ outputs:
template:
get_param: [EndpointMap, CinderPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderPublic, port]
CinderV2Admin:
@@ -426,8 +1064,31 @@ outputs:
template:
get_param: [EndpointMap, CinderAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CinderApiNetwork]
port:
get_param: [EndpointMap, CinderAdmin, port]
protocol:
@@ -441,8 +1102,18 @@ outputs:
template:
get_param: [EndpointMap, CinderAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderAdmin, port]
- /v2/%(tenant_id)s
@@ -455,8 +1126,18 @@ outputs:
template:
get_param: [EndpointMap, CinderAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderAdmin, port]
CinderV2Internal:
@@ -465,8 +1146,31 @@ outputs:
template:
get_param: [EndpointMap, CinderInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CinderApiNetwork]
port:
get_param: [EndpointMap, CinderInternal, port]
protocol:
@@ -480,8 +1184,18 @@ outputs:
template:
get_param: [EndpointMap, CinderInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderInternal, port]
- /v2/%(tenant_id)s
@@ -494,8 +1208,18 @@ outputs:
template:
get_param: [EndpointMap, CinderInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: CinderApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderInternal, port]
CinderV2Public:
@@ -504,8 +1228,31 @@ outputs:
template:
get_param: [EndpointMap, CinderPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, CinderPublic, port]
protocol:
@@ -519,8 +1266,18 @@ outputs:
template:
get_param: [EndpointMap, CinderPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderPublic, port]
- /v2/%(tenant_id)s
@@ -533,8 +1290,264 @@ outputs:
template:
get_param: [EndpointMap, CinderPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CinderPublic, port]
+ CinderV3Admin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ port:
+ get_param: [EndpointMap, CinderAdmin, port]
+ protocol:
+ get_param: [EndpointMap, CinderAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CinderAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CinderAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CinderAdmin, port]
+ - /v3/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CinderAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CinderAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CinderAdmin, port]
+ CinderV3Internal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ port:
+ get_param: [EndpointMap, CinderInternal, port]
+ protocol:
+ get_param: [EndpointMap, CinderInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CinderInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CinderInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CinderInternal, port]
+ - /v3/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CinderInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CinderInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CinderApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CinderApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CinderInternal, port]
+ CinderV3Public:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CinderPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, CinderPublic, port]
+ protocol:
+ get_param: [EndpointMap, CinderPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CinderPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CinderPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CinderPublic, port]
+ - /v3/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CinderPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CinderPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderPublic, port]
GlanceAdmin:
@@ -543,8 +1556,31 @@ outputs:
template:
get_param: [EndpointMap, GlanceAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GlanceApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GlanceApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, GlanceAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, GlanceApiNetwork]
port:
get_param: [EndpointMap, GlanceAdmin, port]
protocol:
@@ -558,8 +1594,18 @@ outputs:
template:
get_param: [EndpointMap, GlanceAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GlanceApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GlanceApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GlanceAdmin, port]
uri_no_suffix:
@@ -571,8 +1617,18 @@ outputs:
template:
get_param: [EndpointMap, GlanceAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GlanceApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GlanceApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GlanceAdmin, port]
GlanceInternal:
@@ -581,8 +1637,31 @@ outputs:
template:
get_param: [EndpointMap, GlanceInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GlanceApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GlanceApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, GlanceInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, GlanceApiNetwork]
port:
get_param: [EndpointMap, GlanceInternal, port]
protocol:
@@ -596,8 +1675,18 @@ outputs:
template:
get_param: [EndpointMap, GlanceInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GlanceApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GlanceApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GlanceInternal, port]
uri_no_suffix:
@@ -609,8 +1698,18 @@ outputs:
template:
get_param: [EndpointMap, GlanceInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GlanceApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GlanceApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GlanceInternal, port]
GlancePublic:
@@ -619,8 +1718,31 @@ outputs:
template:
get_param: [EndpointMap, GlancePublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, GlancePublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, GlancePublic, port]
protocol:
@@ -634,8 +1756,18 @@ outputs:
template:
get_param: [EndpointMap, GlancePublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GlancePublic, port]
uri_no_suffix:
@@ -647,8 +1779,18 @@ outputs:
template:
get_param: [EndpointMap, GlancePublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GlancePublic, port]
GlanceRegistryInternal:
@@ -657,8 +1799,31 @@ outputs:
template:
get_param: [EndpointMap, GlanceRegistryInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GlanceRegistryVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceRegistryNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GlanceRegistryNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, GlanceRegistryInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceRegistryNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, GlanceRegistryNetwork]
port:
get_param: [EndpointMap, GlanceRegistryInternal, port]
protocol:
@@ -672,8 +1837,18 @@ outputs:
template:
get_param: [EndpointMap, GlanceRegistryInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GlanceRegistryVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceRegistryNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GlanceRegistryNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GlanceRegistryInternal, port]
uri_no_suffix:
@@ -685,8 +1860,18 @@ outputs:
template:
get_param: [EndpointMap, GlanceRegistryInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GlanceRegistryVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GlanceRegistryNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GlanceRegistryNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GlanceRegistryInternal, port]
GnocchiAdmin:
@@ -695,8 +1880,31 @@ outputs:
template:
get_param: [EndpointMap, GnocchiAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GnocchiApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GnocchiApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GnocchiApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, GnocchiAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GnocchiApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, GnocchiApiNetwork]
port:
get_param: [EndpointMap, GnocchiAdmin, port]
protocol:
@@ -710,8 +1918,18 @@ outputs:
template:
get_param: [EndpointMap, GnocchiAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GnocchiApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GnocchiApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GnocchiApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GnocchiAdmin, port]
uri_no_suffix:
@@ -723,8 +1941,18 @@ outputs:
template:
get_param: [EndpointMap, GnocchiAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GnocchiApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GnocchiApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GnocchiApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GnocchiAdmin, port]
GnocchiInternal:
@@ -733,8 +1961,31 @@ outputs:
template:
get_param: [EndpointMap, GnocchiInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GnocchiApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GnocchiApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GnocchiApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, GnocchiInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GnocchiApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, GnocchiApiNetwork]
port:
get_param: [EndpointMap, GnocchiInternal, port]
protocol:
@@ -748,8 +1999,18 @@ outputs:
template:
get_param: [EndpointMap, GnocchiInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GnocchiApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GnocchiApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GnocchiApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GnocchiInternal, port]
uri_no_suffix:
@@ -761,8 +2022,18 @@ outputs:
template:
get_param: [EndpointMap, GnocchiInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: GnocchiApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, GnocchiApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, GnocchiApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GnocchiInternal, port]
GnocchiPublic:
@@ -771,8 +2042,31 @@ outputs:
template:
get_param: [EndpointMap, GnocchiPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, GnocchiPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, GnocchiPublic, port]
protocol:
@@ -786,8 +2080,18 @@ outputs:
template:
get_param: [EndpointMap, GnocchiPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GnocchiPublic, port]
uri_no_suffix:
@@ -799,8 +2103,18 @@ outputs:
template:
get_param: [EndpointMap, GnocchiPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, GnocchiPublic, port]
HeatAdmin:
@@ -809,8 +2123,31 @@ outputs:
template:
get_param: [EndpointMap, HeatAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, HeatAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, HeatApiNetwork]
port:
get_param: [EndpointMap, HeatAdmin, port]
protocol:
@@ -824,8 +2161,18 @@ outputs:
template:
get_param: [EndpointMap, HeatAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatAdmin, port]
- /v1/%(tenant_id)s
@@ -838,8 +2185,18 @@ outputs:
template:
get_param: [EndpointMap, HeatAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatAdmin, port]
HeatInternal:
@@ -848,8 +2205,31 @@ outputs:
template:
get_param: [EndpointMap, HeatInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, HeatInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, HeatApiNetwork]
port:
get_param: [EndpointMap, HeatInternal, port]
protocol:
@@ -863,8 +2243,18 @@ outputs:
template:
get_param: [EndpointMap, HeatInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatInternal, port]
- /v1/%(tenant_id)s
@@ -877,8 +2267,18 @@ outputs:
template:
get_param: [EndpointMap, HeatInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatInternal, port]
HeatPublic:
@@ -887,8 +2287,31 @@ outputs:
template:
get_param: [EndpointMap, HeatPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, HeatPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, HeatPublic, port]
protocol:
@@ -902,8 +2325,18 @@ outputs:
template:
get_param: [EndpointMap, HeatPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatPublic, port]
- /v1/%(tenant_id)s
@@ -916,8 +2349,18 @@ outputs:
template:
get_param: [EndpointMap, HeatPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatPublic, port]
HeatCfnAdmin:
@@ -926,8 +2369,31 @@ outputs:
template:
get_param: [EndpointMap, HeatCfnAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, HeatCfnAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, HeatApiNetwork]
port:
get_param: [EndpointMap, HeatCfnAdmin, port]
protocol:
@@ -941,8 +2407,18 @@ outputs:
template:
get_param: [EndpointMap, HeatCfnAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatCfnAdmin, port]
- /v1
@@ -955,8 +2431,18 @@ outputs:
template:
get_param: [EndpointMap, HeatCfnAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatCfnAdmin, port]
HeatCfnInternal:
@@ -965,8 +2451,31 @@ outputs:
template:
get_param: [EndpointMap, HeatCfnInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, HeatCfnInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, HeatApiNetwork]
port:
get_param: [EndpointMap, HeatCfnInternal, port]
protocol:
@@ -980,8 +2489,18 @@ outputs:
template:
get_param: [EndpointMap, HeatCfnInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatCfnInternal, port]
- /v1
@@ -994,8 +2513,18 @@ outputs:
template:
get_param: [EndpointMap, HeatCfnInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: HeatApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, HeatApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, HeatApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatCfnInternal, port]
HeatCfnPublic:
@@ -1004,8 +2533,31 @@ outputs:
template:
get_param: [EndpointMap, HeatCfnPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, HeatCfnPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, HeatCfnPublic, port]
protocol:
@@ -1019,8 +2571,18 @@ outputs:
template:
get_param: [EndpointMap, HeatCfnPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatCfnPublic, port]
- /v1
@@ -1033,8 +2595,18 @@ outputs:
template:
get_param: [EndpointMap, HeatCfnPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HeatCfnPublic, port]
HorizonPublic:
@@ -1043,8 +2615,31 @@ outputs:
template:
get_param: [EndpointMap, HorizonPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, HorizonPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, HorizonPublic, port]
protocol:
@@ -1058,8 +2653,18 @@ outputs:
template:
get_param: [EndpointMap, HorizonPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HorizonPublic, port]
- /dashboard
@@ -1072,18 +2677,297 @@ outputs:
template:
get_param: [EndpointMap, HorizonPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, HorizonPublic, port]
+ IronicAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, IronicApiNetwork]
+ port:
+ get_param: [EndpointMap, IronicAdmin, port]
+ protocol:
+ get_param: [EndpointMap, IronicAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicAdmin, port]
+ - /v1
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicAdmin, port]
+ IronicInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, IronicApiNetwork]
+ port:
+ get_param: [EndpointMap, IronicInternal, port]
+ protocol:
+ get_param: [EndpointMap, IronicInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicInternal, port]
+ - /v1
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, IronicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, IronicApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicInternal, port]
+ IronicPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, IronicPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, IronicPublic, port]
+ protocol:
+ get_param: [EndpointMap, IronicPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicPublic, port]
+ - /v1
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, IronicPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, IronicPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, IronicPublic, port]
KeystoneAdmin:
host:
str_replace:
template:
get_param: [EndpointMap, KeystoneAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, KeystoneAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
port:
get_param: [EndpointMap, KeystoneAdmin, port]
protocol:
@@ -1097,8 +2981,18 @@ outputs:
template:
get_param: [EndpointMap, KeystoneAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneAdmin, port]
- /v2.0
@@ -1111,8 +3005,18 @@ outputs:
template:
get_param: [EndpointMap, KeystoneAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneAdmin, port]
KeystoneEC2:
@@ -1121,8 +3025,31 @@ outputs:
template:
get_param: [EndpointMap, KeystoneInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, KeystoneInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
port:
get_param: [EndpointMap, KeystoneInternal, port]
protocol:
@@ -1136,8 +3063,18 @@ outputs:
template:
get_param: [EndpointMap, KeystoneInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneInternal, port]
- /v2.0/ec2tokens
@@ -1150,8 +3087,18 @@ outputs:
template:
get_param: [EndpointMap, KeystoneInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneInternal, port]
KeystoneInternal:
@@ -1160,8 +3107,31 @@ outputs:
template:
get_param: [EndpointMap, KeystoneInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, KeystoneInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
port:
get_param: [EndpointMap, KeystoneInternal, port]
protocol:
@@ -1175,8 +3145,18 @@ outputs:
template:
get_param: [EndpointMap, KeystoneInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneInternal, port]
- /v2.0
@@ -1189,8 +3169,18 @@ outputs:
template:
get_param: [EndpointMap, KeystoneInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneInternal, port]
KeystonePublic:
@@ -1199,8 +3189,31 @@ outputs:
template:
get_param: [EndpointMap, KeystonePublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, KeystonePublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, KeystonePublic, port]
protocol:
@@ -1214,8 +3227,18 @@ outputs:
template:
get_param: [EndpointMap, KeystonePublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystonePublic, port]
- /v2.0
@@ -1228,8 +3251,18 @@ outputs:
template:
get_param: [EndpointMap, KeystonePublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystonePublic, port]
KeystoneV3Admin:
@@ -1238,8 +3271,31 @@ outputs:
template:
get_param: [EndpointMap, KeystoneAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, KeystoneAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
port:
get_param: [EndpointMap, KeystoneAdmin, port]
protocol:
@@ -1253,8 +3309,18 @@ outputs:
template:
get_param: [EndpointMap, KeystoneAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneAdmin, port]
- /v3
@@ -1267,8 +3333,18 @@ outputs:
template:
get_param: [EndpointMap, KeystoneAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystoneAdminApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneAdmin, port]
KeystoneV3Internal:
@@ -1277,8 +3353,31 @@ outputs:
template:
get_param: [EndpointMap, KeystoneInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, KeystoneInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
port:
get_param: [EndpointMap, KeystoneInternal, port]
protocol:
@@ -1292,8 +3391,18 @@ outputs:
template:
get_param: [EndpointMap, KeystoneInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneInternal, port]
- /v3
@@ -1306,8 +3415,18 @@ outputs:
template:
get_param: [EndpointMap, KeystoneInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, KeystonePublicApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystoneInternal, port]
KeystoneV3Public:
@@ -1316,8 +3435,31 @@ outputs:
template:
get_param: [EndpointMap, KeystonePublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, KeystonePublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, KeystonePublic, port]
protocol:
@@ -1331,8 +3473,18 @@ outputs:
template:
get_param: [EndpointMap, KeystonePublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystonePublic, port]
- /v3
@@ -1345,18 +3497,543 @@ outputs:
template:
get_param: [EndpointMap, KeystonePublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, KeystonePublic, port]
+ ManilaAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ port:
+ get_param: [EndpointMap, ManilaAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ManilaAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaAdmin, port]
+ - /v2/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaAdmin, port]
+ ManilaInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ port:
+ get_param: [EndpointMap, ManilaInternal, port]
+ protocol:
+ get_param: [EndpointMap, ManilaInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaInternal, port]
+ - /v2/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaInternal, port]
+ ManilaPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ManilaPublic, port]
+ protocol:
+ get_param: [EndpointMap, ManilaPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaPublic, port]
+ - /v2/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaPublic, port]
+ ManilaV1Admin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ port:
+ get_param: [EndpointMap, ManilaAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ManilaAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaAdmin, port]
+ - /v1/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaAdmin, port]
+ ManilaV1Internal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ port:
+ get_param: [EndpointMap, ManilaInternal, port]
+ protocol:
+ get_param: [EndpointMap, ManilaInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaInternal, port]
+ - /v1/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ManilaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ManilaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaInternal, port]
+ ManilaV1Public:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ManilaPublic, port]
+ protocol:
+ get_param: [EndpointMap, ManilaPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaPublic, port]
+ - /v1/%(tenant_id)s
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ManilaPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ManilaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ManilaPublic, port]
MysqlInternal:
host:
str_replace:
template:
get_param: [EndpointMap, MysqlInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: MysqlVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, MysqlNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, MysqlNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, MysqlInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, MysqlNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, MysqlNetwork]
port:
get_param: [EndpointMap, MysqlInternal, port]
protocol:
@@ -1370,8 +4047,18 @@ outputs:
template:
get_param: [EndpointMap, MysqlInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: MysqlVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, MysqlNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, MysqlNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, MysqlInternal, port]
uri_no_suffix:
@@ -1383,8 +4070,18 @@ outputs:
template:
get_param: [EndpointMap, MysqlInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: MysqlVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, MysqlNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, MysqlNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, MysqlInternal, port]
NeutronAdmin:
@@ -1393,8 +4090,31 @@ outputs:
template:
get_param: [EndpointMap, NeutronAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NeutronApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NeutronApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NeutronApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NeutronAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NeutronApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, NeutronApiNetwork]
port:
get_param: [EndpointMap, NeutronAdmin, port]
protocol:
@@ -1408,8 +4128,18 @@ outputs:
template:
get_param: [EndpointMap, NeutronAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NeutronApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NeutronApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NeutronApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NeutronAdmin, port]
uri_no_suffix:
@@ -1421,8 +4151,18 @@ outputs:
template:
get_param: [EndpointMap, NeutronAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NeutronApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NeutronApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NeutronApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NeutronAdmin, port]
NeutronInternal:
@@ -1431,8 +4171,31 @@ outputs:
template:
get_param: [EndpointMap, NeutronInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NeutronApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NeutronApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NeutronApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NeutronInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NeutronApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, NeutronApiNetwork]
port:
get_param: [EndpointMap, NeutronInternal, port]
protocol:
@@ -1446,8 +4209,18 @@ outputs:
template:
get_param: [EndpointMap, NeutronInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NeutronApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NeutronApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NeutronApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NeutronInternal, port]
uri_no_suffix:
@@ -1459,8 +4232,18 @@ outputs:
template:
get_param: [EndpointMap, NeutronInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NeutronApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NeutronApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NeutronApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NeutronInternal, port]
NeutronPublic:
@@ -1469,8 +4252,31 @@ outputs:
template:
get_param: [EndpointMap, NeutronPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NeutronPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, NeutronPublic, port]
protocol:
@@ -1484,8 +4290,18 @@ outputs:
template:
get_param: [EndpointMap, NeutronPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NeutronPublic, port]
uri_no_suffix:
@@ -1497,8 +4313,18 @@ outputs:
template:
get_param: [EndpointMap, NeutronPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NeutronPublic, port]
NovaAdmin:
@@ -1507,8 +4333,31 @@ outputs:
template:
get_param: [EndpointMap, NovaAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, NovaApiNetwork]
port:
get_param: [EndpointMap, NovaAdmin, port]
protocol:
@@ -1522,11 +4371,21 @@ outputs:
template:
get_param: [EndpointMap, NovaAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaAdmin, port]
- - /v2.1/%(tenant_id)s
+ - /v2.1
uri_no_suffix:
list_join:
- ''
@@ -1536,8 +4395,18 @@ outputs:
template:
get_param: [EndpointMap, NovaAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaAdmin, port]
NovaInternal:
@@ -1546,8 +4415,31 @@ outputs:
template:
get_param: [EndpointMap, NovaInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, NovaApiNetwork]
port:
get_param: [EndpointMap, NovaInternal, port]
protocol:
@@ -1561,11 +4453,21 @@ outputs:
template:
get_param: [EndpointMap, NovaInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaInternal, port]
- - /v2.1/%(tenant_id)s
+ - /v2.1
uri_no_suffix:
list_join:
- ''
@@ -1575,8 +4477,18 @@ outputs:
template:
get_param: [EndpointMap, NovaInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaInternal, port]
NovaPublic:
@@ -1585,8 +4497,31 @@ outputs:
template:
get_param: [EndpointMap, NovaPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, NovaPublic, port]
protocol:
@@ -1600,11 +4535,21 @@ outputs:
template:
get_param: [EndpointMap, NovaPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaPublic, port]
- - /v2.1/%(tenant_id)s
+ - /v2.1
uri_no_suffix:
list_join:
- ''
@@ -1614,8 +4559,18 @@ outputs:
template:
get_param: [EndpointMap, NovaPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaPublic, port]
NovaVNCProxyAdmin:
@@ -1624,8 +4579,31 @@ outputs:
template:
get_param: [EndpointMap, NovaVNCProxyAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaVNCProxyAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, NovaApiNetwork]
port:
get_param: [EndpointMap, NovaVNCProxyAdmin, port]
protocol:
@@ -1639,8 +4617,18 @@ outputs:
template:
get_param: [EndpointMap, NovaVNCProxyAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaVNCProxyAdmin, port]
uri_no_suffix:
@@ -1652,8 +4640,18 @@ outputs:
template:
get_param: [EndpointMap, NovaVNCProxyAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaVNCProxyAdmin, port]
NovaVNCProxyInternal:
@@ -1662,8 +4660,31 @@ outputs:
template:
get_param: [EndpointMap, NovaVNCProxyInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaVNCProxyInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, NovaApiNetwork]
port:
get_param: [EndpointMap, NovaVNCProxyInternal, port]
protocol:
@@ -1677,8 +4698,18 @@ outputs:
template:
get_param: [EndpointMap, NovaVNCProxyInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaVNCProxyInternal, port]
uri_no_suffix:
@@ -1690,8 +4721,18 @@ outputs:
template:
get_param: [EndpointMap, NovaVNCProxyInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: NovaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, NovaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, NovaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaVNCProxyInternal, port]
NovaVNCProxyPublic:
@@ -1700,8 +4741,31 @@ outputs:
template:
get_param: [EndpointMap, NovaVNCProxyPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, NovaVNCProxyPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, NovaVNCProxyPublic, port]
protocol:
@@ -1715,8 +4779,18 @@ outputs:
template:
get_param: [EndpointMap, NovaVNCProxyPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaVNCProxyPublic, port]
uri_no_suffix:
@@ -1728,8 +4802,18 @@ outputs:
template:
get_param: [EndpointMap, NovaVNCProxyPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaVNCProxyPublic, port]
SaharaAdmin:
@@ -1738,8 +4822,31 @@ outputs:
template:
get_param: [EndpointMap, SaharaAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SaharaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SaharaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SaharaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, SaharaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SaharaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, SaharaApiNetwork]
port:
get_param: [EndpointMap, SaharaAdmin, port]
protocol:
@@ -1753,8 +4860,18 @@ outputs:
template:
get_param: [EndpointMap, SaharaAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SaharaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SaharaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SaharaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SaharaAdmin, port]
- /v1.1/%(tenant_id)s
@@ -1767,8 +4884,18 @@ outputs:
template:
get_param: [EndpointMap, SaharaAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SaharaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SaharaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SaharaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SaharaAdmin, port]
SaharaInternal:
@@ -1777,8 +4904,31 @@ outputs:
template:
get_param: [EndpointMap, SaharaInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SaharaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SaharaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SaharaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, SaharaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SaharaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, SaharaApiNetwork]
port:
get_param: [EndpointMap, SaharaInternal, port]
protocol:
@@ -1792,8 +4942,18 @@ outputs:
template:
get_param: [EndpointMap, SaharaInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SaharaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SaharaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SaharaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SaharaInternal, port]
- /v1.1/%(tenant_id)s
@@ -1806,8 +4966,18 @@ outputs:
template:
get_param: [EndpointMap, SaharaInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SaharaApiVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SaharaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SaharaApiNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SaharaInternal, port]
SaharaPublic:
@@ -1816,8 +4986,31 @@ outputs:
template:
get_param: [EndpointMap, SaharaPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, SaharaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, SaharaPublic, port]
protocol:
@@ -1831,8 +5024,18 @@ outputs:
template:
get_param: [EndpointMap, SaharaPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SaharaPublic, port]
- /v1.1/%(tenant_id)s
@@ -1845,8 +5048,18 @@ outputs:
template:
get_param: [EndpointMap, SaharaPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SaharaPublic, port]
SwiftAdmin:
@@ -1855,8 +5068,31 @@ outputs:
template:
get_param: [EndpointMap, SwiftAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, SwiftAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
port:
get_param: [EndpointMap, SwiftAdmin, port]
protocol:
@@ -1870,8 +5106,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftAdmin, port]
uri_no_suffix:
@@ -1883,8 +5129,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftAdmin, port]
SwiftInternal:
@@ -1893,8 +5149,31 @@ outputs:
template:
get_param: [EndpointMap, SwiftInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, SwiftInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
port:
get_param: [EndpointMap, SwiftInternal, port]
protocol:
@@ -1908,8 +5187,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftInternal, port]
- /v1/AUTH_%(tenant_id)s
@@ -1922,8 +5211,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftInternal, port]
SwiftPublic:
@@ -1932,8 +5231,31 @@ outputs:
template:
get_param: [EndpointMap, SwiftPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, SwiftPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, SwiftPublic, port]
protocol:
@@ -1947,8 +5269,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftPublic, port]
- /v1/AUTH_%(tenant_id)s
@@ -1961,8 +5293,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftPublic, port]
SwiftS3Admin:
@@ -1971,8 +5313,31 @@ outputs:
template:
get_param: [EndpointMap, SwiftAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, SwiftAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
port:
get_param: [EndpointMap, SwiftAdmin, port]
protocol:
@@ -1986,8 +5351,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftAdmin, port]
uri_no_suffix:
@@ -1999,8 +5374,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftAdmin, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftAdmin, port]
SwiftS3Internal:
@@ -2009,8 +5394,31 @@ outputs:
template:
get_param: [EndpointMap, SwiftInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, SwiftInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
port:
get_param: [EndpointMap, SwiftInternal, port]
protocol:
@@ -2024,8 +5432,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftInternal, port]
uri_no_suffix:
@@ -2037,8 +5455,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftInternal, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: SwiftProxyVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, SwiftProxyNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftInternal, port]
SwiftS3Public:
@@ -2047,8 +5475,31 @@ outputs:
template:
get_param: [EndpointMap, SwiftPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, SwiftPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, SwiftPublic, port]
protocol:
@@ -2062,8 +5513,18 @@ outputs:
template:
get_param: [EndpointMap, SwiftPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftPublic, port]
uri_no_suffix:
@@ -2075,7 +5536,17 @@ outputs:
template:
get_param: [EndpointMap, SwiftPublic, host]
params:
- CLOUDNAME: {get_param: CloudName}
- IP_ADDRESS: {get_param: PublicVirtualIP}
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftPublic, port]
diff --git a/network/management_v6.yaml b/network/management_v6.yaml
new file mode 100644
index 00000000..a5e70667
--- /dev/null
+++ b/network/management_v6.yaml
@@ -0,0 +1,69 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Management network. System administration, SSH, DNS, NTP, etc. This network
+ would usually be the default gateway for the non-controller nodes.
+
+parameters:
+ # the defaults here work for static IP assignment (IPAM) only
+ ManagementNetCidr:
+ default: 'fd00:fd00:fd00:6000::/64'
+ description: Cidr for the management network.
+ type: string
+ ManagementNetValueSpecs:
+ default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'}
+ description: Value specs for the management network.
+ type: json
+ ManagementNetAdminStateUp:
+ default: false
+ description: This admin state of of the network.
+ type: boolean
+ ManagementNetShared:
+ default: false
+ description: Whether this network is shared across all tenants.
+ type: boolean
+ ManagementNetName:
+ default: management
+ description: The name of the management network.
+ type: string
+ ManagementSubnetName:
+ default: management_subnet
+ description: The name of the management subnet in Neutron.
+ type: string
+ ManagementAllocationPools:
+ default: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}]
+ description: Ip allocation pool range for the management network.
+ type: json
+ IPv6AddressMode:
+ default: dhcpv6-stateful
+ description: Neutron subnet IPv6 address mode
+ type: string
+ IPv6RAMode:
+ default: dhcpv6-stateful
+ description: Neutron subnet IPv6 router advertisement mode
+ type: string
+
+resources:
+ ManagementNetwork:
+ type: OS::Neutron::Net
+ properties:
+ admin_state_up: {get_param: ManagementNetAdminStateUp}
+ name: {get_param: ManagementNetName}
+ shared: {get_param: ManagementNetShared}
+ value_specs: {get_param: ManagementNetValueSpecs}
+
+ ManagementSubnet:
+ type: OS::Neutron::Subnet
+ properties:
+ ip_version: 6
+ ipv6_address_mode: {get_param: IPv6AddressMode}
+ ipv6_ra_mode: {get_param: IPv6RAMode}
+ cidr: {get_param: ManagementNetCidr}
+ name: {get_param: ManagementSubnetName}
+ network: {get_resource: ManagementNetwork}
+ allocation_pools: {get_param: ManagementAllocationPools}
+
+outputs:
+ OS::stack_id:
+ description: Neutron management network
+ value: {get_resource: ManagementNetwork}
diff --git a/network/networks.yaml b/network/networks.yaml
index ab50ae11..d3ae482b 100644
--- a/network/networks.yaml
+++ b/network/networks.yaml
@@ -21,3 +21,6 @@ resources:
ManagementNetwork:
type: OS::TripleO::Network::Management
+
+ NetworkExtraConfig:
+ type: OS::TripleO::Network::ExtraConfig
diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml
index baa544e7..e541049d 100644
--- a/network/ports/external_from_pool_v6.yaml
+++ b/network/ports/external_from_pool_v6.yaml
@@ -49,4 +49,4 @@ outputs:
- ''
- - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]}
- '/'
- - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]}
+ - {str_split: ['/', {get_param: ExternalNetCidr}, 1]}
diff --git a/network/ports/from_service.yaml b/network/ports/from_service.yaml
index 3d61910e..782b6b07 100644
--- a/network/ports/from_service.yaml
+++ b/network/ports/from_service.yaml
@@ -24,6 +24,12 @@ parameters:
description: The name of the undercloud Neutron control plane
default: ctlplane
type: string
+ FixedIPs: # Here for compatibility with ctlplane_vip.yaml
+ description: >
+ Control the IP allocation for the VIP port. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ default: []
+ type: json
ServiceVips:
default: {}
type: json
diff --git a/network/ports/from_service_v6.yaml b/network/ports/from_service_v6.yaml
index 2dd0a0ee..80060b57 100644
--- a/network/ports/from_service_v6.yaml
+++ b/network/ports/from_service_v6.yaml
@@ -24,6 +24,12 @@ parameters:
description: The name of the undercloud Neutron control plane
default: ctlplane
type: string
+ FixedIPs: # Here for compatibility with ctlplane_vip.yaml
+ description: >
+ Control the IP allocation for the VIP port. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ default: []
+ type: json
ServiceVips:
default: {}
type: json
diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml
index 8d0a91b6..afb144ba 100644
--- a/network/ports/internal_api_from_pool_v6.yaml
+++ b/network/ports/internal_api_from_pool_v6.yaml
@@ -49,4 +49,4 @@ outputs:
- ''
- - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]}
- '/'
- - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]}
+ - {str_split: ['/', {get_param: InternalApiNetCidr}, 1]}
diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml
new file mode 100644
index 00000000..4c1cc216
--- /dev/null
+++ b/network/ports/management_from_pool_v6.yaml
@@ -0,0 +1,52 @@
+heat_template_version: 2015-10-15
+
+description: >
+ Returns an IP from a network mapped list of IPs. This version is for IPv6
+ addresses. The ip_address_uri output will have brackets for use in URLs.
+
+parameters:
+ ManagementNetName:
+ description: Name of the management network
+ default: management
+ type: string
+ PortName:
+ description: Name of the port
+ default: ''
+ type: string
+ ControlPlaneIP: # Here for compatability with noop.yaml
+ description: IP address on the control plane
+ default: ''
+ type: string
+ IPPool:
+ default: {}
+ description: A network mapped list of IPs
+ type: json
+ NodeIndex:
+ default: 0
+ description: Index of the IP to get from Pool
+ type: number
+ ManagementNetCidr:
+ default: 'fd00:fd00:fd00:6000::/64'
+ description: Cidr for the management network.
+ type: string
+
+outputs:
+ ip_address:
+ description: management network IP
+ value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]}
+ ip_address_uri:
+ description: management network IP (for compatibility with management_v6.yaml)
+ value:
+ list_join:
+ - ''
+ - - '['
+ - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]}
+ - ']'
+ ip_subnet:
+ description: IP/Subnet CIDR for the management network IP
+ value:
+ list_join:
+ - ''
+ - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]}
+ - '/'
+ - {str_split: ['/', {get_param: ManagementNetCidr}, 1]}
diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml
index 32272bd6..07e2de4c 100644
--- a/network/ports/net_ip_list_map.yaml
+++ b/network/ports/net_ip_list_map.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: 2016-10-14
parameters:
ControlPlaneIpList:
@@ -22,6 +22,15 @@ parameters:
ManagementIpList:
default: []
type: comma_delimited_list
+ EnabledServices:
+ default: []
+ type: comma_delimited_list
+ ServiceNetMap:
+ default: {}
+ type: json
+ ServiceHostnameList:
+ default: []
+ type: comma_delimited_list
outputs:
net_ip_map:
@@ -36,3 +45,48 @@ outputs:
storage_mgmt: {get_param: StorageMgmtIpList}
tenant: {get_param: TenantIpList}
management: {get_param: ManagementIpList}
+ service_ips:
+ description: >
+ Map of enabled services to a list of their IP addresses
+ value:
+ yaql:
+ # This filters any entries where the value hasn't been substituted for
+ # a list, e.g it's still $service_network. This happens when there is
+ # no network defined for the service in the ServiceNetMap, which is OK
+ # as not all services have to be bound to a network, so we filter them
+ expression: dict($.data.map.items().where(not isString($[1])))
+ data:
+ map:
+ map_replace:
+ - map_replace:
+ - map_merge:
+ repeat:
+ template:
+ SERVICE_node_ips: SERVICE_network
+ for_each:
+ SERVICE: {get_param: EnabledServices}
+ - values: {get_param: ServiceNetMap}
+ - values:
+ ctlplane: {get_param: ControlPlaneIpList}
+ external: {get_param: ExternalIpList}
+ internal_api: {get_param: InternalApiIpList}
+ storage: {get_param: StorageIpList}
+ storage_mgmt: {get_param: StorageMgmtIpList}
+ tenant: {get_param: TenantIpList}
+ management: {get_param: ManagementIpList}
+ service_hostnames:
+ description: >
+ Map of enabled services to a list of hostnames where they're running
+ value:
+ yaql:
+ # If ServiceHostnameList is empty the role is deployed with zero nodes
+ # therefore we don't want to add any *_node_names to the map
+ expression: dict($.data.map.items().where(len($[1]) > 0))
+ data:
+ map:
+ map_merge:
+ repeat:
+ template:
+ SERVICE_node_names: {get_param: ServiceHostnameList}
+ for_each:
+ SERVICE: {get_param: EnabledServices}
diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml
index 78c7c32c..fcf2eeee 100644
--- a/network/ports/net_ip_map.yaml
+++ b/network/ports/net_ip_map.yaml
@@ -82,32 +82,22 @@ outputs:
storage_mgmt: {get_param: StorageMgmtIp}
tenant: {get_param: TenantIp}
management: {get_param: ManagementIp}
- net_ip_subnet_map:
- description: >
- A Hash containing a mapping of network names to assigned IPs/CIDR
- for a specific machine.
- value:
- ctlplane:
+ ctlplane_subnet:
list_join:
- ''
- - {get_param: ControlPlaneIp}
- '/'
- {get_param: ControlPlaneSubnetCidr}
- external: {get_param: ExternalIpSubnet}
- internal_api: {get_param: InternalApiIpSubnet}
- storage: {get_param: StorageIpSubnet}
- storage_mgmt: {get_param: StorageMgmtIpSubnet}
- tenant: {get_param: TenantIpSubnet}
- management: {get_param: ManagementIpSubnet}
- net_ip_uri_map:
- description: >
- A Hash containing a mapping of network names to assigned IPs for a
- specific machine with brackets around IPv6 addresses for use in URLs.
- value:
- ctlplane: {get_param: ControlPlaneIp}
- external: {get_param: ExternalIpUri}
- internal_api: {get_param: InternalApiIpUri}
- storage: {get_param: StorageIpUri}
- storage_mgmt: {get_param: StorageMgmtIpUri}
- tenant: {get_param: TenantIpUri}
- management: {get_param: ManagementIpUri}
+ external_subnet: {get_param: ExternalIpSubnet}
+ internal_api_subnet: {get_param: InternalApiIpSubnet}
+ storage_subnet: {get_param: StorageIpSubnet}
+ storage_mgmt_subnet: {get_param: StorageMgmtIpSubnet}
+ tenant_subnet: {get_param: TenantIpSubnet}
+ management_subnet: {get_param: ManagementIpSubnet}
+ ctlplane_uri: {get_param: ControlPlaneIp}
+ external_uri: {get_param: ExternalIpUri}
+ internal_api_uri: {get_param: InternalApiIpUri}
+ storage_uri: {get_param: StorageIpUri}
+ storage_mgmt_uri: {get_param: StorageMgmtIpUri}
+ tenant_uri: {get_param: TenantIpUri}
+ management_uri: {get_param: ManagementIpUri}
diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml
index a40a0bfc..71e6e811 100644
--- a/network/ports/net_vip_map_external.yaml
+++ b/network/ports/net_vip_map_external.yaml
@@ -45,12 +45,6 @@ parameters:
StorageMgmtIpUri:
default: ''
type: string
- TenantIp:
- default: ''
- type: string
- TenantIpUri:
- default: ''
- type: string
outputs:
net_ip_map:
@@ -63,13 +57,8 @@ outputs:
internal_api: {get_param: InternalApiNetworkVip}
storage: {get_param: StorageNetworkVip}
storage_mgmt: {get_param: StorageMgmtNetworkVip}
- net_ip_uri_map:
- description: >
- A Hash containing a mapping of netowrk names to assigned IPs for a
- specific machine with brackets around IPv6 addresses for use in URLs.
- value:
- ctlplane: {get_param: ControlPlaneIP}
- external: {get_param: ExternalNetworkVip}
- internal_api: {get_param: InternalApiNetworkVip}
- storage: {get_param: StorageNetworkVip}
- storage_mgmt: {get_param: StorageMgmtNetworkVip}
+ ctlplane_uri: {get_param: ControlPlaneIP}
+ external_uri: {get_param: ExternalNetworkVip}
+ internal_api_uri: {get_param: InternalApiNetworkVip}
+ storage_uri: {get_param: StorageNetworkVip}
+ storage_mgmt_uri: {get_param: StorageMgmtNetworkVip}
diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml
index f6d67fe8..8d054349 100644
--- a/network/ports/net_vip_map_external_v6.yaml
+++ b/network/ports/net_vip_map_external_v6.yaml
@@ -45,12 +45,6 @@ parameters:
StorageMgmtIpUri:
default: ''
type: string
- TenantIp:
- default: ''
- type: string
- TenantIpUri:
- default: ''
- type: string
outputs:
net_ip_map:
@@ -63,31 +57,26 @@ outputs:
internal_api: {get_param: InternalApiNetworkVip}
storage: {get_param: StorageNetworkVip}
storage_mgmt: {get_param: StorageMgmtNetworkVip}
- net_ip_uri_map:
- description: >
- A Hash containing a mapping of netowrk names to assigned IPs for a
- specific machine with brackets around IPv6 addresses for use in URLs.
- value:
- ctlplane: {get_param: ControlPlaneIP}
- external:
+ ctlplane_uri: {get_param: ControlPlaneIP}
+ external_uri:
list_join:
- ''
- - '['
- {get_param: ExternalNetworkVip}
- ']'
- internal_api:
+ internal_api_uri:
list_join:
- ''
- - '['
- {get_param: InternalApiNetworkVip}
- ']'
- storage:
+ storage_uri:
list_join:
- ''
- - '['
- {get_param: StorageNetworkVip}
- ']'
- storage_mgmt:
+ storage_mgmt_uri:
list_join:
- ''
- - '['
diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml
index 328f8385..18faf1bd 100644
--- a/network/ports/storage_from_pool_v6.yaml
+++ b/network/ports/storage_from_pool_v6.yaml
@@ -49,4 +49,4 @@ outputs:
- ''
- - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]}
- '/'
- - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]}
+ - {str_split: ['/', {get_param: StorageNetCidr}, 1]}
diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml
index 50470c92..e1145a31 100644
--- a/network/ports/storage_mgmt_from_pool_v6.yaml
+++ b/network/ports/storage_mgmt_from_pool_v6.yaml
@@ -49,4 +49,4 @@ outputs:
- ''
- - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]}
- '/'
- - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]}
+ - {str_split: ['/', {get_param: StorageMgmtNetCidr}, 1]}
diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml
index bbe6f736..d4f0d29c 100644
--- a/network/ports/tenant_from_pool_v6.yaml
+++ b/network/ports/tenant_from_pool_v6.yaml
@@ -48,4 +48,4 @@ outputs:
- ''
- - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]}
- '/'
- - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]}
+ - {str_split: ['/', {get_param: TenantNetCidr}, 1]}
diff --git a/network/service_net_map.yaml b/network/service_net_map.yaml
new file mode 100644
index 00000000..6e5c2449
--- /dev/null
+++ b/network/service_net_map.yaml
@@ -0,0 +1,100 @@
+heat_template_version: 2016-10-14
+
+description: >
+ Mapping of service_name_network -> network name
+
+parameters:
+ ServiceNetMap:
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ default: {}
+ type: json
+
+ ServiceNetMapDefaults:
+ default:
+ ApacheNetwork: internal_api
+ NeutronTenantNetwork: tenant
+ CeilometerApiNetwork: internal_api
+ AodhApiNetwork: internal_api
+ GnocchiApiNetwork: internal_api
+ MongodbNetwork: internal_api
+ CinderApiNetwork: internal_api
+ CinderIscsiNetwork: storage
+ GlanceApiNetwork: storage
+ GlanceRegistryNetwork: internal_api
+ IronicApiNetwork: ctlplane
+ IronicNetwork: ctlplane
+ KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
+ KeystonePublicApiNetwork: internal_api
+ ManilaApiNetwork: internal_api
+ NeutronApiNetwork: internal_api
+ HeatApiNetwork: internal_api
+ HeatApiCfnNetwork: internal_api
+ HeatApiCloudwatchNetwork: internal_api
+ NovaApiNetwork: internal_api
+ NovaMetadataNetwork: internal_api
+ NovaVncProxyNetwork: internal_api
+ SwiftStorageNetwork: storage_mgmt
+ SwiftProxyNetwork: storage
+ SaharaApiNetwork: internal_api
+ HorizonNetwork: internal_api
+ MemcachedNetwork: internal_api
+ RabbitmqNetwork: internal_api
+ RedisNetwork: internal_api
+ MysqlNetwork: internal_api
+ CephClusterNetwork: storage_mgmt
+ CephMonNetwork: storage
+ CephRgwNetwork: storage
+ ControllerHostnameResolveNetwork: internal_api
+ ComputeHostnameResolveNetwork: internal_api
+ BlockStorageHostnameResolveNetwork: internal_api
+ ObjectStorageHostnameResolveNetwork: internal_api
+ CephStorageHostnameResolveNetwork: storage
+ PublicNetwork: external
+ OpenDaylightApiNetwork: internal_api
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+ # We define mappings to work around names that break when doing the
+ # CamelCase to snake_case conversion to align with service_names
+ ServiceNetMapDeprecatedMapping:
+ default:
+ MongoDbNetwork: MongodbNetwork
+ RabbitMqNetwork: RabbitmqNetwork
+ CephPublicNetwork: CephMonNetwork
+ SwiftMgmtNetwork: SwiftStorageNetwork
+ description: Mapping older deprecated service names, intended for
+ internal use only, this will be removed in future.
+ type: json
+
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - ServiceNetMapDeprecatedMapping
+
+outputs:
+ service_net_map:
+ value:
+ map_merge:
+ - {get_param: ServiceNetMapDefaults}
+ - map_replace:
+ - {get_param: ServiceNetMap}
+ - keys: {get_param: ServiceNetMapDeprecatedMapping}
+
+ service_net_map_lower:
+ value:
+ # This does a conversion from CamelCase to snake_case,
+ # e.g HeatApiNetwork becomes heat_api_network so it
+ # matches the service names.
+ yaql:
+ expression: dict($.data.map.items().select([ regex(`([a-z0-9])([A-Z])`).replace($[0], '\\1_\\2').toLower(), $[1]]))
+ data:
+ map:
+ map_merge:
+ - {get_param: ServiceNetMapDefaults}
+ - map_replace:
+ - {get_param: ServiceNetMap}
+ - keys: {get_param: ServiceNetMapDeprecatedMapping}
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
new file mode 100644
index 00000000..a7185a43
--- /dev/null
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -0,0 +1,206 @@
+resource_registry:
+ OS::TripleO::BlockStorage: puppet/cinder-storage.yaml
+ OS::TripleO::Compute: puppet/compute.yaml
+ OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment
+ OS::TripleO::Controller: puppet/controller.yaml
+ OS::TripleO::ObjectStorage: puppet/swift-storage.yaml
+ OS::TripleO::CephStorage: puppet/ceph-storage.yaml
+ # set to controller-config-pacemaker.yaml to enable pacemaker
+ OS::TripleO::ControllerConfig: puppet/controller-config.yaml
+ OS::TripleO::PostDeploySteps: puppet/post.yaml
+ OS::TripleO::ComputeConfig: puppet/compute-config.yaml
+ OS::TripleO::BlockStorageConfig: puppet/blockstorage-config.yaml
+ OS::TripleO::ObjectStorageConfig: puppet/objectstorage-config.yaml
+ OS::TripleO::CephStorageConfig: puppet/cephstorage-config.yaml
+ OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
+ OS::TripleO::DefaultPasswords: default_passwords.yaml
+
+ # Tasks (for internal TripleO usage)
+ OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None
+ OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml
+
+{% for role in roles %}
+ OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None
+ OS::TripleO::Tasks::{{role.name}}PostConfig: OS::Heat::None
+
+ OS::TripleO::{{role.name}}ExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
+
+ # Port assignments for the {{role.name}} role
+ OS::TripleO::{{role.name}}::Ports::ExternalPort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Ports::InternalApiPort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Ports::StoragePort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Ports::StorageMgmtPort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Ports::TenantPort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Ports::ManagementPort: network/ports/noop.yaml
+
+ OS::TripleO::{{role.name}}::Net::SoftwareConfig: net-config-noop.yaml
+{% endfor %}
+
+ # This resource registry entry will override the one generated by default
+ # in the jinja loop
+ OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml
+
+ OS::TripleO::Server: OS::Nova::Server
+
+ # This creates the "heat-admin" user for all OS images by default
+ # To disable, replace with firstboot/userdata_default.yaml
+ OS::TripleO::NodeAdminUserData: firstboot/userdata_heat_admin.yaml
+
+ # Hooks for operator extra config
+ # NodeUserData == Cloud-init additional user-data, e.g cloud-config
+ # ControllerExtraConfigPre == Controller configuration pre service deployment
+ # NodeExtraConfig == All nodes configuration pre service deployment
+ # NodeExtraConfigPost == All nodes configuration post service deployment
+ OS::TripleO::NodeUserData: firstboot/userdata_default.yaml
+ OS::TripleO::NodeTLSCAData: OS::Heat::None
+ OS::TripleO::NodeTLSData: OS::Heat::None
+ OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml
+ OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml
+
+ # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy
+ # phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when
+ # configuration with knowledge of all nodes in the cluster is required vs single
+ # node configuration in the pre_deploy step.
+ # See extraconfig/all_nodes/* for examples
+ OS::TripleO::AllNodesExtraConfig: OS::Heat::None
+
+ # TripleO overcloud networks
+ OS::TripleO::Network: network/networks.yaml
+
+ OS::TripleO::Network::External: OS::Heat::None
+ OS::TripleO::Network::InternalApi: OS::Heat::None
+ OS::TripleO::Network::StorageMgmt: OS::Heat::None
+ OS::TripleO::Network::Storage: OS::Heat::None
+ OS::TripleO::Network::Tenant: OS::Heat::None
+ OS::TripleO::Network::Management: OS::Heat::None
+
+ OS::TripleO::Network::ExtraConfig: OS::Heat::None
+
+ OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml
+ OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml
+ OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml
+
+ # Port assignments for the VIPs
+ OS::TripleO::Network::Ports::ExternalVipPort: network/ports/noop.yaml
+ OS::TripleO::Network::Ports::InternalApiVipPort: network/ports/noop.yaml
+ OS::TripleO::Network::Ports::StorageVipPort: network/ports/noop.yaml
+ OS::TripleO::Network::Ports::StorageMgmtVipPort: network/ports/noop.yaml
+ OS::TripleO::Network::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml
+
+ # Service to network Mappings
+ OS::TripleO::ServiceNetMap: network/service_net_map.yaml
+
+ # Service Endpoint Mappings
+ OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml
+
+ # validation resources
+ OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml
+
+ # services
+ OS::TripleO::Services: puppet/services/services.yaml
+ OS::TripleO::Services::Apache: puppet/services/apache.yaml
+ OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml
+ OS::TripleO::Services::CephMon: OS::Heat::None
+ OS::TripleO::Services::CephRgw: OS::Heat::None
+ OS::TripleO::Services::CephOSD: OS::Heat::None
+ OS::TripleO::Services::CephClient: OS::Heat::None
+ OS::TripleO::Services::CephExternal: OS::Heat::None
+ OS::TripleO::Services::CinderApi: puppet/services/cinder-api.yaml
+ OS::TripleO::Services::CinderBackup: OS::Heat::None
+ OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml
+ OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml
+ OS::TripleO::Services::Core: OS::Heat::None
+ OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
+ OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
+ OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml
+ OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml
+ OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
+ OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
+ OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml
+ OS::TripleO::Services::Kernel: puppet/services/kernel.yaml
+ OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml
+ OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
+ OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
+ OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
+ # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
+ # the multinode job ControllerServices after this patch merges
+ OS::TripleO::Services::NeutronServer: puppet/services/neutron-api.yaml
+ OS::TripleO::Services::NeutronApi: puppet/services/neutron-api.yaml
+ OS::TripleO::Services::NeutronCorePlugin: puppet/services/neutron-plugin-ml2.yaml
+ # can be the same as NeutronCorePlugin but some vendors install different
+ # things where VMs run
+ OS::TripleO::Services::ComputeNeutronCorePlugin: puppet/services/neutron-plugin-ml2.yaml
+ # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin)
+ OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml
+ OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml
+ OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml
+ OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml
+ OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
+ OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
+ OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
+ OS::TripleO::Services::Pacemaker: OS::Heat::None
+ OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
+ OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml
+ OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml
+ OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml
+ OS::TripleO::Services::Memcached: puppet/services/memcached.yaml
+ OS::TripleO::Services::SaharaApi: OS::Heat::None
+ OS::TripleO::Services::SaharaEngine: OS::Heat::None
+ OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
+ OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
+ OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
+ OS::TripleO::Services::NovaApi: puppet/services/nova-api.yaml
+ OS::TripleO::Services::NovaMetadata: puppet/services/nova-metadata.yaml
+ OS::TripleO::Services::NovaScheduler: puppet/services/nova-scheduler.yaml
+ OS::TripleO::Services::NovaConsoleauth: puppet/services/nova-consoleauth.yaml
+ OS::TripleO::Services::NovaVncProxy: puppet/services/nova-vnc-proxy.yaml
+ OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml
+ OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml
+ OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml
+ OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml
+ OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml
+ OS::TripleO::Services::SwiftRingBuilder: puppet/services/swift-ringbuilder.yaml
+ OS::TripleO::Services::Snmp: puppet/services/snmp.yaml
+ OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml
+ OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml
+ OS::TripleO::Services::CeilometerCollector: puppet/services/ceilometer-collector.yaml
+ OS::TripleO::Services::CeilometerExpirer: puppet/services/ceilometer-expirer.yaml
+ OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml
+ OS::TripleO::Services::CeilometerAgentNotification: puppet/services/ceilometer-agent-notification.yaml
+ OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml
+ OS::TripleO::Services::Horizon: puppet/services/horizon.yaml
+ #Gnocchi services
+ OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml
+ OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml
+ OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml
+ OS::TripleO::Services::VipHosts: puppet/services/vip-hosts.yaml
+ # Services that are disabled by default (use relevant environment files):
+ OS::TripleO::Services::FluentdClient: OS::Heat::None
+ OS::TripleO::LoggingConfiguration: puppet/services/logging/fluentd-config.yaml
+ OS::Tripleo::Services::ManilaApi: OS::Heat::None
+ OS::Tripleo::Services::ManilaScheduler: OS::Heat::None
+ OS::Tripleo::Services::ManilaShare: OS::Heat::None
+ OS::Tripleo::Services::ManilaBackendGeneric: OS::Heat::None
+ OS::Tripleo::Services::ManilaBackendNetapp: OS::Heat::None
+ OS::Tripleo::Services::ManilaBackendCephFs: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::AodhApi: puppet/services/aodh-api.yaml
+ OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml
+ OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml
+ OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml
+ OS::TripleO::Services::MistralEngine: OS::Heat::None
+ OS::TripleO::Services::MistralApi: OS::Heat::None
+ OS::TripleO::Services::MistralExecutor: OS::Heat::None
+ OS::TripleO::Services::IronicApi: OS::Heat::None
+ OS::TripleO::Services::IronicConductor: OS::Heat::None
+ OS::TripleO::Services::NovaIronic: OS::Heat::None
+ OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
+ OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
+ OS::TripleO::Services::OpenDaylight: OS::Heat::None
+ OS::TripleO::Services::OpenDaylightOvs: OS::Heat::None
+ OS::TripleO::Services::SensuClient: OS::Heat::None
+
+parameter_defaults:
+ EnablePackageInstall: false
+ SoftwareConfigTransport: POLL_TEMP_URL
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
deleted file mode 100644
index 950f1b68..00000000
--- a/overcloud-resource-registry-puppet.yaml
+++ /dev/null
@@ -1,142 +0,0 @@
-resource_registry:
- OS::TripleO::BlockStorage: puppet/cinder-storage.yaml
- OS::TripleO::BlockStorage::Net::SoftwareConfig: net-config-noop.yaml
- OS::TripleO::Compute: puppet/compute.yaml
- OS::TripleO::Compute::Net::SoftwareConfig: net-config-noop.yaml
- OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment
- OS::TripleO::Controller: puppet/controller.yaml
- OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml
- OS::TripleO::ObjectStorage: puppet/swift-storage.yaml
- OS::TripleO::ObjectStorage::Net::SoftwareConfig: net-config-noop.yaml
- OS::TripleO::CephStorage: puppet/ceph-storage.yaml
- OS::TripleO::CephStorage::Net::SoftwareConfig: net-config-noop.yaml
- OS::TripleO::ControllerPostDeployment: puppet/controller-post.yaml
- # set to controller-config-pacemaker.yaml to enable pacemaker
- OS::TripleO::ControllerConfig: puppet/controller-config.yaml
- OS::TripleO::ComputePostDeployment: puppet/compute-post.yaml
- OS::TripleO::ObjectStoragePostDeployment: puppet/swift-storage-post.yaml
- OS::TripleO::BlockStoragePostDeployment: puppet/cinder-storage-post.yaml
- OS::TripleO::CephStoragePostDeployment: puppet/ceph-storage-post.yaml
- OS::TripleO::SwiftDevicesAndProxy::SoftwareConfig: puppet/swift-devices-and-proxy-config.yaml
- OS::TripleO::CephClusterConfig::SoftwareConfig: puppet/ceph-cluster-config.yaml
- OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
- OS::TripleO::BootstrapNode::SoftwareConfig: puppet/bootstrap-config.yaml
-
- # Tasks (for internal TripleO usage)
- OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None
- OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml
- OS::TripleO::Tasks::ControllerPrePuppet: OS::Heat::None
- OS::TripleO::Tasks::ControllerPostPuppet: OS::Heat::None
-
- # This creates the "heat-admin" user for all OS images by default
- # To disable, replace with firstboot/userdata_default.yaml
- OS::TripleO::NodeAdminUserData: firstboot/userdata_heat_admin.yaml
-
- # Hooks for operator extra config
- # NodeUserData == Cloud-init additional user-data, e.g cloud-config
- # ControllerExtraConfigPre == Controller configuration pre service deployment
- # NodeExtraConfig == All nodes configuration pre service deployment
- # NodeExtraConfigPost == All nodes configuration post service deployment
- OS::TripleO::NodeUserData: firstboot/userdata_default.yaml
- OS::TripleO::NodeTLSCAData: puppet/extraconfig/tls/no-ca.yaml
- OS::TripleO::NodeTLSData: puppet/extraconfig/tls/no-tls.yaml
- OS::TripleO::ControllerExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
- OS::TripleO::ComputeExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
- OS::TripleO::CephStorageExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
- OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml
- OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml
-
- # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy
- # phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when
- # configuration with knowledge of all nodes in the cluster is required vs single
- # node configuration in the pre_deploy step.
- OS::TripleO::AllNodesExtraConfig: extraconfig/all_nodes/default.yaml
-
- # TripleO overcloud networks
- OS::TripleO::Network: network/networks.yaml
- OS::TripleO::VipConfig: puppet/vip-config.yaml
-
- OS::TripleO::Network::External: OS::Heat::None
- OS::TripleO::Network::InternalApi: OS::Heat::None
- OS::TripleO::Network::StorageMgmt: OS::Heat::None
- OS::TripleO::Network::Storage: OS::Heat::None
- OS::TripleO::Network::Tenant: OS::Heat::None
- OS::TripleO::Network::Management: OS::Heat::None
-
- OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml
- OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml
- OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml
-
- # Port assignments for the VIPs
- OS::TripleO::Network::Ports::ExternalVipPort: network/ports/noop.yaml
- OS::TripleO::Network::Ports::InternalApiVipPort: network/ports/noop.yaml
- OS::TripleO::Network::Ports::StorageVipPort: network/ports/noop.yaml
- OS::TripleO::Network::Ports::StorageMgmtVipPort: network/ports/noop.yaml
- OS::TripleO::Network::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml
-
- # Port assignments for the controller role
- OS::TripleO::Controller::Ports::ExternalPort: network/ports/noop.yaml
- OS::TripleO::Controller::Ports::InternalApiPort: network/ports/noop.yaml
- OS::TripleO::Controller::Ports::StoragePort: network/ports/noop.yaml
- OS::TripleO::Controller::Ports::StorageMgmtPort: network/ports/noop.yaml
- OS::TripleO::Controller::Ports::TenantPort: network/ports/noop.yaml
- OS::TripleO::Controller::Ports::ManagementPort: network/ports/noop.yaml
-
- # Port assignments for the compute role
- OS::TripleO::Compute::Ports::ExternalPort: network/ports/noop.yaml
- OS::TripleO::Compute::Ports::InternalApiPort: network/ports/noop.yaml
- OS::TripleO::Compute::Ports::StoragePort: network/ports/noop.yaml
- OS::TripleO::Compute::Ports::StorageMgmtPort: network/ports/noop.yaml
- OS::TripleO::Compute::Ports::TenantPort: network/ports/noop.yaml
- OS::TripleO::Compute::Ports::ManagementPort: network/ports/noop.yaml
-
- # Port assignments for the ceph storage role
- OS::TripleO::CephStorage::Ports::ExternalPort: network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::InternalApiPort: network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::StoragePort: network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::StorageMgmtPort: network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::TenantPort: network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::ManagementPort: network/ports/noop.yaml
-
- # Port assignments for the swift storage role
- OS::TripleO::SwiftStorage::Ports::ExternalPort: network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::InternalApiPort: network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::StoragePort: network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::TenantPort: network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::ManagementPort: network/ports/noop.yaml
-
- # Port assignments for the block storage role
- OS::TripleO::BlockStorage::Ports::ExternalPort: network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::InternalApiPort: network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::StoragePort: network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::StorageMgmtPort: network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::TenantPort: network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::ManagementPort: network/ports/noop.yaml
-
- # Service Endpoint Mappings
- OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml
-
- # validation resources
- OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml
-
- # services
- OS::TripleO::Services: puppet/services/services.yaml
- OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
- OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
- OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml
- OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml
- OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
- OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
- OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml
- OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
- OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
- OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
- OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml
- OS::TripleO::Services::Loadbalancer: puppet/services/loadbalancer.yaml
- OS::TripleO::Services::Memcached: puppet/services/memcached.yaml
- OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml
-
-parameter_defaults:
- EnablePackageInstall: false
- SoftwareConfigTransport: POLL_TEMP_URL
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
deleted file mode 120000
index 23dc6464..00000000
--- a/overcloud-without-mergepy.yaml
+++ /dev/null
@@ -1 +0,0 @@
-overcloud.yaml \ No newline at end of file
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
new file mode 100644
index 00000000..bd699f50
--- /dev/null
+++ b/overcloud.j2.yaml
@@ -0,0 +1,570 @@
+heat_template_version: 2016-10-14
+
+description: >
+ Deploy an OpenStack environment, consisting of several node types (roles),
+ Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage
+ roles enable independent scaling of the storage components, but the minimal
+ deployment is one Controller and one Compute node.
+
+
+# TODO(shadower): we should probably use the parameter groups to put
+# some order in here.
+parameters:
+
+ # Common parameters (not specific to a role)
+ CloudName:
+ default: overcloud.localdomain
+ description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
+ type: string
+ CloudNameInternal:
+ default: overcloud.internalapi.localdomain
+ description: >
+ The DNS name of this cloud's internal API endpoint. E.g.
+ 'ci-overcloud.internalapi.tripleo.org'.
+ type: string
+ CloudNameStorage:
+ default: overcloud.storage.localdomain
+ description: >
+ The DNS name of this cloud's storage endpoint. E.g.
+ 'ci-overcloud.storage.tripleo.org'.
+ type: string
+ CloudNameStorageManagement:
+ default: overcloud.storagemgmt.localdomain
+ description: >
+ The DNS name of this cloud's storage management endpoint. E.g.
+ 'ci-overcloud.storagemgmt.tripleo.org'.
+ type: string
+ CloudNameCtlplane:
+ default: overcloud.ctlplane.localdomain
+ description: >
+ The DNS name of this cloud's storage management endpoint. E.g.
+ 'ci-overcloud.management.tripleo.org'.
+ type: string
+ ControlFixedIPs:
+ default: []
+ description: Should be used for arbitrary ips.
+ type: json
+ InternalApiVirtualFixedIPs:
+ default: []
+ description: >
+ Control the IP allocation for the InternalApiVirtualInterface port. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ type: json
+ NeutronControlPlaneID:
+ default: 'ctlplane'
+ type: string
+ description: Neutron ID or name for ctlplane network.
+ NeutronPublicInterface:
+ default: nic1
+ description: What interface to bridge onto br-ex for network nodes.
+ type: string
+ PublicVirtualFixedIPs:
+ default: []
+ description: >
+ Control the IP allocation for the PublicVirtualInterface port. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ type: json
+ RabbitCookieSalt:
+ type: string
+ default: unset
+ description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
+ StorageVirtualFixedIPs:
+ default: []
+ description: >
+ Control the IP allocation for the StorageVirtualInterface port. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ type: json
+ StorageMgmtVirtualFixedIPs:
+ default: []
+ description: >
+ Control the IP allocation for the StorageMgmgVirtualInterface port. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ type: json
+ RedisVirtualFixedIPs:
+ default: []
+ description: >
+ Control the IP allocation for the virtual IP used by Redis. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ type: json
+ CloudDomain:
+ default: 'localdomain'
+ type: string
+ description: >
+ The DNS domain used for the hosts. This should match the dhcp_domain
+ configured in the Undercloud neutron. Defaults to localdomain.
+ ServerMetadata:
+ default: {}
+ description: >
+ Extra properties or metadata passed to Nova for the created nodes in
+ the overcloud. It's accessible via the Nova metadata API.
+ type: json
+
+# Compute-specific params
+# FIXME(shardy) handle these deprecated names as they don't match compute.yaml
+ HypervisorNeutronPhysicalBridge:
+ default: 'br-ex'
+ description: >
+ An OVS bridge to create on each hypervisor. This defaults to br-ex the
+ same as the control plane nodes, as we have a uniform configuration of
+ the openvswitch agent. Typically should not need to be changed.
+ type: string
+ HypervisorNeutronPublicInterface:
+ default: nic1
+ description: What interface to add to the HypervisorNeutronPhysicalBridge.
+ type: string
+
+ # Jinja loop for Role in role_data.yaml
+{% for role in roles %}
+ # Parameters generated for {{role.name}} Role
+ {{role.name}}Services:
+ description: A list of service resources (configured in the Heat
+ resource_registry) which represent nested stacks
+ for each service that should get installed on the {{role.name}} role.
+ type: comma_delimited_list
+ default: {{role.ServicesDefault|default([])}}
+
+ {{role.name}}Count:
+ description: Number of {{role.name}} nodes to deploy
+ type: number
+ default: {{role.CountDefault|default(0)}}
+
+ {{role.name}}HostnameFormat:
+ type: string
+ description: >
+ Format for {{role.name}} node hostnames
+ Note %index% is translated into the index of the node, e.g 0/1/2 etc
+ and %stackname% is replaced with the stack name e.g overcloud
+ {% if role.HostnameFormatDefault %}
+ default: "{{role.HostnameFormatDefault}}"
+ {% else %}
+ default: "%stackname%-{{role.name.lower()}}-%index%"
+ {% endif %}
+
+ {{role.name}}RemovalPolicies:
+ default: []
+ type: json
+ description: >
+ List of resources to be removed from {{role.name}} ResourceGroup when
+ doing an update which requires removal of specific resources.
+ Example format ComputeRemovalPolicies: [{'resource_list': ['0']}]
+
+{% if role.name != 'Compute' %}
+ {{role.name}}SchedulerHints:
+{% else %}
+ NovaComputeSchedulerHints:
+{% endif %}
+ type: json
+ description: Optional scheduler hints to pass to nova
+ default: {}
+{% endfor %}
+
+ # Identifiers to trigger tasks on nodes
+ UpdateIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting to a previously unused value during stack-update will trigger
+ package update on all nodes
+ DeployIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting this to a unique value will re-run any deployment tasks which
+ perform configuration on a Heat stack-update.
+
+resources:
+
+ HeatAuthEncryptionKey:
+ type: OS::Heat::RandomString
+
+ PcsdPassword:
+ type: OS::Heat::RandomString
+ properties:
+ length: 16
+
+ HorizonSecret:
+ type: OS::Heat::RandomString
+ properties:
+ length: 10
+
+ ServiceNetMap:
+ type: OS::TripleO::ServiceNetMap
+
+ EndpointMap:
+ type: OS::TripleO::EndpointMap
+ properties:
+ CloudEndpoints:
+ external: {get_param: CloudName}
+ internal_api: {get_param: CloudNameInternal}
+ storage: {get_param: CloudNameStorage}
+ storage_mgmt: {get_param: CloudNameStorageManagement}
+ ctlplane: {get_param: CloudNameCtlplane}
+ NetIpMap: {get_attr: [VipMap, net_ip_map]}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
+
+ # Jinja loop for Role in roles_data.yaml
+{% for role in roles %}
+ # Resources generated for {{role.name}} Role
+ {{role.name}}ServiceChain:
+ type: OS::TripleO::Services
+ properties:
+ Services:
+ get_param: {{role.name}}Services
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
+ EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
+ DefaultPasswords: {get_attr: [DefaultPasswords, passwords]}
+
+ {{role.name}}AllNodesDeployment:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ name: {{role.name}}AllNodesDeployment
+ config: {get_attr: [allNodesConfig, config_id]}
+ servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ input_values:
+ bootstrap_nodeid: {get_attr: [{{role.name}}, resource.0.hostname]}
+ bootstrap_nodeid_ip: {get_attr: [{{role.name}}, resource.0.ip_address]}
+
+ {{role.name}}AllNodesValidationDeployment:
+ type: OS::Heat::StructuredDeployments
+ depends_on: {{role.name}}AllNodesDeployment
+ properties:
+ name: {{role.name}}AllNodesValidationDeployment
+ config: {get_resource: AllNodesValidationConfig}
+ servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+
+ {{role.name}}IpListMap:
+ type: OS::TripleO::Network::Ports::NetIpListMap
+ properties:
+ ControlPlaneIpList: {get_attr: [{{role.name}}, ip_address]}
+ ExternalIpList: {get_attr: [{{role.name}}, external_ip_address]}
+ InternalApiIpList: {get_attr: [{{role.name}}, internal_api_ip_address]}
+ StorageIpList: {get_attr: [{{role.name}}, storage_ip_address]}
+ StorageMgmtIpList: {get_attr: [{{role.name}}, storage_mgmt_ip_address]}
+ TenantIpList: {get_attr: [{{role.name}}, tenant_ip_address]}
+ ManagementIpList: {get_attr: [{{role.name}}, management_ip_address]}
+ EnabledServices: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
+ ServiceHostnameList: {get_attr: [{{role.name}}, hostname]}
+
+ {{role.name}}:
+ type: OS::Heat::ResourceGroup
+ depends_on: Networks
+ properties:
+ count: {get_param: {{role.name}}Count}
+ removal_policies: {get_param: {{role.name}}RemovalPolicies}
+ resource_def:
+ type: OS::TripleO::{{role.name}}
+ properties:
+ CloudDomain: {get_param: CloudDomain}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
+ EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
+ Hostname:
+ str_replace:
+ template: {get_param: {{role.name}}HostnameFormat}
+ params:
+ '%stackname%': {get_param: 'OS::stack_name'}
+ NodeIndex: '%index%'
+ {% if role.name != 'Compute' %}
+ {{role.name}}SchedulerHints: {get_param: {{role.name}}SchedulerHints}
+ {% else %}
+ NovaComputeSchedulerHints: {get_param: NovaComputeSchedulerHints}
+ {% endif %}
+ ServiceConfigSettings:
+ map_merge:
+ - get_attr: [{{role.name}}ServiceChain, role_data, config_settings]
+ {% for r in roles %}
+ - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings]
+ {% endfor %}
+ # This next step combines two yaql passes:
+ # - The inner one does a deep merge on the service_config_settings for all roles
+ # - The outer one filters the map based on the services enabled for the role
+ # then merges the result into one map.
+ - yaql:
+ expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {})
+ data:
+ map:
+ yaql:
+ expression: $.data.where($ != null).reduce($1.mergeWith($2), {})
+ data:
+ {% for r in roles %}
+ - get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings]
+ {% endfor %}
+ services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
+ ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
+ MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]}
+ LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
+ LoggingGroups: {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]}
+{% endfor %}
+
+ allNodesConfig:
+ type: OS::TripleO::AllNodes::SoftwareConfig
+ properties:
+ cloud_name_external: {get_param: CloudName}
+ cloud_name_internal_api: {get_param: CloudNameInternal}
+ cloud_name_storage: {get_param: CloudNameStorage}
+ cloud_name_storage_mgmt: {get_param: CloudNameStorageManagement}
+ cloud_name_ctlplane: {get_param: CloudNameCtlplane}
+ hosts:
+{% for role in roles %}
+ - list_join:
+ - '\n'
+ - {get_attr: [{{role.name}}, hosts_entry]}
+{% endfor %}
+ enabled_services:
+ list_join:
+ - ','
+{% for role in roles %}
+ - {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
+{% endfor %}
+ controller_ips: {get_attr: [Controller, ip_address]}
+ controller_names: {get_attr: [Controller, hostname]}
+ service_ips:
+ # Note (shardy) this somewhat complex yaql may be replaced
+ # with a map_deep_merge function in ocata. It merges the
+ # list of maps, but appends to colliding lists when a service
+ # is deployed on more than one role
+ yaql:
+ expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()]))
+ data:
+ l:
+{% for role in roles %}
+ - {get_attr: [{{role.name}}IpListMap, service_ips]}
+{% endfor %}
+ service_node_names:
+ yaql:
+ expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()]))
+ data:
+ l:
+{% for role in roles %}
+ - {get_attr: [{{role.name}}IpListMap, service_hostnames]}
+{% endfor %}
+ # FIXME(shardy): These require further work to move into service_ips
+ memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]}
+ keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]}
+ keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]}
+ NetVipMap: {get_attr: [VipMap, net_ip_map]}
+ RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
+ DeployIdentifier: {get_param: DeployIdentifier}
+ UpdateIdentifier: {get_param: UpdateIdentifier}
+
+ MysqlRootPassword:
+ type: OS::Heat::RandomString
+ properties:
+ length: 10
+
+ RabbitCookie:
+ type: OS::Heat::RandomString
+ properties:
+ length: 20
+ salt: {get_param: RabbitCookieSalt}
+
+ DefaultPasswords:
+ type: OS::TripleO::DefaultPasswords
+ properties:
+ DefaultMysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
+ DefaultRabbitCookie: {get_attr: [RabbitCookie, value]}
+ DefaultHeatAuthEncryptionKey: {get_attr: [HeatAuthEncryptionKey, value]}
+ DefaultPcsdPassword: {get_attr: [PcsdPassword, value]}
+ DefaultHorizonSecret: {get_attr: [HorizonSecret, value]}
+
+ # creates the network architecture
+ Networks:
+ type: OS::TripleO::Network
+
+ ControlVirtualIP:
+ type: OS::Neutron::Port
+ depends_on: Networks
+ properties:
+ name: control_virtual_ip
+ network: {get_param: NeutronControlPlaneID}
+ fixed_ips: {get_param: ControlFixedIPs}
+ replacement_policy: AUTO
+
+ RedisVirtualIP:
+ depends_on: Networks
+ type: OS::TripleO::Network::Ports::RedisVipPort
+ properties:
+ ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+ ControlPlaneNetwork: {get_param: NeutronControlPlaneID}
+ PortName: redis_virtual_ip
+ NetworkName: {get_attr: [ServiceNetMap, service_net_map, RedisNetwork]}
+ ServiceName: redis
+ FixedIPs: {get_param: RedisVirtualFixedIPs}
+
+ # The public VIP is on the External net, falls back to ctlplane
+ PublicVirtualIP:
+ depends_on: Networks
+ type: OS::TripleO::Network::Ports::ExternalVipPort
+ properties:
+ ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+ ControlPlaneNetwork: {get_param: NeutronControlPlaneID}
+ PortName: public_virtual_ip
+ FixedIPs: {get_param: PublicVirtualFixedIPs}
+
+ InternalApiVirtualIP:
+ depends_on: Networks
+ type: OS::TripleO::Network::Ports::InternalApiVipPort
+ properties:
+ ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+ PortName: internal_api_virtual_ip
+ FixedIPs: {get_param: InternalApiVirtualFixedIPs}
+
+ StorageVirtualIP:
+ depends_on: Networks
+ type: OS::TripleO::Network::Ports::StorageVipPort
+ properties:
+ ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+ PortName: storage_virtual_ip
+ FixedIPs: {get_param: StorageVirtualFixedIPs}
+
+ StorageMgmtVirtualIP:
+ depends_on: Networks
+ type: OS::TripleO::Network::Ports::StorageMgmtVipPort
+ properties:
+ ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+ PortName: storage_management_virtual_ip
+ FixedIPs: {get_param: StorageMgmtVirtualFixedIPs}
+
+ VipMap:
+ type: OS::TripleO::Network::Ports::NetVipMap
+ properties:
+ ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+ ExternalIp: {get_attr: [PublicVirtualIP, ip_address]}
+ ExternalIpUri: {get_attr: [PublicVirtualIP, ip_address_uri]}
+ InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]}
+ InternalApiIpUri: {get_attr: [InternalApiVirtualIP, ip_address_uri]}
+ StorageIp: {get_attr: [StorageVirtualIP, ip_address]}
+ StorageIpUri: {get_attr: [StorageVirtualIP, ip_address_uri]}
+ StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]}
+ StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]}
+ # No tenant or management VIP required
+
+ # All Nodes Validations
+ AllNodesValidationConfig:
+ type: OS::TripleO::AllNodes::Validation
+ properties:
+ PingTestIps:
+ list_join:
+ - ' '
+ - - {get_attr: [Controller, resource.0.external_ip_address]}
+ - {get_attr: [Controller, resource.0.internal_api_ip_address]}
+ - {get_attr: [Controller, resource.0.storage_ip_address]}
+ - {get_attr: [Controller, resource.0.storage_mgmt_ip_address]}
+ - {get_attr: [Controller, resource.0.tenant_ip_address]}
+ - {get_attr: [Controller, resource.0.management_ip_address]}
+
+ UpdateWorkflow:
+ type: OS::TripleO::Tasks::UpdateWorkflow
+ properties:
+ servers:
+{% for role in roles %}
+ {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+{% endfor %}
+ input_values:
+ deploy_identifier: {get_param: DeployIdentifier}
+ update_identifier: {get_param: UpdateIdentifier}
+
+ # Optional ExtraConfig for all nodes - all roles are passed in here, but
+ # the nested template may configure each role differently (or not at all)
+ AllNodesExtraConfig:
+ type: OS::TripleO::AllNodesExtraConfig
+ depends_on:
+ - UpdateWorkflow
+{% for role in roles %}
+ - {{role.name}}AllNodesValidationDeployment
+{% endfor %}
+ properties:
+{% for role in roles %}
+ servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+{% endfor %}
+
+ # Post deployment steps for all roles
+ AllNodesDeploySteps:
+ type: OS::TripleO::PostDeploySteps
+ properties:
+ servers:
+{% for role in roles %}
+ {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+{% endfor %}
+ role_data:
+{% for role in roles %}
+ {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
+{% endfor %}
+
+outputs:
+ ManagedEndpoints:
+ description: Asserts that the keystone endpoints have been provisioned.
+ value: true
+ KeystoneURL:
+ description: URL for the Overcloud Keystone service
+ value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]}
+ KeystoneAdminVip:
+ description: Keystone Admin VIP endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]}
+ PublicVip:
+ description: Controller VIP for public API endpoints
+ value: {get_attr: [VipMap, net_ip_map, external]}
+ AodhInternalVip:
+ description: VIP for Aodh API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]}
+ CeilometerInternalVip:
+ description: VIP for Ceilometer API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]}
+ CephRgwInternalVip:
+ description: VIP for Ceph RGW internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CephRgwNetwork]}]}
+ CinderInternalVip:
+ description: VIP for Cinder API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]}
+ GlanceInternalVip:
+ description: VIP for Glance API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]}
+ GnocchiInternalVip:
+ description: VIP for Gnocchi API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]}
+ HeatInternalVip:
+ description: VIP for Heat API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]}
+ IronicInternalVip:
+ description: VIP for Ironic API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]}
+ KeystoneInternalVip:
+ description: VIP for Keystone API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]}
+ ManilaInternalVip:
+ description: VIP for Manila API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]}
+ NeutronInternalVip:
+ description: VIP for Neutron API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]}
+ NovaInternalVip:
+ description: VIP for Nova API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]}
+ OpenDaylightInternalVip:
+ description: VIP for OpenDaylight API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, OpenDaylightApiNetwork]}]}
+ SaharaInternalVip:
+ description: VIP for Sahara API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]}
+ SwiftInternalVip:
+ description: VIP for Swift Proxy internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]}
+ EndpointMap:
+ description: |
+ Mapping of the resources with the needed info for their endpoints.
+ This includes the protocol used, the IP, port and also a full
+ representation of the URI.
+ value: {get_attr: [EndpointMap, endpoint_map]}
+ HostsEntry:
+ description: |
+ The content that should be appended to your /etc/hosts if you want to get
+ hostname-based access to the deployed nodes (useful for testing without
+ setting up a DNS).
+ value: {get_attr: [allNodesConfig, hosts_entries]}
+ EnabledServices:
+ description: The services enabled on each role
+ value:
+{% for role in roles %}
+ {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
+{% endfor %}
diff --git a/overcloud.yaml b/overcloud.yaml
deleted file mode 100644
index 3adfa3e1..00000000
--- a/overcloud.yaml
+++ /dev/null
@@ -1,1671 +0,0 @@
-heat_template_version: 2016-04-08
-
-description: >
- Deploy an OpenStack environment, consisting of several node types (roles),
- Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage
- roles enable independent scaling of the storage components, but the minimal
- deployment is one Controller and one Compute node.
-
-
-# TODO(shadower): we should probably use the parameter groups to put
-# some order in here.
-parameters:
-
- # Common parameters (not specific to a role)
- AdminPassword:
- description: The password for the keystone admin account, used for monitoring, querying neutron etc.
- type: string
- hidden: true
- AodhPassword:
- description: The password for the aodh services.
- type: string
- hidden: true
- CeilometerBackend:
- default: 'mongodb'
- description: The ceilometer backend type.
- type: string
- CeilometerMeteringSecret:
- description: Secret shared by the ceilometer services.
- type: string
- hidden: true
- CeilometerPassword:
- description: The password for the ceilometer service account.
- type: string
- hidden: true
- CeilometerMeterDispatcher:
- default: 'database'
- description: Dispatcher to process meter data
- type: string
- constraints:
- - allowed_values: ['gnocchi', 'database']
- # This has to be an UUID so for now we generate it outside the template
- CephClusterFSID:
- default: ''
- type: string
- description: The Ceph cluster FSID. Must be a UUID.
- CephMonKey:
- default: ''
- description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key.
- type: string
- hidden: true
- CephAdminKey:
- default: ''
- description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
- type: string
- hidden: true
- CinderEnableNfsBackend:
- default: false
- description: Whether to enable or not the NFS backend for Cinder
- type: boolean
- CephClientKey:
- default: ''
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
- type: string
- hidden: true
- CephExternalMonHost:
- default: ''
- type: string
- description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments.
- CinderEnableIscsiBackend:
- default: true
- description: Whether to enable or not the Iscsi backend for Cinder
- type: boolean
- CinderEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Cinder
- type: boolean
- CloudName:
- default: overcloud
- description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
- type: string
- ControlFixedIPs:
- default: []
- description: Should be used for arbitrary ips.
- type: json
- CorosyncIPv6:
- default: false
- description: Enable IPv6 in Corosync
- type: boolean
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
- HAProxySyslogAddress:
- default: /dev/log
- description: Syslog address where HAproxy will send its log
- type: string
- HorizonAllowedHosts:
- default: '*'
- description: A list of IP/Hostname allowed to connect to horizon
- type: comma_delimited_list
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
- InternalApiVirtualFixedIPs:
- default: []
- description: >
- Control the IP allocation for the InternalApiVirtualInterface port. E.g.
- [{'ip_address':'1.2.3.4'}]
- type: json
- KeyName:
- default: default
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- constraints:
- - custom_constraint: nova.keypair
- MemcachedIPv6:
- default: false
- description: Enable IPv6 features in Memcached.
- type: boolean
- NeutronBridgeMappings:
- description: >
- The OVS logical->physical bridge mappings to use. See the Neutron
- documentation for details. Defaults to mapping br-ex - the external
- bridge on hosts - to a physical name 'datacentre' which can be used
- to create provider networks (and we use this for the default floating
- network) - if changing this either use different post-install network
- scripts or be sure to keep 'datacentre' as a mapping network name.
- type: comma_delimited_list
- default: "datacentre:br-ex"
- NeutronControlPlaneID:
- default: 'ctlplane'
- type: string
- description: Neutron ID or name for ctlplane network.
- NeutronEnableTunnelling:
- type: string
- default: "True"
- NeutronEnableL2Pop:
- type: string
- description: >
- Enable/disable the L2 population feature in the Neutron agents.
- default: "False"
- NeutronFlatNetworks:
- type: comma_delimited_list
- default: 'datacentre'
- description: >
- If set, flat networks to configure in neutron plugins. Defaults to
- 'datacentre' to permit external network creation.
- NeutronNetworkType:
- default: 'vxlan'
- description: The tenant network type for Neutron.
- type: comma_delimited_list
- NeutronPassword:
- description: The password for the neutron service account, used by neutron agents.
- type: string
- hidden: true
- NeutronPublicInterface:
- default: nic1
- description: What interface to bridge onto br-ex for network nodes.
- type: string
- NeutronPublicInterfaceTag:
- default: ''
- description: >
- VLAN tag for creating a public VLAN. The tag will be used to
- create an access port on the exterior bridge for each control plane node,
- and that port will be given the IP address returned by neutron from the
- public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
- overcloud.yaml to include the deployment of VLAN ports to the control
- plane.
- type: string
- NeutronComputeAgentMode:
- default: 'dvr'
- description: Agent mode for the neutron-l3-agent on the compute hosts
- type: string
- NeutronAgentMode:
- default: 'dvr_snat'
- description: Agent mode for the neutron-l3-agent on the controller hosts
- type: string
- NeutronDVR:
- default: 'False'
- description: Whether to configure Neutron Distributed Virtual Routers
- type: string
- NeutronMetadataProxySharedSecret:
- description: Shared secret to prevent spoofing
- type: string
- hidden: true
- NeutronTenantMtu:
- description: >
- The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
- be at least 50 bytes smaller than the MTU on the physical network. This
- value will be used to set the MTU on the virtual Ethernet device.
- This value will be used to construct the NeutronDnsmasqOptions, since that
- will determine the MTU that is assigned to the VM host through DHCP.
- default: "1400"
- type: string
- NeutronTunnelTypes:
- default: 'vxlan'
- description: |
- The tunnel types for the Neutron tenant network.
- type: comma_delimited_list
- NeutronTunnelIdRanges:
- description: |
- Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
- of GRE tunnel IDs that are available for tenant network allocation
- default: ["1:4094", ]
- type: comma_delimited_list
- NeutronVniRanges:
- description: |
- Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
- of VXLAN VNI IDs that are available for tenant network allocation
- default: ["1:4094", ]
- type: comma_delimited_list
- NeutronCorePlugin:
- default: 'ml2'
- description: |
- The core plugin for Neutron. The value should be the entrypoint to be loaded
- from neutron.core_plugins namespace.
- type: string
- NeutronServicePlugins:
- default: "router,qos"
- description: |
- Comma-separated list of service plugin entrypoints to be loaded from the
- neutron.service_plugins namespace.
- type: comma_delimited_list
- NeutronTypeDrivers:
- default: "vxlan,vlan,flat,gre"
- description: |
- Comma-separated list of network type driver entrypoints to be loaded.
- type: comma_delimited_list
- NeutronMechanismDrivers:
- default: 'openvswitch'
- description: |
- The mechanism drivers for the Neutron tenant network.
- type: comma_delimited_list
- NeutronPluginExtensions:
- default: "qos,port_security"
- description: |
- Comma-separated list of extensions enabled for the Neutron plugin.
- type: comma_delimited_list
- NeutronAgentExtensions:
- default: "qos"
- description: |
- Comma-separated list of extensions enabled for the Neutron agents.
- type: comma_delimited_list
- NeutronAllowL3AgentFailover:
- default: 'False'
- description: Allow automatic l3-agent failover
- type: string
- NeutronL3HA:
- default: 'False'
- description: Whether to enable l3-agent HA
- type: string
- NovaIPv6:
- default: false
- description: Enable IPv6 features in Nova
- type: boolean
- NovaPassword:
- description: The password for the nova service account, used by nova-api.
- type: string
- hidden: true
- NtpServer:
- default: ''
- description: Comma-separated list of ntp servers
- type: comma_delimited_list
- MongoDbNoJournal:
- default: false
- description: Should MongoDb journaling be disabled
- type: boolean
- MongoDbIPv6:
- default: false
- description: Enable IPv6 if MongoDB VIP is IPv6
- type: boolean
- PublicVirtualFixedIPs:
- default: []
- description: >
- Control the IP allocation for the PublicVirtualInterface port. E.g.
- [{'ip_address':'1.2.3.4'}]
- type: json
- RabbitCookieSalt:
- type: string
- default: unset
- description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
- RedisPassword:
- description: The password for Redis
- type: string
- hidden: true
- SnmpdReadonlyUserName:
- default: ro_snmp_user
- description: The user name for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- SnmpdReadonlyUserPassword:
- description: The user password for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- hidden: true
- StorageVirtualFixedIPs:
- default: []
- description: >
- Control the IP allocation for the StorageVirtualInterface port. E.g.
- [{'ip_address':'1.2.3.4'}]
- type: json
- StorageMgmtVirtualFixedIPs:
- default: []
- description: >
- Control the IP allocation for the StorageMgmgVirtualInterface port. E.g.
- [{'ip_address':'1.2.3.4'}]
- type: json
- TimeZone:
- default: 'UTC'
- description: The timezone to be set on nodes.
- type: string
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This should match the dhcp_domain
- configured in the Undercloud neutron. Defaults to localdomain.
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API.
- type: json
-
- # Controller-specific params
- CinderLVMLoopDeviceSize:
- default: 10280
- description: The size of the loopback file used by the cinder LVM driver.
- type: number
- CinderNfsMountOptions:
- default: ''
- description: >
- Mount options for NFS mounts used by Cinder NFS backend. Effective
- when CinderEnableNfsBackend is true.
- type: string
- CinderNfsServers:
- default: ''
- description: >
- NFS servers used by Cinder NFS backend. Effective when
- CinderEnableNfsBackend is true.
- type: comma_delimited_list
- CinderPassword:
- description: The password for the cinder service account, used by cinder-api.
- type: string
- hidden: true
- CinderISCSIHelper:
- default: lioadm
- description: The iSCSI helper to use with cinder.
- type: string
- ControllerCount:
- type: number
- default: 1
- constraints:
- - range: {min: 1}
- controllerExtraConfig:
- default: {}
- description: |
- Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
- type: json
- controllerImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- OvercloudControlFlavor:
- description: Flavor for control nodes to request when deploying.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
- type: string
- EnableFencing:
- default: false
- description: Whether to enable fencing in Pacemaker or not.
- type: boolean
- EnableGalera:
- default: true
- description: Whether to use Galera instead of regular MariaDB.
- type: boolean
- ControllerEnableCephStorage:
- default: false
- description: Whether to deploy Ceph Storage (OSD) on the Controller
- type: boolean
- ControllerEnableSwiftStorage:
- default: true
- description: Whether to enable Swift Storage on the Controller
- type: boolean
- ControllerSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- ExtraConfig:
- default: {}
- description: |
- Additional configuration to inject into the cluster. The format required
- may be implementation specific, e.g puppet hieradata. Any role specific
- ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig.
- type: json
- FencingConfig:
- default: {}
- description: |
- Pacemaker fencing configuration. The JSON should have
- the following structure:
- {
- "devices": [
- {
- "agent": "AGENT_NAME",
- "host_mac": "HOST_MAC_ADDRESS",
- "params": {"PARAM_NAME": "PARAM_VALUE"}
- }
- ]
- }
- For instance:
- {
- "devices": [
- {
- "agent": "fence_xvm",
- "host_mac": "52:54:00:aa:bb:cc",
- "params": {
- "multicast_address": "225.0.0.12",
- "port": "baremetal_0",
- "manage_fw": true,
- "manage_key_file": true,
- "key_file": "/etc/fence_xvm.key",
- "key_file_password": "abcdef"
- }
- }
- ]
- }
- type: json
- GnocchiBackend:
- default: file
- description: The short name of the Gnocchi backend to use. Should be one
- of swift, rbd or file
- type: string
- constraints:
- - allowed_values: ['swift', 'file', 'rbd']
- GnocchiIndexerBackend:
- default: 'mysql'
- description: The short name of the Gnocchi indexer backend to use.
- type: string
- GnocchiPassword:
- description: The password for the gnocchi service account.
- type: string
- hidden: true
- InstanceNameTemplate:
- default: 'instance-%08x'
- description: Template string to be used to generate instance names
- type: string
- ManageFirewall:
- default: false
- description: Whether to manage IPtables rules.
- type: boolean
- PurgeFirewallRules:
- default: false
- description: Whether IPtables rules should be purged before setting up the ones.
- type: boolean
- MysqlInnodbBufferPoolSize:
- description: >
- Specifies the size of the buffer pool in megabytes. Setting to
- zero should be interpreted as "no value" and will defer to the
- lower level default.
- type: number
- default: 0
- MysqlMaxConnections:
- description: Configures MySQL max_connections config setting
- type: number
- default: 4096
- NeutronPublicInterfaceDefaultRoute:
- default: ''
- description: A custom default route for the NeutronPublicInterface.
- type: string
- NeutronPublicInterfaceIP:
- default: ''
- description: A custom IP address to put onto the NeutronPublicInterface.
- type: string
- NeutronPublicInterfaceRawDevice:
- default: ''
- description: If set, the public interface is a vlan with this device as the raw device.
- type: string
- PublicVirtualInterface:
- default: 'br-ex'
- description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
- type: string
- SwiftHashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings in the ring.
- type: string
- hidden: true
- SwiftMountCheck:
- default: 'false'
- description: Value of mount_check in Swift account/container/object -server.conf
- type: boolean
- SwiftMinPartHours:
- type: number
- default: 1
- description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
- SwiftPartPower:
- default: 10
- description: Partition Power to use when building Swift rings
- type: number
- SwiftReplicas:
- type: number
- default: 3
- description: How many replicas to use in the swift rings.
- SaharaPassword:
- description: The password for the sahara service account.
- type: string
- hidden: true
-
-# Compute-specific params
- CeilometerComputeAgent:
- description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
- type: string
- default: ''
- constraints:
- - allowed_values: ['', Present]
- ComputeCount:
- type: number
- default: 1
- HypervisorNeutronPhysicalBridge:
- default: 'br-ex'
- description: >
- An OVS bridge to create on each hypervisor. This defaults to br-ex the
- same as the control plane nodes, as we have a uniform configuration of
- the openvswitch agent. Typically should not need to be changed.
- type: string
- HypervisorNeutronPublicInterface:
- default: nic1
- description: What interface to add to the HypervisorNeutronPhysicalBridge.
- type: string
- NeutronNetworkVLANRanges:
- default: 'datacentre:1:1000'
- description: >
- The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
- Neutron documentation for permitted values. Defaults to permitting any
- VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
- type: comma_delimited_list
- NovaComputeDriver:
- type: string
- default: libvirt.LibvirtDriver
- NovaComputeExtraConfig:
- default: {}
- description: |
- NovaCompute specific configuration to inject into the cluster. Same
- structure as ExtraConfig.
- type: json
- NovaComputeLibvirtType:
- default: kvm
- type: string
- NovaComputeLibvirtVifDriver:
- default: ''
- description: Libvirt VIF driver configuration for the network
- type: string
- NovaComputeSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- NovaEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Nova
- type: boolean
- NovaImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- NovaOVSBridge:
- default: 'br-int'
- description: Name of integration bridge used by Open vSwitch
- type: string
- NovaSecurityGroupAPI:
- default: 'neutron'
- description: The full class name of the security API class
- type: string
- OvercloudComputeFlavor:
- description: Use this flavor
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- ServiceNetMap:
- default:
- NeutronTenantNetwork: tenant
- CeilometerApiNetwork: internal_api
- AodhApiNetwork: internal_api
- GnocchiApiNetwork: internal_api
- MongoDbNetwork: internal_api
- CinderApiNetwork: internal_api
- CinderIscsiNetwork: storage
- GlanceApiNetwork: storage
- GlanceRegistryNetwork: internal_api
- KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
- KeystonePublicApiNetwork: internal_api
- NeutronApiNetwork: internal_api
- HeatApiNetwork: internal_api
- NovaApiNetwork: internal_api
- NovaMetadataNetwork: internal_api
- NovaVncProxyNetwork: internal_api
- SwiftMgmtNetwork: storage_mgmt
- SwiftProxyNetwork: storage
- SaharaApiNetwork: internal_api
- HorizonNetwork: internal_api
- MemcachedNetwork: internal_api
- RabbitMqNetwork: internal_api
- RedisNetwork: internal_api
- MysqlNetwork: internal_api
- CephClusterNetwork: storage_mgmt
- CephPublicNetwork: storage
- ControllerHostnameResolveNetwork: internal_api
- ComputeHostnameResolveNetwork: internal_api
- BlockStorageHostnameResolveNetwork: internal_api
- ObjectStorageHostnameResolveNetwork: internal_api
- CephStorageHostnameResolveNetwork: storage
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
-
- ControllerServices:
- default:
- - OS::TripleO::Services::Keystone
- - OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::GlanceRegistry
- - OS::TripleO::Services::HeatApi
- - OS::TripleO::Services::HeatApiCfn
- - OS::TripleO::Services::HeatApiCloudwatch
- - OS::TripleO::Services::HeatEngine
- - OS::TripleO::Services::NeutronDhcpAgent
- - OS::TripleO::Services::NeutronL3Agent
- - OS::TripleO::Services::NeutronMetadataAgent
- - OS::TripleO::Services::RabbitMQ
- - OS::TripleO::Services::Loadbalancer
- - OS::TripleO::Services::Memcached
- - OS::TripleO::Services::SwiftProxy
- description: A list of service resources (configured in the Heat
- resource_registry) which represent nested stacks
- for each service that should get installed on the Controllers.
- type: comma_delimited_list
-
- ComputeServices:
- default: []
- description: A list of service resources (configured in the Heat
- resource_registry) which represent nested stacks
- for each service that should get installed on the Compute Nodes.
- type: comma_delimited_list
-
-# Block storage specific parameters
- BlockStorageCount:
- type: number
- default: 0
- BlockStorageImage:
- default: overcloud-full
- type: string
- OvercloudBlockStorageFlavor:
- description: Flavor for block storage nodes to request when deploying.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- BlockStorageExtraConfig:
- default: {}
- description: |
- BlockStorage specific configuration to inject into the cluster. Same
- structure as ExtraConfig.
- type: json
- BlockStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
-
-
-# Object storage specific parameters
- ObjectStorageCount:
- type: number
- default: 0
- OvercloudSwiftStorageFlavor:
- description: Flavor for Swift storage nodes to request when deploying.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- SwiftStorageImage:
- default: overcloud-full
- type: string
- ObjectStorageExtraConfig:
- default: {}
- description: |
- ObjectStorage specific configuration to inject into the cluster. Same
- structure as ExtraConfig.
- type: json
- ObjectStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- ObjectStorageServices:
- default: []
- description: A list of service resources (configured in the Heat
- resource_registry) which represent nested stacks
- for each service that should get installed on the ObjectStorage nodes.
- Note this role currently only supports steps 2, 3 and 4 configuration.
- type: comma_delimited_list
-
-
-# Ceph storage specific parameters
- CephStorageCount:
- type: number
- default: 0
- CephStorageImage:
- default: overcloud-full
- type: string
- OvercloudCephStorageFlavor:
- default: baremetal
- description: Flavor for Ceph storage nodes to request when deploying.
- type: string
- constraints:
- - custom_constraint: nova.flavor
- CephStorageExtraConfig:
- default: {}
- description: |
- CephStorage specific configuration to inject into the cluster. Same
- structure as ExtraConfig.
- type: json
- CephStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- CephStorageServices:
- default: []
- description: A list of service resources (configured in the Heat
- resource_registry) which represent nested stacks
- for each service that should get installed on the CephStorage nodes.
- type: comma_delimited_list
-
- # Hostname format for each role
- # Note %index% is translated into the index of the node, e.g 0/1/2 etc
- # and %stackname% is replaced with OS::stack_name in the template below.
- # If you want to use the heat generated names, pass '' (empty string).
- ControllerHostnameFormat:
- type: string
- description: Format for Controller node hostnames
- default: '%stackname%-controller-%index%'
- ComputeHostnameFormat:
- type: string
- description: Format for Compute node hostnames
- default: '%stackname%-novacompute-%index%'
- BlockStorageHostnameFormat:
- type: string
- description: Format for BlockStorage node hostnames
- default: '%stackname%-blockstorage-%index%'
- ObjectStorageHostnameFormat:
- type: string
- description: Format for SwiftStorage node hostnames
- default: '%stackname%-objectstorage-%index%'
- CephStorageHostnameFormat:
- type: string
- description: Format for CephStorage node hostnames
- default: '%stackname%-cephstorage-%index%'
-
- # Identifiers to trigger tasks on nodes
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- DeployIdentifier:
- default: ''
- type: string
- description: >
- Setting this to a unique value will re-run any deployment tasks which
- perform configuration on a Heat stack-update.
-
- # If you want to remove a specific node from a resource group, you can pass
- # the node name or id as a <Group>RemovalPolicies parameter, for example:
- # ComputeRemovalPolicies: [{'resource_list': ['0']}]
- ControllerRemovalPolicies:
- default: []
- type: json
- description: >
- List of resources to be removed from ControllerResourceGroup when
- doing an update which requires removal of specific resources.
- ComputeRemovalPolicies:
- default: []
- type: json
- description: >
- List of resources to be removed from ComputeResourceGroup when
- doing an update which requires removal of specific resources.
- BlockStorageRemovalPolicies:
- default: []
- type: json
- description: >
- List of resources to be removed from BlockStorageResourceGroup when
- doing an update which requires removal of specific resources.
- ObjectStorageRemovalPolicies:
- default: []
- type: json
- description: >
- List of resources to be removed from ObjectStorageResourceGroup when
- doing an update which requires removal of specific resources.
- CephStorageRemovalPolicies:
- default: []
- type: json
- description: >
- List of resources to be removed from CephStorageResourceGroup when
- doing an update which requires removal of specific resources.
-
-parameter_groups:
-- label: deprecated
- description: Do not use deprecated params, they will be removed.
- parameters:
- - controllerExtraConfig
-
-
-resources:
-
- HeatAuthEncryptionKey:
- type: OS::Heat::RandomString
-
- PcsdPassword:
- type: OS::Heat::RandomString
- properties:
- length: 16
-
- HorizonSecret:
- type: OS::Heat::RandomString
- properties:
- length: 10
-
- EndpointMap:
- type: OS::TripleO::EndpointMap
- properties:
- CloudName: {get_param: CloudName}
- CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
- AodhApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
- CinderApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
- GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- GnocchiApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
- HeatApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
- MysqlVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- NovaApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- SaharaApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
- SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- PublicVirtualIP: {get_attr: [VipMap, net_ip_uri_map, external]}
-
- ControllerServiceChain:
- type: OS::TripleO::Services
- depends_on: Networks
- properties:
- Services: {get_param: ControllerServices}
- EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
-
- Controller:
- type: OS::Heat::ResourceGroup
- depends_on: Networks
- properties:
- count: {get_param: ControllerCount}
- removal_policies: {get_param: ControllerRemovalPolicies}
- resource_def:
- type: OS::TripleO::Controller
- properties:
- AdminPassword: {get_param: AdminPassword}
- AodhPassword: {get_param: AodhPassword}
- CeilometerBackend: {get_param: CeilometerBackend}
- CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret}
- CeilometerPassword: {get_param: CeilometerPassword}
- CeilometerMeterDispatcher: {get_param: CeilometerMeterDispatcher}
- CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
- CinderNfsMountOptions: {get_param: CinderNfsMountOptions}
- CinderNfsServers: {get_param: CinderNfsServers}
- CinderPassword: {get_param: CinderPassword}
- CinderISCSIHelper: {get_param: CinderISCSIHelper}
- CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend}
- CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend}
- CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend}
- CloudDomain: {get_param: CloudDomain}
- ControlVirtualInterface: {get_param: ControlVirtualInterface}
- controllerExtraConfig: {get_param: controllerExtraConfig}
- CorosyncIPv6: {get_param: CorosyncIPv6}
- Debug: {get_param: Debug}
- EnableFencing: {get_param: EnableFencing}
- ManageFirewall: {get_param: ManageFirewall}
- PurgeFirewallRules: {get_param: PurgeFirewallRules}
- EnableGalera: {get_param: EnableGalera}
- EnableCephStorage: {get_param: ControllerEnableCephStorage}
- EnableSwiftStorage: {get_param: ControllerEnableSwiftStorage}
- ExtraConfig: {get_param: ExtraConfig}
- FencingConfig: {get_param: FencingConfig}
- Flavor: {get_param: OvercloudControlFlavor}
- GnocchiPassword: {get_param: GnocchiPassword}
- GnocchiBackend: {get_param: GnocchiBackend}
- GnocchiIndexerBackend: {get_param: GnocchiIndexerBackend}
- HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
- HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
- HorizonAllowedHosts: {get_param: HorizonAllowedHosts}
- HorizonSecret: {get_resource: HorizonSecret}
- Image: {get_param: controllerImage}
- ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
- InstanceNameTemplate: {get_param: InstanceNameTemplate}
- KeyName: {get_param: KeyName}
- MemcachedIPv6: {get_param: MemcachedIPv6}
- MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]}
- MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize}
- MysqlMaxConnections: {get_param: MysqlMaxConnections}
- MysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
- NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP}
- NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
- NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
- NeutronTenantMtu: {get_param: NeutronTenantMtu}
- NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
- NeutronEnableL2Pop: {get_param: NeutronEnableL2Pop}
- NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
- NeutronPublicInterface: {get_param: NeutronPublicInterface}
- NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute}
- NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice}
- NeutronPassword: {get_param: NeutronPassword}
- NeutronDVR: {get_param: NeutronDVR}
- NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret}
- NeutronAgentMode: {get_param: NeutronAgentMode}
- NeutronCorePlugin: {get_param: NeutronCorePlugin}
- NeutronServicePlugins: {get_param: NeutronServicePlugins}
- NeutronTypeDrivers: {get_param: NeutronTypeDrivers}
- NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers}
- NeutronPluginExtensions: {get_param: NeutronPluginExtensions}
- NeutronAgentExtensions: {get_param: NeutronAgentExtensions}
- NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover}
- NeutronL3HA: {get_param: NeutronL3HA}
- NeutronNetworkType: {get_param: NeutronNetworkType}
- NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
- NovaIPv6: {get_param: NovaIPv6}
- NovaPassword: {get_param: NovaPassword}
- NtpServer: {get_param: NtpServer}
- MongoDbNoJournal: {get_param: MongoDbNoJournal}
- MongoDbIPv6: {get_param: MongoDbIPv6}
- PcsdPassword: {get_resource: PcsdPassword}
- PublicVirtualInterface: {get_param: PublicVirtualInterface}
- RabbitPassword: {get_param: RabbitPassword}
- RabbitUserName: {get_param: RabbitUserName}
- RabbitCookie: {get_attr: [RabbitCookie, value]}
- RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
- RabbitClientPort: {get_param: RabbitClientPort}
- RedisPassword: {get_param: RedisPassword}
- SaharaPassword: {get_param: SaharaPassword}
- SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
- SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
- RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
- RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}
- SwiftHashSuffix: {get_param: SwiftHashSuffix}
- SwiftMountCheck: {get_param: SwiftMountCheck}
- SwiftMinPartHours: {get_param: SwiftMinPartHours}
- SwiftPartPower: {get_param: SwiftPartPower}
- SwiftReplicas: { get_param: SwiftReplicas}
- TimeZone: {get_param: TimeZone}
- VirtualIP: {get_attr: [VipMap, net_ip_map, ctlplane]} # deprecated. Use per service VIP settings instead now.
- PublicVirtualIP: {get_attr: [VipMap, net_ip_map, external]}
- ServiceNetMap: {get_param: ServiceNetMap}
- EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
- CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
- AodhApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
- GnocchiApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
- CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
- HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- HeatApiVirtualIPUri: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- SaharaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
- UpdateIdentifier: {get_param: UpdateIdentifier}
- Hostname:
- str_replace:
- template: {get_param: ControllerHostnameFormat}
- params:
- '%stackname%': {get_param: 'OS::stack_name'}
- NodeIndex: '%index%'
- ServerMetadata: {get_param: ServerMetadata}
- SchedulerHints: {get_param: ControllerSchedulerHints}
- ServiceConfigSettings: {get_attr: [ControllerServiceChain, config_settings]}
-
- ComputeServiceChain:
- type: OS::TripleO::Services
- properties:
- Services: {get_param: ComputeServices}
- EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
-
- Compute:
- type: OS::Heat::ResourceGroup
- depends_on: Networks
- properties:
- count: {get_param: ComputeCount}
- removal_policies: {get_param: ComputeRemovalPolicies}
- resource_def:
- type: OS::TripleO::Compute
- properties:
- AdminPassword: {get_param: AdminPassword}
- CeilometerComputeAgent: {get_param: CeilometerComputeAgent}
- CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret}
- CeilometerPassword: {get_param: CeilometerPassword}
- CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend}
- CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend}
- Debug: {get_param: Debug}
- ExtraConfig: {get_param: ExtraConfig}
- Flavor: {get_param: OvercloudComputeFlavor}
- GlanceHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- Image: {get_param: NovaImage}
- ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
- KeyName: {get_param: KeyName}
- KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
- NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
- NeutronTenantMtu: {get_param: NeutronTenantMtu}
- NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
- NeutronEnableL2Pop : {get_param: NeutronEnableL2Pop}
- NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
- NeutronHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- NeutronNetworkType: {get_param: NeutronNetworkType}
- NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
- NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
- NeutronPassword: {get_param: NeutronPassword}
- NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge}
- NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface}
- NeutronDVR: {get_param: NeutronDVR}
- NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret}
- NeutronAgentMode: {get_param: NeutronComputeAgentMode}
- NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice}
- NeutronCorePlugin: {get_param: NeutronCorePlugin}
- NeutronServicePlugins: {get_param: NeutronServicePlugins}
- NeutronTypeDrivers: {get_param: NeutronTypeDrivers}
- NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers}
- NeutronAgentExtensions: {get_param: NeutronAgentExtensions}
- # L3 HA and Failover is not relevant for Computes, should be removed
- NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover}
- NeutronL3HA: {get_param: NeutronL3HA}
- NovaApiHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- NovaComputeDriver: {get_param: NovaComputeDriver}
- NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig}
- NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType}
- NovaComputeLibvirtVifDriver: {get_param: NovaComputeLibvirtVifDriver}
- NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend}
- NovaIPv6: {get_param: NovaIPv6}
- NovaPublicIP: {get_attr: [VipMap, net_ip_map, external]}
- NovaPassword: {get_param: NovaPassword}
- NovaOVSBridge: {get_param: NovaOVSBridge}
- NovaSecurityGroupAPI: {get_param: NovaSecurityGroupAPI}
- NtpServer: {get_param: NtpServer}
- RabbitHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
- RabbitPassword: {get_param: RabbitPassword}
- RabbitUserName: {get_param: RabbitUserName}
- RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
- RabbitClientPort: {get_param: RabbitClientPort}
- SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
- SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
- ServiceNetMap: {get_param: ServiceNetMap}
- TimeZone: {get_param: TimeZone}
- EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
- UpdateIdentifier: {get_param: UpdateIdentifier}
- Hostname:
- str_replace:
- template: {get_param: ComputeHostnameFormat}
- params:
- '%stackname%': {get_param: 'OS::stack_name'}
- CloudDomain: {get_param: CloudDomain}
- ServerMetadata: {get_param: ServerMetadata}
- SchedulerHints: {get_param: NovaComputeSchedulerHints}
- NodeIndex: '%index%'
- ServiceConfigSettings: {get_attr: [ComputeServiceChain, config_settings]}
-
-
- BlockStorage:
- type: OS::Heat::ResourceGroup
- depends_on: Networks
- properties:
- count: {get_param: BlockStorageCount}
- removal_policies: {get_param: BlockStorageRemovalPolicies}
- resource_def:
- type: OS::TripleO::BlockStorage
- properties:
- Debug: {get_param: Debug}
- Image: {get_param: BlockStorageImage}
- CinderISCSIHelper: {get_param: CinderISCSIHelper}
- CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
- # Purpose of the dedicated BlockStorage nodes should be to use their local LVM
- CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend}
- CinderPassword: {get_param: CinderPassword}
- KeyName: {get_param: KeyName}
- Flavor: {get_param: OvercloudBlockStorageFlavor}
- VirtualIP: {get_attr: [VipMap, net_ip_map, ctlplane]}
- GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- RabbitPassword: {get_param: RabbitPassword}
- RabbitUserName: {get_param: RabbitUserName}
- RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
- RabbitClientPort: {get_param: RabbitClientPort}
- TimeZone: {get_param: TimeZone}
- NtpServer: {get_param: NtpServer}
- UpdateIdentifier: {get_param: UpdateIdentifier}
- Hostname:
- str_replace:
- template: {get_param: BlockStorageHostnameFormat}
- params:
- '%stackname%': {get_param: 'OS::stack_name'}
- ServiceNetMap: {get_param: ServiceNetMap}
- EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
- ExtraConfig: {get_param: ExtraConfig}
- BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig}
- CloudDomain: {get_param: CloudDomain}
- ServerMetadata: {get_param: ServerMetadata}
- SchedulerHints: {get_param: BlockStorageSchedulerHints}
- NodeIndex: '%index%'
-
- ObjectStorageServiceChain:
- type: OS::TripleO::Services
- properties:
- Services: {get_param: ObjectStorageServices}
- EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
-
- ObjectStorage:
- type: OS::Heat::ResourceGroup
- depends_on: Networks
- properties:
- count: {get_param: ObjectStorageCount}
- removal_policies: {get_param: ObjectStorageRemovalPolicies}
- resource_def:
- type: OS::TripleO::ObjectStorage
- properties:
- KeyName: {get_param: KeyName}
- Flavor: {get_param: OvercloudSwiftStorageFlavor}
- HashSuffix: {get_param: SwiftHashSuffix}
- MountCheck: {get_param: SwiftMountCheck}
- MinPartHours: {get_param: SwiftMinPartHours}
- PartPower: {get_param: SwiftPartPower}
- Image: {get_param: SwiftStorageImage}
- Replicas: { get_param: SwiftReplicas}
- TimeZone: {get_param: TimeZone}
- NtpServer: {get_param: NtpServer}
- UpdateIdentifier: {get_param: UpdateIdentifier}
- ServiceNetMap: {get_param: ServiceNetMap}
- Hostname:
- str_replace:
- template: {get_param: ObjectStorageHostnameFormat}
- params:
- '%stackname%': {get_param: 'OS::stack_name'}
- ExtraConfig: {get_param: ExtraConfig}
- ObjectStorageExtraConfig: {get_param: ObjectStorageExtraConfig}
- CloudDomain: {get_param: CloudDomain}
- ServerMetadata: {get_param: ServerMetadata}
- SchedulerHints: {get_param: ObjectStorageSchedulerHints}
- NodeIndex: '%index%'
- ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, config_settings]}
-
- CephStorageServiceChain:
- type: OS::TripleO::Services
- properties:
- Services: {get_param: CephStorageServices}
- EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
-
- CephStorage:
- type: OS::Heat::ResourceGroup
- depends_on: Networks
- properties:
- count: {get_param: CephStorageCount}
- removal_policies: {get_param: CephStorageRemovalPolicies}
- resource_def:
- type: OS::TripleO::CephStorage
- properties:
- Image: {get_param: CephStorageImage}
- KeyName: {get_param: KeyName}
- Flavor: {get_param: OvercloudCephStorageFlavor}
- NtpServer: {get_param: NtpServer}
- ServiceNetMap: {get_param: ServiceNetMap}
- TimeZone: {get_param: TimeZone}
- UpdateIdentifier: {get_param: UpdateIdentifier}
- Hostname:
- str_replace:
- template: {get_param: CephStorageHostnameFormat}
- params:
- '%stackname%': {get_param: 'OS::stack_name'}
- ExtraConfig: {get_param: ExtraConfig}
- CephStorageExtraConfig: {get_param: CephStorageExtraConfig}
- CloudDomain: {get_param: CloudDomain}
- ServerMetadata: {get_param: ServerMetadata}
- SchedulerHints: {get_param: CephStorageSchedulerHints}
- NodeIndex: '%index%'
- ServiceConfigSettings: {get_attr: [CephStorageServiceChain, config_settings]}
-
- ControllerIpListMap:
- type: OS::TripleO::Network::Ports::NetIpListMap
- properties:
- ControlPlaneIpList: {get_attr: [Controller, ip_address]}
- ExternalIpList: {get_attr: [Controller, external_ip_address]}
- InternalApiIpList: {get_attr: [Controller, internal_api_ip_address]}
- StorageIpList: {get_attr: [Controller, storage_ip_address]}
- StorageMgmtIpList: {get_attr: [Controller, storage_mgmt_ip_address]}
- TenantIpList: {get_attr: [Controller, tenant_ip_address]}
- ManagementIpList: {get_attr: [Controller, management_ip_address]}
-
- allNodesConfig:
- type: OS::TripleO::AllNodes::SoftwareConfig
- properties:
- compute_hosts: {get_attr: [Compute, hosts_entry]}
- controller_hosts: {get_attr: [Controller, hosts_entry]}
- controller_ips: {get_attr: [Controller, ip_address]}
- block_storage_hosts: {get_attr: [BlockStorage, hosts_entry]}
- object_storage_hosts: {get_attr: [ObjectStorage, hosts_entry]}
- ceph_storage_hosts: {get_attr: [CephStorage, hosts_entry]}
- controller_names: {get_attr: [Controller, hostname]}
- rabbit_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
- mongo_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
- redis_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
- memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
- mysql_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- horizon_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- heat_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- swift_proxy_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- ceilometer_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
- aodh_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
- gnocchi_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
- nova_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- nova_metadata_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
- glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- glance_registry_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- cinder_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
- neutron_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
- keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- sahara_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
- DeployIdentifier: {get_param: DeployIdentifier}
- UpdateIdentifier: {get_param: UpdateIdentifier}
-
- MysqlRootPassword:
- type: OS::Heat::RandomString
- properties:
- length: 10
-
- MysqlClusterUniquePart:
- type: OS::Heat::RandomString
- properties:
- length: 10
-
- RabbitCookie:
- type: OS::Heat::RandomString
- properties:
- length: 20
- salt: {get_param: RabbitCookieSalt}
-
- # creates the network architecture
- Networks:
- type: OS::TripleO::Network
-
- ControlVirtualIP:
- type: OS::Neutron::Port
- depends_on: Networks
- properties:
- name: control_virtual_ip
- network: {get_param: NeutronControlPlaneID}
- fixed_ips: {get_param: ControlFixedIPs}
- replacement_policy: AUTO
-
- RedisVirtualIP:
- depends_on: Networks
- type: OS::TripleO::Network::Ports::RedisVipPort
- properties:
- ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- ControlPlaneNetwork: {get_param: NeutronControlPlaneID}
- PortName: redis_virtual_ip
- NetworkName: {get_param: [ServiceNetMap, RedisNetwork]}
- ServiceName: redis
-
- # The public VIP is on the External net, falls back to ctlplane
- PublicVirtualIP:
- depends_on: Networks
- type: OS::TripleO::Network::Ports::ExternalVipPort
- properties:
- ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- ControlPlaneNetwork: {get_param: NeutronControlPlaneID}
- PortName: public_virtual_ip
- FixedIPs: {get_param: PublicVirtualFixedIPs}
-
- InternalApiVirtualIP:
- depends_on: Networks
- type: OS::TripleO::Network::Ports::InternalApiVipPort
- properties:
- ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- PortName: internal_api_virtual_ip
- FixedIPs: {get_param: InternalApiVirtualFixedIPs}
-
- StorageVirtualIP:
- depends_on: Networks
- type: OS::TripleO::Network::Ports::StorageVipPort
- properties:
- ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- PortName: storage_virtual_ip
- FixedIPs: {get_param: StorageVirtualFixedIPs}
-
- StorageMgmtVirtualIP:
- depends_on: Networks
- type: OS::TripleO::Network::Ports::StorageMgmtVipPort
- properties:
- ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- PortName: storage_management_virtual_ip
- FixedIPs: {get_param: StorageMgmtVirtualFixedIPs}
-
- VipMap:
- type: OS::TripleO::Network::Ports::NetVipMap
- properties:
- ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- ExternalIp: {get_attr: [PublicVirtualIP, ip_address]}
- ExternalIpUri: {get_attr: [PublicVirtualIP, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]}
- InternalApiIpUri: {get_attr: [InternalApiVirtualIP, ip_address_uri]}
- StorageIp: {get_attr: [StorageVirtualIP, ip_address]}
- StorageIpUri: {get_attr: [StorageVirtualIP, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]}
- # No tenant or management VIP required
-
- VipConfig:
- type: OS::TripleO::VipConfig
-
- VipDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: VipDeployment
- config: {get_resource: VipConfig}
- servers: {get_attr: [Controller, attributes, nova_server_resource]}
- input_values:
- # service VIP mappings
- keystone_admin_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- keystone_public_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
- neutron_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- cinder_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
- glance_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- glance_registry_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- swift_proxy_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- nova_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- nova_metadata_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
- ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
- aodh_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
- gnocchi_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
- heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- redis_vip: {get_attr: [RedisVirtualIP, ip_address]}
- mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
- # direct configuration of Virtual IPs for each network
- control_virtual_ip: {get_attr: [VipMap, net_ip_map, ctlplane]}
- public_virtual_ip: {get_attr: [VipMap, net_ip_map, external]}
- internal_api_virtual_ip: {get_attr: [VipMap, net_ip_map, internal_api]}
- sahara_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
- storage_virtual_ip: {get_attr: [VipMap, net_ip_map, storage]}
- storage_mgmt_virtual_ip: {get_attr: [VipMap, net_ip_map, storage_mgmt]}
-
- ControllerBootstrapNodeConfig:
- type: OS::TripleO::BootstrapNode::SoftwareConfig
- properties:
- bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]}
- bootstrap_nodeid_ip: {get_attr: [Controller, resource.0.ip_address]}
-
- ControllerBootstrapNodeDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: ControllerBootstrapNodeDeployment
- config: {get_attr: [ControllerBootstrapNodeConfig, config_id]}
- servers: {get_attr: [Controller, attributes, nova_server_resource]}
-
- ControllerSwiftDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: ControllerSwiftDeployment
- config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]}
- servers: {get_attr: [Controller, attributes, nova_server_resource]}
-
- ObjectStorageSwiftDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: ObjectStorageSwiftDeployment
- config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]}
- servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]}
-
- SwiftDevicesAndProxyConfig:
- type: OS::TripleO::SwiftDevicesAndProxy::SoftwareConfig
- properties:
- controller_swift_devices: {get_attr: [Controller, swift_device]}
- object_store_swift_devices: {get_attr: [ObjectStorage, swift_device]}
- controller_swift_proxy_memcaches: {get_attr: [Controller, swift_proxy_memcache]}
-
- ComputeCephDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: ComputeCephDeployment
- config: {get_attr: [CephClusterConfig, config_id]}
- servers: {get_attr: [Compute, attributes, nova_server_resource]}
-
- ControllerCephDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: ControllerCephDeployment
- config: {get_attr: [CephClusterConfig, config_id]}
- servers: {get_attr: [Controller, attributes, nova_server_resource]}
-
- CephStorageCephDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: CephStorageCephDeployment
- config: {get_attr: [CephClusterConfig, config_id]}
- servers: {get_attr: [CephStorage, attributes, nova_server_resource]}
-
- CephClusterConfig:
- type: OS::TripleO::CephClusterConfig::SoftwareConfig
- properties:
- ceph_storage_count: {get_param: CephStorageCount}
- ceph_fsid: {get_param: CephClusterFSID}
- ceph_mon_key: {get_param: CephMonKey}
- ceph_admin_key: {get_param: CephAdminKey}
- ceph_client_key: {get_param: CephClientKey}
- ceph_external_mon_ips: {get_param: CephExternalMonHost}
- ceph_mon_names: {get_attr: [Controller, hostname]}
- ceph_mon_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
-
- ControllerAllNodesDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: ControllerAllNodesDeployment
- config: {get_attr: [allNodesConfig, config_id]}
- servers: {get_attr: [Controller, attributes, nova_server_resource]}
-
- ComputeAllNodesDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: ComputeAllNodesDeployment
- config: {get_attr: [allNodesConfig, config_id]}
- servers: {get_attr: [Compute, attributes, nova_server_resource]}
-
- BlockStorageAllNodesDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: BlockStorageAllNodesDeployment
- config: {get_attr: [allNodesConfig, config_id]}
- servers: {get_attr: [BlockStorage, attributes, nova_server_resource]}
-
- ObjectStorageAllNodesDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: ObjectStorageAllNodesDeployment
- config: {get_attr: [allNodesConfig, config_id]}
- servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]}
-
- CephStorageAllNodesDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: CephStorageAllNodesDeployment
- config: {get_attr: [allNodesConfig, config_id]}
- servers: {get_attr: [CephStorage, attributes, nova_server_resource]}
-
- # All Nodes Validations
- AllNodesValidationConfig:
- type: OS::TripleO::AllNodes::Validation
- properties:
- PingTestIps:
- list_join:
- - ' '
- - - {get_attr: [Controller, resource.0.external_ip_address]}
- - {get_attr: [Controller, resource.0.internal_api_ip_address]}
- - {get_attr: [Controller, resource.0.storage_ip_address]}
- - {get_attr: [Controller, resource.0.storage_mgmt_ip_address]}
- - {get_attr: [Controller, resource.0.tenant_ip_address]}
-
- ControllerAllNodesValidationDeployment:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerAllNodesDeployment
- properties:
- name: ControllerAllNodesValidationDeployment
- config: {get_resource: AllNodesValidationConfig}
- servers: {get_attr: [Controller, attributes, nova_server_resource]}
-
- ComputeAllNodesValidationDeployment:
- type: OS::Heat::StructuredDeployments
- depends_on: ComputeAllNodesDeployment
- properties:
- name: ComputeAllNodesValidationDeployment
- config: {get_resource: AllNodesValidationConfig}
- servers: {get_attr: [Compute, attributes, nova_server_resource]}
-
- BlockStorageAllNodesValidationDeployment:
- type: OS::Heat::StructuredDeployments
- depends_on: BlockStorageAllNodesDeployment
- properties:
- name: BlockStorageAllNodesValidationDeployment
- config: {get_resource: AllNodesValidationConfig}
- servers: {get_attr: [BlockStorage, attributes, nova_server_resource]}
-
- ObjectStorageAllNodesValidationDeployment:
- type: OS::Heat::StructuredDeployments
- depends_on: ObjectStorageAllNodesDeployment
- properties:
- name: ObjectStorageAllNodesValidationDeployment
- config: {get_resource: AllNodesValidationConfig}
- servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]}
-
- CephStorageAllNodesValidationDeployment:
- type: OS::Heat::StructuredDeployments
- depends_on: CephStorageAllNodesDeployment
- properties:
- name: CephStorageAllNodesValidationDeployment
- config: {get_resource: AllNodesValidationConfig}
- servers: {get_attr: [CephStorage, attributes, nova_server_resource]}
-
- UpdateWorkflow:
- type: OS::TripleO::Tasks::UpdateWorkflow
- properties:
- controller_servers: {get_attr: [Controller, attributes, nova_server_resource]}
- compute_servers: {get_attr: [Compute, attributes, nova_server_resource]}
- blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]}
- objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]}
- cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]}
- input_values:
- deploy_identifier: {get_param: DeployIdentifier}
- update_identifier: {get_param: UpdateIdentifier}
-
- # Optional ExtraConfig for all nodes - all roles are passed in here, but
- # the nested template may configure each role differently (or not at all)
- AllNodesExtraConfig:
- type: OS::TripleO::AllNodesExtraConfig
- depends_on:
- - UpdateWorkflow
- - ComputeAllNodesValidationDeployment
- - BlockStorageAllNodesValidationDeployment
- - ObjectStorageAllNodesValidationDeployment
- - CephStorageAllNodesValidationDeployment
- - ControllerAllNodesValidationDeployment
- properties:
- controller_servers: {get_attr: [Controller, attributes, nova_server_resource]}
- compute_servers: {get_attr: [Compute, attributes, nova_server_resource]}
- blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]}
- objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]}
- cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]}
-
- # Nested stack deployment runs after all other controller deployments
- ControllerNodesPostDeployment:
- type: OS::TripleO::ControllerPostDeployment
- depends_on: [ControllerBootstrapNodeDeployment, ControllerAllNodesDeployment, ControllerSwiftDeployment, ControllerCephDeployment]
- properties:
- servers: {get_attr: [Controller, attributes, nova_server_resource]}
- NodeConfigIdentifiers:
- allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
- controller_config: {get_attr: [Controller, attributes, config_identifier]}
- deployment_identifier: {get_param: DeployIdentifier}
- StepConfig: {get_attr: [ControllerServiceChain, step_config]}
-
- ComputeNodesPostDeployment:
- type: OS::TripleO::ComputePostDeployment
- depends_on: [ComputeAllNodesDeployment, ComputeCephDeployment]
- properties:
- servers: {get_attr: [Compute, attributes, nova_server_resource]}
- NodeConfigIdentifiers:
- allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
- compute_config: {get_attr: [Compute, attributes, config_identifier]}
- deployment_identifier: {get_param: DeployIdentifier}
- StepConfig: {get_attr: [ComputeServiceChain, step_config]}
-
- ObjectStorageNodesPostDeployment:
- type: OS::TripleO::ObjectStoragePostDeployment
- depends_on: [ObjectStorageSwiftDeployment, ObjectStorageAllNodesDeployment]
- properties:
- servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]}
- NodeConfigIdentifiers:
- allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
- objectstorage_config: {get_attr: [ObjectStorage, attributes, config_identifier]}
- deployment_identifier: {get_param: DeployIdentifier}
- StepConfig: {get_attr: [ObjectStorageServiceChain, step_config]}
-
- BlockStorageNodesPostDeployment:
- type: OS::TripleO::BlockStoragePostDeployment
- depends_on: [ControllerNodesPostDeployment, BlockStorageAllNodesDeployment]
- properties:
- servers: {get_attr: [BlockStorage, attributes, nova_server_resource]}
- NodeConfigIdentifiers:
- allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
- blockstorage_config: {get_attr: [BlockStorage, attributes, config_identifier]}
- deployment_identifier: {get_param: DeployIdentifier}
-
- CephStorageNodesPostDeployment:
- type: OS::TripleO::CephStoragePostDeployment
- depends_on: [ControllerNodesPostDeployment, CephStorageCephDeployment, CephStorageAllNodesDeployment]
- properties:
- servers: {get_attr: [CephStorage, attributes, nova_server_resource]}
- NodeConfigIdentifiers:
- allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]}
- cephstorage_config: {get_attr: [CephStorage, attributes, config_identifier]}
- deployment_identifier: {get_param: DeployIdentifier}
- StepConfig: {get_attr: [CephStorageServiceChain, step_config]}
-
-outputs:
- KeystoneURL:
- description: URL for the Overcloud Keystone service
- value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]}
- KeystoneAdminVip:
- description: Keystone Admin VIP endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- PublicVip:
- description: Controller VIP for public API endpoints
- value: {get_attr: [VipMap, net_ip_map, external]}
- AodhInternalVip:
- description: VIP for Aodh API internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
- CeilometerInternalVip:
- description: VIP for Ceilometer API internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
- CinderInternalVip:
- description: VIP for Cinder API internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
- GlanceInternalVip:
- description: VIP for Glance API internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- GnocchiInternalVip:
- description: VIP for Gnocchi API internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
- HeatInternalVip:
- description: VIP for Heat API internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- KeystoneInternalVip:
- description: VIP for Keystone API internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
- NeutronInternalVip:
- description: VIP for Neutron API internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- NovaInternalVip:
- description: VIP for Nova API internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- SaharaInternalVip:
- description: VIP for Sahara API internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
- SwiftInternalVip:
- description: VIP for Swift Proxy internal endpoint
- value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- EndpointMap:
- description: |
- Mapping of the resources with the needed info for their endpoints.
- This includes the protocol used, the IP, port and also a full
- representation of the URI.
- value: {get_attr: [EndpointMap, endpoint_map]}
- HostsEntry:
- description: |
- The content that should be appended to your /etc/hosts if you want to get
- hostname-based access to the deployed nodes (useful for testing without
- setting up a DNS).
- value: {get_attr: [allNodesConfig, hosts_entries]}
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index b065ddd2..c764d4ef 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -1,64 +1,47 @@
-heat_template_version: 2015-04-30
+heat_template_version: 2016-10-14
description: 'All Nodes Config for Puppet'
parameters:
- compute_hosts:
- type: comma_delimited_list
- controller_hosts:
+ cloud_name_external:
+ type: string
+ cloud_name_internal_api:
+ type: string
+ cloud_name_storage:
+ type: string
+ cloud_name_storage_mgmt:
+ type: string
+ cloud_name_ctlplane:
+ type: string
+ hosts:
type: comma_delimited_list
+ # FIXME(shardy) this can be comma_delimited_list when
+ # https://bugs.launchpad.net/heat/+bug/1617019 is fixed
+ enabled_services:
+ type: string
controller_ips:
type: comma_delimited_list
- block_storage_hosts:
- type: comma_delimited_list
- object_storage_hosts:
- type: comma_delimited_list
- ceph_storage_hosts:
- type: comma_delimited_list
+ service_ips:
+ type: json
+ service_node_names:
+ type: json
controller_names:
type: comma_delimited_list
- rabbit_node_ips:
- type: comma_delimited_list
- mongo_node_ips:
- type: comma_delimited_list
- redis_node_ips:
- type: comma_delimited_list
memcache_node_ips:
type: comma_delimited_list
- mysql_node_ips:
- type: comma_delimited_list
- horizon_node_ips:
- type: comma_delimited_list
- heat_api_node_ips:
- type: comma_delimited_list
- swift_proxy_node_ips:
- type: comma_delimited_list
- ceilometer_api_node_ips:
- type: comma_delimited_list
- aodh_api_node_ips:
- type: comma_delimited_list
- nova_api_node_ips:
- type: comma_delimited_list
- nova_metadata_node_ips:
- type: comma_delimited_list
- glance_api_node_ips:
- type: comma_delimited_list
- glance_registry_node_ips:
- type: comma_delimited_list
- gnocchi_api_node_ips:
- type: comma_delimited_list
- cinder_api_node_ips:
- type: comma_delimited_list
- neutron_api_node_ips:
- type: comma_delimited_list
keystone_public_api_node_ips:
type: comma_delimited_list
keystone_admin_api_node_ips:
type: comma_delimited_list
- sahara_api_node_ips:
- type: comma_delimited_list
-
+ NetVipMap:
+ type: json
+ RedisVirtualIP:
+ type: string
+ default: ''
+ ServiceNetMap:
+ type: json
DeployIdentifier:
type: string
+ default: ''
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
@@ -84,232 +67,149 @@ resources:
hosts:
list_join:
- "\n"
- - - list_join:
- - "\n"
- - {get_param: compute_hosts}
- - list_join:
- - "\n"
- - {get_param: controller_hosts}
- - list_join:
- - "\n"
- - {get_param: block_storage_hosts}
- - list_join:
- - "\n"
- - {get_param: object_storage_hosts}
- - list_join:
- - "\n"
- - {get_param: ceph_storage_hosts}
+ - {get_param: hosts}
hiera:
datafiles:
- RedHat:
- raw_data: {get_file: hieradata/RedHat.yaml}
+ bootstrap_node:
+ mapped_data:
+ bootstrap_nodeid: {get_input: bootstrap_nodeid}
+ bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
all_nodes:
mapped_data:
- controller_node_ips:
- list_join:
- - ','
- - {get_param: controller_ips}
- controller_node_names:
- list_join:
- - ','
- - {get_param: controller_names}
- galera_node_names:
- list_join:
- - ','
- - {get_param: controller_names}
- rabbit_node_ips: &rabbit_nodes_array
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: rabbit_node_ips}
- mongo_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: mongo_node_ips}
- redis_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: redis_node_ips}
- memcache_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: memcache_node_ips}
- memcache_node_ips_v6:
- str_replace:
- template: "['inet6:[SERVERS_LIST]']"
- params:
- SERVERS_LIST:
- list_join:
- - "]','inet6:["
- - {get_param: memcache_node_ips}
- mysql_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: mysql_node_ips}
- horizon_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: horizon_node_ips}
- heat_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: heat_api_node_ips}
- swift_proxy_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: swift_proxy_node_ips}
- ceilometer_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: ceilometer_api_node_ips}
- aodh_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: aodh_api_node_ips}
- gnocchi_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: gnocchi_api_node_ips}
- nova_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: nova_api_node_ips}
- nova_metadata_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: nova_metadata_node_ips}
- glance_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: glance_api_node_ips}
- glance_registry_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: glance_registry_node_ips}
- cinder_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: cinder_api_node_ips}
- neutron_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: neutron_api_node_ips}
- # TODO: pass a `midonet_api_node_ips` var
- midonet_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: neutron_api_node_ips}
- keystone_public_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: keystone_public_api_node_ips}
- keystone_admin_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: keystone_admin_api_node_ips}
- sahara_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: sahara_api_node_ips}
+ map_merge:
+ - enabled_services: {get_param: enabled_services}
+ # This writes out a mapping of service_name_enabled: 'true'
+ # For any services not enabled, hiera foo_enabled will
+ # return nil, as it's undefined
+ - map_merge:
+ repeat:
+ template:
+ # Note this must be string 'true' due to
+ # https://bugs.launchpad.net/heat/+bug/1617203
+ SERVICE_enabled: 'true'
+ for_each:
+ SERVICE:
+ str_split: [',', {get_param: enabled_services}]
+ # Dynamically generate per-service network data
+ # This works as follows (outer->inner functions)
+ # yaql - filters services where no mapping exists in ServiceNetMap
+ # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
+ # map_merge/repeat: generate a per-service mapping
+ - yaql:
+ # This filters any entries where the value hasn't been substituted for
+ # a list, e.g it's still $service_network. This happens when there is
+ # no network defined for the service in the ServiceNetMap, which is OK
+ # as not all services have to be bound to a network, so we filter them
+ expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
+ data:
+ map:
+ map_replace:
+ - map_merge:
+ repeat:
+ template:
+ SERVICE_network: SERVICE_network
+ for_each:
+ SERVICE:
+ str_split: [',', {get_param: enabled_services}]
+ - values: {get_param: ServiceNetMap}
+ # Keystone doesn't provide separate entries for the public
+ # and admin endpoints, so we need to add them here manually
+ # like we do in the vip-config below
+ - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
+ keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
+ # provides a mapping of service_name_ips to a list of IPs
+ - {get_param: service_ips}
+ - {get_param: service_node_names}
+ - controller_node_ips:
+ list_join:
+ - ','
+ - {get_param: controller_ips}
+ controller_node_names:
+ list_join:
+ - ','
+ - {get_param: controller_names}
+ memcached_node_ips_v6:
+ str_replace:
+ template: "['inet6:[SERVERS_LIST]']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "]','inet6:["
+ - {get_param: memcache_node_ips}
+ keystone_public_api_node_ips:
+ str_replace:
+ template: "['SERVERS_LIST']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "','"
+ - {get_param: keystone_public_api_node_ips}
+ keystone_admin_api_node_ips:
+ str_replace:
+ template: "['SERVERS_LIST']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "','"
+ - {get_param: keystone_admin_api_node_ips}
- # NOTE(gfidente): interpolation with %{} in the
- # hieradata file can't be used as it returns string
- ceilometer::rabbit_hosts: *rabbit_nodes_array
- aodh::rabbit_hosts: *rabbit_nodes_array
- cinder::rabbit_hosts: *rabbit_nodes_array
- glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array
- heat::rabbit_hosts: *rabbit_nodes_array
- neutron::rabbit_hosts: *rabbit_nodes_array
- nova::rabbit_hosts: *rabbit_nodes_array
- keystone::rabbit_hosts: *rabbit_nodes_array
- sahara::rabbit_hosts: *rabbit_nodes_array
-
- deploy_identifier: {get_param: DeployIdentifier}
- update_identifier: {get_param: UpdateIdentifier}
- stack_action: {get_param: StackAction}
+ deploy_identifier: {get_param: DeployIdentifier}
+ update_identifier: {get_param: UpdateIdentifier}
+ stack_action: {get_param: StackAction}
+ vip_data:
+ mapped_data:
+ map_merge:
+ # Dynamically generate per-service VIP data based on enabled_services
+ # This works as follows (outer->inner functions)
+ # yaql - filters services where no mapping exists in ServiceNetMap
+ # map_replace: substitute e.g internal_api with the IP from NetVipMap
+ # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
+ # map_merge/repeat: generate a per-service mapping
+ - yaql:
+ # This filters any entries where the value hasn't been substituted for
+ # a list, e.g it's still $service_network. This happens when there is
+ # no network defined for the service in the ServiceNetMap, which is OK
+ # as not all services have to be bound to a network, so we filter them
+ expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
+ data:
+ map:
+ map_replace:
+ - map_replace:
+ - map_merge:
+ repeat:
+ template:
+ SERVICE_vip: SERVICE_network
+ for_each:
+ SERVICE:
+ str_split: [',', {get_param: enabled_services}]
+ - values: {get_param: ServiceNetMap}
+ - values: {get_param: NetVipMap}
+ - keystone_admin_api_vip:
+ get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
+ keystone_public_api_vip:
+ get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
+ public_virtual_ip: {get_param: [NetVipMap, external]}
+ controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
+ storage_virtual_ip: {get_param: [NetVipMap, storage]}
+ storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
+ redis_vip: {get_param: RedisVirtualIP}
+ # public_virtual_ip and controller_virtual_ip are needed in
+ # both HAproxy & keepalived.
+ tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
+ tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
+ tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
+ tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
+ tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
+ tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
+ tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
+ cloud_name_external: {get_param: cloud_name_external}
+ cloud_name_internal_api: {get_param: cloud_name_internal_api}
+ cloud_name_storage: {get_param: cloud_name_storage}
+ cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
+ cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
outputs:
config_id:
diff --git a/puppet/blockstorage-config.yaml b/puppet/blockstorage-config.yaml
new file mode 100644
index 00000000..e455c4cb
--- /dev/null
+++ b/puppet/blockstorage-config.yaml
@@ -0,0 +1,41 @@
+heat_template_version: 2015-04-30
+
+description: >
+ A software config which runs manifests/overcloud_volume.pp
+
+parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
+
+resources:
+
+ BlockStoragePuppetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
+ enable_hiera: True
+ enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ inputs:
+ - name: step
+ type: Number
+ outputs:
+ - name: result
+ config:
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_volume.pp
+ - {get_param: StepConfig}
+
+outputs:
+ OS::stack_id:
+ description: The software config which runs overcloud_controller.pp
+ value: {get_resource: BlockStoragePuppetConfigImpl}
diff --git a/puppet/bootstrap-config.yaml b/puppet/bootstrap-config.yaml
deleted file mode 100644
index d88eebdf..00000000
--- a/puppet/bootstrap-config.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-heat_template_version: 2015-04-30
-description: 'Bootstrap Config Puppet'
-
-parameters:
- bootstrap_nodeid:
- type: string
- bootstrap_nodeid_ip:
- type: string
-
-resources:
-
- BootstrapNodeConfigImpl:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- bootstrap_node:
- mapped_data:
- bootstrap_nodeid: {get_param: bootstrap_nodeid}
- bootstrap_nodeid_ip: {get_param: bootstrap_nodeid_ip}
-
-outputs:
- config_id:
- description: The ID of the BootstrapNodeConfigImpl resource.
- value:
- {get_resource: BootstrapNodeConfigImpl}
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
deleted file mode 100644
index f5873ddb..00000000
--- a/puppet/ceph-cluster-config.yaml
+++ /dev/null
@@ -1,141 +0,0 @@
-heat_template_version: 2015-04-30
-description: 'Ceph Cluster config data for Puppet'
-
-parameters:
- ceph_storage_count:
- default: 0
- type: number
- description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation.
- ceph_external_mon_ips:
- default: ''
- type: string
- description: List of external Ceph Mon host IPs.
- ceph_client_key:
- default: ''
- type: string
- description: Ceph key used to create the client user keyring.
- ceph_fsid:
- default: ''
- type: string
- ceph_admin_key:
- default: ''
- type: string
- ceph_mon_key:
- default: ''
- type: string
- ceph_mon_names:
- type: comma_delimited_list
- ceph_mon_ips:
- type: comma_delimited_list
- NovaRbdPoolName:
- default: vms
- type: string
- CinderRbdPoolName:
- default: volumes
- type: string
- GlanceRbdPoolName:
- default: images
- type: string
- GnocchiRbdPoolName:
- default: metrics
- type: string
- CephClientUserName:
- default: openstack
- type: string
- CephIPv6:
- default: False
- type: boolean
-
-resources:
- CephClusterConfigImpl:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- ceph_cluster:
- mapped_data:
- ceph_ipv6: {get_param: CephIPv6}
- ceph_storage_count: {get_param: ceph_storage_count}
- ceph_mon_initial_members:
- list_join:
- - ','
- - {get_param: ceph_mon_names}
- ceph_mon_host:
- list_join:
- - ','
- - {get_param: ceph_mon_ips}
- ceph_mon_host_v6:
- str_replace:
- template: "'[IPS_LIST]'"
- params:
- IPS_LIST:
- list_join:
- - '],['
- - {get_param: ceph_mon_ips}
- ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
- ceph::profile::params::fsid: {get_param: ceph_fsid}
- ceph::profile::params::mon_key: {get_param: ceph_mon_key}
- # We should use a separated key for the non-admin clients
- ceph::profile::params::client_keys:
- str_replace:
- template: "{
- client.admin: {
- secret: 'ADMIN_KEY',
- mode: '0600',
- cap_mon: 'allow *',
- cap_osd: 'allow *',
- cap_mds: 'allow *'
- },
- client.bootstrap-osd: {
- secret: 'ADMIN_KEY',
- keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
- cap_mon: 'allow profile bootstrap-osd'
- },
- client.CLIENT_USER: {
- secret: 'CLIENT_KEY',
- mode: '0644',
- cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
- }
- }"
- params:
- CLIENT_USER: {get_param: CephClientUserName}
- CLIENT_KEY: {get_param: ceph_client_key}
- ADMIN_KEY: {get_param: ceph_admin_key}
- NOVA_POOL: {get_param: NovaRbdPoolName}
- CINDER_POOL: {get_param: CinderRbdPoolName}
- GLANCE_POOL: {get_param: GlanceRbdPoolName}
- GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
- nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
- cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
- glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
- gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
- gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
- nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
- glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
- nova::compute::rbd::rbd_keyring:
- list_join:
- - '.'
- - - 'client'
- - {get_param: CephClientUserName}
- gnocchi::storage::ceph::ceph_keyring:
- list_join:
- - '.'
- - - '/etc/ceph/ceph'
- - 'client'
- - {get_param: CephClientUserName}
- - 'keyring'
- ceph_client_user_name: {get_param: CephClientUserName}
- ceph_pools:
- - {get_param: CinderRbdPoolName}
- - {get_param: NovaRbdPoolName}
- - {get_param: GlanceRbdPoolName}
- - {get_param: GnocchiRbdPoolName}
-
-outputs:
- config_id:
- description: The ID of the CephClusterConfigImpl resource.
- value:
- {get_resource: CephClusterConfigImpl}
diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml
deleted file mode 100644
index 2b9ae751..00000000
--- a/puppet/ceph-storage-post.yaml
+++ /dev/null
@@ -1,80 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- OpenStack ceph storage node post deployment for Puppet
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- servers:
- type: json
- NodeConfigIdentifiers:
- type: json
- description: Value which changes if the node configuration may need to be re-applied
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- CephStorageArtifactsConfig:
- type: deploy-artifacts.yaml
-
- CephStorageArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: servers}
- config: {get_resource: CephStorageArtifactsConfig}
- input_values:
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- CephStoragePuppetConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- inputs:
- - name: step
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_cephstorage.pp
- - {get_param: StepConfig}
-
- CephStorageDeployment_Step2:
- type: OS::Heat::StructuredDeployments
- depends_on: CephStorageArtifactsDeploy
- properties:
- name: CephStorageDeployment_Step2
- servers: {get_param: servers}
- config: {get_resource: CephStoragePuppetConfig}
- input_values:
- step: 2
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- CephStorageDeployment_Step3:
- type: OS::Heat::StructuredDeployments
- depends_on: CephStorageDeployment_Step2
- properties:
- name: CephStorageDeployment_Step3
- servers: {get_param: servers}
- config: {get_resource: CephStoragePuppetConfig}
- input_values:
- step: 3
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- ExtraConfig:
- depends_on: CephStorageDeployment_Step3
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: servers}
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index eedb35e4..03a53b00 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -1,14 +1,15 @@
-heat_template_version: 2015-04-30
+heat_template_version: 2016-10-14
description: 'OpenStack ceph storage node configured by Puppet'
parameters:
- Flavor:
+ OvercloudCephStorageFlavor:
description: Flavor for the Ceph Storage node.
+ default: baremetal
type: string
constraints:
- custom_constraint: nova.flavor
- Image:
+ CephStorageImage:
type: string
- default: overcloud-ceph-storage
+ default: overcloud-full
constraints:
- custom_constraint: glance.image
ImageUpdatePolicy:
@@ -21,23 +22,16 @@ parameters:
default: default
constraints:
- custom_constraint: nova.keypair
- NtpServer:
- default: ''
- description: Comma-separated list of ntp servers
- type: comma_delimited_list
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
- TimeZone:
- default: 'UTC'
- description: The timezone to be set on Ceph nodes.
- type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
UpdateIdentifier:
default: ''
type: string
@@ -78,7 +72,6 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
- default: ''
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
@@ -89,7 +82,7 @@ parameters:
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
- SchedulerHints:
+ CephStorageSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
@@ -99,14 +92,33 @@ parameters:
ServiceConfigSettings:
type: json
default: {}
+ ServiceNames:
+ type: comma_delimited_list
+ default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
+ ConfigCommand:
+ type: string
+ description: Command which will be run whenever configuration data changes
+ default: os-refresh-config --timeout 14400
+ LoggingSources:
+ type: json
+ default: []
+ LoggingGroups:
+ type: comma_delimited_list
+ default: []
resources:
CephStorage:
- type: OS::Nova::Server
+ type: OS::TripleO::Server
+ metadata:
+ os-collect-config:
+ command: {get_param: ConfigCommand}
properties:
- image: {get_param: Image}
+ image: {get_param: CephStorageImage}
image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: Flavor}
+ flavor: {get_param: OvercloudCephStorageFlavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
@@ -118,7 +130,7 @@ resources:
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
- scheduler_hints: {get_param: SchedulerHints}
+ scheduler_hints: {get_param: CephStorageSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
@@ -232,12 +244,7 @@ resources:
config: {get_resource: CephStorageConfig}
server: {get_resource: CephStorage}
input_values:
- ntp_servers: {get_param: NtpServer}
- timezone: {get_param: TimeZone}
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
- ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
CephStorageConfig:
type: OS::Heat::StructuredConfig
@@ -250,36 +257,32 @@ resources:
- heat_config_%{::deploy_config_name}
- ceph_extraconfig
- extraconfig
+ - service_names
- service_configs
- - ceph_cluster # provided by CephClusterConfig
- - ceph
+ - bootstrap_node # provided by allNodesConfig
+ - all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- - common
- - network
merge_behavior: deeper
datafiles:
+ service_names:
+ mapped_data:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
- mapped_data: {get_param: ServiceConfigSettings}
- common:
- raw_data: {get_file: hieradata/common.yaml}
- network:
mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
ceph_extraconfig:
mapped_data: {get_param: CephStorageExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
ceph:
- raw_data: {get_file: hieradata/ceph.yaml}
mapped_data:
- ntp::servers: {get_input: ntp_servers}
- timezone::timezone: {get_input: timezone}
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
- ceph::profile::params::public_network: {get_input: ceph_public_network}
+ tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
+ tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -316,6 +319,12 @@ resources:
get_param: UpdateIdentifier
outputs:
+ ip_address:
+ description: IP address of the server in the ctlplane network
+ value: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ hostname:
+ description: Hostname of the server
+ value: {get_attr: [CephStorage, name]}
hosts_entry:
value:
str_replace:
@@ -327,6 +336,7 @@ outputs:
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -367,6 +377,12 @@ outputs:
- '.'
- - {get_attr: [CephStorage, name]}
- management
+ CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [CephStorage, name]}
+ - ctlplane
nova_server_resource:
description: Heat resource handle for the ceph storage server
value:
@@ -389,12 +405,3 @@ outputs:
management_ip_address:
description: IP address of the server in the management network
value: {get_attr: [ManagementPort, ip_address]}
- config_identifier:
- description: identifier which changes if the node configuration may need re-applying
- value:
- list_join:
- - ','
- - - {get_attr: [CephStorageDeployment, deploy_stdout]}
- - {get_attr: [NodeTLSCAData, deploy_stdout]}
- - {get_attr: [CephStorageExtraConfigPre, deploy_stdout]}
- - {get_param: UpdateIdentifier}
diff --git a/puppet/cephstorage-config.yaml b/puppet/cephstorage-config.yaml
new file mode 100644
index 00000000..3f428609
--- /dev/null
+++ b/puppet/cephstorage-config.yaml
@@ -0,0 +1,41 @@
+heat_template_version: 2015-04-30
+
+description: >
+ A software config which runs manifests/overcloud_cephstorage.pp
+
+parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
+
+resources:
+
+ CephStoragePuppetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
+ enable_hiera: True
+ enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ inputs:
+ - name: step
+ type: Number
+ outputs:
+ - name: result
+ config:
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_cephstorage.pp
+ - {get_param: StepConfig}
+
+outputs:
+ OS::stack_id:
+ description: The software config which runs overcloud_controller.pp
+ value: {get_resource: CephStoragePuppetConfigImpl}
diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml
deleted file mode 100644
index f470203f..00000000
--- a/puppet/cinder-storage-post.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-heat_template_version: 2015-04-30
-description: 'OpenStack cinder storage post deployment for Puppet'
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- servers:
- type: json
- NodeConfigIdentifiers:
- type: json
- description: Value which changes if the node configuration may need to be re-applied
-
-resources:
-
- VolumeArtifactsConfig:
- type: deploy-artifacts.yaml
-
- VolumeArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: servers}
- config: {get_resource: VolumeArtifactsConfig}
- input_values:
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- VolumePuppetConfig:
- type: OS::Heat::SoftwareConfig
- depends_on: VolumeArtifactsDeploy
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- outputs:
- - name: result
- config:
- get_file: manifests/overcloud_volume.pp
-
- VolumeDeployment_Step1:
- type: OS::Heat::StructuredDeployments
- properties:
- name: VolumeDeployment_Step1
- servers: {get_param: servers}
- config: {get_resource: VolumePuppetConfig}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- ExtraConfig:
- depends_on: VolumeDeployment_Step1
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: servers}
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index d760de5e..a66ea08b 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -1,32 +1,11 @@
-heat_template_version: 2015-04-30
+heat_template_version: 2016-10-14
description: 'OpenStack cinder storage configured by Puppet'
parameters:
- Image:
- default: overcloud-cinder-volume
- type: string
- CinderEnableIscsiBackend:
- default: true
- description: Whether to enable or not the Iscsi backend for Cinder
- type: boolean
- CinderISCSIHelper:
- default: lioadm
- description: The iSCSI helper to use with cinder.
- type: string
- CinderLVMLoopDeviceSize:
- default: 10280
- description: The size of the loopback file used by the cinder LVM driver.
- type: number
- CinderPassword:
- description: The password for the cinder service and db account, used by cinder-api.
- type: string
- hidden: true
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
- VirtualIP: # deprecated. Use per service VIPs instead.
- default: ''
+ BlockStorageImage:
+ default: overcloud-full
type: string
+ constraints:
+ - custom_constraint: glance.image
ExtraConfig:
default: {}
description: |
@@ -41,47 +20,16 @@ parameters:
BlockStorageIPs:
default: {}
type: json
- Flavor:
+ OvercloudBlockStorageFlavor:
description: Flavor for block storage nodes to request when deploying.
type: string
+ default: baremetal
constraints:
- custom_constraint: nova.flavor
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
- RabbitPassword:
- type: string
- hidden: true
- RabbitUserName:
- default: 'guest'
- type: string
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
- SnmpdReadonlyUserName:
- default: ro_snmp_user
- description: The user name for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- SnmpdReadonlyUserPassword:
- description: The user password for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- hidden: true
- NtpServer:
- default: ''
- description: Comma-separated list of ntp servers
- type: comma_delimited_list
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
UpdateIdentifier:
default: ''
type: string
@@ -105,13 +53,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- TimeZone:
- default: 'UTC'
- description: The timezone to be set on Cinder nodes.
- type: string
- GlanceApiVirtualIP:
- type: string
- default: ''
NetworkDeploymentActions:
type: comma_delimited_list
description: >
@@ -125,7 +66,6 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
- default: ''
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
@@ -136,22 +76,43 @@ parameters:
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
- SchedulerHints:
+ BlockStorageSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
NodeIndex:
type: number
default: 0
-
+ ServiceConfigSettings:
+ type: json
+ default: {}
+ ServiceNames:
+ type: comma_delimited_list
+ default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
+ ConfigCommand:
+ type: string
+ description: Command which will be run whenever configuration data changes
+ default: os-refresh-config --timeout 14400
+ LoggingSources:
+ type: json
+ default: []
+ LoggingGroups:
+ type: comma_delimited_list
+ default: []
resources:
BlockStorage:
- type: OS::Nova::Server
+ type: OS::TripleO::Server
+ metadata:
+ os-collect-config:
+ command: {get_param: ConfigCommand}
properties:
image:
- {get_param: Image}
- flavor: {get_param: Flavor}
+ {get_param: BlockStorageImage}
+ flavor: {get_param: OvercloudBlockStorageFlavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
@@ -163,7 +124,7 @@ resources:
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
- scheduler_hints: {get_param: SchedulerHints}
+ scheduler_hints: {get_param: BlockStorageSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
@@ -277,38 +238,6 @@ resources:
server: {get_resource: BlockStorage}
config: {get_resource: BlockStorageConfig}
input_values:
- debug: {get_param: Debug}
- cinder_dsn:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://cinder:'
- - {get_param: CinderPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/cinder'
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- cinder_lvm_loop_device_size:
- str_replace:
- template: sizeM
- params:
- size: {get_param: CinderLVMLoopDeviceSize}
- cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
- cinder_iscsi_helper: {get_param: CinderISCSIHelper}
- cinder_iscsi_ip_address:
- str_replace:
- template: "'IP'"
- params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
- glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
- rabbit_username: {get_param: RabbitUserName}
- rabbit_password: {get_param: RabbitPassword}
- rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
- rabbit_client_port: {get_param: RabbitClientPort}
- ntp_servers: {get_param: NtpServer}
- timezone: {get_param: TimeZone}
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
# Map heat metadata into hiera datafiles
@@ -323,45 +252,33 @@ resources:
- heat_config_%{::deploy_config_name}
- volume_extraconfig
- extraconfig
+ - service_names
+ - service_configs
- volume
+ - bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- - common
- - network
merge_behavior: deeper
datafiles:
- common:
- raw_data: {get_file: hieradata/common.yaml}
- network:
+ service_names:
+ mapped_data:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
+ service_configs:
mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
volume_extraconfig:
mapped_data: {get_param: BlockStorageExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
volume:
- raw_data: {get_file: hieradata/volume.yaml}
mapped_data:
- # Cinder
- cinder::debug: {get_input: debug}
- cinder::setup_test_volume::size: {get_input: cinder_lvm_loop_device_size}
- cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
- cinder::database_connection: {get_input: cinder_dsn}
- cinder::rabbit_userid: {get_input: rabbit_username}
- cinder::rabbit_password: {get_input: rabbit_password}
- cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- cinder::rabbit_port: {get_input: rabbit_client_port}
- cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
- cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address}
- cinder::glance::glance_api_servers: {get_input: glance_api_servers}
- ntp::servers: {get_input: ntp_servers}
- timezone::timezone: {get_input: timezone}
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
+ tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
+ tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -392,6 +309,12 @@ resources:
get_param: UpdateIdentifier
outputs:
+ ip_address:
+ description: IP address of the server in the ctlplane network
+ value: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ hostname:
+ description: Hostname of the server
+ value: {get_attr: [BlockStorage, name]}
hosts_entry:
value:
str_replace:
@@ -403,6 +326,7 @@ outputs:
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -443,6 +367,12 @@ outputs:
- '.'
- - {get_attr: [BlockStorage, name]}
- management
+ CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [BlockStorage, name]}
+ - ctlplane
nova_server_resource:
description: Heat resource handle for the block storage server
value:
@@ -465,11 +395,3 @@ outputs:
management_ip_address:
description: IP address of the server in the management network
value: {get_attr: [ManagementPort, ip_address]}
- config_identifier:
- description: identifier which changes if the node configuration may need re-applying
- value:
- list_join:
- - ''
- - - {get_attr: [BlockStorageDeployment, deploy_stdout]}
- - {get_attr: [NodeTLSCAData, deploy_stdout]}
- - {get_param: UpdateIdentifier}
diff --git a/puppet/compute-config.yaml b/puppet/compute-config.yaml
new file mode 100644
index 00000000..2314c47d
--- /dev/null
+++ b/puppet/compute-config.yaml
@@ -0,0 +1,41 @@
+heat_template_version: 2015-04-30
+
+description: >
+ A software config which runs manifests/overcloud_compute.pp
+
+parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
+
+resources:
+
+ ComputePuppetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
+ enable_hiera: True
+ enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ inputs:
+ - name: step
+ type: Number
+ outputs:
+ - name: result
+ config:
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_compute.pp
+ - {get_param: StepConfig}
+
+outputs:
+ OS::stack_id:
+ description: The software config which runs overcloud_controller.pp
+ value: {get_resource: ComputePuppetConfigImpl}
diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml
deleted file mode 100644
index 698cadba..00000000
--- a/puppet/compute-post.yaml
+++ /dev/null
@@ -1,92 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- OpenStack compute node post deployment for Puppet.
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- servers:
- type: json
- NodeConfigIdentifiers:
- type: json
- description: Value which changes if the node configuration may need to be re-applied
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- ComputeArtifactsConfig:
- type: deploy-artifacts.yaml
-
- ComputeArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: servers}
- config: {get_resource: ComputeArtifactsConfig}
- input_values:
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ComputePuppetConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- inputs:
- - name: step
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_compute.pp
- - {get_param: StepConfig}
-
- ComputeServicesBaseDeployment_Step2:
- type: OS::Heat::StructuredDeployments
- depends_on: [ComputeArtifactsDeploy]
- properties:
- name: ComputeServicesBaseDeployment_Step2
- servers: {get_param: servers}
- config: {get_resource: ComputePuppetConfig}
- input_values:
- step: 2
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ComputeOvercloudServicesDeployment_Step3:
- type: OS::Heat::StructuredDeployments
- depends_on: ComputeServicesBaseDeployment_Step2
- properties:
- name: ComputeOvercloudServicesDeployment_Step3
- servers: {get_param: servers}
- config: {get_resource: ComputePuppetConfig}
- input_values:
- step: 3
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ComputeOvercloudServicesDeployment_Step4:
- type: OS::Heat::StructuredDeployments
- depends_on: ComputeOvercloudServicesDeployment_Step3
- properties:
- name: ComputeOvercloudServicesDeployment_Step4
- servers: {get_param: servers}
- config: {get_resource: ComputePuppetConfig}
- input_values:
- step: 4
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- ExtraConfig:
- depends_on: ComputeOvercloudServicesDeployment_Step4
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: servers}
-
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index b7f7f4a5..0205d0a6 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -1,56 +1,24 @@
-heat_template_version: 2015-10-15
+heat_template_version: 2016-10-14
description: >
OpenStack hypervisor node configured via Puppet.
parameters:
- AdminPassword:
- description: The password for the keystone admin account, used for monitoring, querying neutron etc.
- type: string
- hidden: true
- CeilometerComputeAgent:
- description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
- type: string
- default: ''
- constraints:
- - allowed_values: ['', Present]
- CeilometerMeteringSecret:
- description: Secret shared by the ceilometer services.
- type: string
- hidden: true
- CeilometerPassword:
- description: The password for the ceilometer service account.
- type: string
- hidden: true
- CinderEnableNfsBackend:
- default: false
- description: Whether to enable or not the NFS backend for Cinder
- type: boolean
- CinderEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Cinder
- type: boolean
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
ExtraConfig:
default: {}
description: |
Additional hiera configuration to inject into the cluster. Note
that NovaComputeExtraConfig takes precedence over ExtraConfig.
type: json
- Flavor:
+ OvercloudComputeFlavor:
description: Flavor for the nova compute node
+ default: baremetal
type: string
constraints:
- custom_constraint: nova.flavor
- GlanceHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- Image:
+ NovaImage:
type: string
- default: overcloud-compute
+ default: overcloud-full
constraints:
- custom_constraint: glance.image
ImageUpdatePolicy:
@@ -63,53 +31,6 @@ parameters:
default: default
constraints:
- custom_constraint: nova.keypair
- KeystoneAdminApiVirtualIP:
- type: string
- default: ''
- KeystonePublicApiVirtualIP:
- type: string
- default: ''
- NeutronBridgeMappings:
- description: >
- The OVS logical->physical bridge mappings to use. See the Neutron
- documentation for details. Defaults to mapping br-ex - the external
- bridge on hosts - to a physical name 'datacentre' which can be used
- to create provider networks (and we use this for the default floating
- network) - if changing this either use different post-install network
- scripts or be sure to keep 'datacentre' as a mapping network name.
- type: comma_delimited_list
- default: "datacentre:br-ex"
- NeutronEnableTunnelling:
- type: string
- default: "True"
- NeutronEnableL2Pop:
- type: string
- description: >
- Enable/disable the L2 population feature in the Neutron agents.
- default: "False"
- NeutronFlatNetworks:
- type: comma_delimited_list
- default: 'datacentre'
- description: >
- If set, flat networks to configure in neutron plugins.
- NeutronHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- NeutronNetworkType:
- type: comma_delimited_list
- description: The tenant network type for Neutron.
- default: 'vxlan'
- NeutronNetworkVLANRanges:
- default: 'datacentre:1:1000'
- description: >
- The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
- Neutron documentation for permitted values. Defaults to permitting any
- VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
- type: comma_delimited_list
- NeutronPassword:
- description: The password for the neutron service account, used by neutron agents.
- type: string
- hidden: true
NeutronPhysicalBridge:
default: 'br-ex'
description: An OVS bridge to create for accessing external networks.
@@ -118,92 +39,9 @@ parameters:
default: nic1
description: A port to add to the NeutronPhysicalBridge.
type: string
- NeutronTenantMtu:
- description: >
- The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
- be at least 50 bytes smaller than the MTU on the physical network. This
- value will be used to set the MTU on the virtual Ethernet device.
- This number is related to the value of NeutronDnsmasqOptions, since that
- will determine the MTU that is assigned to the VM host through DHCP.
- default: 1400
- type: number
- NeutronTunnelTypes:
- type: comma_delimited_list
- description: |
- The tunnel types for the Neutron tenant network.
- default: 'vxlan'
- NeutronTunnelIdRanges:
- description: |
- Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
- of GRE tunnel IDs that are available for tenant network allocation
- default: ["1:4094", ]
- type: comma_delimited_list
- NeutronVniRanges:
- description: |
- Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
- of VXLAN VNI IDs that are available for tenant network allocation
- default: ["1:4094", ]
- type: comma_delimited_list
- NeutronPublicInterfaceRawDevice:
- default: ''
- type: string
- NeutronDVR:
- default: 'False'
- type: string
- NeutronMetadataProxySharedSecret:
- description: Shared secret to prevent spoofing
- type: string
- hidden: true
- NeutronCorePlugin:
- default: 'ml2'
- description: |
- The core plugin for Neutron. The value should be the entrypoint to be loaded
- from neutron.core_plugins namespace.
- type: string
- NeutronServicePlugins:
- default: "router,qos"
- description: |
- Comma-separated list of service plugin entrypoints to be loaded from the
- neutron.service_plugins namespace.
- type: comma_delimited_list
- NeutronTypeDrivers:
- default: "vxlan,vlan,flat,gre"
- description: |
- Comma-separated list of network type driver entrypoints to be loaded.
- type: comma_delimited_list
- NeutronMechanismDrivers:
- default: 'openvswitch'
- description: |
- The mechanism drivers for the Neutron tenant network.
- type: comma_delimited_list
- NeutronAgentExtensions:
- default: "qos"
- description: |
- Comma-separated list of extensions enabled for the Neutron agents.
- type: comma_delimited_list
- # Not relevant for Computes, should be removed
- NeutronAllowL3AgentFailover:
- default: 'True'
- description: Allow automatic l3-agent failover
- type: string
- # Not relevant for Computes, should be removed
- NeutronL3HA:
- default: 'False'
- description: Whether to enable l3-agent HA
- type: string
- NeutronAgentMode:
- default: 'dvr_snat'
- description: Agent mode for the neutron-l3-agent on the controller hosts
- type: string
NodeIndex:
type: number
default: 0
- NovaApiHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- NovaComputeDriver:
- type: string
- default: libvirt.LibvirtDriver
NovaComputeExtraConfig:
default: {}
description: |
@@ -213,77 +51,6 @@ parameters:
NovaComputeIPs:
default: {}
type: json
- NovaComputeLibvirtType:
- type: string
- default: kvm
- NovaComputeLibvirtVifDriver:
- default: ''
- description: Libvirt VIF driver configuration for the network
- type: string
- NovaEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Nova
- type: boolean
- NovaIPv6:
- default: false
- description: Enable IPv6 features in Nova
- type: boolean
- NovaPassword:
- description: The password for the nova service account, used by nova-api.
- type: string
- hidden: true
- NovaPublicIP:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- NovaOVSBridge:
- default: 'br-int'
- description: Name of integration bridge used by Open vSwitch
- type: string
- NovaSecurityGroupAPI:
- default: 'neutron'
- description: The full class name of the security API class
- type: string
- NtpServer:
- default: ''
- description: Comma-separated list of ntp servers
- type: comma_delimited_list
- RabbitHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
- SnmpdReadonlyUserName:
- default: ro_snmp_user
- description: The user name for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- SnmpdReadonlyUserPassword:
- description: The user password for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- hidden: true
- UpgradeLevelNovaCompute:
- type: string
- description: Nova Compute upgrade level
- default: ''
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -294,10 +61,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- TimeZone:
- default: 'UTC'
- description: The timezone to be set on compute nodes.
- type: string
UpdateIdentifier:
default: ''
type: string
@@ -324,7 +87,6 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
- default: ''
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
@@ -335,24 +97,42 @@ parameters:
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
- SchedulerHints:
+ NovaComputeSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
ServiceConfigSettings:
type: json
default: {}
+ ServiceNames:
+ type: comma_delimited_list
+ default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
+ ConfigCommand:
+ type: string
+ description: Command which will be run whenever configuration data changes
+ default: os-refresh-config --timeout 14400
+ LoggingSources:
+ type: json
+ default: []
+ LoggingGroups:
+ type: comma_delimited_list
+ default: []
resources:
NovaCompute:
- type: OS::Nova::Server
+ type: OS::TripleO::Server
+ metadata:
+ os-collect-config:
+ command: {get_param: ConfigCommand}
properties:
- image:
- {get_param: Image}
+ image: {get_param: NovaImage}
image_update_policy:
get_param: ImageUpdatePolicy
- flavor: {get_param: Flavor}
+ flavor: {get_param: OvercloudComputeFlavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
@@ -364,7 +144,7 @@ resources:
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
- scheduler_hints: {get_param: SchedulerHints}
+ scheduler_hints: {get_param: NovaComputeSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
@@ -484,118 +264,39 @@ resources:
- heat_config_%{::deploy_config_name}
- compute_extraconfig
- extraconfig
+ - service_names
- service_configs
- compute
- - ceph_cluster # provided by CephClusterConfig
- - ceph
+ - bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- - common
- - network
- neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
- nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- midonet_data # Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
+ - cisco_aci_data # Optionally provided by ComputeExtraConfigPre
merge_behavior: deeper
datafiles:
+ service_names:
+ mapped_data:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
- mapped_data: {get_param: ServiceConfigSettings}
+ mapped_data:
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
compute_extraconfig:
mapped_data: {get_param: NovaComputeExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- common:
- raw_data: {get_file: hieradata/common.yaml}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
- ceph:
- raw_data: {get_file: hieradata/ceph.yaml}
compute:
- raw_data: {get_file: hieradata/compute.yaml}
mapped_data:
- cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
- nova::use_ipv6: {get_input: nova_ipv6}
- nova::debug: {get_input: debug}
- nova::rabbit_userid: {get_input: rabbit_username}
- nova::rabbit_password: {get_input: rabbit_password}
- nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- nova::rabbit_port: {get_input: rabbit_client_port}
- nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
- nova_compute_driver: {get_input: nova_compute_driver}
- nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type}
- nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver}
- nova_api_host: {get_input: nova_api_host}
- nova::compute::vncproxy_host: {get_input: nova_public_ip}
- nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend}
- # TUNNELLED mode provides a security enhancement when using shared storage but is not
- # supported when not using shared storage.
- # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
- # In future versions of QEMU (2.6, mostly), Dan's native encryption
- # work will obsolete the need to use TUNNELLED transport mode.
- nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend}
- rbd_persistent_storage: {get_input: cinder_enable_rbd_backend}
- nova_password: {get_input: nova_password}
- nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
- nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address}
- nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol}
- nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host}
- nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port}
- nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge}
- nova::network::neutron::security_group_api: {get_input: nova_security_group_api}
- ceilometer::debug: {get_input: debug}
- ceilometer::rabbit_userid: {get_input: rabbit_username}
- ceilometer::rabbit_password: {get_input: rabbit_password}
- ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- ceilometer::rabbit_port: {get_input: rabbit_client_port}
- ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
- ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
- ceilometer_compute_agent: {get_input: ceilometer_compute_agent}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
- nova::glance_api_servers: {get_input: glance_api_servers}
- neutron::debug: {get_input: debug}
- neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_username}
- neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- neutron::rabbit_port: {get_input: rabbit_client_port}
- neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks}
- neutron_host: {get_input: neutron_host}
- neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
-
- neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
- neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types}
- neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types}
- neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions}
- neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
- neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
- neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
- neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings}
- neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
- neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
- neutron_physical_bridge: {get_input: neutron_physical_bridge}
- neutron_public_interface: {get_input: neutron_public_interface}
- nova::network::neutron::neutron_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
- nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
- neutron_router_distributed: {get_input: neutron_router_distributed}
- neutron_agent_mode: {get_input: neutron_agent_mode}
- neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
- neutron::core_plugin: {get_input: neutron_core_plugin}
- neutron::service_plugins: {get_input: neutron_service_plugins}
- neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
- neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers}
- neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
- keystone_public_api_virtual_ip: {get_input: keystone_vip}
- admin_password: {get_input: admin_password}
- ntp::servers: {get_input: ntp_servers}
- timezone::timezone: {get_input: timezone}
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
+ tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
+ tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
NovaComputeDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -605,117 +306,6 @@ resources:
config: {get_resource: NovaComputeConfig}
server: {get_resource: NovaCompute}
input_values:
- cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
- debug: {get_param: Debug}
- nova_compute_driver: {get_param: NovaComputeDriver}
- nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType}
- nova_compute_libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
- nova_public_ip: {get_param: NovaPublicIP}
- nova_api_host: {get_param: NovaApiHost}
- nova_password: {get_param: NovaPassword}
- nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend}
- nova_ipv6: {get_param: NovaIPv6}
- cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
- nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]}
- nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
- # Remove brackets that may come if the IP address is IPv6.
- # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value
- nova_vncproxy_host:
- str_replace:
- template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
- params:
- '[': ''
- ']': ''
- nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
- nova_ovs_bridge: {get_param: NovaOVSBridge}
- nova_security_group_api: {get_param: NovaSecurityGroupAPI}
- upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
- ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
- ceilometer_password: {get_param: CeilometerPassword}
- ceilometer_compute_agent: {get_param: CeilometerComputeAgent}
- ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
- neutron_flat_networks:
- str_replace:
- template: NETWORKS
- params:
- NETWORKS: {get_param: NeutronFlatNetworks}
- neutron_host: {get_param: NeutronHost}
- neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
- neutron_tunnel_id_ranges:
- str_replace:
- template: RANGES
- params:
- RANGES: {get_param: NeutronTunnelIdRanges}
- neutron_vni_ranges:
- str_replace:
- template: RANGES
- params:
- RANGES: {get_param: NeutronVniRanges}
- neutron_tenant_network_types:
- str_replace:
- template: TYPES
- params:
- TYPES: {get_param: NeutronNetworkType}
- neutron_tunnel_types:
- str_replace:
- template: TYPES
- params:
- TYPES: {get_param: NeutronTunnelTypes}
- neutron_network_vlan_ranges:
- str_replace:
- template: RANGES
- params:
- RANGES: {get_param: NeutronNetworkVLANRanges}
- neutron_bridge_mappings:
- str_replace:
- template: MAPPINGS
- params:
- MAPPINGS: {get_param: NeutronBridgeMappings}
- neutron_tenant_mtu: {get_param: NeutronTenantMtu}
- neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
- neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
- neutron_physical_bridge: {get_param: NeutronPhysicalBridge}
- neutron_public_interface: {get_param: NeutronPublicInterface}
- neutron_password: {get_param: NeutronPassword}
- neutron_agent_mode: {get_param: NeutronAgentMode}
- neutron_router_distributed: {get_param: NeutronDVR}
- neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- neutron_core_plugin: {get_param: NeutronCorePlugin}
- neutron_service_plugins:
- str_replace:
- template: PLUGINS
- params:
- PLUGINS: {get_param: NeutronServicePlugins}
- neutron_type_drivers:
- str_replace:
- template: DRIVERS
- params:
- DRIVERS: {get_param: NeutronTypeDrivers}
- neutron_mechanism_drivers:
- str_replace:
- template: MECHANISMS
- params:
- MECHANISMS: {get_param: NeutronMechanismDrivers}
- neutron_agent_extensions:
- str_replace:
- template: AGENT_EXTENSIONS
- params:
- AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
- neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
- neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]}
- neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]}
- keystone_vip: {get_param: KeystonePublicApiVirtualIP}
- admin_password: {get_param: AdminPassword}
- rabbit_username: {get_param: RabbitUserName}
- rabbit_password: {get_param: RabbitPassword}
- rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
- rabbit_client_port: {get_param: RabbitClientPort}
- ntp_servers: {get_param: NtpServer}
- timezone: {get_param: TimeZone}
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
# Resource for site-specific injection of root certificate
@@ -791,6 +381,7 @@ outputs:
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -831,16 +422,13 @@ outputs:
- '.'
- - {get_attr: [NovaCompute, name]}
- management
+ CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [NovaCompute, name]}
+ - ctlplane
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
{get_resource: NovaCompute}
- config_identifier:
- description: identifier which changes if the node configuration may need re-applying
- value:
- list_join:
- - ','
- - - {get_attr: [NovaComputeDeployment, deploy_stdout]}
- - {get_attr: [NodeTLSCAData, deploy_stdout]}
- - {get_attr: [ComputeExtraConfigPre, deploy_stdout]}
- - {get_param: UpdateIdentifier}
diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml
index dfebcf82..b313f5de 100644
--- a/puppet/controller-config-pacemaker.yaml
+++ b/puppet/controller-config-pacemaker.yaml
@@ -23,13 +23,13 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
outputs:
- name: result
config:
list_join:
- ''
- - get_file: manifests/overcloud_controller_pacemaker.pp
- - get_file: manifests/ringbuilder.pp
- {get_param: StepConfig}
outputs:
diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml
index 458aff32..99c7b26e 100644
--- a/puppet/controller-config.yaml
+++ b/puppet/controller-config.yaml
@@ -23,13 +23,16 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
outputs:
- name: result
+ inputs:
+ - name: step
+ type: Number
config:
list_join:
- ''
- - get_file: manifests/overcloud_controller.pp
- - get_file: manifests/ringbuilder.pp
- {get_param: StepConfig}
outputs:
diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml
deleted file mode 100644
index 36f9b4f8..00000000
--- a/puppet/controller-post.yaml
+++ /dev/null
@@ -1,117 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- OpenStack controller node post deployment for Puppet.
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- servers:
- type: json
- NodeConfigIdentifiers:
- type: json
- description: Value which changes if the node configuration may need to be re-applied
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- ControllerArtifactsConfig:
- type: deploy-artifacts.yaml
-
- ControllerArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: servers}
- config: {get_resource: ControllerArtifactsConfig}
-
- ControllerPrePuppet:
- type: OS::TripleO::Tasks::ControllerPrePuppet
- properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ControllerPuppetConfig:
- type: OS::TripleO::ControllerConfig
- properties:
- StepConfig: {get_param: StepConfig}
-
- # Step through a series of Puppet runs using the same manifest.
- # NOTE: To enable stepping through the deployments via heat hooks,
- # you must observe the glob naming defined in overcloud-steps.yaml
- # e.g all Deployment resources should have a *Deployment_StepN suffix
- ControllerLoadBalancerDeployment_Step1:
- type: OS::Heat::StructuredDeployments
- depends_on: [ControllerPrePuppet, ControllerArtifactsDeploy]
- properties:
- name: ControllerLoadBalancerDeployment_Step1
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 1
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ControllerServicesBaseDeployment_Step2:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerLoadBalancerDeployment_Step1
- properties:
- name: ControllerServicesBaseDeployment_Step2
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 2
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ControllerOvercloudServicesDeployment_Step3:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerServicesBaseDeployment_Step2
- properties:
- name: ControllerOvercloudServicesDeployment_Step3
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 3
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ControllerOvercloudServicesDeployment_Step4:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerOvercloudServicesDeployment_Step3
- properties:
- name: ControllerOvercloudServicesDeployment_Step4
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 4
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ControllerOvercloudServicesDeployment_Step5:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerOvercloudServicesDeployment_Step4
- properties:
- name: ControllerOvercloudServicesDeployment_Step5
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 5
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ControllerPostPuppet:
- type: OS::TripleO::Tasks::ControllerPostPuppet
- depends_on: ControllerOvercloudServicesDeployment_Step5
- properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- ExtraConfig:
- depends_on: ControllerPostPuppet
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: servers}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 9c0d8e82..ccb517f8 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -1,102 +1,9 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
OpenStack controller node configured by Puppet.
parameters:
- AdminPassword:
- description: The password for the keystone admin account, used for monitoring, querying neutron etc.
- type: string
- hidden: true
- AodhApiVirtualIP:
- type: string
- default: ''
- AodhPassword:
- description: The password for the aodh services.
- type: string
- hidden: true
- CeilometerApiVirtualIP:
- type: string
- default: ''
- CeilometerBackend:
- default: 'mongodb'
- description: The ceilometer backend type.
- type: string
- CeilometerMeteringSecret:
- description: Secret shared by the ceilometer services.
- type: string
- hidden: true
- CeilometerPassword:
- description: The password for the ceilometer service and db account.
- type: string
- hidden: true
- CeilometerStoreEvents:
- default: false
- description: Whether to store events in ceilometer.
- type: boolean
- CeilometerMeterDispatcher:
- default: 'database'
- description: Dispatcher to process meter data
- type: string
- constraints:
- - allowed_values: ['gnocchi', 'database']
- CinderApiVirtualIP:
- type: string
- default: ''
- CeilometerWorkers:
- default: 0
- description: Number of workers for Ceilometer service.
- type: number
- CinderEnableDBPurge:
- default: true
- description: |
- Whether to create cron job for purging soft deleted rows in Cinder database.
- type: boolean
- CinderEnableNfsBackend:
- default: false
- description: Whether to enable or not the NFS backend for Cinder
- type: boolean
- CinderEnableIscsiBackend:
- default: true
- description: Whether to enable or not the Iscsi backend for Cinder
- type: boolean
- CinderEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Cinder
- type: boolean
- CinderISCSIHelper:
- default: lioadm
- description: The iSCSI helper to use with cinder.
- type: string
- CinderLVMLoopDeviceSize:
- default: 10280
- description: The size of the loopback file used by the cinder LVM driver.
- type: number
- CinderNfsMountOptions:
- default: ''
- description: >
- Mount options for NFS mounts used by Cinder NFS backend. Effective
- when CinderEnableNfsBackend is true.
- type: string
- CinderNfsServers:
- default: ''
- description: >
- NFS servers used by Cinder NFS backend. Effective when
- CinderEnableNfsBackend is true.
- type: comma_delimited_list
- CinderPassword:
- description: The password for the cinder service and db account, used by cinder-api.
- type: string
- hidden: true
- CinderBackendConfig:
- default: {}
- description: Contains parameters to configure Cinder backends. Typically
- set via parameter_defaults in the resource registry.
- type: json
- CinderWorkers:
- default: 0
- description: Number of workers for Cinder service.
- type: number
controllerExtraConfig:
default: {}
description: |
@@ -116,484 +23,45 @@ parameters:
...
}
type: json
- ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
- type: string
- CorosyncIPv6:
- default: false
- description: Enable IPv6 in Corosync
- type: boolean
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
- EnableFencing:
- default: false
- description: Whether to enable fencing in Pacemaker or not.
- type: boolean
- EnableGalera:
- default: true
- description: Whether to use Galera instead of regular MariaDB.
- type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer on the Controller
type: boolean
- EnableCephStorage:
- default: false
- description: Whether to deploy Ceph Storage (OSD) on the Controller
- type: boolean
- EnableSwiftStorage:
- default: true
- description: Whether to enable Swift Storage on the Controller
- type: boolean
ExtraConfig:
default: {}
description: |
Additional hieradata to inject into the cluster, note that
ControllerExtraConfig takes precedence over ExtraConfig.
type: json
- FencingConfig:
- default: {}
- description: |
- Pacemaker fencing configuration. The JSON should have
- the following structure:
- {
- "devices": [
- {
- "agent": "AGENT_NAME",
- "host_mac": "HOST_MAC_ADDRESS",
- "params": {"PARAM_NAME": "PARAM_VALUE"}
- }
- ]
- }
- For instance:
- {
- "devices": [
- {
- "agent": "fence_xvm",
- "host_mac": "52:54:00:aa:bb:cc",
- "params": {
- "multicast_address": "225.0.0.12",
- "port": "baremetal_0",
- "manage_fw": true,
- "manage_key_file": true,
- "key_file": "/etc/fence_xvm.key",
- "key_file_password": "abcdef"
- }
- }
- ]
- }
- type: json
- Flavor:
+ OvercloudControlFlavor:
description: Flavor for control nodes to request when deploying.
+ default: baremetal
type: string
constraints:
- custom_constraint: nova.flavor
- GnocchiBackend:
- default: file
- description: The short name of the Gnocchi backend to use. Should be one
- of swift, rbd, or file
- type: string
- constraints:
- - allowed_values: ['swift', 'file', 'rbd']
- GnocchiIndexerBackend:
- default: 'mysql'
- description: The short name of the Gnocchi indexer backend to use.
- type: string
- GnocchiApiVirtualIP:
- type: string
- default: ''
- GnocchiPassword:
- description: The password for the gnocchi service and db account.
- type: string
- hidden: true
- HAProxyStatsPassword:
- description: Password for HAProxy stats endpoint
- type: string
- HAProxyStatsUser:
- description: User for HAProxy stats endpoint
- default: admin
- type: string
- HAProxySyslogAddress:
- default: /dev/log
- description: Syslog address where HAproxy will send its log
- type: string
- HeatAuthEncryptionKey:
- description: Auth encryption key for heat-engine
- type: string
- hidden: true
- HorizonAllowedHosts:
- default: '*'
- description: A list of IP/Hostname allowed to connect to horizon
- type: comma_delimited_list
- HorizonSecret:
- description: Secret key for Django
+ controllerImage:
type: string
- hidden: true
- Image:
- type: string
- default: overcloud-control
+ default: overcloud-full
constraints:
- custom_constraint: glance.image
ImageUpdatePolicy:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
type: string
- InstanceNameTemplate:
- default: 'instance-%08x'
- description: Template string to be used to generate instance names
- type: string
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
constraints:
- custom_constraint: nova.keypair
- KeystoneRegion:
- type: string
- default: 'regionOne'
- description: Keystone region for endpoint
- ManageFirewall:
- default: false
- description: Whether to manage IPtables rules.
- type: boolean
- MemcachedIPv6:
- default: false
- description: Enable IPv6 features in Memcached.
- type: boolean
- PurgeFirewallRules:
- default: false
- description: Whether IPtables rules should be purged before setting up the new ones.
- type: boolean
- SaharaApiVirtualIP:
- type: string
- default: ''
- SaharaPassword:
- default: unset
- description: The password for the sahara service account, used by sahara-api.
- type: string
- hidden: true
- MysqlClusterUniquePart:
- description: A unique identifier of the MySQL cluster the controller is in.
- type: string
- default: 'unset' # Has to be here because of the ignored empty value bug
- # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
- # constraints:
- # - length: {min: 4, max: 10}
- MysqlInnodbBufferPoolSize:
- description: >
- Specifies the size of the buffer pool in megabytes. Setting to
- zero should be interpreted as "no value" and will defer to the
- lower level default.
- type: number
- default: 0
- MysqlMaxConnections:
- description: Configures MySQL max_connections config setting
- type: number
- default: 4096
- MysqlClustercheckPassword:
- type: string
- hidden: true
- MysqlRootPassword:
- type: string
- hidden: true
- default: '' # Has to be here because of the ignored empty value bug
- NeutronBridgeMappings:
- description: >
- The OVS logical->physical bridge mappings to use. See the Neutron
- documentation for details. Defaults to mapping br-ex - the external
- bridge on hosts - to a physical name 'datacentre' which can be used
- to create provider networks (and we use this for the default floating
- network) - if changing this either use different post-install network
- scripts or be sure to keep 'datacentre' as a mapping network name.
- type: comma_delimited_list
- default: "datacentre:br-ex"
- NeutronEnableOVSAgent:
- description: Knob to enable/disable OVS Agent
- type: boolean
- default: true
- NeutronAgentMode:
- default: 'dvr_snat'
- description: Agent mode for the neutron-l3-agent on the controller hosts
- type: string
- NeutronL3HA:
- default: 'False'
- description: Whether to enable l3-agent HA
- type: string
- NeutronDVR:
- default: 'False'
- description: Whether to configure Neutron Distributed Virtual Routers
- type: string
- NeutronMetadataProxySharedSecret:
- description: Shared secret to prevent spoofing
- type: string
- hidden: true
- NeutronCorePlugin:
- default: 'ml2'
- description: |
- The core plugin for Neutron. The value should be the entrypoint to be loaded
- from neutron.core_plugins namespace.
- type: string
- NeutronServicePlugins:
- default: "router,qos"
- description: |
- Comma-separated list of service plugin entrypoints to be loaded from the
- neutron.service_plugins namespace.
- type: comma_delimited_list
- NeutronTypeDrivers:
- default: "vxlan,vlan,flat,gre"
- description: |
- Comma-separated list of network type driver entrypoints to be loaded.
- type: comma_delimited_list
- NeutronMechanismDrivers:
- default: 'openvswitch'
- description: |
- The mechanism drivers for the Neutron tenant network.
- type: comma_delimited_list
- NeutronAllowL3AgentFailover:
- default: 'True'
- description: Allow automatic l3-agent failover
- type: string
- NeutronEnableTunnelling:
- type: string
- default: "True"
- NeutronEnableL2Pop:
- type: string
- description: >
- Enable/disable the L2 population feature in the Neutron agents.
- default: "False"
- NeutronFlatNetworks:
- type: comma_delimited_list
- default: 'datacentre'
- description: If set, flat networks to configure in neutron plugins.
- NeutronL3HA:
- default: 'False'
- description: Whether to enable l3-agent HA
- type: string
- NeutronNetworkType:
- default: 'vxlan'
- description: The tenant network type for Neutron.
- type: comma_delimited_list
- NeutronNetworkVLANRanges:
- default: 'datacentre:1:1000'
- description: >
- The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
- Neutron documentation for permitted values. Defaults to permitting any
- VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
- type: comma_delimited_list
- NeutronPassword:
- description: The password for the neutron service and db account, used by neutron agents.
- type: string
- hidden: true
NeutronPublicInterface:
default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
- NeutronPublicInterfaceTag:
- default: ''
- description: >
- VLAN tag for creating a public VLAN. The tag will be used to
- create an access port on the exterior bridge for each control plane node,
- and that port will be given the IP address returned by neutron from the
- public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
- overcloud.yaml to include the deployment of VLAN ports to the control
- plane.
- type: string
- NeutronPublicInterfaceDefaultRoute:
- default: ''
- description: A custom default route for the NeutronPublicInterface.
- type: string
- NeutronPublicInterfaceIP:
- default: ''
- description: A custom IP address to put onto the NeutronPublicInterface.
- type: string
- NeutronPublicInterfaceRawDevice:
- default: ''
- description: If set, the public interface is a vlan with this device as the raw device.
- type: string
- NeutronTenantMtu:
- description: >
- The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
- be at least 50 bytes smaller than the MTU on the physical network. This
- value will be used to set the MTU on the virtual Ethernet device.
- This number is related to the value of NeutronDnsmasqOptions, since that
- will determine the MTU that is assigned to the VM host through DHCP.
- default: 1400
- type: number
- NeutronTunnelTypes:
- default: 'vxlan'
- description: |
- The tunnel types for the Neutron tenant network.
- type: comma_delimited_list
- NeutronTunnelIdRanges:
- description: |
- Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
- of GRE tunnel IDs that are available for tenant network allocation
- default: ["1:4094", ]
- type: comma_delimited_list
- NeutronVniRanges:
- description: |
- Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
- of VXLAN VNI IDs that are available for tenant network allocation
- default: ["1:4094", ]
- type: comma_delimited_list
- NeutronPluginExtensions:
- default: "qos,port_security"
- description: |
- Comma-separated list of extensions enabled for the Neutron plugin.
- type: comma_delimited_list
- NeutronAgentExtensions:
- default: "qos"
- description: |
- Comma-separated list of extensions enabled for the Neutron agents.
- type: comma_delimited_list
- NovaApiVirtualIP:
- type: string
- default: ''
- NeutronWorkers:
- default: 0
- description: Number of workers for Neutron service.
- type: number
- NovaEnableDBPurge:
- default: true
- description: |
- Whether to create cron job for purging soft deleted rows in Nova database.
- type: boolean
- NovaIPv6:
- default: false
- description: Enable IPv6 features in Nova
- type: boolean
- NovaPassword:
- description: The password for the nova service and db account, used by nova-api.
- type: string
- hidden: true
- NovaWorkers:
- default: 0
- description: Number of workers for Nova service.
- type: number
- MongoDbNoJournal:
- default: false
- description: Should MongoDb journaling be disabled
- type: boolean
- MongoDbIPv6:
- default: false
- description: Enable IPv6 if Mongo DB VIP is IPv6
- type: boolean
- NtpServer:
- default: ''
- description: Comma-separated list of ntp servers
- type: comma_delimited_list
- PcsdPassword:
- type: string
- description: The password for the 'pcsd' user.
- hidden: true
- PublicVirtualInterface:
- default: 'br-ex'
- description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
- type: string
- PublicVirtualIP:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- RabbitCookie:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- hidden: true
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
- RedisPassword:
- type: string
- description: The password to access the Redis service
- hidden: true
- RedisVirtualIP:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- RedisVirtualIPUri:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- description: An IP address which is wrapped in brackets in case of IPv6
- SnmpdReadonlyUserName:
- default: ro_snmp_user
- description: The user name for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- SnmpdReadonlyUserPassword:
- description: The user password for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- hidden: true
- SwiftHashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings
- in the ring.
- hidden: true
- type: string
- SwiftMountCheck:
- default: 'false'
- description: Value of mount_check in Swift account/container/object -server.conf
- type: boolean
- SwiftMinPartHours:
- type: number
- default: 1
- description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
- SwiftPartPower:
- default: 10
- description: Partition Power to use when building Swift rings
- type: number
- SwiftRingBuild:
- default: true
- description: Whether to manage Swift rings or not
- type: boolean
- SwiftProxyVirtualIP:
- type: string
- default: ''
- SwiftReplicas:
- type: number
- default: 3
- description: How many replicas to use in the swift rings.
- TimeZone:
- default: 'UTC'
- description: The timezone to be set on controller nodes.
- type: string
- UpgradeLevelNovaCompute:
- type: string
- description: Nova Compute upgrade level
- default: ''
- VirtualIP: # DEPRECATED: use per service settings instead
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- HeatApiVirtualIP:
- type: string
- default: ''
- HeatApiVirtualIPUri:
- type: string
- default: ''
- MysqlVirtualIP:
- type: string
- default: ''
- NeutronApiVirtualIP:
- type: string
- default: ''
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -633,7 +101,6 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
- default: ''
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
@@ -644,13 +111,29 @@ parameters:
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
- SchedulerHints:
+ ControllerSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
ServiceConfigSettings:
type: json
default: {}
+ ServiceNames:
+ type: comma_delimited_list
+ default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
+ ConfigCommand:
+ type: string
+ description: Command which will be run whenever configuration data changes
+ default: os-refresh-config --timeout 14400
+ LoggingSources:
+ type: json
+ default: []
+ LoggingGroups:
+ type: comma_delimited_list
+ default: []
parameter_groups:
- label: deprecated
@@ -661,11 +144,14 @@ parameter_groups:
resources:
Controller:
- type: OS::Nova::Server
+ type: OS::TripleO::Server
+ metadata:
+ os-collect-config:
+ command: {get_param: ConfigCommand}
properties:
- image: {get_param: Image}
+ image: {get_param: controllerImage}
image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: Flavor}
+ flavor: {get_param: OvercloudControlFlavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
@@ -677,7 +163,7 @@ resources:
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
- scheduler_hints: {get_param: SchedulerHints}
+ scheduler_hints: {get_param: ControllerSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
@@ -811,304 +297,8 @@ resources:
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- ceilometer_workers: {get_param: CeilometerWorkers}
- cinder_workers: {get_param: CinderWorkers}
- nova_workers: {get_param: NovaWorkers}
- neutron_workers: {get_param: NeutronWorkers}
- neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
- neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
- haproxy_log_address: {get_param: HAProxySyslogAddress}
- haproxy_stats_password: {get_param: HAProxyStatsPassword}
- haproxy_stats_user: {get_param: HAProxyStatsUser}
- heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
- horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
- horizon_secret: {get_param: HorizonSecret}
- admin_password: {get_param: AdminPassword}
- neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
- debug: {get_param: Debug}
- cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
- cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
- cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
- cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
- cinder_nfs_servers:
- str_replace:
- template: SERVERS
- params:
- SERVERS: {get_param: CinderNfsServers}
- cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
- cinder_password: {get_param: CinderPassword}
- cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
- cinder_iscsi_helper: {get_param: CinderISCSIHelper}
- cinder_backend_config: {get_param: CinderBackendConfig}
- cinder_dsn:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://cinder:'
- - {get_param: CinderPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/cinder'
- cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
- cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
- cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
- cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
- cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
- cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
- keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
- enable_fencing: {get_param: EnableFencing}
- enable_galera: {get_param: EnableGalera}
enable_load_balancer: {get_param: EnableLoadBalancer}
- enable_ceph_storage: {get_param: EnableCephStorage}
- enable_swift_storage: {get_param: EnableSwiftStorage}
- manage_firewall: {get_param: ManageFirewall}
- purge_firewall_rules: {get_param: PurgeFirewallRules}
- mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
- mysql_max_connections: {get_param: MysqlMaxConnections}
- mysql_root_password: {get_param: MysqlRootPassword}
- mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
- mysql_cluster_name:
- str_replace:
- template: tripleo-CLUSTER
- params:
- CLUSTER: {get_param: MysqlClusterUniquePart}
- neutron_flat_networks:
- str_replace:
- template: NETWORKS
- params:
- NETWORKS: {get_param: NeutronFlatNetworks}
- neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- neutron_agent_mode: {get_param: NeutronAgentMode}
- neutron_router_distributed: {get_param: NeutronDVR}
- neutron_core_plugin: {get_param: NeutronCorePlugin}
- neutron_service_plugins:
- str_replace:
- template: PLUGINS
- params:
- PLUGINS: {get_param: NeutronServicePlugins}
- neutron_type_drivers:
- str_replace:
- template: DRIVERS
- params:
- DRIVERS: {get_param: NeutronTypeDrivers}
- neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent}
- neutron_mechanism_drivers:
- str_replace:
- template: MECHANISMS
- params:
- MECHANISMS: {get_param: NeutronMechanismDrivers}
- neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
- neutron_l3_ha: {get_param: NeutronL3HA}
- neutron_network_vlan_ranges:
- str_replace:
- template: RANGES
- params:
- RANGES: {get_param: NeutronNetworkVLANRanges}
- neutron_bridge_mappings:
- str_replace:
- template: MAPPINGS
- params:
- MAPPINGS: {get_param: NeutronBridgeMappings}
- neutron_public_interface: {get_param: NeutronPublicInterface}
- neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
- neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
- neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
- neutron_tunnel_id_ranges:
- str_replace:
- template: RANGES
- params:
- RANGES: {get_param: NeutronTunnelIdRanges}
- neutron_vni_ranges:
- str_replace:
- template: RANGES
- params:
- RANGES: {get_param: NeutronVniRanges}
- neutron_tenant_network_types:
- str_replace:
- template: TYPES
- params:
- TYPES: {get_param: NeutronNetworkType}
- neutron_tunnel_types:
- str_replace:
- template: TYPES
- params:
- TYPES: {get_param: NeutronTunnelTypes}
- neutron_plugin_extensions:
- str_replace:
- template: PLUGIN_EXTENSIONS
- params:
- PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions}
- neutron_agent_extensions:
- str_replace:
- template: AGENT_EXTENSIONS
- params:
- AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
- neutron_password: {get_param: NeutronPassword}
- neutron_tenant_mtu: {get_param: NeutronTenantMtu}
- neutron_dsn:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://neutron:'
- - {get_param: NeutronPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/ovs_neutron?charset=utf8'
- neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
- neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
- neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
- neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
- nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
- ceilometer_backend: {get_param: CeilometerBackend}
- ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
- ceilometer_password: {get_param: CeilometerPassword}
- ceilometer_store_events: {get_param: CeilometerStoreEvents}
- aodh_password: {get_param: AodhPassword}
- aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
- aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
- aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
- ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
- gnocchi_password: {get_param: GnocchiPassword}
- gnocchi_backend: {get_param: GnocchiBackend}
- gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
- ceilometer_coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - {get_param: RedisVirtualIPUri}
- - ':6379/'
- ceilometer_dsn:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://ceilometer:'
- - {get_param: CeilometerPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/ceilometer'
- gnocchi_dsn:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://gnocchi:'
- - {get_param: GnocchiPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/gnocchi'
- gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
- gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
- gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
- ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
- ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
- ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- nova_enable_db_purge: {get_param: NovaEnableDBPurge}
- nova_ipv6: {get_param: NovaIPv6}
- corosync_ipv6: {get_param: CorosyncIPv6}
- memcached_ipv6: {get_param: MemcachedIPv6}
- nova_password: {get_param: NovaPassword}
- nova_dsn:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://nova:'
- - {get_param: NovaPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/nova'
- nova_api_dsn:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://nova_api:'
- - {get_param: NovaPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/nova_api'
- upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
- instance_name_template: {get_param: InstanceNameTemplate}
- nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
- nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
- nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
- fencing_config: {get_param: FencingConfig}
- pcsd_password: {get_param: PcsdPassword}
- rabbit_username: {get_param: RabbitUserName}
- rabbit_password: {get_param: RabbitPassword}
- rabbit_cookie: {get_param: RabbitCookie}
- rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
- rabbit_client_port: {get_param: RabbitClientPort}
- mongodb_no_journal: {get_param: MongoDbNoJournal}
- mongodb_ipv6: {get_param: MongoDbIPv6}
- ntp_servers: {get_param: NtpServer}
- timezone: {get_param: TimeZone}
- control_virtual_interface: {get_param: ControlVirtualInterface}
- public_virtual_interface: {get_param: PublicVirtualInterface}
- swift_hash_suffix: {get_param: SwiftHashSuffix}
- swift_part_power: {get_param: SwiftPartPower}
- swift_ring_build: {get_param: SwiftRingBuild}
- swift_replicas: {get_param: SwiftReplicas}
- swift_min_part_hours: {get_param: SwiftMinPartHours}
- swift_mount_check: {get_param: SwiftMountCheck}
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- sahara_password: {get_param: SaharaPassword}
- sahara_public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
- sahara_internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
- sahara_admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
- sahara_dsn:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://sahara:'
- - {get_param: SaharaPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/sahara'
- swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
- cinder_iscsi_network:
- str_replace:
- template: "'IP'"
- params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
- cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
- glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
- keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- keystone_region: {get_param: KeystoneRegion}
- mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
- neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
- ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
- aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
- gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
- nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
- horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- horizon_subnet:
- str_replace:
- template: "['SUBNET']"
- params:
- SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
- redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
- redis_password: {get_param: RedisPassword}
- redis_vip: {get_param: RedisVirtualIP}
- sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
- memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
- mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- mysql_virtual_ip: {get_param: MysqlVirtualIP}
- ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
- ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
- ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
# Map heat metadata into hiera datafiles
ControllerConfig:
@@ -1123,32 +313,31 @@ resources:
- controller_extraconfig
- extraconfig
- service_configs
+ - service_names
- controller
- - database
- - object
- - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- - ceph_cluster # provided by CephClusterConfig
- - ceph
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- - vip_data # provided by vip-config
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- - common
- - network
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
- - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
- - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre
+ - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
merge_behavior: deeper
datafiles:
+ service_names:
+ mapped_data:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
- mapped_data: {get_param: ServiceConfigSettings}
+ mapped_data:
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
controller_extraconfig:
mapped_data:
map_merge:
@@ -1156,333 +345,18 @@ resources:
- {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- common:
- raw_data: {get_file: hieradata/common.yaml}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
- ceph:
- raw_data: {get_file: hieradata/ceph.yaml}
- mapped_data:
- ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
- ceph::profile::params::public_network: {get_input: ceph_public_network}
- ceph::profile::params::public_addr: {get_input: ceph_public_ip}
- database:
- raw_data: {get_file: hieradata/database.yaml}
- object:
- raw_data: {get_file: hieradata/object.yaml}
controller:
- raw_data: {get_file: hieradata/controller.yaml}
mapped_data: # data supplied directly to this deployment configuration, etc
bootstack_nodeid: {get_input: bootstack_nodeid}
# Pacemaker
- enable_fencing: {get_input: enable_fencing}
enable_load_balancer: {get_input: enable_load_balancer}
- hacluster_pwd: {get_input: pcsd_password}
- corosync_ipv6: {get_input: corosync_ipv6}
- tripleo::fencing::config: {get_input: fencing_config}
-
- # Swift
- # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
- swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
- swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
- swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
- tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
- tripleo::ringbuilder::part_power: {get_input: swift_part_power}
- tripleo::ringbuilder::replicas: {get_input: swift_replicas}
- tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
- swift_mount_check: {get_input: swift_mount_check}
-
- # Cinder
- cinder_enable_db_purge: {get_input: cinder_enable_db_purge}
- cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
- cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
- cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
- cinder_nfs_servers: {get_input: cinder_nfs_servers}
- cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
- cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
- cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
- cinder::database_connection: {get_input: cinder_dsn}
- cinder::api::keystone_password: {get_input: cinder_password}
- cinder::api::auth_uri: {get_input: keystone_auth_uri}
- cinder::api::identity_uri: {get_input: keystone_identity_uri}
- cinder::api::bind_host: {get_input: cinder_api_network}
- cinder::rabbit_userid: {get_input: rabbit_username}
- cinder::rabbit_password: {get_input: rabbit_password}
- cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- cinder::rabbit_port: {get_input: rabbit_client_port}
- cinder::debug: {get_input: debug}
- cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
- cinder::glance::glance_api_servers: {get_input: glance_api_servers}
- cinder_backend_config: {get_input: CinderBackendConfig}
- cinder::db::mysql::password: {get_input: cinder_password}
- cinder::keystone::auth::public_url: {get_input: cinder_public_url }
- cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
- cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
- cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
- cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
- cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
- cinder::keystone::auth::password: {get_input: cinder_password }
- cinder::keystone::auth::region: {get_input: keystone_region}
-
- # Glance
- glance::api::bind_host: {get_input: glance_api_network}
- glance::registry::bind_host: {get_input: glance_registry_network}
- glance::keystone::auth::region: {get_input: keystone_region}
-
- # Heat
- heat::api::bind_host: {get_input: heat_api_network}
- heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
- heat::api_cfn::bind_host: {get_input: heat_api_network}
- heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
-
- # Keystone
- keystone::admin_bind_host: {get_input: keystone_admin_api_network}
- keystone::public_bind_host: {get_input: keystone_public_api_network}
- keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
- keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
- # MongoDB
- mongodb::server::bind_ip: {get_input: mongo_db_network}
- mongodb::server::nojournal: {get_input: mongodb_no_journal}
- mongodb::server::ipv6: {get_input: mongodb_ipv6}
- # MySQL
- admin_password: {get_input: admin_password}
- enable_galera: {get_input: enable_galera}
- enable_ceph_storage: {get_input: enable_ceph_storage}
- enable_swift_storage: {get_input: enable_swift_storage}
- mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
- mysql_max_connections: {get_input: mysql_max_connections}
- mysql::server::root_password: {get_input: mysql_root_password}
- mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
- mysql_cluster_name: {get_input: mysql_cluster_name}
- mysql_bind_host: {get_input: mysql_network}
- mysql_virtual_ip: {get_input: mysql_virtual_ip}
-
- # Neutron
- neutron::bind_host: {get_input: neutron_api_network}
- neutron::server::auth_uri: {get_input: keystone_auth_uri}
- neutron::server::auth_url: {get_input: keystone_identity_uri}
- neutron::server::database_connection: {get_input: neutron_dsn}
- neutron::server::api_workers: {get_input: neutron_workers}
- neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
- neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
- neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
- neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
- neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks}
- neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
- neutron_agent_mode: {get_input: neutron_agent_mode}
- neutron_router_distributed: {get_input: neutron_router_distributed}
- neutron::core_plugin: {get_input: neutron_core_plugin}
- neutron::service_plugins: {get_input: neutron_service_plugins}
- neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent}
- neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
- neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers}
- neutron::plugins::ml2::extension_drivers: {get_input: neutron_plugin_extensions}
- neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
- neutron::server::l3_ha: {get_input: neutron_l3_ha}
- neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
- neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
- neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
- neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings}
- neutron_public_interface: {get_input: neutron_public_interface}
- neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
- neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
- neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
- neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types}
- neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types}
- neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions}
- neutron::server::password: {get_input: neutron_password}
- neutron_dsn: {get_input: neutron_dsn}
- neutron::db::mysql::password: {get_input: neutron_password}
- neutron::keystone::auth::public_url: {get_input: neutron_public_url }
- neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
- neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
- neutron::keystone::auth::password: {get_input: neutron_password }
- neutron::keystone::auth::region: {get_input: keystone_region}
- neutron::server::notifications::auth_url: {get_input: neutron_auth_url}
- neutron::server::notifications::tenant_name: 'service'
- neutron::server::notifications::project_name: 'service'
- neutron::server::notifications::password: {get_input: nova_password}
-
- # Ceilometer
- ceilometer_backend: {get_input: ceilometer_backend}
- ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
- ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
- ceilometer::rabbit_userid: {get_input: rabbit_username}
- ceilometer::rabbit_password: {get_input: rabbit_password}
- ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- ceilometer::rabbit_port: {get_input: rabbit_client_port}
- ceilometer::debug: {get_input: debug}
- ceilometer::api::host: {get_input: ceilometer_api_network}
- ceilometer::api::keystone_password: {get_input: ceilometer_password}
- ceilometer::api::auth_uri: {get_input: keystone_auth_uri}
- ceilometer::api::identity_uri: {get_input: keystone_identity_uri}
- ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
- ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
- ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
- ceilometer::db::mysql::password: {get_input: ceilometer_password}
- ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
- ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
- ceilometer::dispatcher::gnocchi::filter_project: 'service'
- ceilometer::dispatcher::gnocchi::archive_policy: 'low'
- ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
- ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
- ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
- ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
- ceilometer::keystone::auth::password: {get_input: ceilometer_password }
- ceilometer::keystone::auth::region: {get_input: keystone_region}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
-
- # Aodh
- aodh::rabbit_userid: {get_input: rabbit_username}
- aodh::rabbit_password: {get_input: rabbit_password}
- aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- aodh::rabbit_port: {get_input: rabbit_client_port}
- aodh::debug: {get_input: debug}
- aodh::wsgi::apache::ssl: false
- aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
- aodh::api::service_name: 'httpd'
- aodh::api::host: {get_input: aodh_api_network}
- aodh::api::keystone_password: {get_input: aodh_password}
- aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
- aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
- aodh::auth::auth_password: {get_input: aodh_password}
- aodh::db::mysql::password: {get_input: aodh_password}
- # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
- aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
- aodh::keystone::auth::public_url: {get_input: aodh_public_url }
- aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
- aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
- aodh::keystone::auth::password: {get_input: aodh_password }
- aodh::keystone::auth::region: {get_input: keystone_region}
-
- # Gnocchi
- gnocchi_backend: {get_input: gnocchi_backend}
- gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
- gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
- gnocchi::debug: {get_input: debug}
- gnocchi::wsgi::apache::ssl: false
- gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
- gnocchi::api::service_name: 'httpd'
- gnocchi::api::host: {get_input: gnocchi_api_network}
- gnocchi::api::keystone_password: {get_input: gnocchi_password}
- gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
- gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
- gnocchi::db::mysql::password: {get_input: gnocchi_password}
- gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
- gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
- gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
- gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
- gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
- gnocchi::keystone::auth::password: {get_input: gnocchi_password }
- gnocchi::keystone::auth::region: {get_input: keystone_region}
- # Nova
- nova::rabbit_userid: {get_input: rabbit_username}
- nova::rabbit_password: {get_input: rabbit_password}
- nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- nova::rabbit_port: {get_input: rabbit_client_port}
- nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
- nova::debug: {get_input: debug}
- nova::use_ipv6: {get_input: nova_ipv6}
- nova::api::auth_uri: {get_input: keystone_auth_uri}
- nova::api::identity_uri: {get_input: keystone_identity_uri}
- nova::api::api_bind_address: {get_input: nova_api_network}
- nova::api::metadata_listen: {get_input: nova_metadata_network}
- nova::api::admin_password: {get_input: nova_password}
- nova::api::osapi_compute_workers: {get_input: nova_workers}
- nova::api::metadata_workers: {get_input: nova_workers}
- nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
- nova::database_connection: {get_input: nova_dsn}
- nova::api_database_connection: {get_input: nova_api_dsn}
- nova::glance_api_servers: {get_input: glance_api_servers}
- nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
- nova::api::instance_name_template: {get_input: instance_name_template}
- nova::network::neutron::neutron_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
- nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
- nova::vncproxy::host: {get_input: nova_api_network}
- nova::db::mysql::password: {get_input: nova_password}
- nova::db::mysql_api::password: {get_input: nova_password}
- nova_enable_db_purge: {get_input: nova_enable_db_purge}
- nova::keystone::auth::public_url: {get_input: nova_public_url}
- nova::keystone::auth::internal_url: {get_input: nova_internal_url}
- nova::keystone::auth::admin_url: {get_input: nova_admin_url}
- nova::keystone::auth::password: {get_input: nova_password }
- nova::keystone::auth::region: {get_input: keystone_region}
-
- # Horizon
- apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
- apache::ip: {get_input: horizon_network}
- horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
- horizon::django_debug: {get_input: debug}
- horizon::secret_key: {get_input: horizon_secret}
- horizon::bind_address: {get_input: horizon_network}
- horizon::keystone_url: {get_input: keystone_auth_uri}
-
- # Sahara
- sahara::host: {get_input: sahara_api_network}
- sahara::plugins:
- - cdh
- - hdp
- - mapr
- - vanilla
- - spark
- - storm
- sahara::admin_password: {get_input: sahara_password}
- sahara::auth_uri: {get_input: keystone_auth_uri}
- sahara::admin_user: sahara
- sahara::identity_uri: {get_input: keystone_identity_uri}
- sahara::use_neutron: true
- sahara::database_connection: {get_input: sahara_dsn}
- sahara::debug: {get_input: debug}
- sahara::rpc_backend: rabbit
- sahara::rabbit_userid: {get_input: rabbit_username}
- sahara::rabbit_password: {get_input: rabbit_password}
- sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- sahara::rabbit_port: {get_input: rabbit_client_port}
- sahara::db::mysql::password: {get_input: sahara_password}
- sahara::keystone::auth::public_url: {get_input: sahara_public_url }
- sahara::keystone::auth::internal_url: {get_input: sahara_internal_url }
- sahara::keystone::auth::admin_url: {get_input: sahara_admin_url }
- sahara::keystone::auth::password: {get_input: sahara_password }
- sahara::keystone::auth::region: {get_input: keystone_region}
- # RabbitMQ
- rabbitmq::node_ip_address: {get_input: rabbitmq_network}
- rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
- # Redis
- redis::bind: {get_input: redis_network}
- redis::requirepass: {get_input: redis_password}
- redis::masterauth: {get_input: redis_password}
- redis::sentinel_auth_pass: {get_input: redis_password}
- redis_vip: {get_input: redis_vip}
- # Firewall
- tripleo::firewall::manage_firewall: {get_input: manage_firewall}
- tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
- memcached_ipv6: {get_input: memcached_ipv6}
- memcached::listen_ip: {get_input: memcached_network}
- neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
- ntp::servers: {get_input: ntp_servers}
- timezone::timezone: {get_input: timezone}
- control_virtual_interface: {get_input: control_virtual_interface}
- public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
- tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
- tripleo::haproxy::redis_password: {get_input: redis_password}
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
+ tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
+ tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
ControllerExtraConfigPre:
@@ -1550,6 +424,7 @@ outputs:
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -1590,34 +465,16 @@ outputs:
- '.'
- - {get_attr: [Controller, name]}
- management
+ CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [Controller, name]}
+ - ctlplane
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
{get_resource: Controller}
- swift_device:
- description: Swift device formatted for swift-ring-builder
- value:
- str_replace:
- template: 'r1z1-IP:%PORT%/d1'
- params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
- swift_proxy_memcache:
- description: Swift proxy-memcache value
- value:
- str_replace:
- template: "IP:11211"
- params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
- config_identifier:
- description: identifier which changes if the controller configuration may need re-applying
- value:
- list_join:
- - ','
- - - {get_attr: [ControllerDeployment, deploy_stdout]}
- - {get_attr: [NodeTLSCAData, deploy_stdout]}
- - {get_attr: [NodeTLSData, deploy_stdout]}
- - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
- - {get_param: UpdateIdentifier}
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}
diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
index 3e455347..6a2ea4d5 100644
--- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
+++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
@@ -4,15 +4,7 @@ description: Configure hieradata for all MidoNet nodes
parameters:
# Parameters passed from the parent template
- controller_servers:
- type: json
- compute_servers:
- type: json
- blockstorage_servers:
- type: json
- objectstorage_servers:
- type: json
- cephstorage_servers:
+ servers:
type: json
EnableZookeeperOnController:
@@ -102,18 +94,10 @@ resources:
type: OS::Heat::StructuredDeploymentGroup
properties:
config: {get_resource: NetworkMidoNetConfig}
- servers: {get_param: controller_servers}
+ servers: {get_param: [servers, Controller]}
NetworkMidonetDeploymentComputes:
type: OS::Heat::StructuredDeploymentGroup
properties:
config: {get_resource: NetworkMidoNetConfig}
- servers: {get_param: compute_servers}
-
-outputs:
- config_identifier:
- value:
- list_join:
- - ' '
- - - {get_attr: [NetworkMidonetDeploymentControllers, deploy_stdouts]}
- - {get_attr: [NetworkMidonetDeploymentComputes, deploy_stdouts]}
+ servers: {get_param: [servers, Compute]}
diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
index 71445800..7bda0cd5 100644
--- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
+++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
@@ -4,15 +4,7 @@ description: Configure hieradata for Network Cisco configuration
parameters:
# Parameters passed from the parent template
- controller_servers:
- type: json
- compute_servers:
- type: json
- blockstorage_servers:
- type: json
- objectstorage_servers:
- type: json
- cephstorage_servers:
+ servers:
type: json
# extra parameters passed via parameter_defaults
@@ -140,7 +132,7 @@ resources:
properties:
name: NetworkCiscoDeployment
config: {get_resource: NetworkCiscoConfig}
- servers: {get_param: controller_servers}
+ servers: {get_param: [servers, Controller]}
input_values:
UCSM_ip: {get_param: NetworkUCSMIp}
UCSM_username: {get_param: NetworkUCSMUsername}
@@ -187,7 +179,7 @@ resources:
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsController
- servers: {get_param: controller_servers}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
@@ -195,7 +187,7 @@ resources:
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsCompute
- servers: {get_param: compute_servers}
+ servers: {get_param: [servers, Compute]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
@@ -203,7 +195,7 @@ resources:
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsBlockStorage
- servers: {get_param: blockstorage_servers}
+ servers: {get_param: [servers, BlockStorage]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
@@ -211,7 +203,7 @@ resources:
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsObjectStorage
- servers: {get_param: objectstorage_servers}
+ servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
@@ -219,7 +211,7 @@ resources:
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsCephStorage
- servers: {get_param: cephstorage_servers}
+ servers: {get_param: [servers, CephStorage]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
@@ -294,7 +286,7 @@ resources:
type: OS::Heat::SoftwareDeployment
properties:
name: MappingToNexusDeploymentsController
- server: {get_param: [controller_servers, '0']}
+ server: {get_param: [servers, Controller, '0']}
config: {get_resource: MappingToNexusConfig}
input_values:
# FIXME(shardy): It'd be more convenient if we could join these
@@ -338,16 +330,8 @@ resources:
depends_on: MappingToNexusDeploymentsController
properties:
name: MappingToUCSMDeploymentsController
- server: {get_param: [controller_servers, '0']}
+ server: {get_param: [servers, Controller, '0']}
config: {get_resource: MappingToUCSMConfig}
input_values:
ucsm_config: {get_param: NetworkUCSMHostList}
actions: ['CREATE'] # Only do this on CREATE
-
-outputs:
- # The Deployment applying the hieradata outputs the derived config-id, which
- # changes if the input_values change, so if the stdouts from
- # NetworkCiscoDeployment change, we need to reapply puppet (which will
- # happen if we return a different config_identifier)
- config_identifier:
- value: {get_attr: [NetworkCiscoDeployment, deploy_stdouts]}
diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
deleted file mode 100644
index 308c609a..00000000
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ /dev/null
@@ -1,115 +0,0 @@
-heat_template_version: 2015-04-30
-description: 'Configure parameters for an external Ceph cluster via Puppet.'
-
-parameters:
- ceph_storage_count:
- default: 0
- type: number
- description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation.
- ceph_external_mon_ips:
- default: ''
- type: string
- description: List of external Ceph Mon host IPs.
- ceph_client_key:
- default: ''
- type: string
- description: Ceph key used to create the 'openstack' user keyring.
- ceph_fsid:
- default: ''
- type: string
- # The following parameters are unused for external Ceph clusters and
- # are here and exist for compatibility
- ceph_admin_key:
- default: ''
- type: string
- ceph_mon_key:
- default: ''
- type: string
- ceph_mon_names:
- type: comma_delimited_list
- ceph_mon_ips:
- type: comma_delimited_list
- NovaRbdPoolName:
- default: vms
- type: string
- CinderRbdPoolName:
- default: volumes
- type: string
- GlanceRbdPoolName:
- default: images
- type: string
- GnocchiRbdPoolName:
- default: metrics
- type: string
- CephClientUserName:
- default: openstack
- type: string
- CephIPv6:
- default: False
- type: boolean
-
-resources:
- CephClusterConfigImpl:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- ceph_cluster:
- mapped_data:
- ceph_storage_count: {get_param: ceph_storage_count}
- enable_external_ceph: true
- ceph_ipv6: {get_param: CephIPv6}
- ceph_mon_host: {get_param: ceph_external_mon_ips}
- ceph_mon_host_v6: {get_param: ceph_external_mon_ips}
- ceph::profile::params::fsid: {get_param: ceph_fsid}
- ceph::profile::params::client_keys:
- str_replace:
- template: "{
- client.CLIENT_USER: {
- secret: 'CLIENT_KEY',
- mode: '0644',
- cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
- }
- }"
- params:
- CLIENT_USER: {get_param: CephClientUserName}
- CLIENT_KEY: {get_param: ceph_client_key}
- NOVA_POOL: {get_param: NovaRbdPoolName}
- CINDER_POOL: {get_param: CinderRbdPoolName}
- GLANCE_POOL: {get_param: GlanceRbdPoolName}
- GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
- ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
- nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
- cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
- glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
- gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
- gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
- nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
- glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
- nova::compute::rbd::rbd_keyring:
- list_join:
- - '.'
- - - 'client'
- - {get_param: CephClientUserName}
- gnocchi::storage::ceph::ceph_keyring:
- list_join:
- - '.'
- - - '/etc/ceph/ceph'
- - 'client'
- - {get_param: CephClientUserName}
- - 'keyring'
- ceph_client_user_name: {get_param: CephClientUserName}
- ceph_pools:
- - {get_param: CinderRbdPoolName}
- - {get_param: NovaRbdPoolName}
- - {get_param: GlanceRbdPoolName}
- - {get_param: GnocchiRbdPoolName}
-
-outputs:
- config_id:
- description: The ID of the CephClusterConfigImpl resource.
- value:
- {get_resource: CephClusterConfigImpl}
diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
index e496553a..f5b1f0e6 100644
--- a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
+++ b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
@@ -32,6 +32,18 @@ resources:
contrail::vrouter::provision_vrouter::keystone_admin_tenant_name: admin
contrail::vrouter::provision_vrouter::keystone_admin_password: '"%{::admin_password}"'
+ contrail::vnc_api::vnc_api_config:
+ 'auth/AUTHN_TYPE':
+ value: keystone
+ 'auth/AUTHN_PROTOCOL':
+ value: http
+ 'auth/AUTHN_SERVER':
+ value: "%{hiera('keystone_admin_api_vip')}"
+ 'auth/AUTHN_PORT':
+ value: 35357
+ 'auth/AUTHN_URL':
+ value: '/v2.0/tokens'
+
ComputeContrailDeployment:
type: OS::Heat::StructuredDeployment
properties:
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
index 9b6981bb..9423208e 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
@@ -51,7 +51,7 @@ resources:
datafiles:
cinder_dellsc_data:
mapped_data:
- cinder_enable_dellsc_backend: {get_input: EnableDellScBackend}
+ tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_input: EnableDellScBackend}
cinder::backend::dellsc_iscsi::volume_backend_name: {get_input: DellScBackendName}
cinder::backend::dellsc_iscsi::san_ip: {get_input: DellScSanIp}
cinder::backend::dellsc_iscsi::san_login: {get_input: DellScSanLogin}
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
index 36db334e..c7af6f22 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
@@ -50,7 +50,7 @@ resources:
datafiles:
cinder_eqlx_data:
mapped_data:
- cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend}
+ tripleo::profile::base::cinder::volume::cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend}
cinder::backend::eqlx::volume_backend_name: {get_input: EqlxBackendName}
cinder::backend::eqlx::san_ip: {get_input: EqlxSanIp}
cinder::backend::eqlx::san_login: {get_input: EqlxSanLogin}
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
index ab442f2b..6ff90881 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
@@ -87,7 +87,7 @@ resources:
datafiles:
cinder_netapp_data:
mapped_data:
- cinder_enable_netapp_backend: {get_input: EnableNetappBackend}
+ tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend}
cinder::backend::netapp::title: {get_input: NetappBackendName}
cinder::backend::netapp::netapp_login: {get_input: NetappLogin}
cinder::backend::netapp::netapp_password: {get_input: NetappPassword}
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml
deleted file mode 100644
index a4cfea07..00000000
--- a/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml
+++ /dev/null
@@ -1,91 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: Configure hieradata for Nuage configuration on the Controller
-
-parameters:
- server:
- description: ID of the controller node to apply this config to
- type: string
-
- # Config specific parameters, to be provided via parameter_defaults
- NeutronNuageOSControllerIp:
- description: IP address of the OpenStack Controller
- type: string
-
- NeutronNuageNetPartitionName:
- description: Specifies the title that you will see on the VSD
- type: string
- default: 'default_name'
-
- NeutronNuageVSDIp:
- description: IP address and port of the Virtual Services Directory
- type: string
-
- NeutronNuageVSDUsername:
- description: Username to be used to log into VSD
- type: string
-
- NeutronNuageVSDPassword:
- description: Password to be used to log into VSD
- type: string
-
- NeutronNuageVSDOrganization:
- description: Organization parameter required to log into VSD
- type: string
- default: 'organization'
-
- NeutronNuageBaseURIVersion:
- description: URI version to be used based on the VSD release
- type: string
- default: 'default_uri_version'
-
- NeutronNuageCMSId:
- description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD
- type: string
-
- UseForwardedFor:
- description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy.
- type: boolean
- default: false
-
-resources:
- NeutronNuageConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- neutron_nuage_data:
- mapped_data:
- neutron::plugins::nuage::nuage_oscontroller_ip: {get_input: NuageOSControllerIp}
- neutron::plugins::nuage::nuage_net_partition_name: {get_input: NuageNetPartitionName}
- neutron::plugins::nuage::nuage_vsd_ip: {get_input: NuageVSDIp}
- neutron::plugins::nuage::nuage_vsd_username: {get_input: NuageVSDUsername}
- neutron::plugins::nuage::nuage_vsd_password: {get_input: NuageVSDPassword}
- neutron::plugins::nuage::nuage_vsd_organization: {get_input: NuageVSDOrganization}
- neutron::plugins::nuage::nuage_base_uri_version: {get_input: NuageBaseURIVersion}
- neutron::plugins::nuage::nuage_cms_id: {get_input: NuageCMSId}
- nova::api::use_forwarded_for: {get_input: NovaUseForwardedFor}
-
- NeutronNuageDeployment:
- type: OS::Heat::StructuredDeployment
- properties:
- name: NeutronNuageDeployment
- config: {get_resource: NeutronNuageConfig}
- server: {get_param: server}
- input_values:
- NuageOSControllerIp: {get_param: NeutronNuageOSControllerIp}
- NuageNetPartitionName: {get_param: NeutronNuageNetPartitionName}
- NuageVSDIp: {get_param: NeutronNuageVSDIp}
- NuageVSDUsername: {get_param: NeutronNuageVSDUsername}
- NuageVSDPassword: {get_param: NeutronNuageVSDPassword}
- NuageVSDOrganization: {get_param: NeutronNuageVSDOrganization}
- NuageBaseURIVersion: {get_param: NeutronNuageBaseURIVersion}
- NuageCMSId: {get_param: NeutronNuageCMSId}
- NovaUseForwardedFor: {get_param: UseForwardedFor}
-
-outputs:
- deploy_stdout:
- description: Deployment reference, used to trigger puppet apply on changes
- value: {get_attr: [NeutronNuageDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml
deleted file mode 100644
index 5c686fe7..00000000
--- a/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml
+++ /dev/null
@@ -1,62 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: Controller hieradata for Neutron OpenContrail configuration
-
-parameters:
- server:
- description: ID of the controller node to apply this config to
- type: string
- ContrailApiServerIp:
- description: IP address of the OpenContrail API server
- type: string
- ContrailApiServerPort:
- description: Port of the OpenContrail API
- type: string
- default: 8082
- ContrailMultiTenancy:
- description: Whether to enable multi tenancy
- type: boolean
- default: false
- ContrailExtensions:
- description: List of OpenContrail extensions to be enabled
- type: comma_delimited_list
- default: ''
-
-resources:
- ControllerContrailConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- neutron_opencontrail_data:
- mapped_data:
- neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions
-
- neutron::plugins::opencontrail::api_server_ip: {get_input: contrail_api_server_ip}
- neutron::plugins::opencontrail::api_server_port: {get_input: contrail_api_server_port}
- neutron::plugins::opencontrail::multi_tenancy: {get_input: contrail_multi_tenancy}
- neutron::plugins::opencontrail::contrail_extensions: {get_input: contrail_extensions}
- neutron::plugins::opencontrail::keystone_auth_url: '"%{hiera(''keystone_auth_uri'')}"'
- neutron::plugins::opencontrail::keystone_admin_user: admin
- neutron::plugins::opencontrail::keystone_admin_tenant_name: admin
- neutron::plugins::opencontrail::keystone_admin_password: '"%{hiera(''admin_password'')}"'
- neutron::plugins::opencontrail::keystone_admin_token: '"%{hiera(''keystone::admin_token'')}"'
-
- ControllerContrailDeployment:
- type: OS::Heat::StructuredDeployment
- properties:
- config: {get_resource: ControllerContrailConfig}
- server: {get_param: server}
- input_values:
- contrail_api_server_ip: {get_param: ContrailApiServerIp}
- contrail_api_server_port: {get_param: ContrailApiServerPort}
- contrail_multi_tenancy: {get_param: ContrailMultiTenancy}
- contrail_extensions: {get_param: ContrailExtensions}
-
-
-outputs:
- deploy_stdout:
- description: Output of the extra hiera data deployment
- value: {get_attr: [ControllerContrailDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml
deleted file mode 100755
index 7c0a7ad2..00000000
--- a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml
+++ /dev/null
@@ -1,113 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: Controller hieradata for Neutron PLUMgrid configuration
-
-parameters:
- server:
- description: ID of the controller node to apply this config to
- type: string
- PLUMgridDirectorServer:
- description: IP address of the PLUMgrid Director Server
- type: string
- default: 127.0.0.1
- PLUMgridDirectorServerPort:
- description: Port of the PLUMgrid Director Server
- type: string
- default: 443
- PLUMgridUsername:
- description: Username for PLUMgrid platform
- type: string
- PLUMgridPassword:
- description: Password for PLUMgrid platform
- type: string
- hidden: true
- PLUMgridServerTimeOut:
- description: Request timeout duration (seconds) to PLUMgrid platform
- type: string
- default: 99
- PLUMgridNovaMetadataIP:
- description: IP address of Nova Metadata
- type: string
- default: 169.254.169.254
- PLUMgridNovaMetadataPort:
- description: Port of Nova Metadata
- type: string
- default: 8775
- PLUMgridL2GatewayVendor:
- description: Vendor for L2 Gateway Switch
- type: string
- default: vendor
- PLUMgridL2GatewayUsername:
- description: Username for L2 Gateway Switch
- type: string
- default: username
- PLUMgridL2GatewayPassword:
- description: Password for L2 Gateway Switch
- type: string
- hidden: true
- PLUMgridIdentityVersion:
- description: Keystone Identity version
- type: string
- default: v2.0
- PLUMgridConnectorType:
- description: Neutron Network Connector Type
- type: string
- default: distributed
- PLUMgridNeutronPluginVersion:
- description: PLUMgrid Neutron Plugin version
- type: string
- default: present
- PLUMgridPlumlibVersion:
- description: PLUMgrid Plumlib version
- type: string
- default: present
-
-
-resources:
- ControllerPLUMgridConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- neutron_plumgrid_data:
- mapped_data:
- neutron::plugins::plumgrid::director_server: {get_input: plumgrid_director_server}
- neutron::plugins::plumgrid::director_server_port: {get_input: plumgrid_director_server_port}
- neutron::plugins::plumgrid::username: {get_input: plumgrid_username}
- neutron::plugins::plumgrid::password: {get_input: plumgrid_password}
- neutron::plugins::plumgrid::nova_metadata_ip: {get_input: plumgrid_nova_metadata_ip}
- neutron::plugins::plumgrid::nova_metadata_port: {get_input: plumgrid_nova_metadata_port}
- neutron::plugins::plumgrid::l2gateway_vendor: {get_input: plumgrid_l2gateway_vendor}
- neutron::plugins::plumgrid::l2gateway_sw_username: {get_input: plumgrid_l2gateway_sw_username}
- neutron::plugins::plumgrid::l2gateway_sw_password: {get_input: plumgrid_l2gateway_sw_password}
- neutron::plugins::plumgrid::connector_type: {get_input: plumgrid_connector_type}
- neutron::plugins::plumgrid::identity_version: {get_input: plumgrid_identity_version}
- neutron::plugins::plumgrid::package_ensure: {get_input: plumgrid_neutron_plugin_version}
- neutron::plugins::plumgrid::plumlib_package_ensure: {get_input: plumgrid_plumlib_version}
-
- ControllerPLUMgridDeployment:
- type: OS::Heat::StructuredDeployment
- properties:
- config: {get_resource: ControllerPLUMgridConfig}
- server: {get_param: server}
- input_values:
- plumgrid_director_server: {get_param: PLUMgridDirectorServer}
- plumgrid_director_server_port: {get_param: PLUMgridDirectorServerPort}
- plumgrid_username: {get_param: PLUMgridUsername}
- plumgrid_password: {get_param: PLUMgridPassword}
- plumgrid_nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP}
- plumgrid_nova_metadata_port: {get_param: PLUMgridNovaMetadataPort}
- plumgrid_l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor}
- plumgrid_l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername}
- plumgrid_l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword}
- plumgrid_identity_version: {get_param: PLUMgridIdentityVersion}
- plumgrid_connector_type: {get_param: PLUMgridConnectorType}
- plumgrid_neutron_plugin_version: {get_param: PLUMgridNeutronPluginVersion}
- plumgrid_plumlib_version: {get_param: PLUMgridPlumlibVersion}
-
-outputs:
- deploy_stdout:
- description: Deployment reference, used to trigger puppet apply on changes
- value: {get_attr: [ControllerPLUMgridDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/tls/no-ca.yaml b/puppet/extraconfig/tls/no-ca.yaml
deleted file mode 100644
index 5862a85c..00000000
--- a/puppet/extraconfig/tls/no-ca.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- This is a default no-op template which can be passed to the
- OS::Nova::Server resources. This template can be replaced with
- a different implementation via the resource registry, such that
- deployers may customize their configuration.
-
-parameters:
- server: # Here for compatibility with controller.yaml
- description: ID of the controller node to apply this config to
- type: string
-
-outputs:
- deploy_stdout:
- description: Deployment reference, used to trigger puppet apply on changes
- value: 'Root CA cert injection not enabled.'
diff --git a/puppet/extraconfig/tls/no-tls.yaml b/puppet/extraconfig/tls/no-tls.yaml
deleted file mode 100644
index a2b5c569..00000000
--- a/puppet/extraconfig/tls/no-tls.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- This is a default no-op template. This defines the parameters that
- need to be passed in order to have TLS enabled in the controller
- nodes. This template can be replaced with a different
- implementation via the resource registry, such that deployers
- may customize their configuration.
-
-parameters:
- DeployedSSLCertificatePath:
- default: ''
- description: >
- The filepath of the certificate as it will be stored in the controller.
- type: string
- NodeIndex: # Here for compatibility with puppet/controller.yaml
- default: 0
- type: number
- server: # Here for compatibility with puppet/controller.yaml
- description: ID of the controller node to apply this config to
- type: string
-
-outputs:
- deploy_stdout:
- description: Deployment reference, used to trigger puppet apply on changes
- value: 'TLS not enabled.'
- deployed_ssl_certificate_path:
- value: ''
- key_modulus_md5:
- description: Key SSL Modulus
- value: ''
- cert_modulus_md5:
- description: Certificate SSL Modulus
- value: ''
diff --git a/puppet/hieradata/RedHat.yaml b/puppet/hieradata/RedHat.yaml
deleted file mode 100644
index 25902828..00000000
--- a/puppet/hieradata/RedHat.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-# RedHat specific overrides go here
-rabbitmq::package_provider: 'yum'
-
-# The Galera package should work in cluster and
-# non-cluster modes based on the config file.
-# We set the package name here explicitly so
-# that it matches what we pre-install
-# in tripleo-puppet-elements.
-mysql::server::package_name: 'mariadb-galera-server'
diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml
deleted file mode 100644
index 1e480e60..00000000
--- a/puppet/hieradata/ceph.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-ceph::profile::params::osd_journal_size: 1024
-ceph::profile::params::osd_pool_default_pg_num: 32
-ceph::profile::params::osd_pool_default_pgp_num: 32
-ceph::profile::params::osd_pool_default_size: 3
-ceph::profile::params::osd_pool_default_min_size: 1
-ceph::profile::params::osds: {/srv/data: {}}
-ceph::profile::params::manage_repo: false
-ceph::profile::params::authentication_type: cephx
-
-ceph_classes: []
-
-ceph_osd_selinux_permissive: true
diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
deleted file mode 100644
index 65cf9577..00000000
--- a/puppet/hieradata/common.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-# Common Hiera data gets applied to all nodes
-ssh::server::storeconfigs_enabled: false
-
-# ceilometer settings used by compute and controller ceilo auth settings
-ceilometer::agent::auth::auth_region: 'regionOne'
-ceilometer::agent::auth::auth_tenant_name: 'service'
-
-aodh::auth::auth_region: 'regionOne'
-aodh::auth::auth_tenant_name: 'service'
-
-gnocchi::auth::auth_region: 'regionOne'
-gnocchi::auth::auth_tenant_name: 'service'
-
-nova::api::admin_tenant_name: 'service'
-nova::network::neutron::neutron_project_name: 'service'
-nova::network::neutron::neutron_username: 'neutron'
-nova::network::neutron::dhcp_domain: ''
-
-neutron::allow_overlapping_ips: true
-neutron::server::project_name: 'service'
-
-kernel_modules:
- nf_conntrack: {}
-
-sysctl_settings:
- net.ipv4.tcp_keepalive_intvl:
- value: 1
- net.ipv4.tcp_keepalive_probes:
- value: 5
- net.ipv4.tcp_keepalive_time:
- value: 5
- net.nf_conntrack_max:
- value: 500000
- net.netfilter.nf_conntrack_max:
- value: 500000
- # prevent neutron bridges from autoconfiguring ipv6 addresses
- net.ipv6.conf.default.accept_ra:
- value: 0
- net.ipv6.conf.default.autoconf:
- value: 0
- net.core.netdev_max_backlog:
- value: 10000
-
-nova::rabbit_heartbeat_timeout_threshold: 60
-neutron::rabbit_heartbeat_timeout_threshold: 60
-cinder::rabbit_heartbeat_timeout_threshold: 60
-ceilometer::rabbit_heartbeat_timeout_threshold: 60
-heat::rabbit_heartbeat_timeout_threshold: 60
-keystone::rabbit_heartbeat_timeout_threshold: 60
-
-nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL'
diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
deleted file mode 100644
index 1e888f39..00000000
--- a/puppet/hieradata/compute.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# Hiera data here applies to all compute nodes
-
-nova::notify_on_state_change: 'vm_and_task_state'
-nova::notification_driver: messagingv2
-nova::compute::enabled: true
-nova::compute::instance_usage_audit: true
-nova::compute::instance_usage_audit_period: 'hour'
-nova::compute::vnc_enabled: true
-
-nova::compute::libvirt::migration_support: true
-
-nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
-
-nova::network::neutron::neutron_auth_type: 'v3password'
-
-# Changing the default from 512MB. The current templates can not deploy
-# overclouds with swap. On an idle compute node, we see ~1024MB of RAM
-# used. 2048 is suggested to account for other possible operations for
-# example openvswitch.
-nova::compute::reserved_host_memory: 2048
-
-ceilometer::agent::auth::auth_tenant_name: 'service'
-ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
-
-compute_classes: []
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
deleted file mode 100644
index de6e3db1..00000000
--- a/puppet/hieradata/controller.yaml
+++ /dev/null
@@ -1,304 +0,0 @@
-# Hiera data here applies to all controller nodes
-
-nova::api::enabled: true
-nova::conductor::enabled: true
-nova::consoleauth::enabled: true
-nova::vncproxy::enabled: true
-nova::scheduler::enabled: true
-
-# gnocchi
-gnocchi::db::sync::extra_opts: '--skip-storage'
-gnocchi::storage::swift::swift_user: 'service:gnocchi'
-gnocchi::storage::swift::swift_auth_version: 2
-gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
-gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
-gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
-gnocchi::statsd::flush_delay: 10
-gnocchi::statsd::archive_policy_name: 'low'
-
-# rabbitmq
-rabbitmq::delete_guest_user: false
-rabbitmq::wipe_db_on_cookie_change: true
-rabbitmq::port: '5672'
-rabbitmq::package_source: undef
-rabbitmq::repos_ensure: false
-rabbitmq_environment:
- RABBITMQ_NODENAME: "rabbit@%{::hostname}"
- RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
-rabbitmq_kernel_variables:
- inet_dist_listen_min: '35672'
- inet_dist_listen_max: '35672'
-rabbitmq_config_variables:
- tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
- cluster_partition_handling: 'pause_minority'
- loopback_users: '[]'
-
-mongodb::server::replset: tripleo
-mongodb::server::journal: false
-
-redis::port: 6379
-redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
-redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
-redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
-
-# keystone
-keystone::roles::admin::email: 'root@localhost'
-
-# service tenant
-glance::api::keystone_tenant: 'service'
-aodh::api::keystone_tenant: 'service'
-glance::registry::keystone_tenant: 'service'
-neutron::server::auth_tenant: 'service'
-neutron::agents::metadata::auth_tenant: 'service'
-neutron::agents::l3::router_delete_namespaces: True
-cinder::api::keystone_tenant: 'service'
-swift::proxy::authtoken::admin_tenant_name: 'service'
-ceilometer::api::keystone_tenant: 'service'
-gnocchi::api::keystone_tenant: 'service'
-heat::keystone_tenant: 'service'
-sahara::admin_tenant_name: 'service'
-aodh::keystone::auth::tenant: 'service'
-ceilometer::keystone::auth::tenant: 'service'
-cinder::keystone::auth::tenant: 'service'
-glance::keystone::auth::tenant: 'service'
-gnocchi::keystone::auth::tenant: 'service'
-heat::keystone::auth::tenant: 'service'
-neutron::keystone::auth::tenant: 'service'
-nova::keystone::auth::tenant: 'service'
-sahara::keystone::auth::tenant: 'service'
-swift::keystone::auth::tenant: 'service'
-
-# keystone
-keystone::cron::token_flush::maxdelay: 3600
-keystone::roles::admin::service_tenant: 'service'
-keystone::roles::admin::admin_tenant: 'admin'
-keystone::cron::token_flush::destination: '/dev/null'
-keystone::config::keystone_config:
- DEFAULT/secure_proxy_ssl_header:
- value: 'HTTP_X_FORWARDED_PROTO'
- ec2/driver:
- value: 'keystone.contrib.ec2.backends.sql.Ec2'
-keystone::service_name: 'httpd'
-keystone::wsgi::apache::ssl: false
-
-#swift
-swift::proxy::pipeline:
- - 'catch_errors'
- - 'healthcheck'
- - 'cache'
- - 'ratelimit'
- - 'tempurl'
- - 'formpost'
- - 'authtoken'
- - 'keystone'
- - 'staticweb'
- - 'proxy-logging'
- - 'proxy-server'
-
-swift::proxy::account_autocreate: true
-swift::keystone::auth::configure_s3_endpoint: false
-swift::keystone::auth::operator_roles:
- - admin
- - swiftoperator
-
-# glance
-glance::api::pipeline: 'keystone'
-glance::api::show_image_direct_url: true
-glance::registry::pipeline: 'keystone'
-glance::backend::swift::swift_store_create_container_on_put: true
-glance_file_pcmk_directory: '/var/lib/glance/images'
-
-# neutron
-neutron::server::sync_db: true
-
-# nova
-nova::notify_on_state_change: 'vm_and_task_state'
-nova::api::default_floating_pool: 'public'
-nova::api::sync_db_api: true
-nova::api::enable_proxy_headers_parsing: true
-nova::scheduler::filter::ram_allocation_ratio: '1.0'
-nova::cron::archive_deleted_rows::hour: '*/12'
-nova::cron::archive_deleted_rows::destination: '/dev/null'
-nova::notification_driver: messaging
-
-# ceilometer
-ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
-
-# cinder
-cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
-cinder::cron::db_purge::destination: '/dev/null'
-cinder::host: hostgroup
-cinder_user_enabled_backends: []
-
-# TODO(jaosorior): Move to cinder profile once cinder is moved as a composable
-# service.
-cinder::api::enable_proxy_headers_parsing: true
-
-# heat
-heat::engine::configure_delegated_roles: false
-heat::engine::trusts_delegated_roles: []
-heat::instance_user: ''
-heat::cron::purge_deleted::age: 30
-heat::cron::purge_deleted::age_type: 'days'
-heat::cron::purge_deleted::maxdelay: 3600
-heat::cron::purge_deleted::destination: '/dev/null'
-heat::keystone::domain::domain_name: 'heat_stack'
-heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
-heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
-heat::auth_plugin: 'password'
-
-# pacemaker
-pacemaker::corosync::cluster_name: 'tripleo_cluster'
-pacemaker::corosync::manage_fw: false
-pacemaker::resource_defaults::defaults:
- resource-stickiness: { value: INFINITY }
-corosync_token_timeout: 10000
-
-# horizon
-horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
-horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
-horizon::vhost_extra_params:
- add_listen: false
- priority: 10
- access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
-
-# mysql
-mysql::server::manage_config_file: true
-
-
-tripleo::haproxy::keystone_admin: true
-tripleo::haproxy::keystone_public: true
-tripleo::haproxy::neutron: true
-tripleo::haproxy::cinder: true
-tripleo::haproxy::glance_api: true
-tripleo::haproxy::glance_registry: true
-tripleo::haproxy::nova_osapi: true
-tripleo::haproxy::nova_metadata: true
-tripleo::haproxy::nova_novncproxy: true
-tripleo::haproxy::mysql: true
-tripleo::haproxy::redis: true
-tripleo::haproxy::sahara: true
-tripleo::haproxy::swift_proxy_server: true
-tripleo::haproxy::ceilometer: true
-tripleo::haproxy::aodh: true
-tripleo::haproxy::gnocchi: true
-tripleo::haproxy::heat_api: true
-tripleo::haproxy::heat_cloudwatch: true
-tripleo::haproxy::heat_cfn: true
-tripleo::haproxy::horizon: true
-
-controller_classes: []
-# firewall
-tripleo::firewall::firewall_rules:
- '101 mongodb_config':
- port: 27019
- '102 mongodb_sharding':
- port: 27018
- '103 mongod':
- port: 27017
- '104 mysql galera':
- port:
- - 873
- - 3306
- - 4444
- - 4567
- - 4568
- - 9200
- '105 ntp':
- port: 123
- proto: udp
- '106 vrrp':
- proto: vrrp
- '107 haproxy stats':
- port: 1993
- '108 redis':
- port:
- - 6379
- - 26379
- '109 rabbitmq':
- port:
- - 5672
- - 35672
- '110 ceph':
- port:
- - 6789
- - '6800-6810'
- '111 keystone':
- port:
- - 5000
- - 13000
- - 35357
- - 13357
- '112 glance':
- port:
- - 9292
- - 9191
- - 13292
- '113 nova':
- port:
- - 6080
- - 13080
- - 8773
- - 3773
- - 8774
- - 13774
- - 8775
- '114 neutron server':
- port:
- - 9696
- - 13696
- '115 neutron dhcp input':
- proto: 'udp'
- port: 67
- '116 neutron dhcp output':
- proto: 'udp'
- chain: 'OUTPUT'
- port: 68
- '118 neutron vxlan networks':
- proto: 'udp'
- port: 4789
- '119 cinder':
- port:
- - 8776
- - 13776
- '120 iscsi initiator':
- port: 3260
- '121 memcached':
- port: 11211
- '122 swift proxy':
- port:
- - 8080
- - 13808
- '123 swift storage':
- port:
- - 873
- - 6000
- - 6001
- - 6002
- '124 ceilometer':
- port:
- - 8777
- - 13777
- '125 heat':
- port:
- - 8000
- - 13800
- - 8003
- - 13003
- - 8004
- - 13004
- '126 horizon':
- port:
- - 80
- - 443
- '127 snmp':
- port: 161
- proto: 'udp'
- '128 aodh':
- port:
- - 8042
- - 13042
- '129 gnocchi-api':
- port:
- - 8041
- - 13041
diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml
deleted file mode 100644
index 4eb199c8..00000000
--- a/puppet/hieradata/database.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
-# Nova
-nova::db::mysql::user: nova
-nova::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
-nova::db::mysql::dbname: nova
-nova::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
-
-nova::db::mysql_api::user: nova_api
-nova::db::mysql_api::host: "%{hiera('mysql_virtual_ip')}"
-nova::db::mysql_api::dbname: nova_api
-nova::db::mysql_api::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
-
-# Glance
-glance::db::mysql::user: glance
-glance::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
-glance::db::mysql::dbname: glance
-glance::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
-
-# Keystone
-keystone::db::mysql::user: keystone
-keystone::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
-keystone::db::mysql::dbname: keystone
-keystone::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
-
-# Neutron
-neutron::db::mysql::user: neutron
-neutron::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
-neutron::db::mysql::dbname: ovs_neutron
-neutron::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
-
-# Cinder
-cinder::db::mysql::user: cinder
-cinder::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
-cinder::db::mysql::dbname: cinder
-cinder::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
-
-# Heat
-heat::db::mysql::user: heat
-heat::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
-heat::db::mysql::dbname: heat
-heat::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
-
-# Ceilometer
-ceilometer::db::mysql::user: ceilometer
-ceilometer::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
-ceilometer::db::mysql::dbname: ceilometer
-ceilometer::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
-
-# Gnocchi
-gnocchi::db::mysql::user: gnocchi
-gnocchi::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
-gnocchi::db::mysql::dbname: gnocchi
-gnocchi::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
-
-sahara::db::mysql::user: sahara
-sahara::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
-sahara::db::mysql::dbname: sahara
-sahara::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/hieradata/object.yaml b/puppet/hieradata/object.yaml
deleted file mode 100644
index d4a0e81d..00000000
--- a/puppet/hieradata/object.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# Hiera data for swift storage nodes
-swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
-swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
-
-swift::storage::all::object_pipeline:
- - healthcheck
- - recon
- - object-server
-swift::storage::all::container_pipeline:
- - healthcheck
- - container-server
-swift::storage::all::account_pipeline:
- - healthcheck
- - account-server
-
-swift::proxy::keystone::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
-
-object_classes: []
diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml
deleted file mode 100644
index 8640c0a7..00000000
--- a/puppet/hieradata/volume.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-# Hiera data here applies to all volume storage nodes
-
-# cinder
-cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
-
-cinder::config::cinder_config:
- DEFAULT/nova_catalog_info:
- value: 'compute:Compute Service:internalURL'
- DEFAULT/swift_catalog_info:
- value: 'object-store:swift:internalURL'
-
-cinder_user_enabled_backends: []
-
-volume_classes: [] \ No newline at end of file
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index 4add2f02..2653badf 100644
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -13,49 +13,9 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
-if hiera('step') >= 1 {
-
- create_resources(kmod::load, hiera('kernel_modules'), {})
- create_resources(sysctl::value, hiera('sysctl_settings'), {})
- Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
-
- include ::timezone
-
- if count(hiera('ntp::servers')) > 0 {
- include ::ntp
- }
+if hiera('step') >= 4 {
+ hiera_include('ceph_classes', [])
}
-if hiera('step') >= 3 {
- if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
- exec { 'set selinux to permissive on boot':
- command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
- onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
- path => ['/usr/bin', '/usr/sbin'],
- }
-
- exec { 'set selinux to permissive':
- command => 'setenforce 0',
- onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
- path => ['/usr/bin', '/usr/sbin'],
- } -> Class['ceph::profile::osd']
- }
-
- if str2bool(hiera('ceph_ipv6', false)) {
- $mon_host = hiera('ceph_mon_host_v6')
- } else {
- $mon_host = hiera('ceph_mon_host')
- }
- class { '::ceph::profile::params':
- mon_host => $mon_host,
- }
- include ::ceph::conf
- include ::ceph::profile::client
- include ::ceph::profile::osd
-
- hiera_include('ceph_classes')
- package_manifest{'/var/lib/tripleo/installed-packages/overcloud_ceph': ensure => present}
-}
+$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_ceph', hiera('step')])
+package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index cf20c0ca..f96c193c 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -13,211 +13,9 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
-create_resources(kmod::load, hiera('kernel_modules'), { })
-create_resources(sysctl::value, hiera('sysctl_settings'), { })
-Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
-
-if count(hiera('ntp::servers')) > 0 {
- include ::ntp
-}
-
-include ::timezone
-
if hiera('step') >= 4 {
-
- file { ['/etc/libvirt/qemu/networks/autostart/default.xml',
- '/etc/libvirt/qemu/networks/default.xml']:
- ensure => absent,
- before => Service['libvirt'],
- }
- # in case libvirt has been already running before the Puppet run, make
- # sure the default network is destroyed
- exec { 'libvirt-default-net-destroy':
- command => '/usr/bin/virsh net-destroy default',
- onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"',
- before => Service['libvirt'],
- }
-
- # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique
- exec { 'reset-iscsi-initiator-name':
- command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi',
- onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset',
- }->
-
- file { '/etc/iscsi/.initiator_reset':
- ensure => present,
- }
-
- include ::nova
- include ::nova::config
- include ::nova::compute
-
- $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false)
- $rbd_persistent_storage = hiera('rbd_persistent_storage', false)
- if $rbd_ephemeral_storage or $rbd_persistent_storage {
- if str2bool(hiera('ceph_ipv6', false)) {
- $mon_host = hiera('ceph_mon_host_v6')
- } else {
- $mon_host = hiera('ceph_mon_host')
- }
- class { '::ceph::profile::params':
- mon_host => $mon_host,
- }
- include ::ceph::conf
- include ::ceph::profile::client
-
- $client_keys = hiera('ceph::profile::params::client_keys')
- $client_user = join(['client.', hiera('ceph_client_user_name')])
- class { '::nova::compute::rbd':
- libvirt_rbd_secret_key => $client_keys[$client_user]['secret'],
- }
- }
-
- if hiera('cinder_enable_nfs_backend', false) {
- if str2bool($::selinux) {
- selboolean { 'virt_use_nfs':
- value => on,
- persistent => true,
- } -> Package['nfs-utils']
- }
-
- package { 'nfs-utils': } -> Service['nova-compute']
- }
-
- if str2bool(hiera('nova::use_ipv6', false)) {
- $vncserver_listen = '::0'
- } else {
- $vncserver_listen = '0.0.0.0'
- }
-
- if $rbd_ephemeral_storage {
- class { '::nova::compute::libvirt':
- libvirt_disk_cachemodes => ['network=writeback'],
- libvirt_hw_disk_discard => 'unmap',
- vncserver_listen => $vncserver_listen,
- }
- } else {
- class { '::nova::compute::libvirt' :
- vncserver_listen => $vncserver_listen,
- }
- }
-
- nova_config {
- 'DEFAULT/my_ip': value => $ipaddress;
- 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
- 'DEFAULT/host': value => $fqdn;
- }
-
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
- file { '/etc/libvirt/qemu.conf':
- ensure => present,
- content => hiera('midonet_libvirt_qemu_data')
- }
- }
- include ::nova::network::neutron
- include ::neutron
- include ::neutron::config
-
- # If the value of core plugin is set to 'nuage',
- # include nuage agent,
- # If the value of core plugin is set to 'midonet',
- # include midonet agent,
- # else use the default value of 'ml2'
- if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' {
- include ::nuage::vrs
- include ::nova::compute::neutron
-
- class { '::nuage::metadataagent':
- nova_os_tenant_name => hiera('nova::api::admin_tenant_name'),
- nova_os_password => hiera('nova_password'),
- nova_metadata_ip => hiera('nova_metadata_node_ips'),
- nova_auth_ip => hiera('keystone_public_api_virtual_ip'),
- }
- }
- elsif hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
-
- # TODO(devvesa) provide non-controller ips for these services
- $zookeeper_node_ips = hiera('neutron_api_node_ips')
- $cassandra_node_ips = hiera('neutron_api_node_ips')
-
- class { '::tripleo::network::midonet::agent':
- zookeeper_servers => $zookeeper_node_ips,
- cassandra_seeds => $cassandra_node_ips
- }
- }
- elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' {
-
- include ::contrail::vrouter
- # NOTE: it's not possible to use this class without a functional
- # contrail controller up and running
- #class {'::contrail::vrouter::provision_vrouter':
- # require => Class['contrail::vrouter'],
- #}
- }
- elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' {
- # forward all ipv4 traffic
- # this is required for the vms to pass through the gateways public interface
- sysctl::value { 'net.ipv4.ip_forward': value => '1' }
-
- # ifc_ctl_pp needs to be invoked by root as part of the vif.py when a VM is powered on
- file { '/etc/sudoers.d/ifc_ctl_sudoers':
- ensure => file,
- owner => root,
- group => root,
- mode => '0440',
- content => "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *\n",
- }
- }
- else {
-
- # NOTE: this code won't live in puppet-neutron until Neutron OVS agent
- # can be gracefully restarted. See https://review.openstack.org/#/c/297211
- # In the meantime, it's safe to restart the agent on each change in neutron.conf,
- # because Puppet changes are supposed to be done during bootstrap and upgrades.
- # Some resource managed by Neutron_config (like messaging and logging options) require
- # a restart of OVS agent. This code does it.
- # In Newton, OVS agent will be able to be restarted gracefully so we'll drop the code
- # from here and fix it in puppet-neutron.
- Neutron_config<||> ~> Service['neutron-ovs-agent-service']
-
- include ::neutron::plugins::ml2
- include ::neutron::agents::ml2::ovs
-
- if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- class { '::neutron::agents::n1kv_vem':
- n1kv_source => hiera('n1kv_vem_source', undef),
- n1kv_version => hiera('n1kv_vem_version', undef),
- }
- }
-
- if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- include ::neutron::agents::bigswitch
- }
- }
-
- neutron_config {
- 'DEFAULT/host': value => $fqdn;
- }
-
- include ::ceilometer
- include ::ceilometer::config
- include ::ceilometer::agent::compute
- include ::ceilometer::agent::auth
-
- $snmpd_user = hiera('snmpd_readonly_user_name')
- snmp::snmpv3_user { $snmpd_user:
- authtype => 'MD5',
- authpass => hiera('snmpd_readonly_user_password'),
- }
- class { '::snmp':
- agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
- }
-
- hiera_include('compute_classes')
- package_manifest{ '/var/lib/tripleo/installed-packages/overcloud_compute': ensure => present }
-
+ hiera_include('compute_classes', [])
}
+
+$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_compute', hiera('step')])
+package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 53bf62c7..25bdbfb2 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -13,568 +13,9 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
-$enable_load_balancer = hiera('enable_load_balancer', true)
-
-if hiera('step') >= 1 {
-
- create_resources(kmod::load, hiera('kernel_modules'), {})
- create_resources(sysctl::value, hiera('sysctl_settings'), {})
- Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
-
-}
-
-if hiera('step') >= 2 {
-
- if count(hiera('ntp::servers')) > 0 {
- include ::ntp
- }
-
- include ::timezone
-
- # MongoDB
- if downcase(hiera('ceilometer_backend')) == 'mongodb' {
- include ::mongodb::globals
- include ::mongodb::client
- include ::mongodb::server
- # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and
- # without the brackets as 'members' argument for the 'mongodb_replset'
- # resource.
- if str2bool(hiera('mongodb::server::ipv6', false)) {
- $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[')
- $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
- $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
- } else {
- $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
- $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
- }
- $mongo_node_string = join($mongo_node_ips_with_port, ',')
-
- $mongodb_replset = hiera('mongodb::server::replset')
- $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}"
- if downcase(hiera('bootstrap_nodeid')) == $::hostname {
- mongodb_replset { $mongodb_replset :
- members => $mongo_node_ips_with_port_nobr,
- }
- }
- }
-
- # Redis
- $redis_node_ips = hiera('redis_node_ips')
- $redis_master_hostname = downcase(hiera('bootstrap_nodeid'))
-
- if $redis_master_hostname == $::hostname {
- $slaveof = undef
- } else {
- $slaveof = "${redis_master_hostname} 6379"
- }
- class {'::redis' :
- slaveof => $slaveof,
- }
-
- if count($redis_node_ips) > 1 {
- Class['::tripleo::redis_notification'] -> Service['redis-sentinel']
- include ::redis::sentinel
- include ::tripleo::redis_notification
- }
-
- if str2bool(hiera('enable_galera', true)) {
- $mysql_config_file = '/etc/my.cnf.d/galera.cnf'
- } else {
- $mysql_config_file = '/etc/my.cnf.d/server.cnf'
- }
- # TODO Galara
- # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we
- # set bind-address to a hostname instead of an ip address; to move Mysql
- # from internal_api on another network we'll have to customize both
- # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
- class { '::mysql::server':
- config_file => $mysql_config_file,
- override_options => {
- 'mysqld' => {
- 'bind-address' => $::hostname,
- 'max_connections' => hiera('mysql_max_connections'),
- 'open_files_limit' => '-1',
- },
- },
- remove_default_accounts => true,
- }
-
- # FIXME: this should only occur on the bootstrap host (ditto for db syncs)
- # Create all the database schemas
- include ::nova::db::mysql
- include ::nova::db::mysql_api
- include ::neutron::db::mysql
- include ::cinder::db::mysql
- include ::sahara::db::mysql
- if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' {
- include ::gnocchi::db::mysql
- }
- if downcase(hiera('ceilometer_backend')) == 'mysql' {
- include ::ceilometer::db::mysql
- include ::aodh::db::mysql
- }
-
- $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
-
- if $enable_ceph {
- $mon_initial_members = downcase(hiera('ceph_mon_initial_members'))
- if str2bool(hiera('ceph_ipv6', false)) {
- $mon_host = hiera('ceph_mon_host_v6')
- } else {
- $mon_host = hiera('ceph_mon_host')
- }
- class { '::ceph::profile::params':
- mon_initial_members => $mon_initial_members,
- mon_host => $mon_host,
- }
- include ::ceph::conf
- include ::ceph::profile::mon
- }
-
- if str2bool(hiera('enable_ceph_storage', false)) {
- if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
- exec { 'set selinux to permissive on boot':
- command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
- onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
- path => ['/usr/bin', '/usr/sbin'],
- }
-
- exec { 'set selinux to permissive':
- command => 'setenforce 0',
- onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
- path => ['/usr/bin', '/usr/sbin'],
- } -> Class['ceph::profile::osd']
- }
-
- include ::ceph::conf
- include ::ceph::profile::osd
- }
-
- if str2bool(hiera('enable_external_ceph', false)) {
- if str2bool(hiera('ceph_ipv6', false)) {
- $mon_host = hiera('ceph_mon_host_v6')
- } else {
- $mon_host = hiera('ceph_mon_host')
- }
- class { '::ceph::profile::params':
- mon_host => $mon_host,
- }
- include ::ceph::conf
- include ::ceph::profile::client
- }
-
-} #END STEP 2
-
if hiera('step') >= 4 {
-
- $nova_ipv6 = hiera('nova::use_ipv6', false)
- if $nova_ipv6 {
- $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
- } else {
- $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211')
- }
-
- class { '::nova' :
- memcached_servers => $memcached_servers
- }
- include ::nova::config
- include ::nova::api
- include ::nova::cert
- include ::nova::conductor
- include ::nova::consoleauth
- include ::nova::network::neutron
- include ::nova::vncproxy
- include ::nova::scheduler
- include ::nova::scheduler::filter
-
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
-
- # TODO(devvesa) provide non-controller ips for these services
- $zookeeper_node_ips = hiera('neutron_api_node_ips')
- $cassandra_node_ips = hiera('neutron_api_node_ips')
-
- # Run zookeeper in the controller if configured
- if hiera('enable_zookeeper_on_controller') {
- class {'::tripleo::cluster::zookeeper':
- zookeeper_server_ips => $zookeeper_node_ips,
- # TODO: create a 'bind' hiera key for zookeeper
- zookeeper_client_ip => hiera('neutron::bind_host'),
- zookeeper_hostnames => hiera('controller_node_names')
- }
- }
-
- # Run cassandra in the controller if configured
- if hiera('enable_cassandra_on_controller') {
- class {'::tripleo::cluster::cassandra':
- cassandra_servers => $cassandra_node_ips,
- # TODO: create a 'bind' hiera key for cassandra
- cassandra_ip => hiera('neutron::bind_host'),
- }
- }
-
- class {'::tripleo::network::midonet::agent':
- zookeeper_servers => $zookeeper_node_ips,
- cassandra_seeds => $cassandra_node_ips
- }
-
- class {'::tripleo::network::midonet::api':
- zookeeper_servers => $zookeeper_node_ips,
- vip => hiera('public_virtual_ip'),
- keystone_ip => hiera('public_virtual_ip'),
- keystone_admin_token => hiera('keystone::admin_token'),
- # TODO: create a 'bind' hiera key for api
- bind_address => hiera('neutron::bind_host'),
- admin_password => hiera('admin_password')
- }
-
- # TODO: find a way to get an empty list from hiera
- class {'::neutron':
- service_plugins => []
- }
-
- }
- else {
-
- # ML2 plugin
- include ::neutron
- }
-
- include ::neutron::config
- include ::neutron::server
- include ::neutron::server::notifications
-
- # If the value of core plugin is set to 'nuage' or'opencontrail' or 'plumgrid',
- # include nuage or opencontrail or plumgrid core plugins
- # else use the default value of 'ml2'
- if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' {
- include ::neutron::plugins::nuage
- } elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' {
- include ::neutron::plugins::opencontrail
- }
- elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' {
- class { '::neutron::plugins::plumgrid' :
- connection => hiera('neutron::server::database_connection'),
- controller_priv_host => hiera('keystone_admin_api_vip'),
- admin_password => hiera('admin_password'),
- metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'),
- }
- } else {
-
- # If the value of core plugin is set to 'midonet',
- # skip all the ML2 configuration
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
-
- class {'::neutron::plugins::midonet':
- midonet_api_ip => hiera('public_virtual_ip'),
- keystone_tenant => hiera('neutron::server::auth_tenant'),
- keystone_password => hiera('neutron::server::password')
- }
- } else {
-
- include ::neutron::plugins::ml2
- include ::neutron::agents::ml2::ovs
-
- if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- include ::neutron::plugins::ml2::cisco::nexus1000v
-
- class { '::neutron::agents::n1kv_vem':
- n1kv_source => hiera('n1kv_vem_source', undef),
- n1kv_version => hiera('n1kv_vem_version', undef),
- }
-
- class { '::n1k_vsm':
- n1kv_source => hiera('n1kv_vsm_source', undef),
- n1kv_version => hiera('n1kv_vsm_version', undef),
- pacemaker_control => false,
- }
- }
-
- if 'cisco_ucsm' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- include ::neutron::plugins::ml2::cisco::ucsm
- }
- if 'cisco_nexus' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- include ::neutron::plugins::ml2::cisco::nexus
- include ::neutron::plugins::ml2::cisco::type_nexus_vxlan
- }
-
- if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- include ::neutron::plugins::ml2::bigswitch::restproxy
- include ::neutron::agents::bigswitch
- }
- Service['neutron-server'] -> Service['neutron-ovs-agent-service']
- }
-
- Service['neutron-server'] -> Service['neutron-metadata']
- }
-
- include ::cinder
- include ::cinder::config
- include ::cinder::api
- include ::cinder::glance
- include ::cinder::scheduler
- include ::cinder::volume
- include ::cinder::ceilometer
- class { '::cinder::setup_test_volume':
- size => join([hiera('cinder_lvm_loop_device_size'), 'M']),
- }
-
- $cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true)
- if $cinder_enable_iscsi {
- $cinder_iscsi_backend = 'tripleo_iscsi'
-
- cinder::backend::iscsi { $cinder_iscsi_backend :
- iscsi_ip_address => hiera('cinder_iscsi_ip_address'),
- iscsi_helper => hiera('cinder_iscsi_helper'),
- }
- }
-
- if $enable_ceph {
-
- $ceph_pools = hiera('ceph_pools')
- ceph::pool { $ceph_pools :
- pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'),
- pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'),
- size => hiera('ceph::profile::params::osd_pool_default_size'),
- }
-
- $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]]
-
- } else {
- $cinder_pool_requires = []
- }
-
- if hiera('cinder_enable_rbd_backend', false) {
- $cinder_rbd_backend = 'tripleo_ceph'
-
- cinder::backend::rbd { $cinder_rbd_backend :
- backend_host => hiera('cinder::host'),
- rbd_pool => hiera('cinder_rbd_pool_name'),
- rbd_user => hiera('ceph_client_user_name'),
- rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
- require => $cinder_pool_requires,
- }
- }
-
- if hiera('cinder_enable_eqlx_backend', false) {
- $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name')
-
- cinder::backend::eqlx { $cinder_eqlx_backend :
- volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef),
- san_ip => hiera('cinder::backend::eqlx::san_ip', undef),
- san_login => hiera('cinder::backend::eqlx::san_login', undef),
- san_password => hiera('cinder::backend::eqlx::san_password', undef),
- san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef),
- eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef),
- eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef),
- eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef),
- eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef),
- eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef),
- }
- }
-
- if hiera('cinder_enable_dellsc_backend', false) {
- $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name')
-
- cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend :
- volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef),
- san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef),
- san_login => hiera('cinder::backend::dellsc_iscsi::san_login', undef),
- san_password => hiera('cinder::backend::dellsc_iscsi::san_password', undef),
- dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef),
- iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef),
- iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef),
- dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef),
- dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef),
- dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef),
- }
- }
-
- if hiera('cinder_enable_netapp_backend', false) {
- $cinder_netapp_backend = hiera('cinder::backend::netapp::title')
-
- if hiera('cinder::backend::netapp::nfs_shares', undef) {
- $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',')
- }
-
- cinder::backend::netapp { $cinder_netapp_backend :
- netapp_login => hiera('cinder::backend::netapp::netapp_login', undef),
- netapp_password => hiera('cinder::backend::netapp::netapp_password', undef),
- netapp_server_hostname => hiera('cinder::backend::netapp::netapp_server_hostname', undef),
- netapp_server_port => hiera('cinder::backend::netapp::netapp_server_port', undef),
- netapp_size_multiplier => hiera('cinder::backend::netapp::netapp_size_multiplier', undef),
- netapp_storage_family => hiera('cinder::backend::netapp::netapp_storage_family', undef),
- netapp_storage_protocol => hiera('cinder::backend::netapp::netapp_storage_protocol', undef),
- netapp_transport_type => hiera('cinder::backend::netapp::netapp_transport_type', undef),
- netapp_vfiler => hiera('cinder::backend::netapp::netapp_vfiler', undef),
- netapp_volume_list => hiera('cinder::backend::netapp::netapp_volume_list', undef),
- netapp_vserver => hiera('cinder::backend::netapp::netapp_vserver', undef),
- netapp_partner_backend_name => hiera('cinder::backend::netapp::netapp_partner_backend_name', undef),
- nfs_shares => $cinder_netapp_nfs_shares,
- nfs_shares_config => hiera('cinder::backend::netapp::nfs_shares_config', undef),
- netapp_copyoffload_tool_path => hiera('cinder::backend::netapp::netapp_copyoffload_tool_path', undef),
- netapp_controller_ips => hiera('cinder::backend::netapp::netapp_controller_ips', undef),
- netapp_sa_password => hiera('cinder::backend::netapp::netapp_sa_password', undef),
- netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef),
- netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef),
- netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef),
- }
- }
-
- if hiera('cinder_enable_nfs_backend', false) {
- $cinder_nfs_backend = 'tripleo_nfs'
-
- if str2bool($::selinux) {
- selboolean { 'virt_use_nfs':
- value => on,
- persistent => true,
- } -> Package['nfs-utils']
- }
-
- package {'nfs-utils': } ->
- cinder::backend::nfs { $cinder_nfs_backend :
- nfs_servers => hiera('cinder_nfs_servers'),
- nfs_mount_options => hiera('cinder_nfs_mount_options',''),
- nfs_shares_config => '/etc/cinder/shares-nfs.conf',
- }
- }
-
- $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend])
- class { '::cinder::backends' :
- enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
- }
-
- # swift storage
- if str2bool(hiera('enable_swift_storage', true)) {
- class { '::swift::storage::all':
- mount_check => str2bool(hiera('swift_mount_check')),
- }
- if(!defined(File['/srv/node'])) {
- file { '/srv/node':
- ensure => directory,
- owner => 'swift',
- group => 'swift',
- require => Package['openstack-swift'],
- }
- }
- $swift_components = ['account', 'container', 'object']
- swift::storage::filter::recon { $swift_components : }
- swift::storage::filter::healthcheck { $swift_components : }
- }
-
- # Ceilometer
- $ceilometer_backend = downcase(hiera('ceilometer_backend'))
- case $ceilometer_backend {
- /mysql/ : {
- $ceilometer_database_connection = hiera('ceilometer_mysql_conn_string')
- }
- default : {
- $ceilometer_database_connection = $ceilometer_mongodb_conn_string
- }
- }
- include ::ceilometer
- include ::ceilometer::config
- include ::ceilometer::api
- include ::ceilometer::agent::notification
- include ::ceilometer::agent::central
- include ::ceilometer::expirer
- include ::ceilometer::collector
- include ::ceilometer::agent::auth
- include ::ceilometer::dispatcher::gnocchi
- class { '::ceilometer::db' :
- database_connection => $ceilometer_database_connection,
- }
-
- Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
-
- # Aodh
- class { '::aodh' :
- database_connection => $ceilometer_database_connection,
- }
- include ::aodh::db::sync
- # To manage the upgrade:
- Exec['ceilometer-dbsync'] -> Exec['aodh-db-sync']
- include ::aodh::auth
- include ::aodh::api
- include ::aodh::wsgi::apache
- include ::aodh::evaluator
- include ::aodh::notifier
- include ::aodh::listener
- include ::aodh::client
-
- # Sahara
- include ::sahara
- include ::sahara::service::api
- include ::sahara::service::engine
-
- # Horizon
- include ::apache::mod::remoteip
- if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- $_profile_support = 'cisco'
- } else {
- $_profile_support = 'None'
- }
- $neutron_options = {'profile_support' => $_profile_support }
-
- $memcached_ipv6 = hiera('memcached_ipv6', false)
- if $memcached_ipv6 {
- $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]')
- } else {
- $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1')
- }
-
- class { '::horizon':
- cache_server_ip => $horizon_memcached_servers,
- neutron_options => $neutron_options,
- }
-
- # Gnocchi
- $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string')
- class { '::gnocchi':
- database_connection => $gnocchi_database_connection,
- }
- include ::gnocchi::api
- include ::gnocchi::wsgi::apache
- include ::gnocchi::client
- include ::gnocchi::db::sync
- include ::gnocchi::storage
- include ::gnocchi::metricd
- include ::gnocchi::statsd
- $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift'))
- case $gnocchi_backend {
- 'swift': { include ::gnocchi::storage::swift }
- 'file': { include ::gnocchi::storage::file }
- 'rbd': { include ::gnocchi::storage::ceph }
- default: { fail('Unrecognized gnocchi_backend parameter.') }
- }
-
- $snmpd_user = hiera('snmpd_readonly_user_name')
- snmp::snmpv3_user { $snmpd_user:
- authtype => 'MD5',
- authpass => hiera('snmpd_readonly_user_password'),
- }
- class { '::snmp':
- agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
- }
-
- hiera_include('controller_classes')
-
-} #END STEP 4
-
-if hiera('step') >= 5 {
- $nova_enable_db_purge = hiera('nova_enable_db_purge', true)
- $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
-
- if $nova_enable_db_purge {
- include ::nova::cron::archive_deleted_rows
- }
- if $cinder_enable_db_purge {
- include ::cinder::cron::db_purge
- }
-} #END STEP 5
+ hiera_include('controller_classes', [])
+}
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])
package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index d6d14a83..d329d5fc 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -13,1386 +13,9 @@
# License for the specific language governing permissions and limitations
# under the License.
-Pcmk_resource <| |> {
- tries => 10,
- try_sleep => 3,
+if hiera('step') >= 4 {
+ hiera_include('controller_classes', [])
}
-# TODO(jistr): use pcs resource provider instead of just no-ops
-Service <|
- tag == 'aodh-service' or
- tag == 'cinder-service' or
- tag == 'ceilometer-service' or
- tag == 'gnocchi-service' or
- tag == 'neutron-service' or
- tag == 'nova-service' or
- tag == 'sahara-service'
-|> {
- hasrestart => true,
- restart => '/bin/true',
- start => '/bin/true',
- stop => '/bin/true',
-}
-
-include ::tripleo::packages
-include ::tripleo::firewall
-
-if $::hostname == downcase(hiera('bootstrap_nodeid')) {
- $pacemaker_master = true
- $sync_db = true
-} else {
- $pacemaker_master = false
- $sync_db = false
-}
-
-$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5
-$enable_load_balancer = hiera('enable_load_balancer', true)
-
-# When to start and enable services which haven't been Pacemakerized
-# FIXME: remove when we start all OpenStack services using Pacemaker
-# (occurrences of this variable will be gradually replaced with false)
-$non_pcmk_start = hiera('step') >= 5
-
-if hiera('step') >= 1 {
-
- create_resources(kmod::load, hiera('kernel_modules'), {})
- create_resources(sysctl::value, hiera('sysctl_settings'), {})
- Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
-
- include ::timezone
-
- if count(hiera('ntp::servers')) > 0 {
- include ::ntp
- }
-
- $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G'))
- $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false))
- if $corosync_ipv6 {
- $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000), '--ipv6' => '' }
- } else {
- $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000) }
- }
- class { '::pacemaker':
- hacluster_pwd => hiera('hacluster_pwd'),
- } ->
- class { '::pacemaker::corosync':
- cluster_members => $pacemaker_cluster_members,
- setup_cluster => $pacemaker_master,
- cluster_setup_extras => $cluster_setup_extras,
- }
- class { '::pacemaker::stonith':
- disable => !$enable_fencing,
- }
- if $enable_fencing {
- include ::tripleo::fencing
-
- # enable stonith after all Pacemaker resources have been created
- Pcmk_resource<||> -> Class['tripleo::fencing']
- Pcmk_constraint<||> -> Class['tripleo::fencing']
- Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing']
- # enable stonith after all fencing devices have been created
- Class['tripleo::fencing'] -> Class['pacemaker::stonith']
- }
-
- # FIXME(gfidente): sets 200secs as default start timeout op
- # param; until we can use pcmk global defaults we'll still
- # need to add it to every resource which redefines op params
- Pacemaker::Resource::Service {
- op_params => 'start timeout=200s stop timeout=200s',
- }
-
- if downcase(hiera('ceilometer_backend')) == 'mongodb' {
- include ::mongodb::globals
- include ::mongodb::client
- class { '::mongodb::server' :
- service_manage => false,
- }
- }
-
- # Redis
- class { '::redis' :
- service_manage => false,
- notify_service => false,
- }
-
- # Galera
- if str2bool(hiera('enable_galera', true)) {
- $mysql_config_file = '/etc/my.cnf.d/galera.cnf'
- } else {
- $mysql_config_file = '/etc/my.cnf.d/server.cnf'
- }
- $galera_nodes = downcase(hiera('galera_node_names', $::hostname))
- $galera_nodes_count = count(split($galera_nodes, ','))
-
- # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we
- # set bind-address to a hostname instead of an ip address; to move Mysql
- # from internal_api on another network we'll have to customize both
- # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
- $mysql_bind_host = hiera('mysql_bind_host')
- $mysqld_options = {
- 'mysqld' => {
- 'skip-name-resolve' => '1',
- 'binlog_format' => 'ROW',
- 'default-storage-engine' => 'innodb',
- 'innodb_autoinc_lock_mode' => '2',
- 'innodb_locks_unsafe_for_binlog'=> '1',
- 'query_cache_size' => '0',
- 'query_cache_type' => '0',
- 'bind-address' => $::hostname,
- 'max_connections' => hiera('mysql_max_connections'),
- 'open_files_limit' => '-1',
- 'wsrep_on' => 'ON',
- 'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so',
- 'wsrep_cluster_name' => 'galera_cluster',
- 'wsrep_cluster_address' => "gcomm://${galera_nodes}",
- 'wsrep_slave_threads' => '1',
- 'wsrep_certify_nonPK' => '1',
- 'wsrep_max_ws_rows' => '131072',
- 'wsrep_max_ws_size' => '1073741824',
- 'wsrep_debug' => '0',
- 'wsrep_convert_LOCK_to_trx' => '0',
- 'wsrep_retry_autocommit' => '1',
- 'wsrep_auto_increment_control' => '1',
- 'wsrep_drupal_282555_workaround'=> '0',
- 'wsrep_causal_reads' => '0',
- 'wsrep_sst_method' => 'rsync',
- 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;",
- },
- }
-
- class { '::mysql::server':
- create_root_user => false,
- create_root_my_cnf => false,
- config_file => $mysql_config_file,
- override_options => $mysqld_options,
- remove_default_accounts => $pacemaker_master,
- service_manage => false,
- service_enabled => false,
- }
-
-}
-
-if hiera('step') >= 2 {
-
- # NOTE(gfidente): the following vars are needed on all nodes so they
- # need to stay out of pacemaker_master conditional.
- # The addresses mangling will hopefully go away when we'll be able to
- # configure the connection string via hostnames, until then, we need to pass
- # the list of IPv6 addresses *with* port and without the brackets as 'members'
- # argument for the 'mongodb_replset' resource.
- if str2bool(hiera('mongodb::server::ipv6', false)) {
- $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[')
- $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
- $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
- } else {
- $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
- $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
- }
- $mongodb_replset = hiera('mongodb::server::replset')
-
- if $pacemaker_master {
-
- include ::pacemaker::resource_defaults
-
- # Create an openstack-core dummy resource. See RHBZ 1290121
- pacemaker::resource::ocf { 'openstack-core':
- ocf_agent_name => 'heartbeat:Dummy',
- clone_params => true,
- }
-
- if downcase(hiera('ceilometer_backend')) == 'mongodb' {
- pacemaker::resource::service { $::mongodb::params::service_name :
- op_params => 'start timeout=370s stop timeout=200s',
- clone_params => true,
- require => Class['::mongodb::server'],
- }
- # NOTE (spredzy) : The replset can only be run
- # once all the nodes have joined the cluster.
- mongodb_conn_validator { $mongo_node_ips_with_port :
- timeout => '600',
- require => Pacemaker::Resource::Service[$::mongodb::params::service_name],
- before => Mongodb_replset[$mongodb_replset],
- }
- mongodb_replset { $mongodb_replset :
- members => $mongo_node_ips_with_port_nobr,
- }
- }
-
- pacemaker::resource::ocf { 'galera' :
- ocf_agent_name => 'heartbeat:galera',
- op_params => 'promote timeout=300s on-fail=block',
- master_params => '',
- meta_params => "master-max=${galera_nodes_count} ordered=true",
- resource_params => "additional_parameters='--open-files-limit=16384' enable_creation=true wsrep_cluster_address='gcomm://${galera_nodes}'",
- require => Class['::mysql::server'],
- before => Exec['galera-ready'],
- }
-
- pacemaker::resource::ocf { 'redis':
- ocf_agent_name => 'heartbeat:redis',
- master_params => '',
- meta_params => 'notify=true ordered=true interleave=true',
- resource_params => 'wait_last_known_master=true',
- require => Class['::redis'],
- }
-
- }
- $mysql_root_password = hiera('mysql::server::root_password')
- $mysql_clustercheck_password = hiera('mysql_clustercheck_password')
- # This step is to create a sysconfig clustercheck file with the root user and empty password
- # on the first install only (because later on the clustercheck db user will be used)
- # We are using exec and not file in order to not have duplicate definition errors in puppet
- # when we later set the the file to contain the clustercheck data
- exec { 'create-root-sysconfig-clustercheck':
- command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck",
- unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck',
- }
-
- exec { 'galera-ready' :
- command => '/usr/bin/clustercheck >/dev/null',
- timeout => 30,
- tries => 180,
- try_sleep => 10,
- environment => ['AVAILABLE_WHEN_READONLY=0'],
- require => Exec['create-root-sysconfig-clustercheck'],
- }
-
- xinetd::service { 'galera-monitor' :
- port => '9200',
- server => '/usr/bin/clustercheck',
- per_source => 'UNLIMITED',
- log_on_success => '',
- log_on_failure => 'HOST',
- flags => 'REUSE',
- service_type => 'UNLISTED',
- user => 'root',
- group => 'root',
- require => Exec['create-root-sysconfig-clustercheck'],
- }
- # We add a clustercheck db user and we will switch /etc/sysconfig/clustercheck
- # to it in a later step. We do this only on one node as it will replicate on
- # the other members. We also make sure that the permissions are the minimum necessary
- if $pacemaker_master {
- mysql_user { 'clustercheck@localhost':
- ensure => 'present',
- password_hash => mysql_password($mysql_clustercheck_password),
- require => Exec['galera-ready'],
- }
- mysql_grant { 'clustercheck@localhost/*.*':
- ensure => 'present',
- options => ['GRANT'],
- privileges => ['PROCESS'],
- table => '*.*',
- user => 'clustercheck@localhost',
- }
- }
-
- # Create all the database schemas
- if $sync_db {
- class { '::nova::db::mysql':
- require => Exec['galera-ready'],
- }
- class { '::nova::db::mysql_api':
- require => Exec['galera-ready'],
- }
- class { '::neutron::db::mysql':
- require => Exec['galera-ready'],
- }
- class { '::cinder::db::mysql':
- require => Exec['galera-ready'],
- }
-
- if downcase(hiera('ceilometer_backend')) == 'mysql' {
- class { '::ceilometer::db::mysql':
- require => Exec['galera-ready'],
- }
- }
-
- if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' {
- class { '::gnocchi::db::mysql':
- require => Exec['galera-ready'],
- }
- }
- class { '::sahara::db::mysql':
- require => Exec['galera-ready'],
- }
- }
-
- # Ceph
- $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
-
- if $enable_ceph {
- $mon_initial_members = downcase(hiera('ceph_mon_initial_members'))
- if str2bool(hiera('ceph_ipv6', false)) {
- $mon_host = hiera('ceph_mon_host_v6')
- } else {
- $mon_host = hiera('ceph_mon_host')
- }
- class { '::ceph::profile::params':
- mon_initial_members => $mon_initial_members,
- mon_host => $mon_host,
- }
- include ::ceph::conf
- include ::ceph::profile::mon
- }
-
- if str2bool(hiera('enable_ceph_storage', false)) {
- if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
- exec { 'set selinux to permissive on boot':
- command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
- onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
- path => ['/usr/bin', '/usr/sbin'],
- }
-
- exec { 'set selinux to permissive':
- command => 'setenforce 0',
- onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
- path => ['/usr/bin', '/usr/sbin'],
- } -> Class['ceph::profile::osd']
- }
-
- include ::ceph::conf
- include ::ceph::profile::osd
- }
-
- if str2bool(hiera('enable_external_ceph', false)) {
- if str2bool(hiera('ceph_ipv6', false)) {
- $mon_host = hiera('ceph_mon_host_v6')
- } else {
- $mon_host = hiera('ceph_mon_host')
- }
- class { '::ceph::profile::params':
- mon_host => $mon_host,
- }
- include ::ceph::conf
- include ::ceph::profile::client
- }
-
-
-} #END STEP 2
-
-if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
- # At this stage we are guaranteed that the clustercheck db user exists
- # so we switch the resource agent to use it.
- file { '/etc/sysconfig/clustercheck' :
- ensure => file,
- mode => '0600',
- owner => 'root',
- group => 'root',
- content => "MYSQL_USERNAME=clustercheck\n
-MYSQL_PASSWORD='${mysql_clustercheck_password}'\n
-MYSQL_HOST=localhost\n",
- }
-
- $nova_ipv6 = hiera('nova::use_ipv6', false)
- if $nova_ipv6 {
- $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
- } else {
- $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211')
- }
-
- class { '::nova' :
- memcached_servers => $memcached_servers
- }
-
- include ::nova::config
-
- class { '::nova::api' :
- sync_db => $sync_db,
- sync_db_api => $sync_db,
- manage_service => false,
- enabled => false,
- }
- class { '::nova::cert' :
- manage_service => false,
- enabled => false,
- }
- class { '::nova::conductor' :
- manage_service => false,
- enabled => false,
- }
- class { '::nova::consoleauth' :
- manage_service => false,
- enabled => false,
- }
- class { '::nova::vncproxy' :
- manage_service => false,
- enabled => false,
- }
- include ::nova::scheduler::filter
- class { '::nova::scheduler' :
- manage_service => false,
- enabled => false,
- }
- include ::nova::network::neutron
-
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
-
- # TODO(devvesa) provide non-controller ips for these services
- $zookeeper_node_ips = hiera('neutron_api_node_ips')
- $cassandra_node_ips = hiera('neutron_api_node_ips')
-
- # Run zookeeper in the controller if configured
- if hiera('enable_zookeeper_on_controller') {
- class {'::tripleo::cluster::zookeeper':
- zookeeper_server_ips => $zookeeper_node_ips,
- # TODO: create a 'bind' hiera key for zookeeper
- zookeeper_client_ip => hiera('neutron::bind_host'),
- zookeeper_hostnames => split(hiera('controller_node_names'), ',')
- }
- }
-
- # Run cassandra in the controller if configured
- if hiera('enable_cassandra_on_controller') {
- class {'::tripleo::cluster::cassandra':
- cassandra_servers => $cassandra_node_ips,
- # TODO: create a 'bind' hiera key for cassandra
- cassandra_ip => hiera('neutron::bind_host'),
- }
- }
-
- class {'::tripleo::network::midonet::agent':
- zookeeper_servers => $zookeeper_node_ips,
- cassandra_seeds => $cassandra_node_ips
- }
-
- class {'::tripleo::network::midonet::api':
- zookeeper_servers => $zookeeper_node_ips,
- vip => hiera('public_virtual_ip'),
- keystone_ip => hiera('public_virtual_ip'),
- keystone_admin_token => hiera('keystone::admin_token'),
- # TODO: create a 'bind' hiera key for api
- bind_address => hiera('neutron::bind_host'),
- admin_password => hiera('admin_password')
- }
-
- # Configure Neutron
- class {'::neutron':
- service_plugins => []
- }
-
- }
- else {
- # Neutron class definitions
- include ::neutron
- }
-
- include ::neutron::config
- class { '::neutron::server' :
- sync_db => $sync_db,
- manage_service => false,
- enabled => false,
- }
- include ::neutron::server::notifications
- if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' {
- include ::neutron::plugins::nuage
- }
- if hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' {
- include ::neutron::plugins::opencontrail
- }
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
- class {'::neutron::plugins::midonet':
- midonet_api_ip => hiera('public_virtual_ip'),
- keystone_tenant => hiera('neutron::server::auth_tenant'),
- keystone_password => hiera('neutron::server::password')
- }
- }
- if hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' {
- class { '::neutron::plugins::plumgrid' :
- connection => hiera('neutron::server::database_connection'),
- controller_priv_host => hiera('keystone_admin_api_vip'),
- admin_password => hiera('admin_password'),
- metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'),
- }
- }
- include ::neutron::plugins::ml2
- class { '::neutron::agents::ml2::ovs':
- manage_service => false,
- enabled => false,
- }
-
- if 'cisco_ucsm' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- include ::neutron::plugins::ml2::cisco::ucsm
- }
- if 'cisco_nexus' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- include ::neutron::plugins::ml2::cisco::nexus
- include ::neutron::plugins::ml2::cisco::type_nexus_vxlan
- }
- if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- include ::neutron::plugins::ml2::cisco::nexus1000v
-
- class { '::neutron::agents::n1kv_vem':
- n1kv_source => hiera('n1kv_vem_source', undef),
- n1kv_version => hiera('n1kv_vem_version', undef),
- }
-
- class { '::n1k_vsm':
- n1kv_source => hiera('n1kv_vsm_source', undef),
- n1kv_version => hiera('n1kv_vsm_version', undef),
- }
- }
-
- if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- include ::neutron::plugins::ml2::bigswitch::restproxy
- include ::neutron::agents::bigswitch
- }
-
- include ::cinder
- include ::cinder::config
- class { '::cinder::api':
- sync_db => $sync_db,
- manage_service => false,
- enabled => false,
- }
- class { '::cinder::scheduler' :
- manage_service => false,
- enabled => false,
- }
- class { '::cinder::volume' :
- manage_service => false,
- enabled => false,
- }
- include ::cinder::glance
- include ::cinder::ceilometer
- class { '::cinder::setup_test_volume':
- size => join([hiera('cinder_lvm_loop_device_size'), 'M']),
- }
-
- $cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true)
- if $cinder_enable_iscsi {
- $cinder_iscsi_backend = 'tripleo_iscsi'
-
- cinder::backend::iscsi { $cinder_iscsi_backend :
- iscsi_ip_address => hiera('cinder_iscsi_ip_address'),
- iscsi_helper => hiera('cinder_iscsi_helper'),
- }
- }
-
- if $enable_ceph {
-
- $ceph_pools = hiera('ceph_pools')
- ceph::pool { $ceph_pools :
- pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'),
- pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'),
- size => hiera('ceph::profile::params::osd_pool_default_size'),
- }
-
- $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]]
-
- } else {
- $cinder_pool_requires = []
- }
-
- if hiera('cinder_enable_rbd_backend', false) {
- $cinder_rbd_backend = 'tripleo_ceph'
-
- cinder::backend::rbd { $cinder_rbd_backend :
- backend_host => hiera('cinder::host'),
- rbd_pool => hiera('cinder_rbd_pool_name'),
- rbd_user => hiera('ceph_client_user_name'),
- rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
- require => $cinder_pool_requires,
- }
- }
-
- if hiera('cinder_enable_eqlx_backend', false) {
- $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name')
-
- cinder::backend::eqlx { $cinder_eqlx_backend :
- volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef),
- san_ip => hiera('cinder::backend::eqlx::san_ip', undef),
- san_login => hiera('cinder::backend::eqlx::san_login', undef),
- san_password => hiera('cinder::backend::eqlx::san_password', undef),
- san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef),
- eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef),
- eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef),
- eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef),
- eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef),
- eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef),
- }
- }
-
- if hiera('cinder_enable_dellsc_backend', false) {
- $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name')
-
- cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend :
- volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef),
- san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef),
- san_login => hiera('cinder::backend::dellsc_iscsi::san_login', undef),
- san_password => hiera('cinder::backend::dellsc_iscsi::san_password', undef),
- dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef),
- iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef),
- iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef),
- dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef),
- dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef),
- dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef),
- }
- }
-
- if hiera('cinder_enable_netapp_backend', false) {
- $cinder_netapp_backend = hiera('cinder::backend::netapp::title')
-
- if hiera('cinder::backend::netapp::nfs_shares', undef) {
- $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',')
- }
-
- cinder::backend::netapp { $cinder_netapp_backend :
- netapp_login => hiera('cinder::backend::netapp::netapp_login', undef),
- netapp_password => hiera('cinder::backend::netapp::netapp_password', undef),
- netapp_server_hostname => hiera('cinder::backend::netapp::netapp_server_hostname', undef),
- netapp_server_port => hiera('cinder::backend::netapp::netapp_server_port', undef),
- netapp_size_multiplier => hiera('cinder::backend::netapp::netapp_size_multiplier', undef),
- netapp_storage_family => hiera('cinder::backend::netapp::netapp_storage_family', undef),
- netapp_storage_protocol => hiera('cinder::backend::netapp::netapp_storage_protocol', undef),
- netapp_transport_type => hiera('cinder::backend::netapp::netapp_transport_type', undef),
- netapp_vfiler => hiera('cinder::backend::netapp::netapp_vfiler', undef),
- netapp_volume_list => hiera('cinder::backend::netapp::netapp_volume_list', undef),
- netapp_vserver => hiera('cinder::backend::netapp::netapp_vserver', undef),
- netapp_partner_backend_name => hiera('cinder::backend::netapp::netapp_partner_backend_name', undef),
- nfs_shares => $cinder_netapp_nfs_shares,
- nfs_shares_config => hiera('cinder::backend::netapp::nfs_shares_config', undef),
- netapp_copyoffload_tool_path => hiera('cinder::backend::netapp::netapp_copyoffload_tool_path', undef),
- netapp_controller_ips => hiera('cinder::backend::netapp::netapp_controller_ips', undef),
- netapp_sa_password => hiera('cinder::backend::netapp::netapp_sa_password', undef),
- netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef),
- netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef),
- netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef),
- }
- }
-
- if hiera('cinder_enable_nfs_backend', false) {
- $cinder_nfs_backend = 'tripleo_nfs'
-
- if str2bool($::selinux) {
- selboolean { 'virt_use_nfs':
- value => on,
- persistent => true,
- } -> Package['nfs-utils']
- }
-
- package { 'nfs-utils': } ->
- cinder::backend::nfs { $cinder_nfs_backend:
- nfs_servers => hiera('cinder_nfs_servers'),
- nfs_mount_options => hiera('cinder_nfs_mount_options',''),
- nfs_shares_config => '/etc/cinder/shares-nfs.conf',
- }
- }
-
- $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend])
- class { '::cinder::backends' :
- enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
- }
-
- class { '::sahara':
- sync_db => $sync_db,
- }
- class { '::sahara::service::api':
- manage_service => false,
- enabled => false,
- }
- class { '::sahara::service::engine':
- manage_service => false,
- enabled => false,
- }
-
- # swift storage
- if str2bool(hiera('enable_swift_storage', true)) {
- class {'::swift::storage::all':
- mount_check => str2bool(hiera('swift_mount_check')),
- }
- class {'::swift::storage::account':
- manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
- }
- class {'::swift::storage::container':
- manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
- }
- class {'::swift::storage::object':
- manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
- }
- if(!defined(File['/srv/node'])) {
- file { '/srv/node':
- ensure => directory,
- owner => 'swift',
- group => 'swift',
- require => Package['openstack-swift'],
- }
- }
- $swift_components = ['account', 'container', 'object']
- swift::storage::filter::recon { $swift_components : }
- swift::storage::filter::healthcheck { $swift_components : }
- }
-
- # Ceilometer
- case downcase(hiera('ceilometer_backend')) {
- /mysql/: {
- $ceilometer_database_connection = hiera('ceilometer_mysql_conn_string')
- }
- default: {
- $mongo_node_string = join($mongo_node_ips_with_port, ',')
- $ceilometer_database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}"
- }
- }
- include ::ceilometer
- include ::ceilometer::config
- class { '::ceilometer::api' :
- manage_service => false,
- enabled => false,
- }
- class { '::ceilometer::agent::notification' :
- manage_service => false,
- enabled => false,
- }
- class { '::ceilometer::agent::central' :
- manage_service => false,
- enabled => false,
- }
- class { '::ceilometer::collector' :
- manage_service => false,
- enabled => false,
- }
- include ::ceilometer::expirer
- class { '::ceilometer::db' :
- database_connection => $ceilometer_database_connection,
- sync_db => $sync_db,
- }
- include ::ceilometer::agent::auth
- include ::ceilometer::dispatcher::gnocchi
-
- Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
-
- # httpd/apache and horizon
- # NOTE(gfidente): server-status can be consumed by the pacemaker resource agent
- class { '::apache' :
- service_enable => false,
- # service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
- }
- include ::apache::mod::remoteip
- include ::apache::mod::status
- if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- $_profile_support = 'cisco'
- } else {
- $_profile_support = 'None'
- }
- $neutron_options = {'profile_support' => $_profile_support }
-
- $memcached_ipv6 = hiera('memcached_ipv6', false)
- if $memcached_ipv6 {
- $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]')
- } else {
- $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1')
- }
-
- class { '::horizon':
- cache_server_ip => $horizon_memcached_servers,
- neutron_options => $neutron_options,
- }
-
- # Aodh
- class { '::aodh' :
- database_connection => $ceilometer_database_connection,
- }
- include ::aodh::config
- include ::aodh::auth
- include ::aodh::client
- include ::aodh::wsgi::apache
- class { '::aodh::api':
- manage_service => false,
- enabled => false,
- service_name => 'httpd',
- }
- class { '::aodh::evaluator':
- manage_service => false,
- enabled => false,
- }
- class { '::aodh::notifier':
- manage_service => false,
- enabled => false,
- }
- class { '::aodh::listener':
- manage_service => false,
- enabled => false,
- }
-
- # Gnocchi
- $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string')
- include ::gnocchi::client
- if $sync_db {
- include ::gnocchi::db::sync
- }
- include ::gnocchi::storage
- $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift'))
- case $gnocchi_backend {
- 'swift': { include ::gnocchi::storage::swift }
- 'file': { include ::gnocchi::storage::file }
- 'rbd': { include ::gnocchi::storage::ceph }
- default: { fail('Unrecognized gnocchi_backend parameter.') }
- }
- class { '::gnocchi':
- database_connection => $gnocchi_database_connection,
- }
- class { '::gnocchi::api' :
- manage_service => false,
- enabled => false,
- service_name => 'httpd',
- }
- class { '::gnocchi::wsgi::apache' :
- ssl => false,
- }
- class { '::gnocchi::metricd' :
- manage_service => false,
- enabled => false,
- }
- class { '::gnocchi::statsd' :
- manage_service => false,
- enabled => false,
- }
-
- $snmpd_user = hiera('snmpd_readonly_user_name')
- snmp::snmpv3_user { $snmpd_user:
- authtype => 'MD5',
- authpass => hiera('snmpd_readonly_user_password'),
- }
- class { '::snmp':
- agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
- }
-
- hiera_include('controller_classes')
-
-} #END STEP 4
-
-if hiera('step') >= 5 {
- # We now make sure that the root db password is set to a random one
- # At first installation /root/.my.cnf will be empty and we connect without a root
- # password. On second runs or updates /root/.my.cnf will already be populated
- # with proper credentials. This step happens on every node because this sql
- # statement does not automatically replicate across nodes.
- exec { 'galera-set-root-password':
- command => "/bin/touch /root/.my.cnf && /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; flush privileges;\" | /bin/mysql --defaults-extra-file=/root/.my.cnf -u root",
- }
- file { '/root/.my.cnf' :
- ensure => file,
- mode => '0600',
- owner => 'root',
- group => 'root',
- content => "[client]
-user=root
-password=\"${mysql_root_password}\"
-
-[mysql]
-user=root
-password=\"${mysql_root_password}\"",
- require => Exec['galera-set-root-password'],
- }
-
- $nova_enable_db_purge = hiera('nova_enable_db_purge', true)
- $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
-
- if $nova_enable_db_purge {
- include ::nova::cron::archive_deleted_rows
- }
- if $cinder_enable_db_purge {
- include ::cinder::cron::db_purge
- }
-
- if $pacemaker_master {
-
- pacemaker::constraint::base { 'openstack-core-then-httpd-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::apache::params::service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::apache::params::service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'galera-then-openstack-core-constraint':
- constraint_type => 'order',
- first_resource => 'galera-master',
- second_resource => 'openstack-core-clone',
- first_action => 'promote',
- second_action => 'start',
- require => [Pacemaker::Resource::Ocf['galera'],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
-
- # Cinder
- pacemaker::resource::service { $::cinder::params::api_service :
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core'],
- }
- pacemaker::resource::service { $::cinder::params::scheduler_service :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::cinder::params::volume_service : }
-
- pacemaker::constraint::base { 'keystone-then-cinder-api-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::cinder::params::api_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Ocf['openstack-core'],
- Pacemaker::Resource::Service[$::cinder::params::api_service]],
- }
- pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint':
- constraint_type => 'order',
- first_resource => "${::cinder::params::api_service}-clone",
- second_resource => "${::cinder::params::scheduler_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::cinder::params::api_service],
- Pacemaker::Resource::Service[$::cinder::params::scheduler_service]],
- }
- pacemaker::constraint::colocation { 'cinder-scheduler-with-cinder-api-colocation':
- source => "${::cinder::params::scheduler_service}-clone",
- target => "${::cinder::params::api_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::cinder::params::api_service],
- Pacemaker::Resource::Service[$::cinder::params::scheduler_service]],
- }
- pacemaker::constraint::base { 'cinder-scheduler-then-cinder-volume-constraint':
- constraint_type => 'order',
- first_resource => "${::cinder::params::scheduler_service}-clone",
- second_resource => $::cinder::params::volume_service,
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service],
- Pacemaker::Resource::Service[$::cinder::params::volume_service]],
- }
- pacemaker::constraint::colocation { 'cinder-volume-with-cinder-scheduler-colocation':
- source => $::cinder::params::volume_service,
- target => "${::cinder::params::scheduler_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service],
- Pacemaker::Resource::Service[$::cinder::params::volume_service]],
- }
-
- # Sahara
- pacemaker::resource::service { $::sahara::params::api_service_name :
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core'],
- }
- pacemaker::resource::service { $::sahara::params::engine_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::constraint::base { 'keystone-then-sahara-api-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::sahara::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint':
- constraint_type => 'order',
- first_resource => "${::sahara::params::api_service_name}-clone",
- second_resource => "${::sahara::params::engine_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
- Pacemaker::Resource::Service[$::sahara::params::engine_service_name]],
- }
-
- if hiera('neutron::enable_ovs_agent', true) {
- pacemaker::resource::service { $::neutron::params::ovs_agent_service:
- clone_params => 'interleave=true',
- }
- }
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
- pacemaker::resource::service {'tomcat':
- clone_params => 'interleave=true',
- }
- }
- if hiera('neutron::enable_ovs_agent', true) {
- pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service:
- ocf_agent_name => 'neutron:OVSCleanup',
- clone_params => 'interleave=true',
- }
- pacemaker::resource::ocf { 'neutron-netns-cleanup':
- ocf_agent_name => 'neutron:NetnsCleanup',
- clone_params => 'interleave=true',
- }
-
- # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent
- pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::ovs_cleanup_service}-clone",
- second_resource => 'neutron-netns-cleanup-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service],
- Pacemaker::Resource::Ocf['neutron-netns-cleanup']],
- }
- pacemaker::constraint::colocation { 'neutron-ovs-cleanup-to-netns-cleanup-colocation':
- source => 'neutron-netns-cleanup-clone',
- target => "${::neutron::params::ovs_cleanup_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service],
- Pacemaker::Resource::Ocf['neutron-netns-cleanup']],
- }
- pacemaker::constraint::base { 'neutron-netns-cleanup-to-openvswitch-agent-constraint':
- constraint_type => 'order',
- first_resource => 'neutron-netns-cleanup-clone',
- second_resource => "${::neutron::params::ovs_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'],
- Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
- }
- pacemaker::constraint::colocation { 'neutron-netns-cleanup-to-openvswitch-agent-colocation':
- source => "${::neutron::params::ovs_agent_service}-clone",
- target => 'neutron-netns-cleanup-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'],
- Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
- }
- }
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
- #midonet-chain chain keystone-->neutron-server-->dhcp-->metadata->tomcat
- pacemaker::constraint::base { 'neutron-server-to-dhcp-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::server_service}-clone",
- second_resource => "${::neutron::params::dhcp_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
- Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
- }
- pacemaker::constraint::base { 'neutron-dhcp-agent-to-metadata-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::dhcp_agent_service}-clone",
- second_resource => "${::neutron::params::metadata_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]],
- }
- pacemaker::constraint::base { 'neutron-metadata-agent-to-tomcat-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::metadata_agent_service}-clone",
- second_resource => 'tomcat-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service],
- Pacemaker::Resource::Service['tomcat']],
- }
- pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-metadata-agent-colocation':
- source => "${::neutron::params::metadata_agent_service}-clone",
- target => "${::neutron::params::dhcp_agent_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]],
- }
- }
-
- # Nova
- pacemaker::resource::service { $::nova::params::api_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::nova::params::conductor_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::nova::params::consoleauth_service_name :
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core'],
- }
- pacemaker::resource::service { $::nova::params::vncproxy_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::nova::params::scheduler_service_name :
- clone_params => 'interleave=true',
- }
-
- pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::nova::params::consoleauth_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint':
- constraint_type => 'order',
- first_resource => "${::nova::params::consoleauth_service_name}-clone",
- second_resource => "${::nova::params::vncproxy_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]],
- }
- pacemaker::constraint::colocation { 'nova-vncproxy-with-nova-consoleauth-colocation':
- source => "${::nova::params::vncproxy_service_name}-clone",
- target => "${::nova::params::consoleauth_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]],
- }
- pacemaker::constraint::base { 'nova-vncproxy-then-nova-api-constraint':
- constraint_type => 'order',
- first_resource => "${::nova::params::vncproxy_service_name}-clone",
- second_resource => "${::nova::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name],
- Pacemaker::Resource::Service[$::nova::params::api_service_name]],
- }
- pacemaker::constraint::colocation { 'nova-api-with-nova-vncproxy-colocation':
- source => "${::nova::params::api_service_name}-clone",
- target => "${::nova::params::vncproxy_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name],
- Pacemaker::Resource::Service[$::nova::params::api_service_name]],
- }
- pacemaker::constraint::base { 'nova-api-then-nova-scheduler-constraint':
- constraint_type => 'order',
- first_resource => "${::nova::params::api_service_name}-clone",
- second_resource => "${::nova::params::scheduler_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::nova::params::api_service_name],
- Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]],
- }
- pacemaker::constraint::colocation { 'nova-scheduler-with-nova-api-colocation':
- source => "${::nova::params::scheduler_service_name}-clone",
- target => "${::nova::params::api_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::nova::params::api_service_name],
- Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]],
- }
- pacemaker::constraint::base { 'nova-scheduler-then-nova-conductor-constraint':
- constraint_type => 'order',
- first_resource => "${::nova::params::scheduler_service_name}-clone",
- second_resource => "${::nova::params::conductor_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name],
- Pacemaker::Resource::Service[$::nova::params::conductor_service_name]],
- }
- pacemaker::constraint::colocation { 'nova-conductor-with-nova-scheduler-colocation':
- source => "${::nova::params::conductor_service_name}-clone",
- target => "${::nova::params::scheduler_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name],
- Pacemaker::Resource::Service[$::nova::params::conductor_service_name]],
- }
-
- # Ceilometer and Aodh
- case downcase(hiera('ceilometer_backend')) {
- /mysql/: {
- pacemaker::resource::service { $::ceilometer::params::agent_central_service_name:
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core'],
- }
- }
- default: {
- pacemaker::resource::service { $::ceilometer::params::agent_central_service_name:
- clone_params => 'interleave=true',
- require => [Pacemaker::Resource::Ocf['openstack-core'],
- Pacemaker::Resource::Service[$::mongodb::params::service_name]],
- }
- }
- }
- pacemaker::resource::service { $::ceilometer::params::collector_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::ceilometer::params::api_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::ceilometer::params::agent_notification_service_name :
- clone_params => 'interleave=true',
- }
- # Fedora doesn't know `require-all` parameter for constraints yet
- if $::operatingsystem == 'Fedora' {
- $redis_ceilometer_constraint_params = undef
- $redis_aodh_constraint_params = undef
- } else {
- $redis_ceilometer_constraint_params = 'require-all=false'
- $redis_aodh_constraint_params = 'require-all=false'
- }
- pacemaker::constraint::base { 'redis-then-ceilometer-central-constraint':
- constraint_type => 'order',
- first_resource => 'redis-master',
- second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
- first_action => 'promote',
- second_action => 'start',
- constraint_params => $redis_ceilometer_constraint_params,
- require => [Pacemaker::Resource::Ocf['redis'],
- Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name]],
- }
- pacemaker::constraint::base { 'redis-then-aodh-evaluator-constraint':
- constraint_type => 'order',
- first_resource => 'redis-master',
- second_resource => "${::aodh::params::evaluator_service_name}-clone",
- first_action => 'promote',
- second_action => 'start',
- constraint_params => $redis_aodh_constraint_params,
- require => [Pacemaker::Resource::Ocf['redis'],
- Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name]],
- }
- pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::ceilometer::params::agent_notification_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint':
- constraint_type => 'order',
- first_resource => "${::ceilometer::params::agent_central_service_name}-clone",
- second_resource => "${::ceilometer::params::collector_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]],
- }
- pacemaker::constraint::base { 'ceilometer-collector-then-ceilometer-api-constraint':
- constraint_type => 'order',
- first_resource => "${::ceilometer::params::collector_service_name}-clone",
- second_resource => "${::ceilometer::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name],
- Pacemaker::Resource::Service[$::ceilometer::params::api_service_name]],
- }
- pacemaker::constraint::colocation { 'ceilometer-api-with-ceilometer-collector-colocation':
- source => "${::ceilometer::params::api_service_name}-clone",
- target => "${::ceilometer::params::collector_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name],
- Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]],
- }
- # Aodh
- pacemaker::resource::service { $::aodh::params::evaluator_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::aodh::params::notifier_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::aodh::params::listener_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint':
- constraint_type => 'order',
- first_resource => "${::aodh::params::evaluator_service_name}-clone",
- second_resource => "${::aodh::params::notifier_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]],
- }
- pacemaker::constraint::colocation { 'aodh-notifier-with-aodh-evaluator-colocation':
- source => "${::aodh::params::notifier_service_name}-clone",
- target => "${::aodh::params::evaluator_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]],
- }
- pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint':
- constraint_type => 'order',
- first_resource => "${::aodh::params::evaluator_service_name}-clone",
- second_resource => "${::aodh::params::listener_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
- }
- pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation':
- source => "${::aodh::params::listener_service_name}-clone",
- target => "${::aodh::params::evaluator_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
- }
- if downcase(hiera('ceilometer_backend')) == 'mongodb' {
- pacemaker::constraint::base { 'mongodb-then-ceilometer-central-constraint':
- constraint_type => 'order',
- first_resource => "${::mongodb::params::service_name}-clone",
- second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Service[$::mongodb::params::service_name]],
- }
- }
-
- # gnocchi
- pacemaker::resource::service { $::gnocchi::params::metricd_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::gnocchi::params::statsd_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::constraint::base { 'gnocchi-metricd-then-gnocchi-statsd-constraint':
- constraint_type => 'order',
- first_resource => "${::gnocchi::params::metricd_service_name}-clone",
- second_resource => "${::gnocchi::params::statsd_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name],
- Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]],
- }
- pacemaker::constraint::colocation { 'gnocchi-statsd-with-metricd-colocation':
- source => "${::gnocchi::params::statsd_service_name}-clone",
- target => "${::gnocchi::params::metricd_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name],
- Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]],
- }
-
- # Horizon and Keystone
- pacemaker::resource::service { $::apache::params::service_name:
- clone_params => 'interleave=true',
- verify_on_create => true,
- require => [File['/etc/keystone/ssl/certs/ca.pem'],
- File['/etc/keystone/ssl/private/signing_key.pem'],
- File['/etc/keystone/ssl/certs/signing_cert.pem']],
- }
-
- #VSM
- if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- pacemaker::resource::ocf { 'vsm-p' :
- ocf_agent_name => 'heartbeat:VirtualDomain',
- resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml',
- require => Class['n1k_vsm'],
- meta_params => 'resource-stickiness=INFINITY',
- }
- if str2bool(hiera('n1k_vsm::pacemaker_control', true)) {
- pacemaker::resource::ocf { 'vsm-s' :
- ocf_agent_name => 'heartbeat:VirtualDomain',
- resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml',
- require => Class['n1k_vsm'],
- meta_params => 'resource-stickiness=INFINITY',
- }
- pacemaker::constraint::colocation { 'vsm-colocation-contraint':
- source => 'vsm-p',
- target => 'vsm-s',
- score => '-INFINITY',
- require => [Pacemaker::Resource::Ocf['vsm-p'],
- Pacemaker::Resource::Ocf['vsm-s']],
- }
- }
- }
-
- }
-
-} #END STEP 5
-
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')])
package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
index 3585c993..414a06ba 100644
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -13,49 +13,9 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
-if hiera('step') >= 1 {
- create_resources(kmod::load, hiera('kernel_modules'), {})
- create_resources(sysctl::value, hiera('sysctl_settings'), {})
- Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
-
- include ::timezone
-
- if count(hiera('ntp::servers')) > 0 {
- include ::ntp
- }
-}
-
if hiera('step') >= 4 {
- class { '::swift::storage::all':
- mount_check => str2bool(hiera('swift_mount_check')),
- }
- if(!defined(File['/srv/node'])) {
- file { '/srv/node':
- ensure => directory,
- owner => 'swift',
- group => 'swift',
- require => Package['openstack-swift'],
- }
- }
-
- $swift_components = ['account', 'container', 'object']
- swift::storage::filter::recon { $swift_components : }
- swift::storage::filter::healthcheck { $swift_components : }
-
- $snmpd_user = hiera('snmpd_readonly_user_name')
- snmp::snmpv3_user { $snmpd_user:
- authtype => 'MD5',
- authpass => hiera('snmpd_readonly_user_password'),
- }
- class { '::snmp':
- agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
- }
-
- hiera_include('object_classes')
+ hiera_include('object_classes', [])
}
-package_manifest{'/var/lib/tripleo/installed-packages/overcloud_object': ensure => present}
+$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_object', hiera('step')])
+package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp
index 134dc43b..e1cdadd5 100644
--- a/puppet/manifests/overcloud_volume.pp
+++ b/puppet/manifests/overcloud_volume.pp
@@ -13,49 +13,9 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-include ::tripleo::firewall
-
-create_resources(kmod::load, hiera('kernel_modules'), {})
-create_resources(sysctl::value, hiera('sysctl_settings'), {})
-Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
-
-if count(hiera('ntp::servers')) > 0 {
- include ::ntp
-}
-
-include ::timezone
-
-include ::cinder
-include ::cinder::config
-include ::cinder::glance
-include ::cinder::volume
-include ::cinder::setup_test_volume
-
-$cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true)
-if $cinder_enable_iscsi {
- $cinder_iscsi_backend = 'tripleo_iscsi'
-
- cinder::backend::iscsi { $cinder_iscsi_backend :
- iscsi_ip_address => hiera('cinder_iscsi_ip_address'),
- iscsi_helper => hiera('cinder_iscsi_helper'),
- }
-}
-
-$cinder_enabled_backends = any2array($cinder_iscsi_backend)
-class { '::cinder::backends' :
- enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
-}
-
-$snmpd_user = hiera('snmpd_readonly_user_name')
-snmp::snmpv3_user { $snmpd_user:
- authtype => 'MD5',
- authpass => hiera('snmpd_readonly_user_password'),
-}
-class { '::snmp':
- agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+if hiera('step') >= 4 {
+ hiera_include('volume_classes', [])
}
-hiera_include('volume_classes')
-package_manifest{'/var/lib/tripleo/installed-packages/overcloud_volume': ensure => present}
+$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_volume', hiera('step')])
+package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp
deleted file mode 100644
index 2411ff84..00000000
--- a/puppet/manifests/ringbuilder.pp
+++ /dev/null
@@ -1,99 +0,0 @@
-# Copyright 2015 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-define add_devices(
- $swift_zones = '1'
-){
-
- # NOTE(dprince): Swift zones is not yet properly wired into the Heat
- # templates. See: https://review.openstack.org/#/c/97758/3
- # For now our regex supports the r1z1-192.0.2.6:%PORT%/d1 syntax or the
- # newer r1z%<controller or SwiftStorage><N>%-192.0.2.6:%PORT%/d1 syntax.
- $server_num_or_device = regsubst($name,'^r1z%+[A-Za-z]*([0-9]+)%+-(.*)$','\1')
- if (is_integer($server_num_or_device)) {
- $server_num = $server_num_or_device
- } else {
- $server_num = '1'
- }
- # Function to place server in its zone. Zone is calculated by
- # server number in heat template modulo the number of zones + 1.
- $zone = (($server_num%$swift_zones) + 1)
-
- # add the rings
- $base = regsubst($name,'^r1.*-(.*)$','\1')
- $object = regsubst($base, '%PORT%', '6000')
- ring_object_device { $object:
- zone => '1',
- weight => 100,
- }
- $container = regsubst($base, '%PORT%', '6001')
- ring_container_device { $container:
- zone => '1',
- weight => 100,
- }
- $account = regsubst($base, '%PORT%', '6002')
- ring_account_device { $account:
- zone => '1',
- weight => 100,
- }
-}
-
-class tripleo::ringbuilder (
- $swift_zones = '1',
- $devices = '',
- $build_ring = true,
- $part_power,
- $replicas,
- $min_part_hours,
-) {
-
- validate_bool($build_ring)
-
- if $build_ring {
-
- $device_array = strip(split(rstrip($devices), ','))
-
- # create local rings
- swift::ringbuilder::create{ ['object', 'account', 'container']:
- part_power => $part_power,
- replicas => min(count($device_array), $replicas),
- min_part_hours => $min_part_hours,
- } ->
-
- # add all other devices
- add_devices {$device_array:
- swift_zones => $swift_zones,
- } ->
-
- # rebalance
- swift::ringbuilder::rebalance{ ['object', 'account', 'container']:
- seed => 999,
- }
-
- Ring_object_device<| |> ~> Exec['rebalance_object']
- Ring_object_device<| |> ~> Exec['rebalance_account']
- Ring_object_device<| |> ~> Exec['rebalance_container']
-
- }
-}
-
-if hiera('step') >= 2 {
- # pre-install swift here so we can build rings
- include ::swift
-}
-
-if hiera('step') >= 3 {
- include ::tripleo::ringbuilder
-}
diff --git a/puppet/objectstorage-config.yaml b/puppet/objectstorage-config.yaml
new file mode 100644
index 00000000..33480544
--- /dev/null
+++ b/puppet/objectstorage-config.yaml
@@ -0,0 +1,41 @@
+heat_template_version: 2015-04-30
+
+description: >
+ A software config which runs manifests/overcloud_object.pp
+
+parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
+
+resources:
+
+ ObjectStoragePuppetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
+ enable_hiera: True
+ enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ inputs:
+ - name: step
+ type: Number
+ outputs:
+ - name: result
+ config:
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_object.pp
+ - {get_param: StepConfig}
+
+outputs:
+ OS::stack_id:
+ description: The software config which runs overcloud_controller.pp
+ value: {get_resource: ObjectStoragePuppetConfigImpl}
diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml
new file mode 100644
index 00000000..65c96ac2
--- /dev/null
+++ b/puppet/post.j2.yaml
@@ -0,0 +1,139 @@
+heat_template_version: 2016-10-14
+
+description: >
+ Post-deploy configuration steps via puppet for all roles,
+ as defined in ../roles_data.yaml
+
+parameters:
+ servers:
+ type: json
+ description: Mapping of Role name e.g Controller to a list of servers
+
+ role_data:
+ type: json
+ description: Mapping of Role name e.g Controller to the per-role data
+
+ DeployIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting this to a unique value will re-run any deployment tasks which
+ perform configuration on a Heat stack-update.
+
+resources:
+
+{% for role in roles %}
+ # Post deployment steps for all roles
+ # A single config is re-applied with an incrementing step number
+ # {{role.name}} Role steps
+ {{role.name}}ArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ {{role.name}}ArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}ArtifactsConfig}
+
+ {{role.name}}PreConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PreConfig
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ {{role.name}}Config:
+ type: OS::TripleO::{{role.name}}Config
+ properties:
+ StepConfig: {get_param: [role_data, {{role.name}}, step_config]}
+
+ # Step through a series of configuration steps
+ {{role.name}}Deployment_Step1:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
+ properties:
+ name: {{role.name}}Deployment_Step1
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}Config}
+ input_values:
+ step: 1
+ update_identifier: {get_param: DeployIdentifier}
+
+ {{role.name}}Deployment_Step2:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step1
+ {% endfor %}
+ properties:
+ name: {{role.name}}Deployment_Step2
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}Config}
+ input_values:
+ step: 2
+ update_identifier: {get_param: DeployIdentifier}
+
+ {{role.name}}Deployment_Step3:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step2
+ {% endfor %}
+ properties:
+ name: {{role.name}}Deployment_Step3
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}Config}
+ input_values:
+ step: 3
+ update_identifier: {get_param: DeployIdentifier}
+
+ {{role.name}}Deployment_Step4:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step3
+ {% endfor %}
+ properties:
+ name: {{role.name}}Deployment_Step4
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}Config}
+ input_values:
+ step: 4
+ update_identifier: {get_param: DeployIdentifier}
+
+ {{role.name}}Deployment_Step5:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step4
+ {% endfor %}
+ properties:
+ name: {{role.name}}Deployment_Step5
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}Config}
+ input_values:
+ step: 5
+ update_identifier: {get_param: DeployIdentifier}
+
+ {{role.name}}PostConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PostConfig
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step5
+ {% endfor %}
+ properties:
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ # Note, this should come last, so use depends_on to ensure
+ # this is created after any other resources.
+ {{role.name}}ExtraConfigPost:
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}PostConfig
+ {% endfor %}
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+{% endfor %}
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index 15c8c1f1..8fe51fa3 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -31,6 +31,8 @@ are re-asserted when applying latter ones.
* config_settings: Custom hiera settings for this service.
+ * global_config_settings: Additional hiera settings distributed to all roles.
+
* step_config: A puppet manifest that is used to step through the deployment
sequence. Each sequence is given a "step" (via hiera('step') that provides
information for when puppet classes should activate themselves.
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
new file mode 100644
index 00000000..f4f5bad8
--- /dev/null
+++ b/puppet/services/aodh-api.yaml
@@ -0,0 +1,80 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Aodh API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionAodhApi:
+ default: 'overcloud-ceilometer-aodh-api'
+ type: string
+ EnableCombinationAlarms:
+ default: false
+ description: Combination alarms are deprecated in Newton, hence disabled
+ by default. To enable, set this parameter to true.
+ type: boolean
+
+resources:
+ AodhBase:
+ type: ./aodh-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh API service.
+ value:
+ service_name: aodh_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi}
+ config_settings:
+ map_merge:
+ - get_attr: [AodhBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - aodh::wsgi::apache::ssl: false
+ aodh::wsgi::apache::servername:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
+ aodh::api::service_name: 'httpd'
+ tripleo.aodh_api.firewall_rules:
+ '128 aodh-api':
+ dport:
+ - 8042
+ - 13042
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]}
+ aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
+ tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
+ service_config_settings:
+ get_attr: [AodhBase, role_data, service_config_settings]
+ step_config: |
+ include tripleo::profile::base::aodh::api
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
new file mode 100644
index 00000000..950e9026
--- /dev/null
+++ b/puppet/services/aodh-base.yaml
@@ -0,0 +1,107 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Aodh service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ AodhPassword:
+ description: The password for the aodh services.
+ type: string
+ hidden: true
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+outputs:
+ role_data:
+ description: Role data for the Aodh role.
+ value:
+ service_name: aodh_base
+ config_settings:
+ aodh::evaluator::coordination_url:
+ list_join:
+ - ''
+ - - 'redis://:'
+ - {get_param: RedisPassword}
+ - '@'
+ - "%{hiera('redis_vip')}"
+ - ':6379/'
+ aodh::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://aodh:'
+ - {get_param: AodhPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/aodh'
+ aodh::debug: {get_param: Debug}
+ aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ aodh::rabbit_userid: {get_param: RabbitUserName}
+ aodh::rabbit_password: {get_param: RabbitPassword}
+ aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ aodh::rabbit_port: {get_param: RabbitClientPort}
+ aodh::keystone::authtoken::project_name: 'service'
+ aodh::keystone::authtoken::password: {get_param: AodhPassword}
+ aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ aodh::auth::auth_password: {get_param: AodhPassword}
+ aodh::auth::auth_region: 'regionOne'
+ aodh::auth::auth_tenant_name: 'service'
+ service_config_settings:
+ keystone:
+ aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
+ aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
+ aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
+ aodh::keystone::auth::password: {get_param: AodhPassword}
+ aodh::keystone::auth::region: {get_param: KeystoneRegion}
+ aodh::keystone::auth::tenant: 'service'
+ mysql:
+ aodh::db::mysql::user: aodh
+ aodh::db::mysql::password: {get_param: AodhPassword}
+ aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ aodh::db::mysql::dbname: aodh
+ aodh::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml
new file mode 100644
index 00000000..405c500e
--- /dev/null
+++ b/puppet/services/aodh-evaluator.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Aodh Evaluator service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionAodhEvaluator:
+ default: 'overcloud-ceilometer-aodh-evaluator'
+ type: string
+
+resources:
+ AodhBase:
+ type: ./aodh-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh Evaluator service.
+ value:
+ service_name: aodh_evaluator
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhEvaluator}
+ config_settings:
+ get_attr: [AodhBase, role_data, config_settings]
+ step_config: |
+ include tripleo::profile::base::aodh::evaluator
diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml
new file mode 100644
index 00000000..fc4e8b39
--- /dev/null
+++ b/puppet/services/aodh-listener.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Aodh Listener service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionAodhListener:
+ default: 'overcloud-ceilometer-aodh-listener'
+ type: string
+
+resources:
+ AodhBase:
+ type: ./aodh-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh Listener service.
+ value:
+ service_name: aodh_listener
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhListener}
+ config_settings:
+ get_attr: [AodhBase, role_data, config_settings]
+ step_config: |
+ include tripleo::profile::base::aodh::listener
diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml
new file mode 100644
index 00000000..2e51c639
--- /dev/null
+++ b/puppet/services/aodh-notifier.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Aodh Notifier service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionAodhNotifier:
+ default: 'overcloud-ceilometer-aodh-notifier'
+ type: string
+
+resources:
+ AodhBase:
+ type: ./aodh-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Aodh Notifier service.
+ value:
+ service_name: aodh_notifier
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhNotifier}
+ config_settings:
+ get_attr: [AodhBase, role_data, config_settings]
+ step_config: |
+ include tripleo::profile::base::aodh::notifier
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
new file mode 100644
index 00000000..c9792019
--- /dev/null
+++ b/puppet/services/apache.yaml
@@ -0,0 +1,52 @@
+heat_template_version: 2016-10-14
+
+description: >
+ Apache service configured with Puppet. Note this is typically included
+ automatically via other services which run via Apache.
+
+parameters:
+ ApacheMaxRequestWorkers:
+ default: 256
+ description: Maximum number of simultaneously processed requests.
+ type: number
+ ApacheServerLimit:
+ default: 256
+ description: Maximum number of Apache processes.
+ type: number
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Apache role.
+ value:
+ service_name: apache
+ config_settings:
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::server_signature: 'Off'
+ apache::server_tokens: 'Prod'
+ apache_remote_proxy_ips_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
+ apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
+ apache::mod::remoteip::proxy_ips:
+ - "%{hiera('apache_remote_proxy_ips_network')}"
diff --git a/puppet/services/ca-certs.yaml b/puppet/services/ca-certs.yaml
new file mode 100644
index 00000000..1a534156
--- /dev/null
+++ b/puppet/services/ca-certs.yaml
@@ -0,0 +1,35 @@
+heat_template_version: 2016-04-08
+
+description: >
+ HAproxy service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CAMap:
+ description: >
+ Map containing the CA certs and information needed for deploying them.
+ default: {}
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for injecting CA certificates.
+ value:
+ service_name: ca_certs
+ config_settings:
+ tripleo::trusted_cas::ca_map: {get_param: CAMap}
+ step_config: |
+ include ::tripleo::trusted_cas
diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml
new file mode 100644
index 00000000..2ae46d0e
--- /dev/null
+++ b/puppet/services/ceilometer-agent-central.yaml
@@ -0,0 +1,63 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer Central Agent service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
+ MonitoringSubscriptionCeilometerCentral:
+ default: 'overcloud-ceilometer-agent-central'
+ type: string
+ CeilometerAgentCentralLoggingSource:
+ type: json
+ default:
+ tag: openstack.ceilometer.agent.central
+ path: /var/log/ceilometer/central.log
+
+resources:
+ CeilometerServiceBase:
+ type: ./ceilometer-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Central Agent role.
+ value:
+ service_name: ceilometer_agent_central
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral}
+ logging_source: {get_param: CeilometerAgentCentralLoggingSource}
+ logging_groups:
+ - ceilometer
+ config_settings:
+ map_merge:
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer::agent::central::coordination_url:
+ list_join:
+ - ''
+ - - 'redis://:'
+ - {get_param: RedisPassword}
+ - '@'
+ - "%{hiera('redis_vip')}"
+ - ':6379/'
+ step_config: |
+ include ::tripleo::profile::base::ceilometer::agent::central
diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml
new file mode 100644
index 00000000..5457539c
--- /dev/null
+++ b/puppet/services/ceilometer-agent-compute.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer Compute Agent service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCeilometerCompute:
+ default: 'overcloud-ceilometer-agent-compute'
+ type: string
+
+resources:
+ CeilometerServiceBase:
+ type: ./ceilometer-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Compute Agent role.
+ value:
+ service_name: ceilometer_agent_compute
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCompute}
+ config_settings:
+ get_attr: [CeilometerServiceBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::base::ceilometer::agent::compute
diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml
new file mode 100644
index 00000000..ea403aa1
--- /dev/null
+++ b/puppet/services/ceilometer-agent-notification.yaml
@@ -0,0 +1,51 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer Notification Agent service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCeilometerNotification:
+ default: 'overcloud-ceilometer-agent-notification'
+ type: string
+ CeilometerAgentNotificationLoggingSource:
+ type: json
+ default:
+ tag: openstack.ceilometer.agent.notification
+ path: /var/log/ceilometer/agent-notification.log
+
+
+resources:
+ CeilometerServiceBase:
+ type: ./ceilometer-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Notification Agent role.
+ value:
+ service_name: ceilometer_agent_notification
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification}
+ logging_source: {get_param: CeilometerAgentNotificationLoggingSource}
+ logging_groups:
+ - ceilometer
+ config_settings:
+ get_attr: [CeilometerServiceBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::base::ceilometer::agent::notification
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
new file mode 100644
index 00000000..ecea38b2
--- /dev/null
+++ b/puppet/services/ceilometer-api.yaml
@@ -0,0 +1,83 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCeilometerApi:
+ default: 'overcloud-ceilometer-api'
+ type: string
+ CeilometerApiLoggingSource:
+ type: json
+ default:
+ tag: openstack.ceilometer.api
+ path: /var/log/ceilometer/api.log
+
+
+resources:
+ CeilometerServiceBase:
+ type: ./ceilometer-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer API role.
+ value:
+ service_name: ceilometer_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi}
+ logging_source: {get_param: CeilometerApiLoggingSource}
+ logging_groups:
+ - ceilometer
+ config_settings:
+ map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - tripleo.ceilometer_api.firewall_rules:
+ '124 ceilometer':
+ dport:
+ - 8777
+ - 13777
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ - ceilometer::api::service_name: 'httpd'
+ ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+ ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+ ceilometer::wsgi::apache::ssl: false
+ ceilometer::wsgi::apache::servername:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+ service_config_settings:
+ get_attr: [CeilometerServiceBase, role_data, service_config_settings]
+ step_config: |
+ include ::tripleo::profile::base::ceilometer::api
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
new file mode 100644
index 00000000..4ace7526
--- /dev/null
+++ b/puppet/services/ceilometer-base.yaml
@@ -0,0 +1,132 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CeilometerBackend:
+ default: 'mongodb'
+ description: The ceilometer backend type.
+ type: string
+ CeilometerMeteringSecret:
+ description: Secret shared by the ceilometer services.
+ type: string
+ hidden: true
+ CeilometerPassword:
+ description: The password for the ceilometer service account.
+ type: string
+ hidden: true
+ CeilometerMeterDispatcher:
+ default: 'gnocchi'
+ description: Dispatcher to process meter data
+ type: string
+ constraints:
+ - allowed_values: ['gnocchi', 'database']
+ CeilometerWorkers:
+ default: 0
+ description: Number of workers for Ceilometer service.
+ type: number
+ CeilometerStoreEvents:
+ default: false
+ description: Whether to store events in ceilometer.
+ type: boolean
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer role.
+ value:
+ service_name: ceilometer_base
+ config_settings:
+ ceilometer::debug: {get_param: Debug}
+ ceilometer::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - - '://ceilometer:'
+ - {get_param: CeilometerPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/ceilometer'
+ ceilometer_backend: {get_param: CeilometerBackend}
+ ceilometer::metering_secret: {get_param: CeilometerMeteringSecret}
+ # we include db_sync class in puppet-tripleo
+ ceilometer::db::sync_db: false
+ ceilometer::keystone::authtoken::project_name: 'service'
+ ceilometer::keystone::authtoken::password: {get_param: CeilometerPassword}
+ ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
+ ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents}
+ ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion}
+ ceilometer::agent::auth::auth_tenant_name: 'service'
+ ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
+ ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher}
+ ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]}
+ ceilometer::dispatcher::gnocchi::filter_project: 'service'
+ ceilometer::dispatcher::gnocchi::archive_policy: 'low'
+ ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
+ ceilometer::rabbit_userid: {get_param: RabbitUserName}
+ ceilometer::rabbit_password: {get_param: RabbitPassword}
+ ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ ceilometer::rabbit_port: {get_param: RabbitClientPort}
+ ceilometer::rabbit_heartbeat_timeout_threshold: 60
+ ceilometer::db::database_db_max_retries: -1
+ ceilometer::db::database_max_retries: -1
+ ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
+ service_config_settings:
+ keystone:
+ ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
+ ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
+ ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
+ ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
+ ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
+ ceilometer::keystone::auth::tenant: 'service'
+ mysql:
+ ceilometer::db::mysql::password: {get_param: CeilometerPassword}
+ ceilometer::db::mysql::user: ceilometer
+ ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ ceilometer::db::mysql::dbname: ceilometer
+ ceilometer::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml
new file mode 100644
index 00000000..e3f1ef4e
--- /dev/null
+++ b/puppet/services/ceilometer-collector.yaml
@@ -0,0 +1,61 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer Collector service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCeilometerCollector:
+ default: 'overcloud-ceilometer-collector'
+ type: string
+ CeilometerCollectorLoggingSource:
+ type: json
+ default:
+ tag: openstack.ceilometer.collector
+ path: /var/log/ceilometer/collector.log
+
+resources:
+ CeilometerServiceBase:
+ type: ./ceilometer-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+ MongoDbBase:
+ type: ./database/mongodb-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Collector role.
+ value:
+ service_name: ceilometer_collector
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector}
+ logging_source: {get_param: CeilometerCollectorLoggingSource}
+ logging_groups:
+ - ceilometer
+ config_settings:
+ map_merge:
+ - get_attr: [MongoDbBase, role_data, config_settings]
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ service_config_settings:
+ get_attr: [CeilometerServiceBase, role_data, service_config_settings]
+ step_config: |
+ include ::tripleo::profile::base::ceilometer::collector
diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml
new file mode 100644
index 00000000..3b811c4d
--- /dev/null
+++ b/puppet/services/ceilometer-expirer.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer Expirer service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCeilometerExpirer:
+ default: 'overcloud-ceilometer-expirer'
+ type: string
+
+resources:
+ CeilometerServiceBase:
+ type: ./ceilometer-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Expirer role.
+ value:
+ service_name: ceilometer_expirer
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerExpirer}
+ config_settings:
+ get_attr: [CeilometerServiceBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::base::ceilometer::expirer
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml
new file mode 100644
index 00000000..ce8d9158
--- /dev/null
+++ b/puppet/services/ceph-base.yaml
@@ -0,0 +1,124 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Ceph base service. Shared by all Ceph services.
+
+parameters:
+ # NOTE(gfidente): needs a default to cope with external Ceph deployments were we don't pass (and need) an Admin key
+ CephAdminKey:
+ default: ''
+ description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
+ CephClientKey:
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ type: string
+ hidden: true
+ CephClientUserName:
+ default: openstack
+ type: string
+ CephClusterFSID:
+ type: string
+ description: The Ceph cluster FSID. Must be a UUID.
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ GnocchiRbdPoolName:
+ default: metrics
+ type: string
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ # DEPRECATED options for compatibility with overcloud.yaml
+ # This should be removed and manipulation of the ControllerServices list
+ # used instead, but we need client support for that first
+ ControllerEnableCephStorage:
+ default: false
+ description: Whether to deploy Ceph Storage (OSD) on the Controller
+ type: boolean
+
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - ControllerEnableCephStorage
+
+outputs:
+ role_data:
+ description: Role data for the Ceph base service.
+ value:
+ service_name: ceph_base
+ config_settings:
+ tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
+ ceph::profile::params::osd_pool_default_min_size: 1
+ ceph::profile::params::osds: {/srv/data: {}}
+ ceph::profile::params::manage_repo: false
+ ceph::profile::params::authentication_type: cephx
+ ceph::profile::params::fsid: {get_param: CephClusterFSID}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ceph::profile::params::cluster_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
+ ceph::profile::params::public_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
+ ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
+ ceph::profile::params::client_keys:
+ str_replace:
+ template: "{
+ client.admin: {
+ secret: 'ADMIN_KEY',
+ mode: '0600',
+ cap_mon: 'allow *',
+ cap_osd: 'allow *',
+ cap_mds: 'allow *'
+ },
+ client.bootstrap-osd: {
+ secret: 'ADMIN_KEY',
+ keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
+ cap_mon: 'allow profile bootstrap-osd'
+ },
+ client.CLIENT_USER: {
+ secret: 'CLIENT_KEY',
+ mode: '0644',
+ cap_mon: 'allow r',
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
+ }
+ }"
+ params:
+ CLIENT_USER: {get_param: CephClientUserName}
+ CLIENT_KEY: {get_param: CephClientKey}
+ ADMIN_KEY: {get_param: CephAdminKey}
+ NOVA_POOL: {get_param: NovaRbdPoolName}
+ CINDER_POOL: {get_param: CinderRbdPoolName}
+ CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
+ GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml
new file mode 100644
index 00000000..b482dd2e
--- /dev/null
+++ b/puppet/services/ceph-client.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Ceph Client service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCephClient:
+ default: 'overcloud-ceph-client'
+ type: string
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder OSD service.
+ value:
+ service_name: ceph_client
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephClient}
+ config_settings:
+ get_attr: [CephBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::base::ceph::client
diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml
new file mode 100644
index 00000000..52c4824f
--- /dev/null
+++ b/puppet/services/ceph-external.yaml
@@ -0,0 +1,82 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Ceph External service.
+
+parameters:
+ CephClientKey:
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ type: string
+ hidden: true
+ CephClientUserName:
+ default: openstack
+ type: string
+ CephClusterFSID:
+ type: string
+ description: The Ceph cluster FSID. Must be a UUID.
+ CephExternalMonHost:
+ default: ''
+ type: string
+ description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments.
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ GnocchiRbdPoolName:
+ default: metrics
+ type: string
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCephExternal:
+ default: 'overcloud-ceph-external'
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Ceph External service.
+ value:
+ service_name: ceph_external
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephExternal}
+ config_settings:
+ tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost}
+ ceph::profile::params::fsid: {get_param: CephClusterFSID}
+ ceph::profile::params::client_keys:
+ str_replace:
+ template: "{
+ client.CLIENT_USER: {
+ secret: 'CLIENT_KEY',
+ mode: '0644',
+ cap_mon: 'allow r',
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
+ }
+ }"
+ params:
+ CLIENT_USER: {get_param: CephClientUserName}
+ CLIENT_KEY: {get_param: CephClientKey}
+ NOVA_POOL: {get_param: NovaRbdPoolName}
+ CINDER_POOL: {get_param: CinderRbdPoolName}
+ CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
+ GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ step_config: |
+ include ::tripleo::profile::base::ceph::client
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
new file mode 100644
index 00000000..552086ab
--- /dev/null
+++ b/puppet/services/ceph-mon.yaml
@@ -0,0 +1,105 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Ceph Monitor service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephIPv6:
+ default: False
+ type: boolean
+ CephMonKey:
+ description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ GnocchiRbdPoolName:
+ default: metrics
+ type: string
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ CephPools:
+ description: >
+ It can be used to override settings for one of the predefined pools, or to create
+ additional ones. Example:
+ {
+ "volumes": {
+ "size": 5,
+ "pg_num": 128,
+ "pgp_num": 128
+ }
+ }
+ default: {}
+ type: json
+ MonitoringSubscriptionCephMon:
+ default: 'overcloud-ceph-mon'
+ type: string
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph Monitor service.
+ value:
+ service_name: ceph_mon
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephMon}
+ config_settings:
+ map_merge:
+ - get_attr: [CephBase, role_data, config_settings]
+ - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
+ ceph::profile::params::mon_key: {get_param: CephMonKey}
+ ceph::profile::params::osd_pool_default_pg_num: 32
+ ceph::profile::params::osd_pool_default_pgp_num: 32
+ ceph::profile::params::osd_pool_default_size: 3
+ # repeat returns items in a list, so we need to map_merge twice
+ tripleo::profile::base::ceph::mon::ceph_pools:
+ map_merge:
+ - map_merge:
+ repeat:
+ for_each:
+ <%pool%>:
+ - {get_param: CinderRbdPoolName}
+ - {get_param: CinderBackupRbdPoolName}
+ - {get_param: NovaRbdPoolName}
+ - {get_param: GlanceRbdPoolName}
+ - {get_param: GnocchiRbdPoolName}
+ template:
+ <%pool%>:
+ pg_num: "%{hiera('ceph::profile::params::osd_pool_default_pg_num')}"
+ pgp_num: "%{hiera('ceph::profile::params::osd_pool_default_pgp_num')}"
+ size: "%{hiera('ceph::profile::params::osd_pool_default_size')}"
+ - {get_param: CephPools}
+ tripleo.ceph_mon.firewall_rules:
+ '110 ceph_mon':
+ dport:
+ - 6789
+ step_config: |
+ include ::tripleo::profile::base::ceph::mon
diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml
new file mode 100644
index 00000000..f6378720
--- /dev/null
+++ b/puppet/services/ceph-osd.yaml
@@ -0,0 +1,47 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Ceph OSD service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCephOsd:
+ default: 'overcloud-ceph-osd'
+ type: string
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder OSD service.
+ value:
+ service_name: ceph_osd
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephOsd}
+ config_settings:
+ map_merge:
+ - get_attr: [CephBase, role_data, config_settings]
+ - tripleo.ceph_osd.firewall_rules:
+ '111 ceph_osd':
+ dport:
+ - '6800-7300'
+ step_config: |
+ include ::tripleo::profile::base::ceph::osd
diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml
new file mode 100644
index 00000000..18a4b780
--- /dev/null
+++ b/puppet/services/ceph-rgw.yaml
@@ -0,0 +1,79 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Ceph RadosGW service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ AdminToken:
+ description: The keystone auth secret and db password.
+ type: string
+ hidden: true
+ CephRgwKey:
+ description: The cephx key for the radosgw client. Can be created
+ with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
+ SwiftPassword:
+ description: The password for the swift service account, used by the Ceph RGW services.
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph RadosGW service.
+ value:
+ service_name: ceph_rgw
+ config_settings:
+ map_merge:
+ - get_attr: [CephBase, role_data, config_settings]
+ - tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
+ tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
+ tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ceph::profile::params::frontend_type: 'civetweb'
+ ceph_rgw_civetweb_bind_address: {get_param: [ServiceNetMap, CephRgwNetwork]}
+ ceph::profile::params::rgw_frontends:
+ list_join:
+ - ''
+ - - 'civetweb port='
+ - '%{hiera("ceph_rgw_civetweb_bind_address")}'
+ - ':'
+ - {get_param: [EndpointMap, CephRgwInternal, port]}
+ tripleo.ceph_rgw.firewall_rules:
+ '122 ceph rgw':
+ dport: {get_param: [EndpointMap, CephRgwInternal, port]}
+ step_config: |
+ include ::tripleo::profile::base::ceph::rgw
+ service_config_settings:
+ keystone:
+ ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
+ ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
+ ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
+ ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
+ ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
+ ceph::rgw::keystone::auth::tenant: 'service'
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
new file mode 100644
index 00000000..9c96acc4
--- /dev/null
+++ b/puppet/services/cinder-api.yaml
@@ -0,0 +1,111 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder API service configured with Puppet
+
+parameters:
+ CinderEnableDBPurge:
+ default: true
+ description: |
+ Whether to create cron job for purging soft deleted rows in Cinder database.
+ type: boolean
+ CinderPassword:
+ description: The password for the cinder service account, used by cinder-api.
+ type: string
+ hidden: true
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ MonitoringSubscriptionCinderApi:
+ default: 'overcloud-cinder-api'
+ type: string
+ CinderApiLoggingSource:
+ type: json
+ default:
+ tag: openstack.cinder.api
+ path: /var/log/cinder/cinder-api.log
+
+resources:
+
+ CinderBase:
+ type: ./cinder-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder API role.
+ value:
+ service_name: cinder_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
+ logging_source: {get_param: CinderApiLoggingSource}
+ logging_groups:
+ - cinder
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ cinder::keystone::authtoken::password: {get_param: CinderPassword}
+ cinder::keystone::authtoken::project_name: 'service'
+ cinder::api::enable_proxy_headers_parsing: true
+
+ cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
+ # TODO(emilien) move it to puppet-cinder
+ cinder::config:
+ DEFAULT/swift_catalog_info:
+ value: 'object-store:swift:internalURL'
+ cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+ tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
+ tripleo.cinder_api.firewall_rules:
+ '119 cinder':
+ dport:
+ - 8776
+ - 13776
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
+ step_config: |
+ include ::tripleo::profile::base::cinder::api
+ service_config_settings:
+ keystone:
+ cinder::keystone::auth::tenant: 'service'
+ cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
+ cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
+ cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
+ cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
+ cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
+ cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
+ cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
+ cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
+ cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
+ cinder::keystone::auth::password: {get_param: CinderPassword}
+ cinder::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ cinder::db::mysql::password: {get_param: CinderPassword}
+ cinder::db::mysql::user: cinder
+ cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ cinder::db::mysql::dbname: cinder
+ cinder::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml
new file mode 100644
index 00000000..80795457
--- /dev/null
+++ b/puppet/services/cinder-backup.yaml
@@ -0,0 +1,62 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Backup service configured with Puppet
+
+parameters:
+ CinderBackupBackend:
+ default: swift
+ description: The short name of the Cinder Backup backend to use.
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'ceph']
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCinderBackup:
+ default: 'overcloud-cinder-backup'
+ type: string
+
+resources:
+
+ CinderBase:
+ type: ./cinder-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Backup role.
+ value:
+ service_name: cinder_backup
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderBackup}
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - cinder::backup::ceph::backup_ceph_user: {get_param: CephClientUserName}
+ cinder::backup::ceph::backup_ceph_pool: {get_param: CinderBackupRbdPoolName}
+ cinder::backup::swift::backup_swift_container: volumebackups
+ step_config:
+ str_replace:
+ template: "include ::tripleo::profile::base::cinder::backup::DRIVER"
+ params:
+ DRIVER: {get_param: CinderBackupBackend}
diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml
new file mode 100644
index 00000000..93ab1d79
--- /dev/null
+++ b/puppet/services/cinder-base.yaml
@@ -0,0 +1,72 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder base service. Shared by all Cinder services.
+
+parameters:
+ CinderPassword:
+ description: The password for the cinder service account, used by cinder-api.
+ type: string
+ hidden: true
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Cinder base service.
+ value:
+ service_name: cinder_base
+ config_settings:
+ cinder::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://cinder:'
+ - {get_param: CinderPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/cinder'
+ cinder::debug: {get_param: Debug}
+ cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ cinder::rabbit_userid: {get_param: RabbitUserName}
+ cinder::rabbit_password: {get_param: RabbitPassword}
+ cinder::rabbit_port: {get_param: RabbitClientPort}
+ cinder::rabbit_heartbeat_timeout_threshold: 60
+ cinder::host: hostgroup
+ cinder::cron::db_purge::destination: '/dev/null'
+ cinder::db::database_db_max_retries: -1
+ cinder::db::database_max_retries: -1
diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml
new file mode 100644
index 00000000..94c263ea
--- /dev/null
+++ b/puppet/services/cinder-scheduler.yaml
@@ -0,0 +1,53 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Scheduler service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCinderScheduler:
+ default: 'overcloud-cinder-scheduler'
+ type: string
+ CinderSchedulerLoggingSource:
+ type: json
+ default:
+ tag: openstack.cinder.scheduler
+ path: /var/log/cinder/cinder-scheduler.log
+
+resources:
+
+ CinderBase:
+ type: ./cinder-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Scheduler role.
+ value:
+ service_name: cinder_scheduler
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderScheduler}
+ logging_source: {get_param: CinderSchedulerLoggingSource}
+ logging_groups:
+ - cinder
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
+ step_config: |
+ include ::tripleo::profile::base::cinder::scheduler
diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
new file mode 100644
index 00000000..82e16f39
--- /dev/null
+++ b/puppet/services/cinder-volume.yaml
@@ -0,0 +1,112 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Volume service configured with Puppet
+
+parameters:
+ CinderEnableNfsBackend:
+ default: false
+ description: Whether to enable or not the NFS backend for Cinder
+ type: boolean
+ CinderEnableIscsiBackend:
+ default: true
+ description: Whether to enable or not the Iscsi backend for Cinder
+ type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
+ CinderISCSIHelper:
+ default: lioadm
+ description: The iSCSI helper to use with cinder.
+ type: string
+ CinderLVMLoopDeviceSize:
+ default: 10280
+ description: The size of the loopback file used by the cinder LVM driver.
+ type: number
+ CinderNfsMountOptions:
+ default: ''
+ description: >
+ Mount options for NFS mounts used by Cinder NFS backend. Effective
+ when CinderEnableNfsBackend is true.
+ type: string
+ CinderNfsServers:
+ default: ''
+ description: >
+ NFS servers used by Cinder NFS backend. Effective when
+ CinderEnableNfsBackend is true.
+ type: comma_delimited_list
+ CinderRbdPoolName:
+ default: volumes
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCinderVolume:
+ default: 'overcloud-cinder-volume'
+ type: string
+ CinderVolumeLoggingSource:
+ type: json
+ default:
+ tag: openstack.cinder.volume
+ path: /var/log/cinder/cinder-volume.log
+
+resources:
+
+ CinderBase:
+ type: ./cinder-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Volume role.
+ value:
+ service_name: cinder_volume
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume}
+ logging_source: {get_param: CinderVolumeLoggingSource}
+ logging_groups:
+ - cinder
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - tripleo::profile::base::cinder::volume::cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
+ tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
+ tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
+ tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
+ tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers:
+ str_replace:
+ template: SERVERS
+ params:
+ SERVERS: {get_param: CinderNfsServers}
+ tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
+ tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
+ tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
+ tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName}
+ tripleo.cinder_volume.firewall_rules:
+ '120 iscsi initiator':
+ dport: 3260
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml
new file mode 100644
index 00000000..3f4f106d
--- /dev/null
+++ b/puppet/services/database/mongodb-base.yaml
@@ -0,0 +1,46 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Configuration details for MongoDB service using composable roles
+
+parameters:
+ MongoDbNoJournal:
+ default: false
+ description: Should MongoDb journaling be disabled
+ type: boolean
+ MongoDbIPv6:
+ default: false
+ description: Enable IPv6 if MongoDB VIP is IPv6
+ type: boolean
+ MongoDbReplset:
+ type: string
+ default: "tripleo"
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ aux_parameters:
+ description: Additional parameters referenced outside the base file
+ value:
+ rplset_name: {get_param: MongoDbReplset}
+ role_data:
+ description: Role data for the MongoDB base service.
+ value:
+ service_name: mongodb_base
+ config_settings:
+ mongodb::server::nojournal: {get_param: MongoDbNoJournal}
+ mongodb::server::journal: false
+ mongodb::server::ipv6: {get_param: MongoDbIPv6}
+ mongodb::server::replset: {get_param: MongoDbReplset}
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
new file mode 100644
index 00000000..01daeafe
--- /dev/null
+++ b/puppet/services/database/mongodb.yaml
@@ -0,0 +1,68 @@
+heat_template_version: 2016-04-08
+
+description: >
+ MongoDb service deployment using puppet
+
+parameters:
+ #Parameters not used EndpointMap
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MongoDbLoggingSource:
+ type: json
+ description: Fluentd logging configuration for mongodb.
+ default:
+ tag: database.mongodb
+ path: /var/log/mongodb/mongodb.log
+ format: >-
+ /(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4})
+ (?<message>.*)$/
+
+resources:
+ MongoDbBase:
+ type: ./mongodb-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Service mongodb using composable services.
+ value:
+ service_name: mongodb
+ logging_groups:
+ - mongodb
+ logging_source: {get_param: MongoDbLoggingSource}
+ config_settings:
+ map_merge:
+ - get_attr: [MongoDbBase, role_data, config_settings]
+ - tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]}
+ mongodb::server::service_manage: True
+ tripleo.mongodb.firewall_rules:
+ '101 mongodb_config':
+ dport: 27019
+ '102 mongodb_sharding':
+ dport: 27018
+ '103 mongod':
+ dport: 27017
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
+ step_config: |
+ include ::tripleo::profile::base::database::mongodb
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
new file mode 100644
index 00000000..094a7c9f
--- /dev/null
+++ b/puppet/services/database/mysql.yaml
@@ -0,0 +1,84 @@
+heat_template_version: 2016-10-14
+
+description: >
+ MySQL service deployment using puppet
+
+parameters:
+ #Parameters not used EndpointMap
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlMaxConnections:
+ description: Configures MySQL max_connections config setting
+ type: number
+ default: 4096
+ MysqlRootPassword:
+ type: string
+ hidden: true
+ default: ''
+ MysqlClustercheckPassword:
+ type: string
+ hidden: true
+ EnableGalera:
+ default: true
+ description: Whether to use Galera instead of regular MariaDB.
+ type: boolean
+
+outputs:
+ role_data:
+ description: Service MySQL using composable services.
+ value:
+ service_name: mysql
+ config_settings:
+ # The Galera package should work in cluster and
+ # non-cluster modes based on the config file.
+ # We set the package name here explicitly so
+ # that it matches what we pre-install
+ # in tripleo-puppet-elements.
+ mysql::server::package_name: 'mariadb-galera-server'
+ mysql::server::manage_config_file: true
+ tripleo.mysql.firewall_rules:
+ '104 mysql galera':
+ dport:
+ - 873
+ - 3306
+ - 4444
+ - 4567
+ - 4568
+ - 9200
+ mysql_max_connections: {get_param: MysqlMaxConnections}
+ mysql::server::root_password:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: MysqlRootPassword}
+ - {get_param: [DefaultPasswords, mysql_root_password]}
+ mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
+ enable_galera: {get_param: EnableGalera}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
+ tripleo::profile::base::database::mysql::bind_address:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ step_config: |
+ include ::tripleo::profile::base::database::mysql
diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml
new file mode 100644
index 00000000..4ed3c007
--- /dev/null
+++ b/puppet/services/database/redis-base.yaml
@@ -0,0 +1,44 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Redis service configured with Puppet
+
+parameters:
+ RedisPassword:
+ description: The password for Redis
+ type: string
+ hidden: true
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the redis role.
+ value:
+ service_name: redis_base
+ config_settings:
+ redis::requirepass: {get_param: RedisPassword}
+ redis::masterauth: {get_param: RedisPassword}
+ redis::sentinel_auth_pass: {get_param: RedisPassword}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ redis::bind: {get_param: [ServiceNetMap, RedisNetwork]}
+ redis::port: 6379
+ redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"'
+ redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"'
+ redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml
new file mode 100644
index 00000000..1c333b97
--- /dev/null
+++ b/puppet/services/database/redis.yaml
@@ -0,0 +1,44 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Redis service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ RedisBase:
+ type: ./redis-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the redis role.
+ value:
+ service_name: redis
+ config_settings:
+ map_merge:
+ - get_attr: [RedisBase, role_data, config_settings]
+ - tripleo.redis.firewall_rules:
+ '108 redis':
+ dport:
+ - 6379
+ - 26379
+ step_config: |
+ include ::tripleo::profile::base::database::redis
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 89e6ee0f..80ba9aef 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -4,11 +4,23 @@ description: >
OpenStack Glance API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ CephClientUserName:
+ default: openstack
+ type: string
Debug:
default: ''
description: Set to True to enable debugging on all services.
@@ -33,9 +45,19 @@ parameters:
constraints:
- allowed_values: ['swift', 'file', 'rbd']
GlanceWorkers:
- default: 0
- description: Number of workers for Glance service.
- type: number
+ default: ''
+ description: |
+ Number of API worker processes for Glance. If left unset (empty string), the
+ default value will result in the configuration being left unset and a
+ system-dependent default value will be chosen (e.g.: number of
+ processors). Please note that this will create a large number of
+ processes on systems with a large number of CPUs resulting in excess
+ memory consumption. It is recommended that a suitable non-default value
+ be selected on such systems.
+ type: string
+ GlanceRbdPoolName:
+ default: images
+ type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
@@ -54,11 +76,28 @@ parameters:
Rabbit client subscriber parameter to specify
an SSL connection to the RabbitMQ host.
type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ MonitoringSubscriptionGlanceApi:
+ default: 'overcloud-glance-api'
+ type: string
+ GlanceApiLoggingSource:
+ type: json
+ default:
+ tag: openstack.glance.api
+ path: /var/log/glance/api.log
outputs:
role_data:
description: Role data for the Glance API role.
value:
+ service_name: glance_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
+ logging_source: {get_param: GlanceApiLoggingSource}
+ logging_groups:
+ - glance
config_settings:
glance::api::database_connection:
list_join:
@@ -70,14 +109,16 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
- glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::api::registry_host:
str_replace:
template: "'REGISTRY_HOST'"
params:
REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
- glance::api::keystone_password: {get_param: GlancePassword}
+ glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] }
+ glance::api::authtoken::password: {get_param: GlancePassword}
+ glance::api::enable_proxy_headers_parsing: true
glance::api::debug: {get_param: Debug}
glance::api::workers: {get_param: GlanceWorkers}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
@@ -85,15 +126,38 @@ outputs:
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_param: GlancePassword}
+ glance::backend::swift::swift_store_create_container_on_put: true
+ glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
glance_backend: {get_param: GlanceBackend}
- glance::db::mysql::password: {get_param: GlancePassword}
glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
- glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
- glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
- glance::keystone::auth::password: {get_param: GlancePassword }
+ glance::registry::db::database_db_max_retries: -1
+ glance::registry::db::database_max_retries: -1
+ tripleo.glance_api.firewall_rules:
+ '112 glance_api':
+ dport:
+ - 9292
+ - 13292
+ glance::api::authtoken::project_name: 'service'
+ glance::api::pipeline: 'keystone'
+ glance::api::show_image_direct_url: true
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
+ service_config_settings:
+ keystone:
+ glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
+ glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
+ glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
+ glance::keystone::auth::password: {get_param: GlancePassword }
+ glance::keystone::auth::region: {get_param: KeystoneRegion}
+ glance::keystone::auth::tenant: 'service'
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
index 6f2f0372..30df67fe 100644
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Glance Registry service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -18,14 +27,34 @@ parameters:
type: string
hidden: true
GlanceWorkers:
- default: 0
- description: Number of workers for Glance service.
- type: number
+ default: ''
+ description: |
+ Number of worker processes for glance registry. If left unset (empty
+ string), the default value will result in the configuration being left
+ unset and a system-dependent default value will be chosen (e.g.: number of
+ processors). Please note that this will create a large number of processes
+ on systems with a large number of CPUs resulting in excess memory
+ consumption. It is recommended that a suitable non-default value be
+ selected on such systems.
+ type: string
+ MonitoringSubscriptionGlanceRegistry:
+ default: 'overcloud-glance-registry'
+ type: string
+ GlanceRegistryLoggingSource:
+ type: json
+ default:
+ tag: openstack.glance.registry
+ path: /var/log/glance/registry.log
outputs:
role_data:
description: Role data for the Glance Registry role.
value:
+ service_name: glance_registry
+ monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry}
+ logging_source: {get_param: GlanceRegistryLoggingSource}
+ logging_groups:
+ - glance
config_settings:
glance::registry::database_connection:
list_join:
@@ -36,10 +65,34 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
- glance::registry::keystone_password: {get_param: GlancePassword}
- glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::registry::authtoken::password: {get_param: GlancePassword}
+ glance::registry::authtoken::project_name: 'service'
+ glance::registry::pipeline: 'keystone'
+ glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::registry::debug: {get_param: Debug}
glance::registry::workers: {get_param: GlanceWorkers}
+ glance::registry::db::database_db_max_retries: -1
+ glance::registry::db::database_max_retries: -1
+ tripleo.glance_registry.firewall_rules:
+ '112 glance_registry':
+ dport:
+ - 9191
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
step_config: |
include ::tripleo::profile::base::glance::registry
+ service_config_settings:
+ mysql:
+ glance::db::mysql::password: {get_param: GlancePassword}
+ glance::db::mysql::user: glance
+ glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ glance::db::mysql::dbname: glance
+ glance::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
new file mode 100644
index 00000000..15121790
--- /dev/null
+++ b/puppet/services/gnocchi-api.yaml
@@ -0,0 +1,122 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Gnocchi service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ GnocchiPassword:
+ description: The password for the gnocchi service and db account.
+ type: string
+ hidden: true
+ GnocchiBackend:
+ default: swift
+ description: The short name of the Gnocchi backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ MonitoringSubscriptionGnocchiApi:
+ default: 'overcloud-gnocchi-api'
+ type: string
+ GnocchiApiLoggingSource:
+ type: json
+ default:
+ tag: openstack.gnocchi.api
+ path: /var/log/gnocchi/app.log
+
+resources:
+
+ GnocchiServiceBase:
+ type: ./gnocchi-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Gnocchi role.
+ value:
+ service_name: gnocchi_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
+ logging_source: {get_param: GnocchiApiLoggingSource}
+ logging_groups:
+ - gnocchi
+ config_settings:
+ map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - get_attr: [GnocchiServiceBase, role_data, config_settings]
+ - tripleo.gnocchi_api.firewall_rules:
+ '129 gnocchi-api':
+ dport:
+ - 8041
+ - 13041
+ gnocchi::api::enabled: true
+ gnocchi::api::service_name: 'httpd'
+ gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
+ gnocchi::keystone::authtoken::project_name: 'service'
+ gnocchi::wsgi::apache::ssl: false
+ gnocchi::wsgi::apache::servername:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
+ tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
+ gnocchi::api::host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
+
+ gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ step_config: |
+ include ::tripleo::profile::base::gnocchi::api
+ service_config_settings:
+ keystone:
+ gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
+ gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
+ gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
+ gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
+ gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
+ gnocchi::keystone::auth::tenant: 'service'
+ mysql:
+ gnocchi::db::mysql::password: {get_param: GnocchiPassword}
+ gnocchi::db::mysql::user: gnocchi
+ gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ gnocchi::db::mysql::dbname: gnocchi
+ gnocchi::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
new file mode 100644
index 00000000..73889363
--- /dev/null
+++ b/puppet/services/gnocchi-base.yaml
@@ -0,0 +1,95 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Gnocchi service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ GnocchiIndexerBackend:
+ default: 'mysql'
+ description: The short name of the Gnocchi indexer backend to use.
+ type: string
+ GnocchiPassword:
+ description: The password for the gnocchi service and db account.
+ type: string
+ hidden: true
+ GnocchiRbdPoolName:
+ default: metrics
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
+ Debug:
+ type: string
+ default: ''
+ description: Set to True to enable debugging on all services.
+
+outputs:
+ aux_parameters:
+ description: Additional parameters referenced outside the base file
+ value:
+ gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
+ role_data:
+ description: Shared role data for the Heat services.
+ value:
+ service_name: gnocchi_base
+ config_settings:
+ #Gnocchi engine
+ gnocchi::debug: {get_param: Debug}
+ gnocchi::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://gnocchi:'
+ - {get_param: GnocchiPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/gnocchi'
+ gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types'
+ gnocchi::storage::coordination_url:
+ list_join:
+ - ''
+ - - 'redis://:'
+ - {get_param: RedisPassword}
+ - '@'
+ - "%{hiera('redis_vip')}"
+ - ':6379/'
+ gnocchi::storage::swift::swift_user: 'service:gnocchi'
+ gnocchi::storage::swift::swift_auth_version: 2
+ gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword}
+ gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
+ gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
+ gnocchi::storage::ceph::ceph_keyring:
+ list_join:
+ - '.'
+ - - '/etc/ceph/ceph'
+ - 'client'
+ - {get_param: CephClientUserName}
+ - 'keyring'
+ #Gnocchi statsd
+ gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
+ gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
+ gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
+ gnocchi::statsd::flush_delay: 10
+ gnocchi::statsd::archive_policy_name: 'low'
diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml
new file mode 100644
index 00000000..1400bc98
--- /dev/null
+++ b/puppet/services/gnocchi-metricd.yaml
@@ -0,0 +1,48 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Gnocchi service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionGnocchiMetricd:
+ default: 'overcloud-gnocchi-metricd'
+ type: string
+ GnocchiMetricdWorkers:
+ default: ''
+ description: Number of workers for Gnocchi MetricD
+ type: string
+
+resources:
+ GnocchiServiceBase:
+ type: ./gnocchi-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Gnocchi role.
+ value:
+ service_name: gnocchi_metricd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd}
+ config_settings:
+ map_merge:
+ - get_attr: [GnocchiServiceBase, role_data, config_settings]
+ - gnocchi::metricd::workers: {get_param: GnocchiMetricdWorkers}
+ step_config: |
+ include ::tripleo::profile::base::gnocchi::metricd
diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml
new file mode 100644
index 00000000..04339f46
--- /dev/null
+++ b/puppet/services/gnocchi-statsd.yaml
@@ -0,0 +1,43 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Gnocchi service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionGnocchiStatsd:
+ default: 'overcloud-gnocchi-statsd'
+ type: string
+
+resources:
+ GnocchiServiceBase:
+ type: ./gnocchi-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Gnocchi role.
+ value:
+ service_name: gnocchi_statsd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd}
+ config_settings:
+ map_merge:
+ - get_attr: [GnocchiServiceBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::base::gnocchi::statsd
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
new file mode 100644
index 00000000..974928c5
--- /dev/null
+++ b/puppet/services/haproxy.yaml
@@ -0,0 +1,68 @@
+heat_template_version: 2016-04-08
+
+description: >
+ HAproxy service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ HAProxyStatsPassword:
+ description: Password for HAProxy stats endpoint
+ hidden: true
+ type: string
+ HAProxyStatsUser:
+ description: User for HAProxy stats endpoint
+ default: admin
+ type: string
+ HAProxySyslogAddress:
+ default: /dev/log
+ description: Syslog address where HAproxy will send its log
+ type: string
+ RedisPassword:
+ description: The password for Redis
+ type: string
+ hidden: true
+ ControlVirtualInterface:
+ default: 'br-ex'
+ description: Interface where virtual ip will be assigned.
+ type: string
+ PublicVirtualInterface:
+ default: 'br-ex'
+ description: >
+ Specifies the interface where the public-facing virtual ip will be assigned.
+ This should be int_public when a VLAN is being used.
+ type: string
+ MonitoringSubscriptionHaproxy:
+ default: 'overcloud-haproxy'
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the HAproxy role.
+ value:
+ service_name: haproxy
+ monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
+ config_settings:
+ tripleo.haproxy.firewall_rules:
+ '107 haproxy stats':
+ dport: 1993
+ tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
+ tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
+ tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
+ tripleo::haproxy::redis_password: {get_param: RedisPassword}
+ tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface}
+ tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface}
+ step_config: |
+ include ::tripleo::profile::base::haproxy
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index c1f26c15..a47fec5a 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat CloudFormation API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -21,23 +30,55 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionHeatApiCnf:
+ default: 'overcloud-heat-api-cfn'
+ type: string
+ HeatApiCfnLoggingSource:
+ type: json
+ default:
+ tag: openstack.heat.api.cfn
+ path: /var/log/heat/heat-api-cfn.log
resources:
HeatBase:
type: ./heat-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Heat CloudFormation API role.
value:
+ service_name: heat_api_cfn
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
+ logging_source: {get_param: HeatApiCfnLoggingSource}
+ logging_groups:
+ - heat
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api_cfn::workers: {get_param: HeatWorkers}
- heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
- heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
- heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
- heat::keystone::auth_cfn::password: {get_param: HeatPassword}
- heat::keystone::auth::region: {get_param: KeystoneRegion}
+ tripleo.heat_api_cfn.firewall_rules:
+ '125 heat_cfn':
+ dport:
+ - 8000
+ - 13800
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cfn
+ service_config_settings:
+ keystone:
+ heat::keystone::auth_cfn::tenant: 'service'
+ heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
+ heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
+ heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
+ heat::keystone::auth_cfn::password: {get_param: HeatPassword}
+ heat::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index 2c56951b..6dfeaaf3 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat CloudWatch API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -13,18 +22,47 @@ parameters:
default: 0
description: Number of workers for Heat service.
type: number
+ MonitoringSubscriptionHeatApiCloudwatch:
+ default: 'overcloud-heat-api-cloudwatch'
+ type: string
+ HeatApiCloudwatchLoggingSource:
+ type: json
+ default:
+ tag: openstack.heat.api.cloudwatch
+ path: /var/log/heat/heat-api-cloudwatch.log
resources:
HeatBase:
type: ./heat-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Heat Cloudwatch API role.
value:
+ service_name: heat_api_cloudwatch
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCloudwatch}
+ logging_source: {get_param: HeatApiCloudwatchLoggingSource}
+ logging_groups:
+ - heat
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api_cloudwatch::workers: {get_param: HeatWorkers}
+ tripleo.heat_api_cloudwatch.firewall_rules:
+ '125 heat_cloudwatch':
+ dport:
+ - 8003
+ - 13003
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index d3461e63..2ea96fc0 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -21,23 +30,55 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionHeatApi:
+ default: 'overcloud-heat-api'
+ type: string
+ HeatApiLoggingSource:
+ type: json
+ default:
+ tag: openstack.heat.api
+ path: /var/log/heat/heat-api.log
resources:
HeatBase:
type: ./heat-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Heat API role.
value:
+ service_name: heat_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
+ logging_source: {get_param: HeatApiLoggingSource}
+ logging_groups:
+ - heat
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api::workers: {get_param: HeatWorkers}
- heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
- heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
- heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
- heat::keystone::auth::password: {get_param: HeatPassword}
- heat::keystone::auth::region: {get_param: KeystoneRegion}
+ tripleo.heat_api.firewall_rules:
+ '125 heat_api':
+ dport:
+ - 8004
+ - 13004
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api
+ service_config_settings:
+ keystone:
+ heat::keystone::auth::tenant: 'service'
+ heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
+ heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
+ heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
+ heat::keystone::auth::password: {get_param: HeatPassword}
+ heat::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml
index 8617df27..7eb58f56 100644
--- a/puppet/services/heat-base.yaml
+++ b/puppet/services/heat-base.yaml
@@ -26,11 +26,30 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ HeatPassword:
+ description: The password for the Heat service and db account, used by the Heat services.
+ type: string
+ hidden: true
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
outputs:
role_data:
description: Shared role data for the Heat services.
value:
+ service_name: heat_base
config_settings:
heat::rabbit_userid: {get_param: RabbitUserName}
heat::rabbit_password: {get_param: RabbitPassword}
@@ -38,3 +57,23 @@ outputs:
heat::rabbit_port: {get_param: RabbitClientPort}
heat::debug: {get_param: Debug}
heat::enable_proxy_headers_parsing: true
+ # We need this because the default heat policy.json no longer works on TripleO
+ # https://git.openstack.org/cgit/openstack/heat/commit/?id=ac86702172ddf01f5bdc3f3cd99d2e32ad9b7024
+ heat::policy::policies:
+ context_is_admin:
+ key: 'context_is_admin'
+ value: 'role:admin'
+ heat::rabbit_heartbeat_timeout_threshold: 60
+ heat::keystone::authtoken::project_name: 'service'
+ heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ heat::keystone::authtoken::password: {get_param: HeatPassword}
+ heat::keystone::domain::domain_name: 'heat_stack'
+ heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
+ heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
+ heat::cron::purge_deleted::age: 30
+ heat::cron::purge_deleted::age_type: 'days'
+ heat::cron::purge_deleted::maxdelay: 3600
+ heat::cron::purge_deleted::destination: '/dev/null'
+ heat::db::database_db_max_retries: -1
+ heat::db::database_max_retries: -1
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index 4a5ec2c0..24c36362 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -1,9 +1,18 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Openstack Heat Engine service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -26,19 +35,43 @@ parameters:
description: Password for heat_stack_domain_admin user.
type: string
hidden: true
+ HeatAuthEncryptionKey:
+ description: Auth encryption key for heat-engine
+ type: string
+ hidden: true
+ default: ''
+ MonitoringSubscriptionHeatEngine:
+ default: 'overcloud-heat-engine'
+ type: string
+ HeatEngineLoggingSource:
+ type: json
+ default:
+ tag: openstack.heat.engine
+ path: /var/log/heat/heat-engine.log
resources:
HeatBase:
type: ./heat-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Heat Engine role.
value:
+ service_name: heat_engine
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine}
+ logging_source: {get_param: HeatEngineLoggingSource}
+ logging_groups:
+ - heat
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::engine::num_engine_workers: {get_param: HeatWorkers}
+ heat::engine::configure_delegated_roles: false
+ heat::engine::trusts_delegated_roles: []
tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge}
heat::database_connection:
list_join:
@@ -50,9 +83,23 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/heat'
heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
- heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- heat::keystone_password: {get_param: HeatPassword}
- heat::db::mysql::password: {get_param: HeatPassword}
heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
+ heat::engine::auth_encryption_key:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: HeatAuthEncryptionKey}
+ - {get_param: [DefaultPasswords, heat_auth_encryption_key]}
step_config: |
include ::tripleo::profile::base::heat::engine
+
+ service_config_settings:
+ mysql:
+ heat::db::mysql::password: {get_param: HeatPassword}
+ heat::db::mysql::user: heat
+ heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ heat::db::mysql::dbname: heat
+ heat::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
new file mode 100644
index 00000000..6ea5ec4e
--- /dev/null
+++ b/puppet/services/horizon.yaml
@@ -0,0 +1,83 @@
+heat_template_version: 2016-10-14
+
+description: >
+ Horizon service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ HorizonAllowedHosts:
+ default: '*'
+ description: A list of IP/Hostname allowed to connect to horizon
+ type: comma_delimited_list
+ HorizonSecret:
+ description: Secret key for Django
+ type: string
+ hidden: true
+ default: ''
+ NeutronMechanismDrivers:
+ default: 'openvswitch'
+ description: |
+ The mechanism drivers for the Neutron tenant network.
+ type: comma_delimited_list
+ MemcachedIPv6:
+ default: false
+ description: Enable IPv6 features in Memcached.
+ type: boolean
+ MonitoringSubscriptionHorizon:
+ default: 'overcloud-horizon'
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Horizon role.
+ value:
+ service_name: horizon
+ monitoring_subscription: {get_param: MonitoringSubscriptionHorizon}
+ config_settings:
+ horizon::allowed_hosts: {get_param: HorizonAllowedHosts}
+ neutron::plugins::ml2::mechanism_drivers:
+ str_replace:
+ template: MECHANISMS
+ params:
+ MECHANISMS: {get_param: NeutronMechanismDrivers}
+ tripleo.horizon.firewall_rules:
+ '126 horizon':
+ dport:
+ - 80
+ - 443
+ horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
+ horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
+ horizon::vhost_extra_params:
+ add_listen: false
+ priority: 10
+ access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
+ horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
+ horizon::django_debug: {get_param: Debug}
+ horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ horizon::secret_key:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: HorizonSecret}
+ - {get_param: [DefaultPasswords, horizon_secret]}
+ memcached_ipv6: {get_param: MemcachedIPv6}
+ step_config: |
+ include ::tripleo::profile::base::horizon
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
new file mode 100644
index 00000000..c8a2e833
--- /dev/null
+++ b/puppet/services/ironic-api.yaml
@@ -0,0 +1,83 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ironic API configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ IronicPassword:
+ description: The password for the Ironic service and db account, used by the Ironic services
+ type: string
+ hidden: true
+ MonitoringSubscriptionIronicApi:
+ default: 'overcloud-ironic-api'
+ type: string
+
+resources:
+ IronicBase:
+ type: ./ironic-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ironic API role.
+ value:
+ service_name: ironic_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi}
+ config_settings:
+ map_merge:
+ - get_attr: [IronicBase, role_data, config_settings]
+ - ironic::api::authtoken::password: {get_param: IronicPassword}
+ ironic::api::authtoken::project_name: 'service'
+ ironic::api::authtoken::username: 'ironic'
+ ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]}
+ ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
+ # This is used to build links in responses
+ ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
+ tripleo.ironic_api.firewall_rules:
+ '133 ironic api':
+ dport:
+ - 6385
+ - 13385
+ step_config: |
+ include ::tripleo::profile::base::ironic::api
+ service_config_settings:
+ keystone:
+ ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
+ ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+ ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
+ ironic::keystone::auth::auth_name: 'ironic'
+ ironic::keystone::auth::password: {get_param: IronicPassword }
+ ironic::keystone::auth::tenant: 'service'
+ mysql:
+ ironic::db::mysql::password: {get_param: IronicPassword}
+ ironic::db::mysql::user: ironic
+ ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ ironic::db::mysql::dbname: ironic
+ ironic::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml
new file mode 100644
index 00000000..0ff393c6
--- /dev/null
+++ b/puppet/services/ironic-base.yaml
@@ -0,0 +1,69 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ironic services configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ IronicPassword:
+ description: The password for the Ironic service and db account, used by the Ironic services
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Ironic role.
+ value:
+ service_name: ironic_base
+ config_settings:
+ ironic::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://ironic:'
+ - {get_param: IronicPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/ironic'
+ ironic::debug: {get_param: Debug}
+ ironic::rabbit_userid: {get_param: RabbitUserName}
+ ironic::rabbit_password: {get_param: RabbitPassword}
+ ironic::rabbit_port: {get_param: RabbitClientPort}
+ ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ step_config: |
+ include ::tripleo::profile::base::ironic
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
new file mode 100644
index 00000000..4ac9fc30
--- /dev/null
+++ b/puppet/services/ironic-conductor.yaml
@@ -0,0 +1,100 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ironic conductor configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ IronicCleaningDiskErase:
+ default: 'full'
+ description: Type of disk cleaning before and between deployments,
+ "full" for full cleaning, "metadata" to clean only disk
+ metadata (partition table).
+ type: string
+ IronicEnabledDrivers:
+ default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
+ description: Enabled Ironic drivers
+ type: comma_delimited_list
+ IronicIPXEEnabled:
+ default: true
+ description: Whether to use iPXE instead of PXE for deployment.
+ type: boolean
+ IronicIPXEPort:
+ default: 8088
+ description: Port to use for serving images when iPXE is used.
+ type: string
+ MonitoringSubscriptionIronicConductor:
+ default: 'overcloud-ironic-conductor'
+ type: string
+
+resources:
+ IronicBase:
+ type: ./ironic-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ironic conductor role.
+ value:
+ service_name: ironic_conductor
+ monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
+ config_settings:
+ map_merge:
+ - get_attr: [IronicBase, role_data, config_settings]
+ # FIXME: I have no idea why neutron_url is in "api" manifest
+ - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+ ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
+ ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
+ # We need an endpoint containing a real IP, not a VIP here
+ ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
+ ironic::conductor::http_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - '%{hiera("ironic_conductor_http_host")}:'
+ - {get_param: IronicIPXEPort}
+ ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
+ ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
+ # NOTE(dtantsur): UEFI only works with iPXE currently for us
+ ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
+ ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
+ tripleo.ironic_conductor.firewall_rules:
+ '134 ironic conductor TFTP':
+ dport: 69
+ proto: udp
+ '135 ironic conductor HTTP':
+ dport: {get_param: IronicIPXEPort}
+ # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
+ # ironic. It's used as a default value for e.g. TFTP server IP,
+ # glance and neutron endpoints, virtual console IP. We override
+ # the TFTP server IP in ironic-conductor.yaml as it should not be
+ # the VIP, but rather a real IP of the host.
+ ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
+ ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
+
+ step_config: |
+ include ::tripleo::profile::base::ironic::conductor
diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml
new file mode 100644
index 00000000..2b069d67
--- /dev/null
+++ b/puppet/services/keepalived.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Keepalived service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ControlVirtualInterface:
+ default: 'br-ex'
+ description: Interface where virtual ip will be assigned.
+ type: string
+ PublicVirtualInterface:
+ default: 'br-ex'
+ description: >
+ Specifies the interface where the public-facing virtual ip will be assigned.
+ This should be int_public when a VLAN is being used.
+ type: string
+ MonitoringSubscriptionKeepalived:
+ default: 'overcloud-keepalived'
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Keepalived role.
+ value:
+ service_name: keepalived
+ monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived}
+ config_settings:
+ tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
+ tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
+ step_config: |
+ include ::tripleo::profile::base::keepalived
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
new file mode 100644
index 00000000..2f01578e
--- /dev/null
+++ b/puppet/services/kernel.yaml
@@ -0,0 +1,49 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Load kernel modules with kmod and configure kernel options with sysctl.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Kernel modules
+ value:
+ service_name: kernel
+ config_settings:
+ kernel_modules:
+ nf_conntrack: {}
+ sysctl_settings:
+ net.ipv4.tcp_keepalive_intvl:
+ value: 1
+ net.ipv4.tcp_keepalive_probes:
+ value: 5
+ net.ipv4.tcp_keepalive_time:
+ value: 5
+ net.nf_conntrack_max:
+ value: 500000
+ net.netfilter.nf_conntrack_max:
+ value: 500000
+ # prevent neutron bridges from autoconfiguring ipv6 addresses
+ net.ipv6.conf.default.accept_ra:
+ value: 0
+ net.ipv6.conf.default.autoconf:
+ value: 0
+ net.core.netdev_max_backlog:
+ value: 10000
+ step_config: |
+ include ::tripleo::profile::base::kernel
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 25d92d4a..e3531636 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -4,24 +4,11 @@ description: >
OpenStack Keystone service configured with Puppet
parameters:
- KeystoneCACertificate:
- default: ''
- description: Keystone self-signed certificate authority certificate.
- type: string
KeystoneEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Keystone database.
type: boolean
- KeystoneSigningCertificate:
- default: ''
- description: Keystone certificate for verifying token validity.
- type: string
- KeystoneSigningKey:
- default: ''
- description: Keystone key for signing tokens.
- type: string
- hidden: true
KeystoneSSLCertificate:
default: ''
description: Keystone certificate for verifying token validity.
@@ -45,10 +32,15 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
- KeystoneWorkers:
- default: 0
- description: Number of workers for Keystone service.
- type: number
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -88,45 +80,133 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ KeystoneWorkers:
+ type: string
+ description: Set the number of workers for keystone::wsgi::apache
+ default: '"%{::processorcount}"'
+ MonitoringSubscriptionKeystone:
+ default: 'overcloud-kestone'
+ type: string
+ KeystoneCredential0:
+ type: string
+ description: The first Keystone credential key. Must be a valid key.
+ KeystoneCredential1:
+ type: string
+ description: The second Keystone credential key. Must be a valid key.
+ KeystoneLoggingSource:
+ type: json
+ default:
+ tag: openstack.keystone
+ path: /var/log/keystone/keystone.log
+
+resources:
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Keystone role.
value:
+ service_name: keystone
+ monitoring_subscription: {get_param: MonitoringSubscriptionKeystone}
+ logging_source: {get_param: KeystoneLoggingSource}
+ logging_groups:
+ - keystone
config_settings:
- keystone::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://keystone:'
- - {get_param: AdminToken}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/keystone'
- keystone::admin_token: {get_param: AdminToken}
- keystone::roles::admin::password: {get_param: AdminPassword}
- keystone_ca_certificate: {get_param: KeystoneCACertificate}
- keystone_signing_key: {get_param: KeystoneSigningKey}
- keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
- keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
- keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
- keystone::debug: {get_param: Debug}
- keystone::db::mysql::password: {get_param: AdminToken}
- keystone::rabbit_userid: {get_param: RabbitUserName}
- keystone::rabbit_password: {get_param: RabbitPassword}
- keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- keystone::rabbit_port: {get_param: RabbitClientPort}
- keystone::notification_driver: {get_param: KeystoneNotificationDriver}
- keystone::notification_format: {get_param: KeystoneNotificationFormat}
- keystone::roles::admin::email: {get_param: AdminEmail}
- keystone::roles::admin::password: {get_param: AdminPassword}
- keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
- keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- keystone::endpoint::region: {get_param: KeystoneRegion}
- keystone::admin_workers: {get_param: KeystoneWorkers}
- keystone::public_workers: {get_param: KeystoneWorkers}
- keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
- keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - keystone::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://keystone:'
+ - {get_param: AdminToken}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/keystone'
+ keystone::admin_token: {get_param: AdminToken}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
+ keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::enable_proxy_headers_parsing: true
+ keystone::enable_credential_setup: true
+ keystone::credential_keys:
+ '/etc/keystone/credential-keys/0':
+ content: {get_param: KeystoneCredential0}
+ '/etc/keystone/credential-keys/1':
+ content: {get_param: KeystoneCredential1}
+ keystone::debug: {get_param: Debug}
+ keystone::rabbit_userid: {get_param: RabbitUserName}
+ keystone::rabbit_password: {get_param: RabbitPassword}
+ keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ keystone::rabbit_port: {get_param: RabbitClientPort}
+ keystone::notification_driver: {get_param: KeystoneNotificationDriver}
+ keystone::notification_format: {get_param: KeystoneNotificationFormat}
+ keystone::roles::admin::email: {get_param: AdminEmail}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ keystone::endpoint::region: {get_param: KeystoneRegion}
+ keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
+ keystone::rabbit_heartbeat_timeout_threshold: 60
+ keystone::cron::token_flush::maxdelay: 3600
+ keystone::roles::admin::service_tenant: 'service'
+ keystone::roles::admin::admin_tenant: 'admin'
+ keystone::cron::token_flush::destination: '/dev/null'
+ keystone::config::keystone_config:
+ ec2/driver:
+ value: 'keystone.contrib.ec2.backends.sql.Ec2'
+ keystone::service_name: 'httpd'
+ keystone::wsgi::apache::ssl: false
+ keystone::wsgi::apache::servername:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::servername_admin:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
+ # override via extraconfig:
+ keystone::wsgi::apache::threads: 1
+ keystone::db::database_db_max_retries: -1
+ keystone::db::database_max_retries: -1
+ tripleo.keystone.firewall_rules:
+ '111 keystone':
+ dport:
+ - 5000
+ - 13000
+ - 35357
+ - 13357
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ # NOTE: this applies to all 4 bind IP settings below...
+ keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
step_config: |
include ::tripleo::profile::base::keystone
+ service_config_settings:
+ mysql:
+ keystone::db::mysql::password: {get_param: AdminToken}
+ keystone::db::mysql::user: keystone
+ keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ keystone::db::mysql::dbname: keystone
+ keystone::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/loadbalancer.yaml b/puppet/services/loadbalancer.yaml
deleted file mode 100644
index 1b9654fc..00000000
--- a/puppet/services/loadbalancer.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-heat_template_version: 2016-04-08
-
-description: >
- Loadbalancer service configured with Puppet
-
-parameters:
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
-
-outputs:
- role_data:
- description: Role data for the Loadbalancer role.
- value:
- step_config: |
- include ::tripleo::profile::base::loadbalancer
diff --git a/puppet/services/logging/fluentd-base.yaml b/puppet/services/logging/fluentd-base.yaml
new file mode 100644
index 00000000..c8f67556
--- /dev/null
+++ b/puppet/services/logging/fluentd-base.yaml
@@ -0,0 +1,37 @@
+heat_template_version: 2016-04-08
+
+description: Fluentd base service
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: >
+ Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+
+outputs:
+ role_data:
+ description: Role data for the Fluentd role.
+ value:
+ service_name: fluentd_base
+ config_settings:
+ fluentd::package_name: fluentd
+ fluentd::service_name: fluentd
+ fluentd::config_file: /etc/fluentd/fluent.conf
+ fluentd::config_owner: fluentd
+ fluentd::config_group: fluentd
+ fluentd::config_path: /etc/fluentd/config.d
+ fluentd::plugin_provider: yum
+ fluentd::service_provider: systemd
+ fluentd::repo_install: false
diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml
new file mode 100644
index 00000000..3ae7110f
--- /dev/null
+++ b/puppet/services/logging/fluentd-client.yaml
@@ -0,0 +1,64 @@
+heat_template_version: 2016-10-14
+
+description: Fluentd client configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: >
+ Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ FluentdBase:
+ type: ./fluentd-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+ LoggingConfiguration:
+ type: OS::TripleO::LoggingConfiguration
+
+outputs:
+ role_data:
+ description: Role data for the Fluentd client role.
+ value:
+ service_name: fluentd_client
+ config_settings:
+ map_merge:
+ - get_attr: [FluentdBase, role_data, config_settings]
+ - tripleo::profile::base::logging::fluentd::fluentd_servers:
+ get_attr: [LoggingConfiguration, LoggingServers]
+ tripleo::profile::base::logging::fluentd::fluentd_filters:
+ yaql:
+ expression: >
+ $.data.filters.flatten().where($)
+ data:
+ filters:
+ - get_attr: [LoggingConfiguration, LoggingDefaultFilters]
+ - get_attr: [LoggingConfiguration, LoggingExtraFilters]
+ tripleo::profile::base::logging::fluentd::fluentd_pos_file_path:
+ get_attr: [LoggingConfiguration, LoggingPosFilePath]
+ tripleo::profile::base::logging::fluentd::fluentd_use_ssl:
+ get_attr: [LoggingConfiguration, LoggingUsesSSL]
+ tripleo::profile::base::logging::fluentd::fluentd_ssl_certificate:
+ get_attr: [LoggingConfiguration, LoggingSSLCertificate]
+ tripleo::profile::base::logging::fluentd::fluentd_ssl_key:
+ get_attr: [LoggingConfiguration, LoggingSSLKey]
+ tripleo::profile::base::logging::fluentd::fluentd_ssl_key_passphrase:
+ get_attr: [LoggingConfiguration, LoggingSSLKeyPassphrase]
+ tripleo::profile::base::logging::fluentd::fluentd_shared_key:
+ get_attr: [LoggingConfiguration, LoggingSharedKey]
+ step_config: |
+ include ::tripleo::profile::base::logging::fluentd
diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml
new file mode 100644
index 00000000..e051781e
--- /dev/null
+++ b/puppet/services/logging/fluentd-config.yaml
@@ -0,0 +1,154 @@
+heat_template_version: 2016-10-14
+
+description: Fluentd logging configuration
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: >
+ Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ LoggingDefaultFormat:
+ description: >
+ Default format used to parse messages from log files.
+ type: string
+ default: >-
+ /(?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d+)
+ (?<pid>\d+)
+ (?<priority>\S+)
+ (?<message>.*)$/
+ LoggingPosFilePath:
+ description: >
+ Directory in which to place fluentd pos_file files (used to track
+ file position for the 'tail' input type).
+ type: string
+ default: /var/cache/fluentd
+ LoggingDefaultGroups:
+ description: >
+ Make fluentd user a member of these groups. Only override this parameter
+ if you want to modify the default list of groups. Use
+ LoggingExtraGroups to add the fluentd user to additional groups.
+ type: comma_delimited_list
+ default:
+ - root
+ LoggingExtraGroups:
+ description: >
+ Make fluentd user a member of these groups (in addition to
+ LoggingDefaultGroups and the groups provided by individual
+ composable services).
+ type: comma_delimited_list
+ default: []
+ LoggingServers:
+ description: |
+ A list of destinations to which fluentd will forward log messages. Expects
+ a list of dictionaries of the form:
+
+ - host: loghost1.example.com
+ port: 24224
+ - host: loghost2.example.com
+ port: 24224
+ type: json
+ default: []
+ LoggingDefaultFilters:
+ description: >
+ A list of fluentd default filters. This will be passed verbatim
+ to the 'filter' key of a fluentd::config resource. Only override this
+ if you do not want the default set of filters; use LoggingExtraFilters
+ if you just want to add additional servers.
+ type: json
+ default:
+ - tag_pattern: '**'
+ type: record_transformer
+ record:
+ nodename: '${hostname}'
+
+ - tag_pattern: 'openstack.**'
+ type: record_transformer
+ record:
+ component: '${tag_parts[1]}'
+ LoggingExtraFilters:
+ description: >
+ A list of additional fluentd filters. This will be passed
+ verbatim to the 'filter' key of a fluentd::config resource.
+ type: json
+ default: []
+ LoggingUsesSSL:
+ description: >
+ A boolean value indicating whether or not we should forward log messages
+ use the secure_forward plugin.
+ type: boolean
+ default: false
+ LoggingSSLCertificate:
+ description: >
+ PEM-encoded SSL CA certificate for fluentd.
+ type: string
+ default: ""
+ LoggingSSLKey:
+ description: >
+ PEM-encoded key for fluentd CA certificate (used by in_secure_forward).
+ type: string
+ default: ""
+ LoggingSSLKeyPassphrase:
+ description: >
+ Passphrase for LoggingSSLKey (used by in_secure_forward).
+ type: string
+ default: ""
+ LoggingSharedKey:
+ description: >
+ Shared secret for fluentd secure-forward plugin.
+ type: string
+ default: ""
+ LoggingDefaultSources:
+ description: >
+ A list of default logging sources for fluentd. You should only override
+ this parameter if you wish to disable the default logging sources. Use
+ LoggingExtraSources to define additional source configurations.
+ type: json
+ default: []
+ LoggingExtraSources:
+ description: >
+ A list of additional logging sources for fluentd. These will be combined
+ with the LoggingDefaultSources and any logging sources defined by
+ composable services.
+ type: json
+ default: []
+
+outputs:
+ LoggingDefaultFormat:
+ value: {get_param: LoggingDefaultFormat}
+ LoggingDefaultFilters:
+ value: {get_param: LoggingDefaultFilters}
+ LoggingExtraFilters:
+ value: {get_param: LoggingExtraFilters}
+ LoggingDefaultGroups:
+ value: {get_param: LoggingDefaultGroups}
+ LoggingExtraGroups:
+ value: {get_param: LoggingExtraGroups}
+ LoggingPosFilePath:
+ value: {get_param: LoggingPosFilePath}
+ LoggingSSLCertificate:
+ value: {get_param: LoggingSSLCertificate}
+ LoggingSSLKey:
+ value: {get_param: LoggingSSLKey}
+ LoggingSSLKeyPassphrase:
+ value: {get_param: LoggingSSLKeyPassphrase}
+ LoggingServers:
+ value: {get_param: LoggingServers}
+ LoggingSharedKey:
+ value: {get_param: LoggingSharedKey}
+ LoggingUsesSSL:
+ value: {get_param: LoggingUsesSSL}
+ LoggingDefaultSources:
+ value: {get_param: LoggingDefaultSources}
+ LoggingExtraSources:
+ value: {get_param: LoggingExtraSources}
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
new file mode 100644
index 00000000..4d3fd47c
--- /dev/null
+++ b/puppet/services/manila-api.yaml
@@ -0,0 +1,82 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Manila-api service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ManilaPassword:
+ description: The password for the manila service account.
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ MonitoringSubscriptionManilaApi:
+ default: 'overcloud-manila-api'
+ type: string
+
+resources:
+ ManilaBase:
+ type: ./manila-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Manila-api role.
+ value:
+ service_name: manila_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi}
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - manila::keystone::authtoken::password: {get_param: ManilaPassword}
+ manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ manila::keystone::authtoken::project_name: 'service'
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
+ manila::api::enable_proxy_headers_parsing: true
+ step_config: |
+ include ::tripleo::profile::base::manila::api
+ service_config_settings:
+ keystone:
+ manila::keystone::auth::tenant: 'service'
+ manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
+ manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
+ manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
+ manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
+ manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
+ manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
+ manila::keystone::auth::password: {get_param: ManilaPassword}
+ manila::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ manila::db::mysql::password: {get_param: ManilaPassword}
+ manila::db::mysql::user: manila
+ manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ manila::db::mysql::dbname: manila
+ manila::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml
new file mode 100644
index 00000000..89a36d21
--- /dev/null
+++ b/puppet/services/manila-backend-cephfs.yaml
@@ -0,0 +1,61 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Manila Cephfs backend
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ # CephFS Native backend params:
+ ManilaCephFSNativeEnableBackend:
+ type: boolean
+ default: false
+ ManilaCephFSNativeBackendName:
+ type: string
+ default: cephfsnative
+ ManilaCephFSNativeDriverHandlesShareServers:
+ type: boolean
+ default: false
+ ManilaCephFSNativeShareBackendName:
+ type: string
+ default: 'cephfs'
+ ManilaCephFSNativeCephFSConfPath:
+ type: string
+ default: '/etc/ceph/cephfs.conf'
+ ManilaCephFSNativeCephFSAuthId:
+ type: string
+ default: 'manila'
+ ManilaCephFSNativeCephFSClusterName:
+ type: string
+ default: 'ceph'
+ ManilaCephFSNativeCephFSEnableSnapshots:
+ type: boolean
+ default: true
+
+outputs:
+ role_data:
+ description: Role data for the Manila Cephfs backend.
+ value:
+ service_name: manila_backend_cephfs
+ config_settings:
+ manila::backend::cephfsnative::enable_backend: {get_param: ManilaCephFSNativeEnableBackend}
+ manila::backend::cephfsnative::title: {get_param: ManilaCephFSNativeBackendName}
+ manila::backend::cephfsnative::driver_handles_share_servers: {get_param: ManilaCephFSNativeDriverHandlesShareServers}
+ manila::backend::cephfsnative::share_backend_name: {get_param: ManilaCephFSNativeShareBackendName}
+ manila::backend::cephfsnative::cephfs_conf_path: {get_param: ManilaCephFSNativeCephFSConfPath}
+ manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId}
+ manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName}
+ manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots}
+ step_config:
diff --git a/puppet/services/manila-backend-generic.yaml b/puppet/services/manila-backend-generic.yaml
new file mode 100644
index 00000000..5c001c82
--- /dev/null
+++ b/puppet/services/manila-backend-generic.yaml
@@ -0,0 +1,93 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Manila generic backend.
+
+parameters:
+ ManilaGenericEnableBackend:
+ type: boolean
+ default: false
+ ManilaGenericBackendName:
+ type: string
+ default: tripleo_generic
+ ManilaGenericDriverHandlesShareServers:
+ type: string
+ default: true
+ ManilaGenericSmbTemplateConfigPath:
+ type: string
+ default: '$state_path/smb.conf'
+ ManilaGenericVolumeNameTemplate:
+ type: string
+ default: 'manila-share-%s'
+ ManilaGenericVolumeSnapshotNameTemplate:
+ type: string
+ default: 'manila-snapshot-%s'
+ ManilaGenericShareMountPath:
+ type: string
+ default: '/shares'
+ ManilaGenericMaxTimeToCreateVolume:
+ type: string
+ default: '180'
+ ManilaGenericMaxTimeToAttach:
+ type: string
+ default: '120'
+ ManilaGenericServiceInstanceSmbConfigPath:
+ type: string
+ default: '$share_mount_path/smb.conf'
+ ManilaGenericShareVolumeFsType:
+ type: string
+ default: 'ext4'
+ ManilaGenericCinderVolumeType:
+ type: string
+ default: ''
+ ManilaServiceInstanceUser:
+ type: string
+ default: ''
+ ManilaServiceInstancePassword: #SET THIS via parameter_defaults
+ type: string
+ hidden: true
+ ManilaServiceInstanceFlavorId:
+ type: number
+ default: 1
+ ManilaServiceNetworkCidr:
+ type: string
+ default: '172.16.0.0/16'
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Manila Generic backend.
+ value:
+ service_name: manila_backend_generic
+ config_settings:
+ manila_generic_enable_backend: {get_param: ManilaGenericEnableBackend}
+ manila::backend::generic::title: {get_param: ManilaGenericBackendName}
+ manila::backend::generic::driver_handles_share_servers: {get_param: ManilaGenericDriverHandlesShareServers}
+ manila::backend::generic::smb_template_config_path: {get_param: ManilaGenericSmbTemplateConfigPath}
+ manila::backend::generic::volume_name_template: {get_param: ManilaGenericVolumeNameTemplate}
+ manila::backend::generic::volume_snapshot_name_template: {get_param: ManilaGenericVolumeSnapshotNameTemplate}
+ manila::backend::generic::share_mount_path: {get_param: ManilaGenericShareMountPath}
+ manila::backend::generic::max_time_to_create_volume: {get_param: ManilaGenericMaxTimeToCreateVolume}
+ manila::backend::generic::max_time_to_attach: {get_param: ManilaGenericMaxTimeToAttach}
+ manila::backend::generic::service_instance_smb_config_path: {get_param: ManilaGenericServiceInstanceSmbConfigPath}
+ manila::backend::generic::share_volume_fstype: {get_param: ManilaGenericShareVolumeFsType}
+ manila::backend::generic::cinder_volume_type: {get_param: ManilaGenericCinderVolumeType}
+ manila::service_instance::service_instance_user: {get_param: ManilaServiceInstanceUser}
+ manila::service_instance::service_instance_password: {get_param: ManilaServiceInstancePassword}
+ manila::service_instance::service_instance_flavor_id: {get_param: ManilaServiceInstanceFlavorId}
+ manila::service_instance::service_network_cidr: {get_param: ManilaServiceNetworkCidr}
+
+ step_config:
diff --git a/puppet/services/manila-backend-netapp.yaml b/puppet/services/manila-backend-netapp.yaml
new file mode 100644
index 00000000..c95a8da7
--- /dev/null
+++ b/puppet/services/manila-backend-netapp.yaml
@@ -0,0 +1,112 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Manila netapp backend.
+
+parameters:
+ ManilaNetappEnableBackend:
+ type: boolean
+ default: false
+ ManilaNetappDriverHandlesShareServers:
+ type: string
+ default: true
+ ManilaNetappBackendName:
+ type: string
+ default: tripleo_netapp
+ ManilaNetappLogin:
+ type: string
+ default: ''
+ ManilaNetappPassword:
+ type: string
+ default: ''
+ ManilaNetappServerHostname:
+ type: string
+ default: ''
+ ManilaNetappTransportType:
+ type: string
+ default: 'http'
+ ManilaNetappStorageFamily:
+ type: string
+ default: 'ontap_cluster'
+ ManilaNetappServerPort:
+ type: number
+ default: 80
+ ManilaNetappVolumeNameTemplate:
+ type: string
+ default: 'share_%(share_id)s'
+ ManilaNetappVserver:
+ type: string
+ default: ''
+ ManilaNetappVserverNameTemplate:
+ type: string
+ default: 'os_%s'
+ ManilaNetappLifNameTemplate:
+ type: string
+ default: 'os_%(net_allocation_id)s'
+ ManilaNetappAggrNameSearchPattern:
+ type: string
+ default: '(.*)'
+ ManilaNetappRootVolumeAggr:
+ type: string
+ default: ''
+ ManilaNetappRootVolume:
+ type: string
+ default: 'root'
+ ManilaNetappPortNameSearchPattern:
+ type: string
+ default: '(.*)'
+ ManilaNetappTraceFlags:
+ type: string
+ default: ''
+ ManilaNetappEnabledShareProtocols:
+ type: string
+ default: 'nfs3, nfs4.0'
+ ManilaNetappVolumeSnapshotReservePercent:
+ type: number
+ default: 5
+ ManilaNetappSnapmirrorQuiesceTimeout:
+ type: number
+ default: 3600
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Manila Netapp backend.
+ value:
+ service_name: manila_backend_netapp
+ config_settings:
+ manila_netapp_enable_backend: {get_param: ManilaNetappEnableBackend}
+ manila::backend::netapp::title: {get_param: ManilaNetappBackendName}
+ manila::backend::netapp::netapp_login: {get_param: ManilaNetappLogin}
+ manila::backend::netapp::driver_handles_share_servers: {get_param: ManilaNetappDriverHandlesShareServers}
+ manila::backend::netapp::netapp_password: {get_param: ManilaNetappPassword}
+ manila::backend::netapp::netapp_server_hostname: {get_param: ManilaNetappServerHostname}
+ manila::backend::netapp::netapp_transport_type: {get_param: ManilaNetappTransportType}
+ manila::backend::netapp::netapp_storage_family: {get_param: ManilaNetappStorageFamily}
+ manila::backend::netapp::netapp_server_port: {get_param: ManilaNetappServerPort}
+ manila::backend::netapp::netapp_volume_name_template: {get_param: ManilaNetappVolumeNameTemplate}
+ manila::backend::netapp::netapp_vserver: {get_param: ManilaNetappVserver}
+ manila::backend::netapp::netapp_vserver_name_template: {get_param: ManilaNetappVserverNameTemplate}
+ manila::backend::netapp::netapp_lif_name_template: {get_param: ManilaNetappLifNameTemplate}
+ manila::backend::netapp::netapp_aggregate_name_search_pattern: {get_param: ManilaNetappAggrNameSearchPattern}
+ manila::backend::netapp::netapp_root_volume_aggregate: {get_param: ManilaNetappRootVolumeAggr}
+ manila::backend::netapp::netapp_root_volume: {get_param: ManilaNetappRootVolume}
+ manila::backend::netapp::netapp_port_name_search_pattern: {get_param: ManilaNetappPortNameSearchPattern}
+ manila::backend::netapp::netapp_trace_flags: {get_param: ManilaNetappTraceFlags}
+ manila::backend::netapp::netapp_enabled_share_protocols: {get_param: ManilaNetappEnabledShareProtocols}
+ manila::backend::netapp::netapp_volume_snapshot_reserve_percent: {get_param: ManilaNetappVolumeSnapshotReservePercent}
+ manila::backend::netapp::netapp_snapmirror_quiesce_timeout: {get_param: ManilaNetappSnapmirrorQuiesceTimeout}
+ step_config:
diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml
new file mode 100644
index 00000000..d228577a
--- /dev/null
+++ b/puppet/services/manila-base.yaml
@@ -0,0 +1,56 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Manila base service. Shared by manila-api/scheduler/share services
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Manila Base service.
+ value:
+ service_name: manila_base
+ config_settings:
+ manila::rabbit_userid: {get_param: RabbitUserName}
+ manila::rabbit_password: {get_param: RabbitPassword}
+ manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ manila::rabbit_port: {get_param: RabbitClientPort}
+ manila::debug: {get_param: Debug}
+ manila::db::database_db_max_retries: -1
+ manila::db::database_max_retries: -1
diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml
new file mode 100644
index 00000000..474cc24f
--- /dev/null
+++ b/puppet/services/manila-scheduler.yaml
@@ -0,0 +1,70 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Manila-scheduler service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaPassword:
+ type: string
+ description: The password for the nova service and db account, used by nova-api.
+ hidden: true
+ NeutronPassword:
+ description: The password for the neutron service and db account, used by neutron agents.
+ type: string
+ hidden: true
+ ManilaPassword:
+ description: The password for the manila service account.
+ type: string
+ hidden: true
+ MonitoringSubscriptionManilaScheduler:
+ default: 'overcloud-manila-scheduler'
+ type: string
+
+resources:
+ ManilaBase:
+ type: ./manila-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Manila-scheduler role.
+ value:
+ service_name: manila_scheduler
+ monitoring_subscription: {get_param: MonitoringSubscriptionManilaScheduler}
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::compute::nova::nova_admin_password: {get_param: NovaPassword}
+ manila::compute::nova::nova_admin_tenant_name: 'service'
+ manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]}
+ manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword}
+ manila::sql_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://manila:'
+ - {get_param: ManilaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/manila'
+ step_config: |
+ include ::tripleo::profile::base::manila::scheduler
diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml
new file mode 100644
index 00000000..e42d2fae
--- /dev/null
+++ b/puppet/services/manila-share.yaml
@@ -0,0 +1,44 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Manila-share service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionManilaShare:
+ default: 'overcloud-manila-share'
+ type: string
+
+resources:
+ ManilaBase:
+ type: ./manila-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Manila-share role.
+ value:
+ service_name: manila_share
+ monitoring_subscription: {get_param: MonitoringSubscriptionManilaShare}
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - manila::volume::cinder::cinder_admin_tenant_name: 'service'
+ step_config: |
+ include ::tripleo::profile::base::manila::share
diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml
index fcd0adca..9e3f6375 100644
--- a/puppet/services/memcached.yaml
+++ b/puppet/services/memcached.yaml
@@ -4,16 +4,39 @@ description: >
Memcached service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionMemcached:
+ default: 'overcloud-memcached'
+ type: string
outputs:
role_data:
description: Role data for the Memcached role.
value:
+ service_name: memcached
+ monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
config_settings:
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
+ tripleo.memcached.firewall_rules:
+ '121 memcached':
+ dport: 11211
step_config: |
include ::tripleo::profile::base::memcached
diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml
new file mode 100644
index 00000000..d7350d07
--- /dev/null
+++ b/puppet/services/monitoring/sensu-base.yaml
@@ -0,0 +1,68 @@
+heat_template_version: 2016-04-08
+
+description: Sensu base service
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ MonitoringRabbitHost:
+ description: RabbitMQ host Sensu has to connect to.
+ type: string
+ default: ''
+ MonitoringRabbitPort:
+ default: 5672
+ description: Set RabbitMQ subscriber port, change this if using SSL.
+ type: number
+ MonitoringRabbitUseSSL:
+ default: false
+ description: >
+ RabbitMQ client subscriber parameter to specify an SSL connection
+ to the RabbitMQ host.
+ type: string
+ MonitoringRabbitPassword:
+ description: The RabbitMQ password used for monitoring purposes.
+ type: string
+ hidden: true
+ MonitoringRabbitUserName:
+ description: The RabbitMQ username used for monitoring purposes.
+ type: string
+ default: sensu
+ MonitoringRabbitVhost:
+ description: The RabbitMQ vhost used for monitoring purposes.
+ type: string
+ default: '/sensu'
+
+
+outputs:
+ role_data:
+ description: Role data for the Sensu role.
+ value:
+ service_name: sensu_base
+ config_settings:
+ sensu::enterprise: false
+ sensu::enterprise_dashboard: false
+ sensu::install_repo: false
+ sensu::manage_user: false
+ sensu::rabbitmq_host: {get_param: MonitoringRabbitHost}
+ sensu::rabbitmq_password: {get_param: MonitoringRabbitPassword}
+ sensu::rabbitmq_port: {get_param: MonitoringRabbitPort}
+ sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL}
+ sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName}
+ sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost}
+ #sensu::redis_host: {get_param: MonitoringRedisHost}
+ #sensu::redis_password: {get_param: MonitoringRedisPassword}
+ sensu::sensu_plugin_provider: 'yum'
+ sensu::sensu_plugin_name: 'rubygem-sensu-plugin'
+ sensu::version: 'present'
diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml
new file mode 100644
index 00000000..3f37e750
--- /dev/null
+++ b/puppet/services/monitoring/sensu-client.yaml
@@ -0,0 +1,49 @@
+heat_template_version: 2016-04-08
+
+description: Sensu client configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: >
+ Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SensuClientCustomConfig:
+ default: {}
+ description: Hash containing custom sensu-client variables.
+ type: json
+ label: Custom configuration for Sensu Client variables
+
+resources:
+ SensuBase:
+ type: ./sensu-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Sensu client role.
+ value:
+ service_name: sensu_client
+ monitoring_subscription: all
+ config_settings:
+ map_merge:
+ - get_attr: [SensuBase, role_data, config_settings]
+ - sensu::api: false
+ sensu::client: true
+ sensu::server: false
+ sensu::client_custom: {get_param: SensuClientCustomConfig}
+ step_config: |
+ include ::tripleo::profile::base::monitoring::sensu
diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml
new file mode 100644
index 00000000..1c2331fa
--- /dev/null
+++ b/puppet/services/network/contrail-analytics.yaml
@@ -0,0 +1,90 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Contrail Analytics service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail Analytics.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailAnalyticsHostIP:
+ description: host IP address of Analytics
+ type: string
+ ContrailAnalyticsRedisServerIp:
+ description: Redis server ip address
+ type: string
+ ContrailAnalyticsCollectorServerHttpPort:
+ description: Collector http port
+ type: number
+ default: 8089
+ ContrailAnalyticsCollectorSandeshPort:
+ description: Collector sandesh port
+ type: number
+ default: 8086
+ ContrailAnalyticsHttpServerPort:
+ description: Analytics http port
+ type: number
+ default: 8090
+ ContrailAnalyticsListenAddress:
+ default: '0.0.0.0'
+ description: IP address Config API is listening on
+ type: string
+ ContrailAnalyticsListenPort:
+ default: 8082
+ description: Port Config API is listening on
+ type: number
+ ContrailAnalyticsRedisServerPort:
+ description: Redis server port
+ type: number
+ default: 6379
+ ContrailAnalyticsRestApiIp:
+ description: IP address Analytics rest interface listens on
+ type: string
+ default: '0.0.0.0'
+ ContrailAnalyticsRestApiPort:
+ description: Analytics rest port
+ type: number
+ default: 8081
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail Analytics using composable services.
+ value:
+ service_name: contrail_analytics
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorServerHttpPort}
+ contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandeshPort}
+ contrail::analytics::host_ip: {get_param: ContrailAnalyticsHostIP}
+ contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttpServerPort}
+ contrail::analytics::listen_ip_address: {get_param: ContrailAnalyticsListenAddress}
+ contrail::analytics::listen_port: {get_param: ContrailAnalyticsListenPort}
+ contrail::analytics::redis_server: {get_param: ContrailAnalyticsRedisServerIp}
+ contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedisServerPort}
+ contrail::analytics::rest_api_ip: {get_param: ContrailAnalyticsRestApiIp}
+ contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsRestApiPort}
+ step_config: |
+ include ::tripleo::network::contrail::analytics
diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml
new file mode 100644
index 00000000..03dbea5b
--- /dev/null
+++ b/puppet/services/network/contrail-base.yaml
@@ -0,0 +1,100 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Base parameters for all Contrail Services.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ AdminPassword:
+ description: Keystone admin user password
+ type: string
+ AdminTenantName:
+ description: Keystone admin tenant name
+ type: string
+ AdminToken:
+ description: Keystone admin token
+ type: string
+ AdminUser:
+ description: Keystone admin user name
+ type: string
+ AuthHost:
+ description: Keystone host IP address
+ type: string
+ AuthPort:
+ default: 35357
+ description: Keystone port
+ type: number
+ AuthProtocol:
+ default: 'http'
+ description: Keystone authentication protocol
+ type: string
+ ContrailDiscoveryServerIp:
+ description: Discovery server ip address
+ type: string
+ ContrailKafkaBrokerList:
+ description: List of kafka servers
+ type: comma_delimited_list
+ ContrailAuth:
+ default: 'keystone'
+ description: Keystone authentication method
+ type: string
+ ContrailCassandraServerList:
+ default: []
+ description: List of cassandra servers
+ type: comma_delimited_list
+ ContrailDiscoveryServerPort:
+ description: Discovery server port
+ type: number
+ default: 5998
+ ContrailInsecure:
+ default: false
+ description: Keystone insecure mode
+ type: boolean
+ ContrailMemcachedServer:
+ default: '127.0.0.1:12111'
+ description: Memcached server
+ type: string
+ ContrailMultiTenancy:
+ default: true
+ description: Turn on/off multi-tenancy
+ type: boolean
+ ContrailZkServerIp:
+ default: []
+ description: List of zookeeper servers
+ type: comma_delimited_list
+
+outputs:
+ role_data:
+ description: Shared role data for the Contrail services.
+ value:
+ service_name: contrail_base
+ config_settings:
+ contrail::admin_password: {get_param: AdminPassword}
+ contrail::admin_tenant_name: {get_param: AdminTenantName}
+ contrail::admin_token: {get_param: AdminToken}
+ contrail::admin_user: {get_param: AdminUser}
+ contrail::auth_host: {get_param: [EndpointMap, KeystoneInternal, host] }
+ contrail::auth_port: {get_param: [EndpointMap, KeystoneInternal, port] }
+ contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] }
+ contrail::disc_server_ip: {get_param: ContrailDiscoveryServerIp}
+ contrail::kafka_broker_list: {get_param: ContrailKafkaBrokerList}
+ contrail::auth: {get_param: ContrailAuth}
+ contrail::cassandra_server_list: {get_param: ContrailCassandraServerList}
+ contrail::disc_server_port: {get_param: ContrailDiscoveryServerPort}
+ contrail::insecure: {get_param: ContrailInsecure}
+ contrail::memcached_server: {get_param: ContrailMemcachedServer}
+ contrail::multi_tenancy: {get_param: ContrailMultiTenancy}
+ contrail::zk_server_ip: {get_param: ContrailZkServerIp}
diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml
new file mode 100644
index 00000000..0987fc75
--- /dev/null
+++ b/puppet/services/network/contrail-config.yaml
@@ -0,0 +1,72 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Contrail Config service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail Config.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailConfigIfmapServerIp:
+ description: Ifmap server ip address
+ type: string
+ ContrailConfigIfmapUserName:
+ description: Ifmap user name
+ type: string
+ ContrailConfigIfmapUserPassword:
+ description: Ifmap user password
+ type: string
+ ContrailConfigRabbitServerIp:
+ description: RabbitMq server ip address
+ type: string
+ ContrailConfigRedisServerIp:
+ description: Redis server ip address
+ type: string
+ ContrailConfigListenAddress:
+ default: '0.0.0.0'
+ description: IP address Config API is listening on
+ type: string
+ ContrailConfigListenPort:
+ default: 8082
+ description: Port Config API is listening on
+ type: number
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail Config using composable services.
+ value:
+ service_name: contrail_config
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword}
+ contrail::config::ifmap_server_ip: {get_param: ContrailConfigIfmapServerIp}
+ contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName}
+ contrail::config::listen_ip_address: {get_param: ContrailConfigListenAddress}
+ contrail::config::listen_port: {get_param: ContrailConfigListenPort}
+ contrail::config::rabbit_server: {get_param: ContrailConfigRabbitServerIp}
+ contrail::config::redis_server: {get_param: ContrailConfigRedisServerIp}
+ step_config: |
+ include ::tripleo::network::contrail::config
diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml
new file mode 100644
index 00000000..9356e9e9
--- /dev/null
+++ b/puppet/services/network/contrail-control.yaml
@@ -0,0 +1,54 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Contrail Control service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail Control.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailControlHostIP:
+ description: host IP address of Analytics
+ type: string
+ ContrailControlIfmapUserName:
+ description: Ifmap user name
+ type: string
+ ContrailControlIfmapUserPassword:
+ description: Ifmap user password
+ type: string
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail Control using composable services.
+ value:
+ service_name: contrail_control
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::control::host_ip: {get_param: ContrailControlHostIP}
+ contrail::control::ifmap_username: {get_param: ContrailControlIfmapUserName}
+ contrail::control::ifmap_password: {get_param: ContrailControlIfmapUserPassword}
+ step_config: |
+ include ::tripleo::network::contrail::control
diff --git a/puppet/services/network/contrail-database.yaml b/puppet/services/network/contrail-database.yaml
new file mode 100644
index 00000000..e5712618
--- /dev/null
+++ b/puppet/services/network/contrail-database.yaml
@@ -0,0 +1,51 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Contrail Database service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail Database.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailDatabaseHostIP:
+ description: host IP address of Database node
+ type: string
+ ContrailDatabaseMinDisk:
+ description: Minimum disk size for database
+ type: number
+ default: 64
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail Database using composable services.
+ value:
+ service_name: contrail_database
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::database::host_ip: {get_param: ContrailDatabaseHostIP}
+ contrail::database::minimum_diskGB: {get_param: ContrailDatabaseMinDisk}
+ step_config: |
+ include ::tripleo::profile::contrail::database
diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml
new file mode 100644
index 00000000..72b9e1c0
--- /dev/null
+++ b/puppet/services/network/contrail-webui.yaml
@@ -0,0 +1,69 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Contrail WebUI service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail WebUI.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailWebUiAnalyticsVip:
+ description: Contrail Analytics VIP
+ type: string
+ ContrailWebUiConfigVip:
+ description: Contrail Config VIP
+ type: string
+ ContrailWebUiNeutronVip:
+ description: Neutron VIP
+ type: string
+ ContrailWebuiHttpPort:
+ default: 8080
+ description: HTTP Port of Webui
+ type: number
+ ContrailWebuiHttpsPort:
+ default: 8143
+ description: HTTPS Port of Webui
+ type: number
+ ContrailWebUiRedisIp:
+ description: Redis IP
+ type: string
+ default: '127.0.0.1'
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail WebUI using composable services.
+ value:
+ service_name: contrail_webui
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::webui::contrail_analytics_vip: {get_param: ContrailWebUiAnalyticsVip}
+ contrail::webui::contrail_config_vip: {get_param: ContrailWebUiConfigVip}
+ contrail::webui::contrail_webui_http_port: {get_param: ContrailWebuiHttpPort}
+ contrail::webui::contrail_webui_https_port: {get_param: ContrailWebuiHttpsPort}
+ contrail::webui::neutron_vip: {get_param: ContrailWebUiNeutronVip}
+ contrail::webui::redis_ip: {get_param: ContrailWebUiRedisIp}
+ step_config: |
+ include ::tripleo::network::contrail::webui
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
new file mode 100644
index 00000000..3b531ab3
--- /dev/null
+++ b/puppet/services/neutron-api.yaml
@@ -0,0 +1,182 @@
+heat_template_version: 2016-10-14
+
+description: >
+ OpenStack Neutron Server configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronWorkers:
+ default: ''
+ description: |
+ Sets the number of API and RPC workers for the Neutron service. The
+ default value results in the configuration being left unset and a
+ system-dependent default will be chosen (usually the number of
+ processors). Please note that this can result in a large number of
+ processes and memory consumption on systems with a large core count. On
+ such systems it is recommended that a non-default value be selected that
+ matches the load requirements.
+ type: string
+ NeutronPassword:
+ description: The password for the neutron service and db account, used by neutron agents.
+ type: string
+ hidden: true
+ NeutronAllowL3AgentFailover:
+ default: 'True'
+ description: Allow automatic l3-agent failover
+ type: string
+ NovaPassword:
+ description: The password for the nova service and db account, used by nova-api.
+ type: string
+ hidden: true
+ NeutronEnableDVR:
+ description: Enable Neutron DVR.
+ default: false
+ type: boolean
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ MonitoringSubscriptionNeutronServer:
+ default: 'overcloud-neutron-server'
+ type: string
+ NeutronApiLoggingSource:
+ type: json
+ default:
+ tag: openstack.neutron.api
+ path: /var/log/neutron/server.log
+ ControllerCount:
+ description: |
+ Under normal conditions, this should not be overridden manually and is
+ set at deployment time. The default value is present to allow the
+ template to be used in environments that do not override it.
+ default: 1
+ type: number
+
+ # DEPRECATED: the following options are deprecated and are currently maintained
+ # for backwards compatibility. They will be removed in the Ocata cycle.
+ NeutronL3HA:
+ default: false
+ description: |
+ Whether to enable HA for virtual routers. While the default value is
+ 'false', L3 HA will be automatically enabled if the number of nodes
+ hosting controller configurations and DVR is disabled. This parameter is
+ being deprecated in Newton and is scheduled to be removed in Ocata.
+ Future releases will enable L3 HA by default if it is appropriate for the
+ deployment type. Alternate mechanisms will be available to override.
+ type: boolean
+
+parameter_groups:
+- label: deprecated
+ description: |
+ The following parameters are deprecated and will be removed. They should not
+ be relied on for new deployments. If you have concerns regarding deprecated
+ parameters, please contact the TripleO development team on IRC or the
+ OpenStack mailing list.
+ parameters:
+ - NeutronL3HA
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+conditions:
+
+ auto_enable_l3_ha:
+ and:
+ - not:
+ equals:
+ - get_param: ControllerCount
+ - 1
+ - equals:
+ - get_param: NeutronEnableDVR
+ - false
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Server agent service.
+ value:
+ service_name: neutron_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
+ logging_source: {get_param: NeutronApiLoggingSource}
+ logging_groups:
+ - neutron
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::server::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://neutron:'
+ - {get_param: NeutronPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/ovs_neutron'
+ neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ neutron::server::api_workers: {get_param: NeutronWorkers}
+ neutron::server::rpc_workers: {get_param: NeutronWorkers}
+ neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
+ neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]}
+ neutron::keystone::authtoken::password: {get_param: NeutronPassword}
+
+ neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
+ neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
+ neutron::server::notifications::tenant_name: 'service'
+ neutron::server::notifications::project_name: 'service'
+ neutron::server::notifications::password: {get_param: NovaPassword}
+ neutron::keystone::authtoken::project_name: 'service'
+ neutron::server::sync_db: true
+ tripleo.neutron_server.firewall_rules:
+ '114 neutron server':
+ dport:
+ - 9696
+ - 13696
+ '118 neutron vxlan networks':
+ proto: 'udp'
+ dport: 4789
+ '106 vrrp':
+ proto: vrrp
+ neutron::server::router_distributed: {get_param: NeutronEnableDVR}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+ step_config: |
+ include tripleo::profile::base::neutron::server
+ service_config_settings:
+ keystone:
+ neutron::keystone::auth::tenant: 'service'
+ neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
+ neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+ neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+ neutron::keystone::auth::password: {get_param: NeutronPassword}
+ neutron::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ neutron::db::mysql::password: {get_param: NeutronPassword}
+ neutron::db::mysql::user: neutron
+ neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ neutron::db::mysql::dbname: ovs_neutron
+ neutron::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index b34bdd22..32d50d41 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -26,19 +26,77 @@ parameters:
type: number
default: 3
description: The number of neutron dhcp agents to schedule per network
+ NeutronCorePlugin:
+ default: 'ml2'
+ description: |
+ The core plugin for Neutron. The value should be the entrypoint to be loaded
+ from neutron.core_plugins namespace.
+ type: string
+ NeutronServicePlugins:
+ default: "router,qos"
+ description: |
+ Comma-separated list of service plugin entrypoints to be loaded from the
+ neutron.service_plugins namespace.
+ type: comma_delimited_list
Debug:
type: string
default: ''
description: Set to True to enable debugging on all services.
+ EnableConfigPurge:
+ type: boolean
+ default: true
+ description: >
+ Remove configuration that is not generated by TripleO. Setting
+ to false may result in configuration remnants after updates/upgrades.
+ NeutronGlobalPhysnetMtu:
+ type: number
+ default: 1496
+ description: |
+ MTU of the underlying physical network. Neutron uses this value to
+ calculate MTU for all virtual network components. For flat and VLAN
+ networks, neutron uses this value without modification. For overlay
+ networks such as VXLAN, neutron automatically subtracts the overlay
+ protocol overhead from this value. The default value of 1496 is
+ currently in effect to compensate for some additional overhead when
+ deploying with some network configurations (e.g. network isolation over
+ single network interfaces)
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
outputs:
role_data:
description: Role data for the Neutron base service.
value:
+ service_name: neutron_base
config_settings:
neutron::rabbit_password: {get_param: RabbitPassword}
neutron::rabbit_user: {get_param: RabbitUserName}
neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
neutron::rabbit_port: {get_param: RabbitClientPort}
neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
+ neutron::core_plugin: {get_param: NeutronCorePlugin}
+ neutron::service_plugins:
+ str_replace:
+ template: PLUGINS
+ params:
+ PLUGINS: {get_param: NeutronServicePlugins}
neutron::debug: {get_param: Debug}
+ neutron::purge_config: {get_param: EnableConfigPurge}
+ neutron::allow_overlapping_ips: true
+ neutron::rabbit_heartbeat_timeout_threshold: 60
+ neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed
+ neutron::db::database_db_max_retries: -1
+ neutron::db::database_max_retries: -1
+ neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
diff --git a/puppet/services/neutron-compute-plugin-midonet.yaml b/puppet/services/neutron-compute-plugin-midonet.yaml
new file mode 100644
index 00000000..26b6fa6b
--- /dev/null
+++ b/puppet/services/neutron-compute-plugin-midonet.yaml
@@ -0,0 +1,29 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Compute Midonet plugin
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Compute Plumgrid plugin
+ value:
+ service_name: neutron_compute_plugin_midonet
+ config_settings:
+ step_config: |
+ include ::tripleo::profile::base::neutron::agents::midonet
diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml
new file mode 100644
index 00000000..c4f8ad12
--- /dev/null
+++ b/puppet/services/neutron-compute-plugin-nuage.yaml
@@ -0,0 +1,36 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Compute Nuage plugin
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaPassword:
+ description: The password for the nova service account, used by nova-api.
+ type: string
+ hidden: true
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Compute Nuage plugin
+ value:
+ service_name: neutron_compute_plugin_nuage
+ config_settings:
+ tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service'
+ tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword}
+ tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]}
+ step_config: |
+ include ::tripleo::profile::base::neutron::agents::nuage
diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/puppet/services/neutron-compute-plugin-opencontrail.yaml
new file mode 100644
index 00000000..9f2fd13c
--- /dev/null
+++ b/puppet/services/neutron-compute-plugin-opencontrail.yaml
@@ -0,0 +1,29 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Compute OpenContrail plugin
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Compute OpenContrail plugin
+ value:
+ service_name: neutron_compute_plugin_opencontrail
+ config_settings:
+ step_config: |
+ include ::tripleo::profile::base::neutron::opencontrail::vrouter
diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml
new file mode 100644
index 00000000..95e05dd4
--- /dev/null
+++ b/puppet/services/neutron-compute-plugin-ovn.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Compute OVN agent
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ OVNDbHost:
+ description: IP address on which the OVN DB servers are listening
+ type: string
+ OVNSouthboundServerPort:
+ description: Port of the Southbound DB Server
+ type: number
+ default: 6642
+ OVNTunnelEncapType:
+ description: Tunnel encapsulation type
+ type: string
+ default: geneve
+
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Compute OVN agent
+ value:
+ service_name: neutron_compute_plugin_ovn
+ config_settings:
+ tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: OVNDbHost}
+ ovn::southbound::port: {get_param: OVNSouthboundServerPort}
+ ovn::southbound::encap_type: {get_param: OVNTunnelEncapType}
+ ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+ step_config: |
+ include ::tripleo::profile::base::neutron::agents::ovn
diff --git a/puppet/services/neutron-compute-plugin-plumgrid.yaml b/puppet/services/neutron-compute-plugin-plumgrid.yaml
new file mode 100644
index 00000000..31a0a08b
--- /dev/null
+++ b/puppet/services/neutron-compute-plugin-plumgrid.yaml
@@ -0,0 +1,29 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Compute Plumgrid plugin
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Compute Plumgrid plugin
+ value:
+ service_name: neutron_compute_plugin_plumgrid
+ config_settings:
+ step_config: |
+ include tripleo::profile::base::neutron::plumgrid
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
index 80ccf1c2..2cd08f98 100644
--- a/puppet/services/neutron-dhcp.yaml
+++ b/puppet/services/neutron-dhcp.yaml
@@ -4,50 +4,73 @@ description: >
OpenStack Neutron DHCP agent configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ NeutronEnableMetadataNetwork:
+ default: false
+ description: If True, DHCP provide metadata network. Requires either
+ IsolatedMetadata or ForceMetadata parameters to also be True.
+ type: boolean
NeutronEnableIsolatedMetadata:
- default: 'False'
+ default: false
description: If True, DHCP provide metadata route to VM.
+ type: boolean
+ NeutronEnableForceMetadata:
+ default: false
+ description: If True, DHCP always provides metadata route to VM.
+ type: boolean
+ MonitoringSubscriptionNeutronDhcp:
+ default: 'overcloud-neutron-dhcp'
type: string
- NeutronDnsmasqOptions:
- default: 'dhcp-option-force=26,%MTU%'
- description: >
- Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU
- to be set to the value of NeutronTenantMtu, which should be set to account
- for tunnel overhead.
- type: string
- NeutronTenantMtu:
- description: >
- The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
- be at least 50 bytes smaller than the MTU on the physical network. This
- value will be used to set the MTU on the virtual Ethernet device.
- This value will be used to construct the NeutronDnsmasqOptions, since that
- will determine the MTU that is assigned to the VM host through DHCP.
- default: "1400"
- type: string
+ NeutronDhcpAgentLoggingSource:
+ type: json
+ default:
+ tag: openstack.neutron.agent.dhcp
+ path: /var/log/neutron/dhcp-agent.log
resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Neutron DHCP agent service.
value:
+ service_name: neutron_dhcp
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp}
+ logging_source: {get_param: NeutronDhcpAgentLoggingSource}
+ logging_groups:
+ - neutron
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- - neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
- tripleo::profile::base::neutron::dhcp:
- str_replace:
- template: {get_param: NeutronDnsmasqOptions}
- params:
- '%MTU%': {get_param: NeutronTenantMtu}
- neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
+ - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
+ neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata}
+ neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork}
+ tripleo.neutron_dhcp.firewall_rules:
+ '115 neutron dhcp input':
+ proto: 'udp'
+ dport: 67
+ '116 neutron dhcp output':
+ proto: 'udp'
+ chain: 'OUTPUT'
+ dport: 68
step_config: |
include tripleo::profile::base::neutron::dhcp
diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml
new file mode 100644
index 00000000..b6c29116
--- /dev/null
+++ b/puppet/services/neutron-l3-compute-dvr.yaml
@@ -0,0 +1,62 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron L3 agent for DVR enabled compute nodes
+ configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ Debug:
+ type: string
+ default: ''
+ NeutronExternalNetworkBridge:
+ description: Name of bridge used for external network traffic.
+ type: string
+ default: 'br-ex'
+ MonitoringSubscriptionNeutronL3Dvr:
+ default: 'overcloud-neutron-l3-dvr'
+ type: string
+ NeutronL3ComputeAgentLoggingSource:
+ type: json
+ default:
+ tag: openstack.neutron.agent.l3-compute
+ path: /var/log/neutron/l3-agent.log
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for DVR L3 Agent on Compute Nodes
+ value:
+ service_name: neutron_l3_compute_dvr
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3Dvr}
+ logging_source: {get_param: NeutronL3ComputeAgentLoggingSource}
+ logging_groups:
+ - neutron
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
+ neutron::agents::l3::agent_mode : 'dvr'
+ step_config: |
+ include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index 20c82dc1..9e223374 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron L3 agent configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -16,19 +25,47 @@ parameters:
description: Name of bridge used for external network traffic.
type: string
default: 'br-ex'
+ NeutronL3AgentMode:
+ description: |
+ Agent mode for L3 agent. Must be one of legacy or dvr_snat.
+ default: 'legacy'
+ type: string
+ constraints:
+ - allowed_values:
+ - legacy
+ - dvr_snat
+ MonitoringSubscriptionNeutronL3:
+ default: 'overcloud-neutron-l3-agent'
+ type: string
+ NeutronL3AgentLoggingSource:
+ type: json
+ default:
+ tag: openstack.neutron.agent.l3
+ path: /var/log/neutron/l3-agent.log
resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Neutron L3 agent service.
value:
+ service_name: neutron_l3
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3}
+ logging_source: {get_param: NeutronL3AgentLoggingSource}
+ logging_groups:
+ - neutron
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
+ neutron::agents::l3::router_delete_namespaces: True
+ neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode}
step_config: |
include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml
index e221b3a1..8be4c6d6 100644
--- a/puppet/services/neutron-metadata.yaml
+++ b/puppet/services/neutron-metadata.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Metadata agent configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,23 +23,47 @@ parameters:
type: string
hidden: true
NeutronWorkers:
- default: 0
- description: Number of workers for Neutron service.
- type: number
+ default: ''
+ description: |
+ Sets the number of worker processes for the neutron metadata agent. The
+ default value results in the configuration being left unset and a
+ system-dependent default will be chosen (usually the number of
+ processors). Please note that this can result in a large number of
+ processes and memory consumption on systems with a large core count. On
+ such systems it is recommended that a non-default value be selected that
+ matches the load requirements.
+ type: string
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
+ MonitoringSubscriptionNeutronMetadata:
+ default: 'overcloud-neutron-metadata'
+ type: string
+ NeutronMetadataAgentLoggingSource:
+ type: json
+ default:
+ tag: openstack.neutron.agent.metadata
+ path: /var/log/neutron/metadata-agent.log
resources:
NeutronBase:
type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Neutron Metadata agent service.
value:
+ service_name: neutron_metadata
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata}
+ logging_source: {get_param: NeutronMetadataAgentLoggingSource}
+ logging_groups:
+ - neutron
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
@@ -38,5 +71,7 @@ outputs:
neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ neutron::agents::metadata::auth_tenant: 'service'
+ neutron::agents::metadata::metadata_ip: '"%{hiera(\"nova_metadata_vip\")}"'
step_config: |
include tripleo::profile::base::neutron::metadata
diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml
new file mode 100644
index 00000000..0de256c0
--- /dev/null
+++ b/puppet/services/neutron-midonet.yaml
@@ -0,0 +1,62 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Midonet plugin and services
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronPassword:
+ description: The password for the neutron service and db account, used by neutron agents.
+ type: string
+ hidden: true
+ AdminPassword:
+ description: The password for the keystone admin account, used for monitoring, querying neutron etc.
+ type: string
+ hidden: true
+ AdminToken:
+ description: The keystone auth secret and db password.
+ type: string
+ hidden: true
+ EnableZookeeperOnController:
+ label: Enable Zookeeper On Controller
+ description: 'Whether enable Zookeeper cluster on Controller'
+ type: boolean
+ default: false
+ EnableCassandraOnController:
+ label: Enable Cassandra On Controller
+ description: 'Whether enable Cassandra cluster on Controller'
+ type: boolean
+ default: false
+ MonitoringSubscriptionNeutronMidonet:
+ default: 'overcloud-neutron-midonet'
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Midonet plugin and services
+ value:
+ service_name: neutron_midonet
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMidonet}
+ config_settings:
+ tripleo::profile::base::neutron::midonet::admin_password: {get_param: AdminPassword}
+ tripleo::profile::base::neutron::midonet::keystone_admin_token: {get_param: AdminToken}
+ tripleo::profile::base::neutron::midonet::neutron_auth_password: {get_param: NeutronPassword}
+ tripleo::profile::base::neutron::midonet::zk_on_controller: {get_param: EnableZookeeperOnController}
+ tripleo::profile::base::neutron::midonet::neutron_auth_tenant: 'service'
+ enable_cassandra_on_controller: {get_param: EnableCassandraOnController}
+ neutron::service_plugins: []
+ step_config: |
+ include tripleo::profile::base::neutron::plugins::midonet
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
new file mode 100644
index 00000000..cbe65638
--- /dev/null
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -0,0 +1,121 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron OVS agent configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronEnableL2Pop:
+ type: string
+ description: >
+ Enable/disable the L2 population feature in the Neutron agents.
+ default: "False"
+ NeutronBridgeMappings:
+ description: >
+ The OVS logical->physical bridge mappings to use. See the Neutron
+ documentation for details. Defaults to mapping br-ex - the external
+ bridge on hosts - to a physical name 'datacentre' which can be used
+ to create provider networks (and we use this for the default floating
+ network) - if changing this either use different post-install network
+ scripts or be sure to keep 'datacentre' as a mapping network name.
+ type: comma_delimited_list
+ default: "datacentre:br-ex"
+ NeutronTunnelTypes:
+ default: 'vxlan'
+ description: |
+ The tunnel types for the Neutron tenant network.
+ type: comma_delimited_list
+ NeutronAgentExtensions:
+ default: "qos"
+ description: |
+ Comma-separated list of extensions enabled for the Neutron agents.
+ type: comma_delimited_list
+ NeutronEnableDVR:
+ default: False
+ description: |
+ Enable support for distributed routing in the OVS Agent.
+ type: boolean
+ NeutronEnableARPResponder:
+ default: false
+ description: |
+ Enable ARP responder feature in the OVS Agent.
+ type: boolean
+ MonitoringSubscriptionNeutronOvs:
+ default: 'overcloud-neutron-ovs-agent'
+ type: string
+ NeutronOVSFirewallDriver:
+ default: ''
+ description: |
+ Configure the classname of the firewall driver to use for implementing
+ security groups. Possible values depend on system configuration. Some
+ examples are: noop, openvswitch, iptables_hybrid. The default value of an
+ empty string will result in a default supported configuration.
+ type: string
+ NeutronOpenVswitchAgentLoggingSource:
+ type: json
+ default:
+ tag: openstack.neutron.agent.openvswitch
+ path: /var/log/neutron/openvswitch-agent.log
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron OVS agent service.
+ value:
+ service_name: neutron_ovs_agent
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
+ logging_source: {get_param: NeutronOpenVswitchAgentLoggingSource}
+ logging_groups:
+ - neutron
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
+ neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
+ neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
+ neutron::agents::ml2::ovs::bridge_mappings:
+ str_replace:
+ template: MAPPINGS
+ params:
+ MAPPINGS: {get_param: NeutronBridgeMappings}
+ neutron::agents::ml2::ovs::tunnel_types:
+ str_replace:
+ template: TYPES
+ params:
+ TYPES: {get_param: NeutronTunnelTypes}
+ neutron::agents::ml2::ovs::extensions:
+ str_replace:
+ template: AGENT_EXTENSIONS
+ params:
+ AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+ neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
+ step_config: |
+ include ::tripleo::profile::base::neutron::ovs
diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml
new file mode 100644
index 00000000..cc772c9d
--- /dev/null
+++ b/puppet/services/neutron-ovs-dpdk-agent.yaml
@@ -0,0 +1,75 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron OVS DPDK configured with Puppet for Compute Role
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronDpdkCoreList:
+ description: List of cores to be used for DPDK Poll Mode Driver
+ type: string
+ constraints:
+ - allowed_pattern: "[0-9,-]+"
+ NeutronDpdkMemoryChannels:
+ description: Number of memory channels to be used for DPDK
+ type: string
+ constraints:
+ - allowed_pattern: "[0-9]+"
+ NeutronDpdkSocketMemory:
+ default: ""
+ description: Memory allocated for each socket
+ type: string
+ NeutronDpdkDriverType:
+ default: "vfio-pci"
+ description: DPDK Driver type
+ type: string
+ # below parameters has to be set in neutron agent only for compute nodes.
+ # as of now there is no other usecase for these parameters except dpdk.
+ # should be moved to compute only ovs agent in case of any other usecases.
+ NeutronDatapathType:
+ default: ""
+ description: Datapath type for ovs bridges
+ type: string
+ NeutronVhostuserSocketDir:
+ default: ""
+ description: The vhost-user socket directory for OVS
+ type: string
+
+resources:
+
+ NeutronOvsAgent:
+ type: ./neutron-ovs-agent.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron OVS DPDK Agent service.
+ value:
+ service_name: neutron_ovs_dpdk_agent
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronOvsAgent, role_data, config_settings]
+ - neutron::agents::ml2::ovs::enable_dpdk: true
+ neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType}
+ neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir}
+ vswitch::dpdk::core_list: {get_param: NeutronDpdkCoreList}
+ vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels}
+ vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory}
+ vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType}
+ step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml
new file mode 100644
index 00000000..e98ed497
--- /dev/null
+++ b/puppet/services/neutron-plugin-ml2-ovn.yaml
@@ -0,0 +1,79 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron ML2/OVN plugin configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ OVNDbHost:
+ description: IP address on which the OVN DB servers are listening
+ type: string
+ OVNNorthboundServerPort:
+ description: Port of the OVN Northbound DB server
+ type: number
+ default: 6641
+ OVNDbConnectionTimeout:
+ description: Timeout in seconds for the OVSDB connection transaction
+ type: number
+ default: 60
+ OVNVifType:
+ description: Type of VIF to be used for ports
+ type: string
+ default: ovs
+ constraints:
+ - allowed_values:
+ - ovs
+ - vhostuser
+ OVNNeutronSyncMode:
+ description: The synchronization mode of OVN with Neutron DB
+ type: string
+ default: log
+ constraints:
+ - allowed_values:
+ - log
+ - off
+ - repair
+ OVNQosDriver:
+ description: OVN notification driver for Neutron QOS service plugin
+ type: string
+ default: NULL
+
+resources:
+
+ NeutronMl2Base:
+ type: ./neutron-plugin-ml2.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2/OVN plugin.
+ value:
+ service_name: neutron_plugin_ml2_ovn
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronMl2Base, role_data, config_settings]
+ - ovn::northbound::port: {get_param: OVNNorthboundServerPort}
+ tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_db_host: {get_param: OVNDbHost}
+ neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
+ neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
+ neutron::plugins::ovn::ovn_l3_mode: true
+ neutron::plugins::ovn::vif_type: {get_param: OVNVifType}
+ neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
+ step_config: |
+ include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
new file mode 100644
index 00000000..17e8bca1
--- /dev/null
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -0,0 +1,129 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron ML2 Plugin configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronMechanismDrivers:
+ default: 'openvswitch'
+ description: |
+ The mechanism drivers for the Neutron tenant network.
+ type: comma_delimited_list
+ NeutronTypeDrivers:
+ default: "vxlan,vlan,flat,gre"
+ description: |
+ Comma-separated list of network type driver entrypoints to be loaded.
+ type: comma_delimited_list
+ NeutronFlatNetworks:
+ type: comma_delimited_list
+ default: 'datacentre'
+ description: If set, flat networks to configure in neutron plugins.
+ NeutronPluginExtensions:
+ default: "qos,port_security,trunk"
+ description: |
+ Comma-separated list of extensions enabled for the Neutron plugin.
+ type: comma_delimited_list
+ NeutronNetworkVLANRanges:
+ default: 'datacentre:1:1000'
+ description: >
+ The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
+ Neutron documentation for permitted values. Defaults to permitting any
+ VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
+ type: comma_delimited_list
+ NeutronTunnelIdRanges:
+ description: |
+ Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
+ of GRE tunnel IDs that are available for tenant network allocation
+ default: ["1:4094", ]
+ type: comma_delimited_list
+ NeutronVniRanges:
+ description: |
+ Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
+ of VXLAN VNI IDs that are available for tenant network allocation
+ default: ["1:4094", ]
+ type: comma_delimited_list
+ NeutronNetworkType:
+ default: 'vxlan'
+ description: The tenant network type for Neutron.
+ type: comma_delimited_list
+ NeutronSupportedPCIVendorDevs:
+ description: |
+ List of supported pci vendor devices in the format VendorID:ProductID.
+ By default Intel & Mellanox SR-IOV capable NICs are supported.
+ type: comma_delimited_list
+ default: ['15b3:1004','8086:10ca']
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2 plugin.
+ value:
+ service_name: neutron_plugin_ml2
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::plugins::ml2::mechanism_drivers:
+ str_replace:
+ template: MECHANISMS
+ params:
+ MECHANISMS: {get_param: NeutronMechanismDrivers}
+ neutron::plugins::ml2::type_drivers:
+ str_replace:
+ template: DRIVERS
+ params:
+ DRIVERS: {get_param: NeutronTypeDrivers}
+ neutron::plugins::ml2::flat_networks:
+ str_replace:
+ template: NETWORKS
+ params:
+ NETWORKS: {get_param: NeutronFlatNetworks}
+ neutron::plugins::ml2::extension_drivers:
+ str_replace:
+ template: PLUGIN_EXTENSIONS
+ params:
+ PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions}
+ neutron::plugins::ml2::network_vlan_ranges:
+ str_replace:
+ template: RANGES
+ params:
+ RANGES: {get_param: NeutronNetworkVLANRanges}
+ neutron::plugins::ml2::tunnel_id_ranges:
+ str_replace:
+ template: RANGES
+ params:
+ RANGES: {get_param: NeutronTunnelIdRanges}
+ neutron::plugins::ml2::vni_ranges:
+ str_replace:
+ template: RANGES
+ params:
+ RANGES: {get_param: NeutronVniRanges}
+ neutron::plugins::ml2::tenant_network_types:
+ str_replace:
+ template: TYPES
+ params:
+ TYPES: {get_param: NeutronNetworkType}
+ neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs}
+
+ step_config: |
+ include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml
new file mode 100644
index 00000000..838ec5ea
--- /dev/null
+++ b/puppet/services/neutron-plugin-nuage.yaml
@@ -0,0 +1,89 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Nuage plugin
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ # Config specific parameters, to be provided via parameter_defaults
+ NeutronNuageOSControllerIp:
+ description: IP address of the OpenStack Controller
+ type: string
+
+ NeutronNuageNetPartitionName:
+ description: Specifies the title that you will see on the VSD
+ type: string
+ default: 'default_name'
+
+ NeutronNuageVSDIp:
+ description: IP address and port of the Virtual Services Directory
+ type: string
+
+ NeutronNuageVSDUsername:
+ description: Username to be used to log into VSD
+ type: string
+
+ NeutronNuageVSDPassword:
+ description: Password to be used to log into VSD
+ type: string
+
+ NeutronNuageVSDOrganization:
+ description: Organization parameter required to log into VSD
+ type: string
+ default: 'organization'
+
+ NeutronNuageBaseURIVersion:
+ description: URI version to be used based on the VSD release
+ type: string
+ default: 'default_uri_version'
+
+ NeutronNuageCMSId:
+ description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD
+ type: string
+
+ UseForwardedFor:
+ description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy.
+ type: boolean
+ default: false
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Nuage plugin
+ value:
+ service_name: neutron_plugin_nuage
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::plugins::nuage::nuage_oscontroller_ip: {get_param: NeutronNuageOSControllerIp}
+ neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
+ neutron::plugins::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp}
+ neutron::plugins::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername}
+ neutron::plugins::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword}
+ neutron::plugins::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization}
+ neutron::plugins::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion}
+ neutron::plugins::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId}
+ nova::api::use_forwarded_for: {get_param: UseForwardedFor}
+ step_config: |
+ include tripleo::profile::base::neutron::plugins::nuage
diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml
new file mode 100644
index 00000000..4e294965
--- /dev/null
+++ b/puppet/services/neutron-plugin-opencontrail.yaml
@@ -0,0 +1,74 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Opencontrail plugin
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ AdminPassword:
+ description: The password for the keystone admin account, used for monitoring, querying neutron etc.
+ type: string
+ hidden: true
+ AdminToken:
+ description: The keystone auth secret and db password.
+ type: string
+ hidden: true
+ ContrailApiServerIp:
+ description: IP address of the OpenContrail API server
+ type: string
+ ContrailApiServerPort:
+ description: Port of the OpenContrail API
+ type: string
+ default: 8082
+ ContrailMultiTenancy:
+ description: Whether to enable multi tenancy
+ type: boolean
+ default: false
+ ContrailExtensions:
+ description: List of OpenContrail extensions to be enabled
+ type: comma_delimited_list
+ default: ''
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Opencontrail plugin
+ value:
+ service_name: neutron_plugin_opencontrail
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions
+
+ neutron::plugins::opencontrail::api_server_ip: {get_param: ContrailApiServerIp}
+ neutron::plugins::opencontrail::api_server_port: {get_param: ContrailApiServerPort}
+ neutron::plugins::opencontrail::multi_tenancy: {get_param: ContrailMultiTenancy}
+ neutron::plugins::opencontrail::contrail_extensions: {get_param: ContrailExtensions}
+ neutron::plugins::opencontrail::keystone_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ neutron::plugins::opencontrail::keystone_admin_user: admin
+ neutron::plugins::opencontrail::keystone_admin_tenant_name: admin
+ neutron::plugins::opencontrail::keystone_admin_password: {get_param: AdminPassword}
+ neutron::plugins::opencontrail::keystone_admin_token: {get_param: AdminToken}
+ step_config: |
+ include tripleo::profile::base::neutron::plugins::opencontrail
diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml
new file mode 100644
index 00000000..30af8a3f
--- /dev/null
+++ b/puppet/services/neutron-plugin-plumgrid.yaml
@@ -0,0 +1,121 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Plumgrid plugin
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronPassword:
+ description: The password for the neutron service and db account, used by neutron agents.
+ type: string
+ hidden: true
+ NeutronMetadataProxySharedSecret:
+ description: Shared secret to prevent spoofing
+ type: string
+ hidden: true
+ AdminPassword:
+ description: The password for the keystone admin account, used for monitoring, querying neutron etc.
+ type: string
+ hidden: true
+
+ # PLUMgrid specific settings
+ PLUMgridDirectorServer:
+ description: IP address of the PLUMgrid Director Server
+ type: string
+ default: 127.0.0.1
+ PLUMgridDirectorServerPort:
+ description: Port of the PLUMgrid Director Server
+ type: string
+ default: 443
+ PLUMgridUsername:
+ description: Username for PLUMgrid platform
+ type: string
+ PLUMgridPassword:
+ description: Password for PLUMgrid platform
+ type: string
+ hidden: true
+ PLUMgridNovaMetadataIP:
+ description: IP address of Nova Metadata
+ type: string
+ default: 169.254.169.254
+ PLUMgridNovaMetadataPort:
+ description: Port of Nova Metadata
+ type: string
+ default: 8775
+ PLUMgridL2GatewayVendor:
+ description: Vendor for L2 Gateway Switch
+ type: string
+ default: vendor
+ PLUMgridL2GatewayUsername:
+ description: Username for L2 Gateway Switch
+ type: string
+ default: username
+ PLUMgridL2GatewayPassword:
+ description: Password for L2 Gateway Switch
+ type: string
+ hidden: true
+ PLUMgridIdentityVersion:
+ description: Keystone Identity version
+ type: string
+ default: v2.0
+ PLUMgridConnectorType:
+ description: Neutron Network Connector Type
+ type: string
+ default: distributed
+ PLUMgridNeutronPluginVersion:
+ description: PLUMgrid Neutron Plugin version
+ type: string
+ default: present
+ PLUMgridPlumlibVersion:
+ description: PLUMgrid Plumlib version
+ type: string
+ default: present
+
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Plumgrid plugin
+ value:
+ service_name: neutron_plugin_plumgrid
+ config_settings:
+ neutron::plugins::plumgrid::connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://neutron:'
+ - {get_param: NeutronPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/ovs_neutron'
+ neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]}
+ neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword}
+ neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ neutron::plugins::plumgrid::director_server: {get_param: PLUMgridDirectorServer}
+ neutron::plugins::plumgrid::director_server_port: {get_param: PLUMgridDirectorServerPort}
+ neutron::plugins::plumgrid::username: {get_param: PLUMgridUsername}
+ neutron::plugins::plumgrid::password: {get_param: PLUMgridPassword}
+ neutron::plugins::plumgrid::nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP}
+ neutron::plugins::plumgrid::nova_metadata_port: {get_param: PLUMgridNovaMetadataPort}
+ neutron::plugins::plumgrid::l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor}
+ neutron::plugins::plumgrid::l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername}
+ neutron::plugins::plumgrid::l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword}
+ neutron::plugins::plumgrid::connector_type: {get_param: PLUMgridConnectorType}
+ neutron::plugins::plumgrid::identity_version: {get_param: PLUMgridIdentityVersion}
+ neutron::plugins::plumgrid::package_ensure: {get_param: PLUMgridNeutronPluginVersion}
+ neutron::plugins::plumgrid::plumlib_package_ensure: {get_param: PLUMgridPlumlibVersion}
+
+ step_config: |
+ include tripleo::profile::base::neutron::plugins::plumgrid
diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml
new file mode 100644
index 00000000..44f7f242
--- /dev/null
+++ b/puppet/services/neutron-sriov-agent.yaml
@@ -0,0 +1,69 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron SR-IOV nic agent configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: >
+ Mapping of service_name -> network name. Typically set via
+ parameter_defaults in the resource registry. This mapping overrides those
+ in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronPhysicalDevMappings:
+ description: >
+ List of <physical_network>:<physical device>
+ All physical networks listed in network_vlan_ranges
+ on the server should have mappings to appropriate
+ interfaces on each agent.
+ type: comma_delimited_list
+ default: ""
+ NeutronExcludeDevices:
+ description: >
+ List of <network_device>:<excluded_devices> mapping
+ network_device to the agent's node-specific list of virtual functions
+ that should not be used for virtual networking. excluded_devices is a
+ semicolon separated list of virtual functions to exclude from
+ network_device. The network_device in the mapping should appear in the
+ physical_device_mappings list.
+ type: comma_delimited_list
+ default: ""
+ NeutronSriovNumVFs:
+ description: >
+ Provide the list of VFs to be reserved for each SR-IOV interface.
+ Format "<interface_name1>:<numvfs1>","<interface_name2>:<numvfs2>"
+ Example "eth1:4096","eth2:128"
+ type: comma_delimited_list
+ default: ""
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron SR-IOV nic agent service.
+ value:
+ service_name: neutron_sriov_agent
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings}
+ neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices}
+ tripleo::host::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs}
+ step_config: |
+ include ::tripleo::profile::base::neutron::sriov
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
new file mode 100644
index 00000000..b2ec0038
--- /dev/null
+++ b/puppet/services/nova-api.yaml
@@ -0,0 +1,132 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaWorkers:
+ default: 0
+ description: Number of workers for Nova API service.
+ type: number
+ NovaPassword:
+ description: The password for the nova service and db account, used by nova-api.
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ NeutronMetadataProxySharedSecret:
+ description: Shared secret to prevent spoofing
+ type: string
+ hidden: true
+ InstanceNameTemplate:
+ default: 'instance-%08x'
+ description: Template string to be used to generate instance names
+ type: string
+ NovaEnableDBPurge:
+ default: true
+ description: |
+ Whether to create cron job for purging soft deleted rows in Nova database.
+ type: boolean
+ MonitoringSubscriptionNovaApi:
+ default: 'overcloud-nova-api'
+ type: string
+ NovaApiLoggingSource:
+ type: json
+ default:
+ tag: openstack.nova.api
+ path: /var/log/nova/nova-api.log
+
+resources:
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova API service.
+ value:
+ service_name: nova_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi}
+ logging_source: {get_param: NovaApiLoggingSource}
+ logging_groups:
+ - nova
+ config_settings:
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ - nova::api::osapi_compute_workers: {get_param: NovaWorkers}
+ nova::api::metadata_workers: {get_param: NovaWorkers}
+ nova::cron::archive_deleted_rows::hour: '"*/12"'
+ nova::cron::archive_deleted_rows::destination: '"/dev/null"'
+ tripleo.nova_api.firewall_rules:
+ '113 nova_api':
+ dport:
+ - 6080
+ - 13080
+ - 8773
+ - 3773
+ - 8774
+ - 13774
+ - 8775
+ nova::keystone::authtoken::project_name: 'service'
+ nova::keystone::authtoken::password: {get_param: NovaPassword}
+ nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ nova::api::enabled: true
+ nova::api::default_floating_pool: 'public'
+ nova::api::sync_db_api: true
+ nova::api::enable_proxy_headers_parsing: true
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ nova::api::instance_name_template: {get_param: InstanceNameTemplate}
+ nova_enable_db_purge: {get_param: NovaEnableDBPurge}
+
+ step_config: |
+ include tripleo::profile::base::nova::api
+ service_config_settings:
+ keystone:
+ nova::keystone::auth::tenant: 'service'
+ nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
+ nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
+ nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
+ nova::keystone::auth::password: {get_param: NovaPassword}
+ nova::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ nova::db::mysql::password: {get_param: NovaPassword}
+ nova::db::mysql::user: nova
+ nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ nova::db::mysql::dbname: nova
+ nova::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ nova::db::mysql_api::password: {get_param: NovaPassword}
+ nova::db::mysql_api::user: nova_api
+ nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ nova::db::mysql_api::dbname: nova_api
+ nova::db::mysql_api::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
new file mode 100644
index 00000000..8db00d8f
--- /dev/null
+++ b/puppet/services/nova-base.yaml
@@ -0,0 +1,117 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova base service. Shared for all Nova services.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaPassword:
+ description: The password for the nova service and db account, used by nova-api.
+ type: string
+ hidden: true
+ NeutronPassword:
+ description: The password for the neutron service and db account, used by neutron agents.
+ type: string
+ hidden: true
+ NovaOVSBridge:
+ default: 'br-int'
+ description: Name of integration bridge used by Open vSwitch
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ Debug:
+ type: string
+ default: ''
+ description: Set to True to enable debugging on all services.
+ EnableConfigPurge:
+ type: boolean
+ default: true
+ description: >
+ Remove configuration that is not generated by TripleO. Setting
+ to false may result in configuration remnants after updates/upgrades.
+ NovaIPv6:
+ default: false
+ description: Enable IPv6 features in Nova
+ type: boolean
+ UpgradeLevelNovaCompute:
+ type: string
+ description: Nova Compute upgrade level
+ default: ''
+
+outputs:
+ role_data:
+ description: Role data for the Nova base service.
+ value:
+ service_name: nova_base
+ config_settings:
+ nova::rabbit_password: {get_param: RabbitPassword}
+ nova::rabbit_userid: {get_param: RabbitUserName}
+ nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ nova::rabbit_port: {get_param: RabbitClientPort}
+ nova::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://nova:'
+ - {get_param: NovaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/nova'
+ nova::api_database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://nova_api:'
+ - {get_param: NovaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/nova_api'
+ nova::debug: {get_param: Debug}
+ nova::purge_config: {get_param: EnableConfigPurge}
+ nova::network::neutron::neutron_project_name: 'service'
+ nova::network::neutron::neutron_username: 'neutron'
+ nova::network::neutron::dhcp_domain: ''
+ nova::network::neutron::neutron_password: {get_param: NeutronPassword}
+ nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]}
+ nova::rabbit_heartbeat_timeout_threshold: 60
+ nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL'
+ nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed.
+ nova::notify_on_state_change: 'vm_and_task_state'
+ nova::notification_driver: messagingv2
+ nova::network::neutron::neutron_auth_type: 'v3password'
+ nova::db::database_db_max_retries: -1
+ nova::db::database_max_retries: -1
+ nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+ nova::use_ipv6: {get_param: NovaIPv6}
+ nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute}
+ nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge}
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
new file mode 100644
index 00000000..f7f2510e
--- /dev/null
+++ b/puppet/services/nova-compute.yaml
@@ -0,0 +1,147 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Compute service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaRbdPoolName:
+ default: vms
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ CinderEnableNfsBackend:
+ default: false
+ description: Whether to enable or not the NFS backend for Cinder
+ type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
+ NovaComputeLibvirtVifDriver:
+ default: ''
+ description: Libvirt VIF driver configuration for the network
+ type: string
+ NovaPCIPassthrough:
+ description: >
+ List of PCI Passthrough whitelist parameters.
+ Example -
+ NovaPCIPassthrough:
+ - vendor_id: "8086"
+ product_id: "154c"
+ address: "0000:05:00.0"
+ physical_network: "datacentre"
+ For different formats, refer to the nova.conf documentation for
+ pci_passthrough_whitelist configuration
+ type: json
+ default: ''
+ NovaVcpuPinSet:
+ description: >
+ A list or range of physical CPU cores to reserve for virtual machine
+ processes.
+ Ex. NovaVcpuPinSet: ['4-12','^8'] will reserve cores from 4-12 excluding 8
+ type: comma_delimited_list
+ default: []
+ NovaReservedHostMemory:
+ description: >
+ Reserved RAM for host processes.
+ type: number
+ default: 2048
+ constraints:
+ - range: { min: 512 }
+ MonitoringSubscriptionNovaCompute:
+ default: 'overcloud-nova-compute'
+ type: string
+ NovaComputeLoggingSource:
+ type: json
+ default:
+ tag: openstack.nova.compute
+ path: /var/log/nova/nova-compute.log
+
+resources:
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Compute service.
+ value:
+ service_name: nova_compute
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute}
+ logging_source: {get_param: NovaComputeLoggingSource}
+ logging_groups:
+ - nova
+ config_settings:
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ - nova::compute::libvirt::manage_libvirt_services: false
+ nova::compute::pci_passthrough:
+ str_replace:
+ template: "'JSON_PARAM'"
+ params:
+ JSON_PARAM: {get_param: NovaPCIPassthrough}
+ nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet}
+ nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory}
+ # we manage migration in nova common puppet profile
+ nova::compute::libvirt::migration_support: false
+ tripleo::profile::base::nova::manage_migration: true
+ tripleo::profile::base::nova::nova_compute_enabled: true
+ nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
+ nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
+ rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
+ nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"'
+ nova::compute::instance_usage_audit: true
+ nova::compute::instance_usage_audit_period: 'hour'
+ nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend}
+ # TUNNELLED mode provides a security enhancement when using shared
+ # storage but is not supported when not using shared storage.
+ # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
+ # In future versions of QEMU (2.6, mostly), danpb's native
+ # encryption work will obsolete the need to use TUNNELLED transport
+ # mode.
+ nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend}
+ nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
+ nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]}
+ nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
+ nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
+ nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
+ step_config: |
+ # TODO(emilien): figure how to deal with libvirt profile.
+ # We'll probably treat it like we do with Neutron plugins.
+ # Until then, just include it in the default nova-compute role.
+ include tripleo::profile::base::nova::compute::libvirt
diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml
new file mode 100644
index 00000000..2671cdd3
--- /dev/null
+++ b/puppet/services/nova-conductor.yaml
@@ -0,0 +1,56 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Conductor service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaWorkers:
+ default: 0
+ description: Number of workers for Nova Conductor service.
+ type: number
+ MonitoringSubscriptionNovaConductor:
+ default: 'overcloud-nova-conductor'
+ type: string
+ NovaSchedulerLoggingSource:
+ type: json
+ default:
+ tag: openstack.nova.scheduler
+ path: /var/log/nova/nova-scheduler.log
+
+resources:
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Conductor service.
+ value:
+ service_name: nova_conductor
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor}
+ logging_source: {get_param: NovaSchedulerLoggingSource}
+ logging_groups:
+ - nova
+ config_settings:
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ - nova::conductor::workers: {get_param: NovaWorkers}
+ step_config: |
+ include tripleo::profile::base::nova::conductor
diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml
new file mode 100644
index 00000000..85e60420
--- /dev/null
+++ b/puppet/services/nova-consoleauth.yaml
@@ -0,0 +1,50 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Consoleauth service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionNovaConsoleauth:
+ default: 'overcloud-nova-consoleauth'
+ type: string
+ NovaConsoleauthLoggingSource:
+ type: json
+ default:
+ tag: openstack.nova.consoleauth
+ path: /var/log/nova/nova-consoleauth.log
+
+resources:
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Consoleauth service.
+ value:
+ service_name: nova_consoleauth
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth}
+ logging_source: {get_param: NovaConsoleauthLoggingSource}
+ logging_groups:
+ - nova
+ config_settings:
+ get_attr: [NovaBase, role_data, config_settings]
+ step_config: |
+ include tripleo::profile::base::nova::consoleauth
diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml
new file mode 100644
index 00000000..bf7639dd
--- /dev/null
+++ b/puppet/services/nova-ironic.yaml
@@ -0,0 +1,53 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Compute service configured with Puppet and using Ironic
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ IronicPassword:
+ description: The password for the Ironic service and db account, used by the Ironic services
+ type: string
+ hidden: true
+
+resources:
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Compute service with Ironic.
+ value:
+ service_name: nova_ironic
+ config_settings:
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ - nova::compute::force_config_drive: true
+ nova::compute::reserved_host_memory: '0'
+ nova::compute::vnc_enabled: false
+ nova::ironic::common::admin_password: {get_param: IronicPassword}
+ nova::ironic::common::admin_tenant_name: 'service'
+ nova::ironic::common::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri]}
+ nova::ironic::common::admin_username: 'ironic'
+ nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]}
+ nova::network::neutron::dhcp_domain: ''
+ nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
+ step_config: |
+ include tripleo::profile::base::nova::compute::ironic
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
new file mode 100644
index 00000000..b5ca2437
--- /dev/null
+++ b/puppet/services/nova-libvirt.yaml
@@ -0,0 +1,55 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Libvirt service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaComputeLibvirtType:
+ type: string
+ default: kvm
+ MonitoringSubscriptionNovaLibvirt:
+ default: 'overcloud-nova-libvirt'
+ type: string
+
+resources:
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Libvirt service.
+ value:
+ service_name: nova_libvirt
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ # we include ::nova::compute::libvirt::services in nova/libvirt profile
+ - nova::compute::libvirt::manage_libvirt_services: false
+ # we manage migration in nova common puppet profile
+ nova::compute::libvirt::migration_support: false
+ tripleo::profile::base::nova::manage_migration: true
+ tripleo::profile::base::nova::libvirt_enabled: true
+ nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+ nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+
+ step_config: |
+ include tripleo::profile::base::nova::libvirt
diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml
new file mode 100644
index 00000000..92373c56
--- /dev/null
+++ b/puppet/services/nova-metadata.yaml
@@ -0,0 +1,34 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaWorkers:
+ default: 0
+ description: Number of workers for Nova API service.
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Nova Metadata service.
+ value:
+ service_name: nova_metadata
+ config_settings:
+ nova::api::metadata_workers: {get_param: NovaWorkers}
+ nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ step_config: ""
diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml
new file mode 100644
index 00000000..d89e3e11
--- /dev/null
+++ b/puppet/services/nova-scheduler.yaml
@@ -0,0 +1,65 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Scheduler service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NovaSchedulerAvailableFilters:
+ default: []
+ description: List of scheduler available filters
+ type: comma_delimited_list
+ NovaSchedulerDefaultFilters:
+ type: comma_delimited_list
+ default: []
+ description: >
+ An array of filters used by Nova to filter a node.These filters will be
+ applied in the order they are listed, so place your most restrictive
+ filters first to make the filtering process more efficient.
+ MonitoringSubscriptionNovaScheduler:
+ default: 'overcloud-nova-scheduler'
+ type: string
+ NovaSchedulerLoggingSource:
+ type: json
+ default:
+ tag: openstack.nova.scheduler
+ path: /var/log/nova/nova-scheduler.log
+
+resources:
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Scheduler service.
+ value:
+ service_name: nova_scheduler
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaScheduler}
+ logging_source: {get_param: NovaSchedulerLoggingSource}
+ logging_groups:
+ - nova
+ config_settings:
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ - nova::scheduler::filter::ram_allocation_ratio: '1.0'
+ nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters}
+ nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters}
+ step_config: |
+ include tripleo::profile::base::nova::scheduler
diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml
new file mode 100644
index 00000000..85d59ae6
--- /dev/null
+++ b/puppet/services/nova-vnc-proxy.yaml
@@ -0,0 +1,61 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Vncproxy service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionNovaVNCProxy:
+ default: 'overcloud-nova-vncproxy'
+ type: string
+ NovaVncproxyLoggingSource:
+ type: json
+ default:
+ tag: openstack.nova.vncproxy
+ path: /var/log/nova/nova-vncproxy.log
+
+resources:
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Vncproxy service.
+ value:
+ service_name: nova_vnc_proxy
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy}
+ logging_source: {get_param: NovaVncproxyLoggingSource}
+ logging_groups:
+ - nova
+ config_settings:
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ - nova::vncproxy::enabled: true
+ nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
+ nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
+ nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ step_config: |
+ include tripleo::profile::base::nova::vncproxy
diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml
new file mode 100644
index 00000000..d2ee036e
--- /dev/null
+++ b/puppet/services/opendaylight-api.yaml
@@ -0,0 +1,80 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenDaylight SDN Controller.
+
+parameters:
+ OpenDaylightPort:
+ default: 8081
+ description: Set opendaylight service port
+ type: number
+ EnableOpenDaylightOnController:
+ default: false
+ description: Whether to install OpenDaylight on control nodes.
+ type: boolean
+ OpenDaylightUsername:
+ default: 'admin'
+ description: The username for the opendaylight server.
+ type: string
+ OpenDaylightPassword:
+ default: 'admin'
+ type: string
+ description: The password for the opendaylight server.
+ hidden: true
+ OpenDaylightEnableL3:
+ description: Knob to enable/disable ODL L3
+ type: string
+ default: 'no'
+ OpenDaylightEnableDHCP:
+ description: Knob to enable/disable ODL DHCP Server
+ type: boolean
+ default: false
+ OpenDaylightFeatures:
+ description: List of features to install with ODL
+ type: comma_delimited_list
+ default: ["odl-netvirt-openstack","odl-netvirt-ui"]
+ OpenDaylightConnectionProtocol:
+ description: L7 protocol used for REST access
+ type: string
+ default: 'http'
+ OpenDaylightCheckURL:
+ description: URL postfix to verify ODL has finished starting up
+ type: string
+ default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1'
+ OpenDaylightApiVirtualIP:
+ type: string
+ default: ''
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the OpenDaylight service.
+ value:
+ service_name: opendaylight_api
+ config_settings:
+ opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
+ odl_on_controller: {get_param: EnableOpenDaylightOnController}
+ opendaylight_check_url: {get_param: OpenDaylightCheckURL}
+ opendaylight::username: {get_param: OpenDaylightUsername}
+ opendaylight::password: {get_param: OpenDaylightPassword}
+ opendaylight::enable_l3: {get_param: OpenDaylightEnableL3}
+ opendaylight::extra_features: {get_param: OpenDaylightFeatures}
+ opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP}
+ opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
+ opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpenDaylightApiNetwork]}
+ step_config: |
+ include tripleo::profile::base::neutron::opendaylight
+ include tripleo::profile::base::neutron::plugins::ovs::opendaylight
diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml
new file mode 100644
index 00000000..8bcb72f7
--- /dev/null
+++ b/puppet/services/opendaylight-ovs.yaml
@@ -0,0 +1,47 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenDaylight OVS Configuration.
+
+parameters:
+ OpenDaylightPort:
+ default: 8081
+ description: Set opendaylight service port
+ type: number
+ OpenDaylightConnectionProtocol:
+ description: L7 protocol used for REST access
+ type: string
+ default: 'http'
+ OpenDaylightCheckURL:
+ description: URL postfix to verify ODL has finished starting up
+ type: string
+ default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1'
+ OpenDaylightApiVirtualIP:
+ type: string
+ default: ''
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the OpenDaylight service.
+ value:
+ service_name: opendaylight_ovs
+ config_settings:
+ opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
+ opendaylight_check_url: {get_param: OpenDaylightCheckURL}
+ opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
+ step_config: |
+ include tripleo::profile::base::neutron::plugins::ovs::opendaylight
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
new file mode 100644
index 00000000..abfb9c80
--- /dev/null
+++ b/puppet/services/pacemaker.yaml
@@ -0,0 +1,116 @@
+heat_template_version: 2016-10-14
+
+description: >
+ Pacemaker service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionPacemaker:
+ default: 'overcloud-pacemaker'
+ type: string
+ CorosyncIPv6:
+ default: false
+ description: Enable IPv6 in Corosync
+ type: boolean
+ EnableFencing:
+ default: false
+ description: Whether to enable fencing in Pacemaker or not.
+ type: boolean
+ PcsdPassword:
+ type: string
+ description: The password for the 'pcsd' user for pacemaker.
+ hidden: true
+ default: ''
+ FencingConfig:
+ default: {}
+ description: |
+ Pacemaker fencing configuration. The JSON should have
+ the following structure:
+ {
+ "devices": [
+ {
+ "agent": "AGENT_NAME",
+ "host_mac": "HOST_MAC_ADDRESS",
+ "params": {"PARAM_NAME": "PARAM_VALUE"}
+ }
+ ]
+ }
+ For instance:
+ {
+ "devices": [
+ {
+ "agent": "fence_xvm",
+ "host_mac": "52:54:00:aa:bb:cc",
+ "params": {
+ "multicast_address": "225.0.0.12",
+ "port": "baremetal_0",
+ "manage_fw": true,
+ "manage_key_file": true,
+ "key_file": "/etc/fence_xvm.key",
+ "key_file_password": "abcdef"
+ }
+ }
+ ]
+ }
+ type: json
+ PacemakerLoggingSource:
+ type: json
+ default:
+ tag: system.pacemaker
+ path: /var/log/pacemaker.log,/var/log/cluster/corosync.log
+ format: >-
+ /^(?<time>[^ ]*\s*[^ ]* [^ ]*)
+ \[(?<pid>[^ ]*)\]
+ (?<host>[^ ]*)
+ (?<message>.*)$/
+
+outputs:
+ role_data:
+ description: Role data for the Pacemaker role.
+ value:
+ service_name: pacemaker
+ monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker}
+ logging_groups:
+ - haclient
+ logging_source: {get_param: PacemakerLoggingSource}
+ config_settings:
+ pacemaker::corosync::cluster_name: 'tripleo_cluster'
+ pacemaker::corosync::manage_fw: false
+ pacemaker::resource_defaults::defaults:
+ resource-stickiness: { value: INFINITY }
+ corosync_token_timeout: 10000
+ tripleo.pacemaker.firewall_rules:
+ '130 pacemaker tcp':
+ proto: 'tcp'
+ dport:
+ - 2224
+ - 3121
+ - 21064
+ '131 pacemaker udp':
+ proto: 'udp'
+ dport: 5405
+ corosync_ipv6: {get_param: CorosyncIPv6}
+ tripleo::fencing::config: {get_param: FencingConfig}
+ enable_fencing: {get_param: EnableFencing}
+ hacluster_pwd:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: PcsdPassword}
+ - {get_param: [DefaultPasswords, pcsd_password]}
+ step_config: |
+ include ::tripleo::profile::base::pacemaker
diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml
new file mode 100644
index 00000000..5dcb62ca
--- /dev/null
+++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer Central Agent service with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCeilometerCentral:
+ default: 'overcloud-ceilometer-agent-central'
+ type: string
+
+resources:
+ CeilometerServiceBase:
+ type: ../ceilometer-agent-central.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Central Agent pacemaker role.
+ value:
+ service_name: ceilometer_agent_central
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral}
+ config_settings:
+ map_merge:
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer::agent::central::manage_service: false
+ ceilometer::agent::central::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::ceilometer::agent::central
diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml
new file mode 100644
index 00000000..dbe14499
--- /dev/null
+++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer Notification Agent service with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCeilometerNotification:
+ default: 'overcloud-ceilometer-agent-notification'
+ type: string
+
+resources:
+ CeilometerServiceBase:
+ type: ../ceilometer-agent-notification.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Notification Agent pacemaker role.
+ value:
+ service_name: ceilometer_agent_notification
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification}
+ config_settings:
+ map_merge:
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer::agent::notification::manage_service: false
+ ceilometer::agent::notification::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::ceilometer::agent::notification
diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml
new file mode 100644
index 00000000..4b6c18f6
--- /dev/null
+++ b/puppet/services/pacemaker/ceilometer-api.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer API service with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCeilometerApi:
+ default: 'overcloud-ceilometer-api'
+ type: string
+
+resources:
+ CeilometerServiceBase:
+ type: ../ceilometer-api.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer API pacemaker role.
+ value:
+ service_name: ceilometer_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi}
+ config_settings:
+ map_merge:
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer::api::manage_service: false
+ ceilometer::api::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::ceilometer::api
diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml
new file mode 100644
index 00000000..4c919515
--- /dev/null
+++ b/puppet/services/pacemaker/ceilometer-collector.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Ceilometer Collector service with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionCeilometerCollector:
+ default: 'overcloud-ceilometer-collector'
+ type: string
+
+resources:
+ CeilometerServiceBase:
+ type: ../ceilometer-collector.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Collector pacemaker role.
+ value:
+ service_name: ceilometer_collector
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector}
+ config_settings:
+ map_merge:
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer::collector::manage_service: false
+ ceilometer::collector::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::ceilometer::collector
diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml
new file mode 100644
index 00000000..6823789e
--- /dev/null
+++ b/puppet/services/pacemaker/cinder-api.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder API service with Pacemaker configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ CinderApiBase:
+ type: ../cinder-api.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder API role.
+ value:
+ service_name: cinder_api
+ monitoring_subscription: {get_attr: [CinderApiBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [CinderApiBase, role_data, logging_source]}
+ logging_groups: {get_attr: [CinderApiBase, role_data, logging_groups]}
+ config_settings:
+ map_merge:
+ - get_attr: [CinderApiBase, role_data, config_settings]
+ - cinder::api::manage_service: false
+ cinder::api::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::cinder::api
diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml
new file mode 100644
index 00000000..2ebc7680
--- /dev/null
+++ b/puppet/services/pacemaker/cinder-backup.yaml
@@ -0,0 +1,61 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Backup service with Pacemaker configured with Puppet
+
+parameters:
+ CinderBackupBackend:
+ default: swift
+ description: The short name of the Cinder Backup backend to use.
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'ceph']
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ CinderBackupBase:
+ type: ../cinder-backup.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ CinderBackupBackend: {get_param: CinderBackupBackend}
+ CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName}
+ CephClientUserName: {get_param: CephClientUserName}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Backup role.
+ value:
+ service_name: cinder_backup
+ monitoring_subscription: {get_attr: [CinderBackupBase, role_data, monitoring_subscription]}
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBackupBase, role_data, config_settings]
+ - cinder::backup::manage_service: false
+ cinder::backup::enabled: false
+ step_config:
+ list_join:
+ - "\n"
+ - - get_attr: [CinderBackupBase, role_data, step_config]
+ - "include ::tripleo::profile::pacemaker::cinder::backup"
diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml
new file mode 100644
index 00000000..15e44be2
--- /dev/null
+++ b/puppet/services/pacemaker/cinder-scheduler.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Scheduler service with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ CinderSchedulerBase:
+ type: ../cinder-scheduler.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Scheduler role.
+ value:
+ service_name: cinder_scheduler
+ monitoring_subscription: {get_attr: [CinderSchedulerBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [CinderSchedulerBase, role_data, logging_source]}
+ logging_groups: {get_attr: [CinderSchedulerBase, role_data, logging_groups]}
+ config_settings:
+ map_merge:
+ - get_attr: [CinderSchedulerBase, role_data, config_settings]
+ - cinder::scheduler::manage_service: false
+ cinder::scheduler::enabled: false
+ step_config:
+ include ::tripleo::profile::pacemaker::cinder::scheduler
diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml
new file mode 100644
index 00000000..11b9bf8f
--- /dev/null
+++ b/puppet/services/pacemaker/cinder-volume.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Volume service with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ CinderVolumeBase:
+ type: ../cinder-volume.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Volume role.
+ value:
+ service_name: cinder_volume
+ monitoring_subscription: {get_attr: [CinderVolumeBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [CinderVolumeBase, role_data, logging_source]}
+ logging_groups: {get_attr: [CinderVolumeBase, role_data, logging_groups]}
+ config_settings:
+ map_merge:
+ - get_attr: [CinderVolumeBase, role_data, config_settings]
+ - cinder::volume::manage_service: false
+ cinder::volume::enabled: false
+ step_config:
+ include ::tripleo::profile::pacemaker::cinder::volume
diff --git a/puppet/services/pacemaker/core.yaml b/puppet/services/pacemaker/core.yaml
new file mode 100644
index 00000000..9eca1de3
--- /dev/null
+++ b/puppet/services/pacemaker/core.yaml
@@ -0,0 +1,29 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Core (fake) service with Pacemaker configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Core role.
+ value:
+ service_name: core
+ config_settings: {}
+ step_config: |
+ include ::tripleo::profile::pacemaker::core \ No newline at end of file
diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml
new file mode 100644
index 00000000..64ae2e91
--- /dev/null
+++ b/puppet/services/pacemaker/database/mongodb.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ MongoDb service deployment using puppet
+
+parameters:
+ #Parameters not used EndpointMap
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ MongoDbBase:
+ type: ../../database/mongodb-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Service mongodb using composable services.
+ value:
+ service_name: mongodb
+ config_settings:
+ map_merge:
+ - get_attr: [MongoDbBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]}
+ mongodb::server::service_manage: False
+ step_config: |
+ include ::tripleo::profile::pacemaker::database::mongodb
diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml
new file mode 100644
index 00000000..7deaf0ca
--- /dev/null
+++ b/puppet/services/pacemaker/database/mysql.yaml
@@ -0,0 +1,55 @@
+heat_template_version: 2016-04-08
+
+description: >
+ MySQL with Pacemaker service deployment using puppet
+
+parameters:
+ #Parameters not used EndpointMap
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ MysqlBase:
+ type: ../../database/mysql.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Service MySQL with Pacemaker using composable services.
+ value:
+ service_name: mysql
+ config_settings:
+ map_merge:
+ - get_attr: [MysqlBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::database::mysql::bind_address:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
+ get_param: [ServiceNetMap, MysqlNetwork]
+ step_config: |
+ include ::tripleo::profile::pacemaker::database::mysql
diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml
new file mode 100644
index 00000000..d9156e67
--- /dev/null
+++ b/puppet/services/pacemaker/database/redis.yaml
@@ -0,0 +1,41 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Redis service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ RedisBase:
+ type: ../../database/redis-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Redis pacemaker role.
+ value:
+ service_name: redis
+ config_settings:
+ map_merge:
+ - get_attr: [RedisBase, role_data, config_settings]
+ - redis::service_manage: false
+ redis::notify_service: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::database::redis
diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml
index 5a581dca..20a439f6 100644
--- a/puppet/services/pacemaker/glance-api.yaml
+++ b/puppet/services/pacemaker/glance-api.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Glance API service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -39,12 +48,18 @@ resources:
GlanceApiBase:
type: ../glance-api.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Glance role.
value:
+ service_name: glance_api
+ monitoring_subscription: {get_attr: [GlanceApiBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [GlanceApiBase, role_data, logging_source]}
+ logging_groups: {get_attr: [GlanceApiBase, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [GlanceApiBase, role_data, config_settings]
@@ -52,6 +67,7 @@ outputs:
glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
+ glance_file_pcmk_directory: '/var/lib/glance/images'
glance::api::manage_service: false
glance::api::enabled: false
step_config: |
diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml
index 8b88cb93..41f89fdd 100644
--- a/puppet/services/pacemaker/glance-registry.yaml
+++ b/puppet/services/pacemaker/glance-registry.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Glance Registry service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,12 +24,18 @@ resources:
GlanceRegistryBase:
type: ../glance-registry.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Glance role.
value:
+ service_name: glance_registry
+ monitoring_subscription: {get_attr: [GlanceRegistryBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [GlanceRegistryBase, role_data, logging_source]}
+ logging_groups: {get_attr: [GlanceRegistryBase, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [GlanceRegistryBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml
new file mode 100644
index 00000000..6a9161fa
--- /dev/null
+++ b/puppet/services/pacemaker/gnocchi-api.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Gnocchi service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionGnocchiApi:
+ default: 'overcloud-gnocchi-api'
+ type: string
+
+resources:
+ GnocchiServiceBase:
+ type: ../gnocchi-api.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Gnocchi role.
+ value:
+ service_name: gnocchi_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
+ config_settings:
+ map_merge:
+ - get_attr: [GnocchiServiceBase, role_data, config_settings]
+ - gnocchi::metricd::manage_service: false
+ gnocchi::metricd::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::gnocchi::api
diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml
new file mode 100644
index 00000000..0f36b5d5
--- /dev/null
+++ b/puppet/services/pacemaker/gnocchi-metricd.yaml
@@ -0,0 +1,47 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Gnocchi service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionGnocchiMetricd:
+ default: 'overcloud-gnocchi-metricd'
+ type: string
+
+resources:
+ GnocchiServiceBase:
+ type: ../gnocchi-metricd.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Gnocchi role.
+ value:
+ service_name: gnocchi_metricd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd}
+ config_settings:
+ map_merge:
+ - get_attr: [GnocchiServiceBase, role_data, config_settings]
+ - gnocchi::metricd::manage_service: false
+ gnocchi::metricd::enabled: false
+ tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]}
+
+ step_config: |
+ include ::tripleo::profile::pacemaker::gnocchi::metricd
diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml
new file mode 100644
index 00000000..b9afc590
--- /dev/null
+++ b/puppet/services/pacemaker/gnocchi-statsd.yaml
@@ -0,0 +1,46 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Gnocchi service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionGnocchiStatsd:
+ default: 'overcloud-gnocchi-statsd'
+ type: string
+
+resources:
+ GnocchiServiceBase:
+ type: ../gnocchi-statsd.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Gnocchi role.
+ value:
+ service_name: gnocchi_statsd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd}
+ config_settings:
+ map_merge:
+ - get_attr: [GnocchiServiceBase, role_data, config_settings]
+ - gnocchi::statsd::manage_service: false
+ gnocchi::statsd::enabled: false
+ tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]}
+ step_config: |
+ include ::tripleo::profile::pacemaker::gnocchi::statsd
diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml
new file mode 100644
index 00000000..52104a71
--- /dev/null
+++ b/puppet/services/pacemaker/haproxy.yaml
@@ -0,0 +1,44 @@
+heat_template_version: 2016-04-08
+
+description: >
+ HAproxy service with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ LoadbalancerServiceBase:
+ type: ../haproxy.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the HAproxy with pacemaker role.
+ value:
+ service_name: haproxy
+ monitoring_subscription: {get_attr: [LoadbalancerServiceBase, role_data, monitoring_subscription]}
+ config_settings:
+ map_merge:
+ - get_attr: [LoadbalancerServiceBase, role_data, config_settings]
+ - tripleo::haproxy::haproxy_service_manage: false
+ tripleo::haproxy::mysql_clustercheck: true
+ enable_keepalived: false
+ tripleo::haproxy::keepalived: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::haproxy
diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml
index 5833c42d..dd25905b 100644
--- a/puppet/services/pacemaker/heat-api-cfn.yaml
+++ b/puppet/services/pacemaker/heat-api-cfn.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat CloudFormation API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,18 +23,22 @@ resources:
HeatApiCfnBase:
type: ../heat-api-cfn.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Heat CloudFormation API role.
value:
+ service_name: heat_api_cfn
+ monitoring_subscription: {get_attr: [HeatApiCfnBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [HeatApiCfnBase, role_data, logging_source]}
+ logging_groups: {get_attr: [HeatApiCfnBase, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [HeatApiCfnBase, role_data, config_settings]
- heat::api_cfn::manage_service: false
heat::api_cfn::enabled: false
- step_config:
- # No puppet manifests since heat-api-cfn is included in
- # ::tripleo::profile::pacemaker::heat which is maintained alongside of
- # pacemaker/heat-api.yaml.
+ step_config: |
+ include ::tripleo::profile::pacemaker::heat::api_cfn
diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml
index 8b67702c..18d2a0d5 100644
--- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml
+++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat CloudWatch API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,18 +23,22 @@ resources:
HeatApiCloudwatchBase:
type: ../heat-api-cloudwatch.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Heat Cloudwatch API role.
value:
+ service_name: heat_api_cloudwatch
+ monitoring_subscription: {get_attr: [HeatApiCloudwatchBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [HeatApiCloudwatchBase, role_data, logging_source]}
+ logging_groups: {get_attr: [HeatApiCloudwatchBase, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [HeatApiCloudwatchBase, role_data, config_settings]
- heat::api_cloudwatch::manage_service: false
heat::api_cloudwatch::enabled: false
- step_config:
- # No puppet manifests since heat-api-cloudwatch is included in
- # ::tripleo::profile::pacemaker::heat which is maintained alongside of
- # pacemaker/heat-api.yaml.
+ step_config: |
+ include ::tripleo::profile::pacemaker::heat::api_cloudwatch
diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml
index 6628e8dd..43122cb0 100644
--- a/puppet/services/pacemaker/heat-api.yaml
+++ b/puppet/services/pacemaker/heat-api.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat API service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,16 +23,22 @@ resources:
HeatApiBase:
type: ../heat-api.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Heat API role.
value:
+ service_name: heat_api
+ monitoring_subscription: {get_attr: [HeatApiBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [HeatApiBase, role_data, logging_source]}
+ logging_groups: {get_attr: [HeatApiBase, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [HeatApiBase, role_data, config_settings]
- heat::api::manage_service: false
heat::api::enabled: false
step_config: |
- include ::tripleo::profile::pacemaker::heat
+ include ::tripleo::profile::pacemaker::heat::api
diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml
index e1195780..54bfdad2 100644
--- a/puppet/services/pacemaker/heat-engine.yaml
+++ b/puppet/services/pacemaker/heat-engine.yaml
@@ -4,6 +4,15 @@ description: >
Openstack Heat Engine service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,6 +23,8 @@ resources:
HeatEngineBase:
type: ../heat-engine.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
@@ -21,12 +32,14 @@ outputs:
role_data:
description: Role data for the Heat engine role.
value:
+ service_name: heat_engine
+ monitoring_subscription: {get_attr: [HeatEngineBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [HeatEngineBase, role_data, logging_source]}
+ logging_groups: {get_attr: [HeatEngineBase, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [HeatEngineBase, role_data, config_settings]
- heat::engine::manage_service: false
heat::engine::enabled: false
- step_config:
- # No puppet manifests since heat-engine is included in
- # ::tripleo::profile::pacemaker::heat which is maintained alongside of
- # pacemaker/heat-api.yaml.
+ step_config: |
+ include ::tripleo::profile::pacemaker::heat::engine
diff --git a/puppet/services/pacemaker/horizon.yaml b/puppet/services/pacemaker/horizon.yaml
new file mode 100644
index 00000000..18de23ae
--- /dev/null
+++ b/puppet/services/pacemaker/horizon.yaml
@@ -0,0 +1,41 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Horizon service with Pacemaker configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ HorizonBase:
+ type: ../horizon.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Horizon role.
+ value:
+ service_name: horizon
+ monitoring_subscription: {get_attr: [HorizonBase, role_data, monitoring_subscription]}
+ config_settings:
+ get_attr: [HorizonBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::base::horizon
+ include ::tripleo::profile::pacemaker::apache
diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml
index 04e90368..908b9bbd 100644
--- a/puppet/services/pacemaker/keystone.yaml
+++ b/puppet/services/pacemaker/keystone.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Keystone service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,12 +24,18 @@ resources:
KeystoneServiceBase:
type: ../keystone.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Keystone pacemaker role.
value:
+ service_name: keystone
+ monitoring_subscription: {get_attr: [KeystoneServiceBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [KeystoneServiceBase, role_data, logging_source]}
+ logging_groups: {get_attr: [KeystoneServiceBase, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [KeystoneServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/loadbalancer.yaml b/puppet/services/pacemaker/loadbalancer.yaml
deleted file mode 100644
index ce67e925..00000000
--- a/puppet/services/pacemaker/loadbalancer.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-heat_template_version: 2016-04-08
-
-description: >
- Loadbalancer service with Pacemaker configured with Puppet
-
-parameters:
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
-
-resources:
- LoadbalancerServiceBase:
- type: ../loadbalancer.yaml
- properties:
- EndpointMap: {get_param: EndpointMap}
-
-outputs:
- role_data:
- description: Role data for the Loadbalancer pacemaker role.
- value:
- config_settings:
- map_merge:
- - get_attr: [LoadbalancerServiceBase, role_data, config_settings]
- - tripleo::haproxy::haproxy_service_manage: false
- tripleo::haproxy::mysql_clustercheck: true
- tripleo::haproxy::keepalived: false
- step_config: |
- include ::tripleo::profile::pacemaker::loadbalancer
diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml
new file mode 100644
index 00000000..cabc31a0
--- /dev/null
+++ b/puppet/services/pacemaker/manila-share.yaml
@@ -0,0 +1,41 @@
+heat_template_version: 2016-04-08
+
+description: >
+ The manila-share service with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ ManilaShareBase:
+ type: ../manila-share.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the manila-share pacemaker role.
+ value:
+ service_name: manila_share
+ monitoring_subscription: {get_attr: [ManilaShareBase, role_data, monitoring_subscription]}
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaShareBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::pacemaker::manila
diff --git a/puppet/services/pacemaker/memcached.yaml b/puppet/services/pacemaker/memcached.yaml
index 9a11855e..04b895b6 100644
--- a/puppet/services/pacemaker/memcached.yaml
+++ b/puppet/services/pacemaker/memcached.yaml
@@ -4,6 +4,15 @@ description: >
Mecached service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,11 +23,17 @@ resources:
MemcachedServiceBase:
type: ../memcached.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Memcached pacemaker role.
value:
+ service_name: memcached
+ monitoring_subscription: {get_attr: [MemcachedServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [MemcachedServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml
index 6f514379..7fca73d6 100644
--- a/puppet/services/pacemaker/neutron-dhcp.yaml
+++ b/puppet/services/pacemaker/neutron-dhcp.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron DHCP service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,12 +24,18 @@ resources:
NeutronDhcpBase:
type: ../neutron-dhcp.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Neutron DHCP role.
value:
+ service_name: neutron_dhcp
+ monitoring_subscription: {get_attr: [NeutronDhcpBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [NeutronDhcpBase, role_data, logging_source]}
+ logging_groups: {get_attr: [NeutronDhcpBase, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [NeutronDhcpBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml
index cb9c32d9..cdb87f50 100644
--- a/puppet/services/pacemaker/neutron-l3.yaml
+++ b/puppet/services/pacemaker/neutron-l3.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron L3 service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,12 +24,18 @@ resources:
NeutronL3Base:
type: ../neutron-l3.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Neutron L3 role.
value:
+ service_name: neutron_l3
+ monitoring_subscription: {get_attr: [NeutronL3Base, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [NeutronL3Base, role_data, logging_source]}
+ logging_groups: {get_attr: [NeutronL3Base, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [NeutronL3Base, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml
index 1c74b26f..49a31eb5 100644
--- a/puppet/services/pacemaker/neutron-metadata.yaml
+++ b/puppet/services/pacemaker/neutron-metadata.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Neutron Metadata service with Pacemaker configured with Puppet.
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -15,12 +24,18 @@ resources:
NeutronMetadataBase:
type: ../neutron-metadata.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Neutron Metadata role.
value:
+ service_name: neutron_metadata
+ monitoring_subscription: {get_attr: [NeutronMetadataBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [NeutronMetadataBase, role_data, logging_source]}
+ logging_groups: {get_attr: [NeutronMetadataBase, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [NeutronMetadataBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml
new file mode 100644
index 00000000..fdd5dafb
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-midonet.yaml
@@ -0,0 +1,41 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Midonet with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NeutronMidonetBase:
+ type: ../neutron-midonet.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Midonet plugin.
+ value:
+ service_name: neutron_midonet
+ monitoring_subscription: {get_attr: [NeutronMidonetBase, role_data, monitoring_subscription]}
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronMidonetBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::plugins::midonet
diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml
new file mode 100644
index 00000000..a2bd7c83
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron OVS agent with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NeutronOvsBase:
+ type: ../neutron-ovs-agent.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron OVS agent service.
+ value:
+ service_name: neutron_ovs_agent
+ monitoring_subscription: {get_attr: [NeutronOvsBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [NeutronOvsBase, role_data, logging_source]}
+ logging_groups: {get_attr: [NeutronOvsBase, role_data, logging_groups]}
+ config_settings:
+ get_attr: [NeutronOvsBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::ovs
diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml
new file mode 100644
index 00000000..234f116e
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-plugin-ml2.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron ML2 Plugin with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NeutronMl2Base:
+ type: ../neutron-plugin-ml2.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2 plugin.
+ value:
+ service_name: neutron_plugin_ml2
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronMl2Base, role_data, config_settings]
+ - neutron::agents::ml2::ovs::enabled: false
+ neutron::agents::ml2::ovs::manage_service: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::plugins::ml2
diff --git a/puppet/services/pacemaker/neutron-plugin-nuage.yaml b/puppet/services/pacemaker/neutron-plugin-nuage.yaml
new file mode 100644
index 00000000..9fca2cc3
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-plugin-nuage.yaml
@@ -0,0 +1,40 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Nuage Plugin with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NeutronPluginNuageBase:
+ type: ../neutron-plugin-nuage.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Nuage plugin.
+ value:
+ service_name: neutron_plugin_nuage
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronPluginNuageBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::plugins::nuage
diff --git a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml
new file mode 100644
index 00000000..80d6ed92
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml
@@ -0,0 +1,40 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron OpenContrail Plugin with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NeutronPluginOpenContrail:
+ type: ../neutron-plugin-nuage.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron OpenContrail plugin.
+ value:
+ service_name: neutron_plugin_opencontrail
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronPluginOpenContrail, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::plugins::opencontrail
diff --git a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml
new file mode 100644
index 00000000..5dd4e588
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml
@@ -0,0 +1,40 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron PLUMgrid Plugin with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NeutronPluginPlumgridBase:
+ type: ../neutron-plugin-ml2.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron PLUMgrid plugin.
+ value:
+ service_name: neutron_plugin_plumgrid
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronPluginPlumgridBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::plugins::plumgrid
diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml
new file mode 100644
index 00000000..33bc2d99
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-server.yaml
@@ -0,0 +1,48 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Server with Pacemaker configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronL3HA:
+ default: true
+ description: Whether to enable HA for virtual routers
+ type: boolean
+
+resources:
+
+ NeutronServerBase:
+ type: ../neutron-server.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Server.
+ value:
+ service_name: neutron_server
+ monitoring_subscription: {get_attr: [NeutronServerBase, role_data, monitoring_subscription]}
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronServerBase, role_data, config_settings]
+ - neutron::server::enabled: false
+ neutron::server::manage_service: false
+ neutron::server::l3_ha: {get_param: NeutronL3HA}
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::server
diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml
new file mode 100644
index 00000000..b86e438a
--- /dev/null
+++ b/puppet/services/pacemaker/nova-api.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova API service with Pacemaker configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NovaApiBase:
+ type: ../nova-api.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova API role.
+ value:
+ service_name: nova_api
+ monitoring_subscription: {get_attr: [NovaApiBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [NovaApiBase, role_data, logging_source]}
+ logging_groups: {get_attr: [NovaApiBase, role_data, logging_groups]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaApiBase, role_data, config_settings]
+ - nova::api::manage_service: false
+ nova::api::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::nova::api
diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml
new file mode 100644
index 00000000..a0a766ec
--- /dev/null
+++ b/puppet/services/pacemaker/nova-conductor.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Conductor service with Pacemaker configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NovaConductorBase:
+ type: ../nova-conductor.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Conductor role.
+ value:
+ service_name: nova_conductor
+ monitoring_subscription: {get_attr: [NovaConductorBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [NovaConductorBase, role_data, logging_source]}
+ logging_groups: {get_attr: [NovaConductorBase, role_data, logging_groups]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaConductorBase, role_data, config_settings]
+ - nova::conductor::manage_service: false
+ nova::conductor::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::nova::conductor
diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml
new file mode 100644
index 00000000..5d51eb47
--- /dev/null
+++ b/puppet/services/pacemaker/nova-consoleauth.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Consoleauth service with Pacemaker configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NovaConsoleauthBase:
+ type: ../nova-consoleauth.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Consoleauth role.
+ value:
+ service_name: nova_consoleauth
+ monitoring_subscription: {get_attr: [NovaConsoleauthBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [NovaConsoleauthBase, role_data, logging_source]}
+ logging_groups: {get_attr: [NovaConsoleauthBase, role_data, logging_groups]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaConsoleauthBase, role_data, config_settings]
+ - nova::consoleauth::manage_service: false
+ nova::consoleauth::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::nova::consoleauth
diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml
new file mode 100644
index 00000000..8828ee11
--- /dev/null
+++ b/puppet/services/pacemaker/nova-scheduler.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Scheduler service with Pacemaker configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NovaSchedulerBase:
+ type: ../nova-scheduler.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Scheduler role.
+ value:
+ service_name: nova_scheduler
+ monitoring_subscription: {get_attr: [NovaSchedulerBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [NovaSchedulerBase, role_data, logging_source]}
+ logging_groups: {get_attr: [NovaSchedulerBase, role_data, logging_groups]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaSchedulerBase, role_data, config_settings]
+ - nova::scheduler::manage_service: false
+ nova::scheduler::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::nova::scheduler
diff --git a/puppet/services/pacemaker/nova-vnc-proxy.yaml b/puppet/services/pacemaker/nova-vnc-proxy.yaml
new file mode 100644
index 00000000..ebe84a03
--- /dev/null
+++ b/puppet/services/pacemaker/nova-vnc-proxy.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Vncproxy service with Pacemaker configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ NovaVncproxyBase:
+ type: ../nova-vnc-proxy.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Vncproxy role.
+ value:
+ service_name: nova_vnc_proxy
+ monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [NovaVncproxyBase, role_data, logging_source]}
+ logging_groups: {get_attr: [NovaVncproxyBase, role_data, logging_groups]}
+ config_settings:
+ map_merge:
+ - get_attr: [NovaVncproxyBase, role_data, config_settings]
+ - nova::vncproxy::manage_service: false
+ nova::vncproxy::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::nova::vncproxy
diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml
index 20fb2e40..f3fa2d28 100644
--- a/puppet/services/pacemaker/rabbitmq.yaml
+++ b/puppet/services/pacemaker/rabbitmq.yaml
@@ -4,6 +4,15 @@ description: >
RabbitMQ service with Pacemaker configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -14,12 +23,16 @@ resources:
RabbitMQServiceBase:
type: ../rabbitmq.yaml
properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the RabbitMQ pacemaker role.
value:
+ service_name: rabbitmq
+ monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml
new file mode 100644
index 00000000..3dfb7d94
--- /dev/null
+++ b/puppet/services/pacemaker/sahara-api.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Sahara API service with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ SaharaApiBase:
+ type: ../sahara-api.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Sahara API role.
+ value:
+ service_name: sahara_api
+ monitoring_subscription: {get_attr: [SaharaApiBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [SaharaApiBase, role_data, logging_source]}
+ logging_groups: {get_attr: [SaharaApiBase, role_data, logging_groups]}
+ config_settings:
+ map_merge:
+ - get_attr: [SaharaApiBase, role_data, config_settings]
+ - sahara::service::api::manage_service: false
+ sahara::service::api::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::sahara::api
diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml
new file mode 100644
index 00000000..a06d11b3
--- /dev/null
+++ b/puppet/services/pacemaker/sahara-engine.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Sahara Engine service with Pacemaker configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ SaharaEngineBase:
+ type: ../sahara-engine.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Sahara Engine role.
+ value:
+ service_name: sahara_engine
+ monitoring_subscription: {get_attr: [SaharaEngineBase, role_data, monitoring_subscription]}
+ logging_source: {get_attr: [SaharaEngineBase, role_data, logging_source]}
+ logging_groups: {get_attr: [SaharaEngineBase, role_data, logging_groups]}
+ config_settings:
+ map_merge:
+ - get_attr: [SaharaEngineBase, role_data, config_settings]
+ - sahara::service::engine::manage_service: false
+ sahara::service::engine::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::sahara::engine
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 581b4ba4..52300a2f 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -1,9 +1,18 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
RabbitMQ service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -18,22 +27,66 @@ parameters:
type: string
hidden: true
RabbitFDLimit:
- default: 16384
+ default: 65536
description: Configures RabbitMQ FD limit
type: string
RabbitIPv6:
default: false
description: Enable IPv6 in RabbitMQ
type: boolean
+ RabbitCookie:
+ type: string
+ default: ''
+ hidden: true
+ MonitoringSubscriptionRabbitmq:
+ default: 'overcloud-rabbitmq'
+ type: string
outputs:
role_data:
description: Role data for the RabbitMQ role.
value:
+ service_name: rabbitmq
+ monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
config_settings:
rabbitmq::file_limit: {get_param: RabbitFDLimit}
rabbitmq::default_user: {get_param: RabbitUserName}
rabbitmq::default_pass: {get_param: RabbitPassword}
rabbit_ipv6: {get_param: RabbitIPv6}
+ tripleo.rabbitmq.firewall_rules:
+ '109 rabbitmq':
+ dport:
+ - 4369
+ - 5672
+ - 25672
+ rabbitmq::delete_guest_user: false
+ rabbitmq::wipe_db_on_cookie_change: true
+ rabbitmq::port: '5672'
+ rabbitmq::package_source: undef
+ rabbitmq::repos_ensure: false
+ rabbitmq_environment:
+ RABBITMQ_NODENAME: "rabbit@%{::hostname}"
+ RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
+ rabbitmq_kernel_variables:
+ inet_dist_listen_min: '25672'
+ inet_dist_listen_max: '25672'
+ rabbitmq_config_variables:
+ tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
+ cluster_partition_handling: 'pause_minority'
+ loopback_users: '[]'
+ rabbitmq::erlang_cookie:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: RabbitCookie}
+ - {get_param: [DefaultPasswords, rabbit_cookie]}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]}
step_config: |
include ::tripleo::profile::base::rabbitmq
diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml
new file mode 100644
index 00000000..54e63df4
--- /dev/null
+++ b/puppet/services/sahara-api.yaml
@@ -0,0 +1,92 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Sahara API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SaharaPassword:
+ description: The password for the sahara service account, used by sahara-api.
+ type: string
+ hidden: true
+ SaharaWorkers:
+ default: 0
+ description: The number of workers for the sahara-api.
+ type: number
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ MonitoringSubscriptionSaharaApi:
+ default: 'overcloud-sahara-api'
+ type: string
+ SaharaApiLoggingSource:
+ type: json
+ default:
+ tag: openstack.sahara.api
+ path: /var/log/sahara/sahara-api.log
+
+resources:
+ SaharaBase:
+ type: ./sahara-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Sahara API role.
+ value:
+ service_name: sahara_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi}
+ logging_source: {get_param: SaharaApiLoggingSource}
+ logging_groups:
+ - sahara
+ config_settings:
+ map_merge:
+ - get_attr: [SaharaBase, role_data, config_settings]
+ - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
+ sahara::service::api::api_workers: {get_param: SaharaWorkers}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]}
+ tripleo.sahara_api.firewall_rules:
+ '132 sahara':
+ dport:
+ - 8386
+ - 13386
+ step_config: |
+ include ::tripleo::profile::base::sahara::api
+ service_config_settings:
+ keystone:
+ sahara::keystone::auth::tenant: 'service'
+ sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
+ sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
+ sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
+ sahara::keystone::auth::password: {get_param: SaharaPassword }
+ sahara::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ sahara::db::mysql::password: {get_param: SaharaPassword}
+ sahara::db::mysql::user: sahara
+ sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ sahara::db::mysql::dbname: sahara
+ sahara::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
new file mode 100644
index 00000000..5fc8ed61
--- /dev/null
+++ b/puppet/services/sahara-base.yaml
@@ -0,0 +1,82 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Sahara base service. Shared for all Sahara services.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ SaharaPassword:
+ description: The password for the sahara service account, used by sahara-api.
+ type: string
+ hidden: true
+ Debug:
+ type: string
+ default: ''
+ description: Set to True to enable debugging on all services.
+
+outputs:
+ role_data:
+ description: Role data for the Sahara base service.
+ value:
+ service_name: sahara_base
+ config_settings:
+ sahara::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://sahara:'
+ - {get_param: SaharaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/sahara'
+ sahara::rabbit_password: {get_param: RabbitPassword}
+ sahara::rabbit_user: {get_param: RabbitUserName}
+ sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ sahara::rabbit_port: {get_param: RabbitClientPort}
+ sahara::debug: {get_param: Debug}
+ sahara::admin_password: {get_param: SaharaPassword}
+ sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ sahara::use_neutron: true
+ sahara::plugins:
+ - ambari
+ - cdh
+ - mapr
+ - vanilla
+ - spark
+ - storm
+ sahara::rpc_backend: rabbit
+ sahara::admin_tenant_name: 'service'
+ sahara::db::database_db_max_retries: -1
+ sahara::db::database_max_retries: -1
diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml
new file mode 100644
index 00000000..287c1c05
--- /dev/null
+++ b/puppet/services/sahara-engine.yaml
@@ -0,0 +1,51 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Sahara Engine service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionSaharaEngine:
+ default: 'overcloud-sahara-engine'
+ type: string
+ SaharaEngineLoggingSource:
+ type: json
+ default:
+ tag: openstack.sahara.engine
+ path: /var/log/sahara/sahara-engine.log
+
+resources:
+ SaharaBase:
+ type: ./sahara-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Sahara Engine role.
+ value:
+ service_name: sahara_engine
+ monitoring_subscription: {get_param: MonitoringSubscriptionSaharaEngine}
+ logging_source: {get_param: SaharaEngineLoggingSource}
+ logging_groups:
+ - sahara
+ config_settings:
+ map_merge:
+ - get_attr: [SaharaBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::base::sahara::engine
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
index 7ed880fc..7b5fa40c 100644
--- a/puppet/services/services.yaml
+++ b/puppet/services/services.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Utility stack to convert an array of services into a set of combined
@@ -10,11 +10,22 @@ parameters:
description: |
List nested stack service templates.
type: comma_delimited_list
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ DefaultPasswords:
+ default: {}
+ description: Mapping of service -> default password. Used to help
+ pass top level passwords managed by Heat into services.
+ type: json
resources:
@@ -24,12 +35,75 @@ resources:
resources: {get_param: Services}
concurrent: true
resource_properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_param: EndpointMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+ LoggingConfiguration:
+ type: OS::TripleO::LoggingConfiguration
outputs:
- config_settings:
- description: Configuration settings.
- value: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
- step_config:
- description: Step configuration.
- value: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}
+ role_data:
+ description: Combined Role data for this set of services.
+ value:
+ service_names:
+ # Filter any null/None service_names which may be present due to mapping
+ # of services to OS::Heat::None
+ yaql:
+ expression: list($.data.s_names.where($ != null))
+ data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}}
+ monitoring_subscriptions:
+ yaql:
+ expression: list($.data.where($ != null).select($.get('monitoring_subscription')).where($ != null))
+ data: {get_attr: [ServiceChain, role_data]}
+ logging_sources:
+ # Transform the individual logging_source configuration from
+ # each service in the chain into a global list, adding some
+ # default configuration at the same time.
+ yaql:
+ expression: >
+ let(
+ default_format => $.data.default_format,
+ pos_file_path => $.data.pos_file_path,
+ sources => $.data.sources.flatten()
+ ) ->
+ $sources.where($ != null).select({
+ 'type' => 'tail',
+ 'tag' => $.tag,
+ 'path' => $.path,
+ 'format' => $.get('format', $default_format),
+ 'pos_file' => $.get('pos_file', $pos_file_path + '/' + $.tag + '.pos')
+ })
+ data:
+ sources:
+ - {get_attr: [LoggingConfiguration, LoggingDefaultSources]}
+ - yaql:
+ expression: list($.data.where($ != null).select($.get('logging_sources')).where($ != null))
+ data: {get_attr: [ServiceChain, role_data]}
+ - {get_attr: [LoggingConfiguration, LoggingExtraSources]}
+ default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]}
+ pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]}
+ logging_groups:
+ # Build a list of unique groups to which we should add the
+ # fluentd user.
+ yaql:
+ expression: >
+ set($.data.groups.flatten()).where($)
+ data:
+ groups:
+ - [{get_attr: [LoggingConfiguration, LoggingDefaultGroups]}]
+ - yaql:
+ expression: list($.data.where($ != null).select($.get('logging_groups')).where($ != null))
+ data: {get_attr: [ServiceChain, role_data]}
+ - [{get_attr: [LoggingConfiguration, LoggingExtraGroups]}]
+ config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
+ global_config_settings:
+ map_merge:
+ yaql:
+ expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null))
+ data: {get_attr: [ServiceChain, role_data]}
+ service_config_settings:
+ yaql:
+ expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
+ data: {get_attr: [ServiceChain, role_data]}
+ step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}
diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml
new file mode 100644
index 00000000..4d01632d
--- /dev/null
+++ b/puppet/services/snmp.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ SNMP client configured with Puppet, to facilitate Ceilometer Hardware
+ monitoring in the undercloud. This service is required to enable hardware
+ monitoring.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SnmpdReadonlyUserName:
+ default: ro_snmp_user
+ description: The user name for SNMPd with readonly rights running on all Overcloud nodes
+ type: string
+ SnmpdReadonlyUserPassword:
+ description: The user password for SNMPd with readonly rights running on all Overcloud nodes
+ type: string
+ hidden: true
+
+outputs:
+ role_data:
+ description: Role data for the SNMP services
+ value:
+ service_name: snmp
+ config_settings:
+ tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
+ tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
+ tripleo.snmp.firewall_rules:
+ '127 snmp':
+ dport: 161
+ proto: 'udp'
+ step_config: |
+ include ::tripleo::profile::base::snmp
diff --git a/puppet/services/swift-base.yaml b/puppet/services/swift-base.yaml
new file mode 100644
index 00000000..741adb4d
--- /dev/null
+++ b/puppet/services/swift-base.yaml
@@ -0,0 +1,33 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Swift Proxy service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SwiftHashSuffix:
+ description: A random string to be used as a salt when hashing to determine mappings
+ in the ring.
+ hidden: true
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Swift common swift settings.
+ value:
+ service_name: swift_base
+ config_settings:
+ swift::swift_hash_path_suffix: {get_param: SwiftHashSuffix}
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index a86aeaf5..8b990bcd 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -4,6 +4,15 @@ description: >
OpenStack Swift Proxy service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -17,6 +26,10 @@ parameters:
description: The password for the swift service account, used by the swift proxy services.
type: string
hidden: true
+ SwiftProxyNodeTimeout:
+ default: 60
+ description: Timeout for requests going from swift-proxy to swift a/c/o services.
+ type: number
SwiftWorkers:
default: 0
description: Number of workers for Swift service.
@@ -25,25 +38,80 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionSwiftProxy:
+ default: 'overcloud-swift-proxy'
+ type: string
+resources:
+ SwiftBase:
+ type: ./swift-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Swift proxy service.
value:
+ service_name: swift_proxy
+ monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
config_settings:
- # Swift
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
- swift::proxy::workers: {get_param: SwiftWorkers}
- swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
- swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
- swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
- swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
- swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
- swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
- swift::keystone::auth::password: {get_param: SwiftPassword}
- swift::keystone::auth::region: {get_param: KeystoneRegion}
+ map_merge:
+ - get_attr: [SwiftBase, role_data, config_settings]
+
+ - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::password: {get_param: SwiftPassword}
+ swift::proxy::authtoken::project_name: 'service'
+ swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
+ swift::proxy::workers: {get_param: SwiftWorkers}
+ tripleo.swift_proxy.firewall_rules:
+ '122 swift proxy':
+ dport:
+ - 8080
+ - 13808
+ swift::proxy::keystone::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ swift::proxy::pipeline:
+ - 'catch_errors'
+ - 'healthcheck'
+ - 'proxy-logging'
+ - 'cache'
+ - 'ratelimit'
+ - 'bulk'
+ - 'tempurl'
+ - 'formpost'
+ - 'authtoken'
+ - 'keystone'
+ - 'staticweb'
+ - 'proxy-logging'
+ - 'proxy-server'
+ swift::proxy::account_autocreate: true
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
+ service_config_settings:
+ keystone:
+ swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+ swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+ swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+ swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+ swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+ swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
+ swift::keystone::auth::password: {get_param: SwiftPassword}
+ swift::keystone::auth::region: {get_param: KeystoneRegion}
+ swift::keystone::auth::tenant: 'service'
+ swift::keystone::auth::configure_s3_endpoint: false
+ swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml
new file mode 100644
index 00000000..e151d185
--- /dev/null
+++ b/puppet/services/swift-ringbuilder.yaml
@@ -0,0 +1,65 @@
+heat_template_version: 2016-10-14
+
+description: >
+ OpenStack Swift Ringbuilder
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SwiftMinPartHours:
+ type: number
+ default: 1
+ description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
+ SwiftPartPower:
+ default: 10
+ description: Partition Power to use when building Swift rings
+ type: number
+ SwiftRingBuild:
+ default: true
+ description: Whether to manage Swift rings or not
+ type: boolean
+ SwiftReplicas:
+ type: number
+ default: 3
+ description: How many replicas to use in the swift rings.
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
+
+
+outputs:
+ role_data:
+ description: Role data for Swift Ringbuilder configuration.
+ value:
+ service_name: swift_ringbuilder
+ config_settings:
+ tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild}
+ tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas}
+ tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: 'r1z1-'
+ tripleo::profile::base::swift::ringbuilder::raw_disks:
+ yaql:
+ expression: $.data.raw_disk_lists.flatten()
+ data:
+ raw_disk_lists:
+ - [':%PORT%/d1']
+ - repeat:
+ template: ':%PORT%/DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
+ swift::ringbuilder::part_power: {get_param: SwiftPartPower}
+ swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours}
+ step_config: |
+ include ::tripleo::profile::base::swift::ringbuilder
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
new file mode 100644
index 00000000..7fbb8d90
--- /dev/null
+++ b/puppet/services/swift-storage.yaml
@@ -0,0 +1,92 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Swift Storage service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ SwiftMountCheck:
+ default: false
+ description: Value of mount_check in Swift account/container/object -server.conf
+ type: boolean
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
+ MonitoringSubscriptionSwiftStorage:
+ default: 'overcloud-swift-storage'
+ type: string
+
+ # DEPRECATED options for compatibility with overcloud.yaml
+ # This should be removed and manipulation of the ControllerServices list
+ # used instead, but we need client support for that first
+ ControllerEnableSwiftStorage:
+ default: true
+ description: Whether to enable Swift Storage on the Controller
+ type: boolean
+
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - ControllerEnableSwiftStorage
+
+resources:
+ SwiftBase:
+ type: ./swift-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Swift Proxy role.
+ value:
+ service_name: swift_storage
+ monitoring_subscription: {get_param: MonitoringSubscriptionSwiftStorage}
+ config_settings:
+ map_merge:
+ - get_attr: [SwiftBase, role_data, config_settings]
+ - swift::storage::all::mount_check: {get_param: SwiftMountCheck}
+ tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
+ tripleo.swift_storage.firewall_rules:
+ '123 swift storage':
+ dport:
+ - 873
+ - 6000
+ - 6001
+ - 6002
+ swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+ swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+ swift::storage::all::object_pipeline:
+ - healthcheck
+ - recon
+ - object-server
+ swift::storage::all::container_pipeline:
+ - healthcheck
+ - container-server
+ swift::storage::all::account_pipeline:
+ - healthcheck
+ - account-server
+ swift::storage::disks: {get_param: SwiftRawDisks}
+ swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
+ step_config: |
+ include ::tripleo::profile::base::swift::storage
diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml
new file mode 100644
index 00000000..eb5237fe
--- /dev/null
+++ b/puppet/services/time/ntp.yaml
@@ -0,0 +1,41 @@
+heat_template_version: 2016-04-08
+
+description: >
+ NTP service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configure NTP.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NtpServer:
+ default: []
+ description: NTP servers
+ type: comma_delimited_list
+
+outputs:
+ role_data:
+ description: Role ntp using composable services.
+ value:
+ service_name: ntp
+ config_settings:
+ ntp::servers: {get_param: NtpServer}
+ tripleo.ntp.firewall_rules:
+ '105 ntp':
+ dport: 123
+ proto: udp
+ step_config: |
+ include ::ntp
diff --git a/puppet/services/time/timezone.yaml b/puppet/services/time/timezone.yaml
new file mode 100644
index 00000000..384b5191
--- /dev/null
+++ b/puppet/services/time/timezone.yaml
@@ -0,0 +1,34 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Composable Timezone service
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ TimeZone:
+ default: 'UTC'
+ description: The timezone to be set on the overcloud.
+ type: string
+
+outputs:
+ role_data:
+ description: Timezone role using composable services.
+ value:
+ service_name: timezone
+ config_settings:
+ timezone::timezone: {get_param: TimeZone}
+ step_config: |
+ include ::timezone
diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml
new file mode 100644
index 00000000..f6ec458f
--- /dev/null
+++ b/puppet/services/tripleo-firewall.yaml
@@ -0,0 +1,39 @@
+heat_template_version: 2016-04-08
+
+description: >
+ TripleO Firewall settings
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ManageFirewall:
+ default: false
+ description: Whether to manage IPtables rules.
+ type: boolean
+ PurgeFirewallRules:
+ default: false
+ description: Whether IPtables rules should be purged before setting up the new ones.
+ type: boolean
+
+outputs:
+ role_data:
+ description: Role data for the TripleO firewall settings
+ value:
+ service_name: tripleo_firewall
+ config_settings:
+ tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
+ tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
+ step_config: |
+ include ::tripleo::firewall
diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml
new file mode 100644
index 00000000..124f5fe8
--- /dev/null
+++ b/puppet/services/tripleo-packages.yaml
@@ -0,0 +1,34 @@
+heat_template_version: 2016-04-08
+
+description: >
+ TripleO Package installation settings
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ EnablePackageInstall:
+ default: 'false'
+ description: Set to true to enable package installation via Puppet
+ type: boolean
+
+outputs:
+ role_data:
+ description: Role data for the TripleO package settings
+ value:
+ service_name: tripleo_packages
+ config_settings:
+ tripleo::packages::enable_install: {get_param: EnablePackageInstall}
+ step_config: |
+ include ::tripleo::packages
diff --git a/puppet/services/vip-hosts.yaml b/puppet/services/vip-hosts.yaml
new file mode 100644
index 00000000..a9d757ee
--- /dev/null
+++ b/puppet/services/vip-hosts.yaml
@@ -0,0 +1,56 @@
+heat_template_version: 2016-04-08
+
+description: >
+ If the deployer doesn't have a DNS server for the overcloud nodes. This will
+ populate the node-names and IPs for the VIPs of the overcloud.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: role data for the VIP hosts role
+ value:
+ service_name: vip_hosts
+ config_settings:
+ tripleo::vip_hosts::hosts_spec:
+ external:
+ name: "%{hiera('cloud_name_external')}"
+ ip: "%{hiera('public_virtual_ip')}"
+ ensure: present
+ comment: FQDN of the external VIP
+ internal_api:
+ name: "%{hiera('cloud_name_internal_api')}"
+ ip: "%{hiera('internal_api_virtual_ip')}"
+ ensure: present
+ comment: FQDN of the internal api VIP
+ storage:
+ name: "%{hiera('cloud_name_storage')}"
+ ip: "%{hiera('storage_virtual_ip')}"
+ ensure: present
+ comment: FQDN of the storage VIP
+ storage_mgmt:
+ name: "%{hiera('cloud_name_storage_mgmt')}"
+ ip: "%{hiera('storage_mgmt_virtual_ip')}"
+ ensure: present
+ comment: FQDN of the storage mgmt VIP
+ ctlplane:
+ name: "%{hiera('cloud_name_ctlplane')}"
+ ip: "%{hiera('controller_virtual_ip')}"
+ ensure: present
+ comment: FQDN of the ctlplane VIP
+ step_config: |
+ include ::tripleo::vip_hosts
diff --git a/puppet/swift-devices-and-proxy-config.yaml b/puppet/swift-devices-and-proxy-config.yaml
deleted file mode 100644
index 92ef5c1c..00000000
--- a/puppet/swift-devices-and-proxy-config.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-heat_template_version: 2015-04-30
-description: 'Swift Devices and Proxy Config for Puppet'
-
-parameters:
- controller_swift_devices:
- type: comma_delimited_list
- object_store_swift_devices:
- type: comma_delimited_list
- controller_swift_proxy_memcaches:
- type: comma_delimited_list
-
-resources:
-
- SwiftDevicesAndProxyConfigImpl:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- swift_devices_and_proxy:
- mapped_data:
- tripleo::ringbuilder::devices:
- list_join:
- - ", "
- - - list_join:
- - ", "
- - {get_param: controller_swift_devices}
- - list_join:
- - ", "
- - {get_param: object_store_swift_devices}
- swift::proxy::cache::memcache_servers:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: controller_swift_proxy_memcaches}
-
-outputs:
- config_id:
- description: The ID of the SwiftDevicesAndProxyConfigImpl resource.
- value:
- {get_resource: SwiftDevicesAndProxyConfigImpl}
diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml
deleted file mode 100644
index 1aba2bb4..00000000
--- a/puppet/swift-storage-post.yaml
+++ /dev/null
@@ -1,91 +0,0 @@
-heat_template_version: 2015-04-30
-description: 'OpenStack swift storage node post deployment for Puppet'
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- servers:
- type: json
- NodeConfigIdentifiers:
- type: json
- description: Value which changes if the node configuration may need to be re-applied
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- StorageArtifactsConfig:
- type: deploy-artifacts.yaml
-
- StorageArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: servers}
- config: {get_resource: StorageArtifactsConfig}
- input_values:
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- StoragePuppetConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- inputs:
- - name: step
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_object.pp
- - get_file: manifests/ringbuilder.pp
- - {get_param: StepConfig}
-
- StorageRingbuilderDeployment_Step2:
- type: OS::Heat::StructuredDeployments
- depends_on: StorageArtifactsDeploy
- properties:
- name: StorageRingbuilderDeployment_Step2
- servers: {get_param: servers}
- config: {get_resource: StoragePuppetConfig}
- input_values:
- step: 2
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- StorageRingbuilderDeployment_Step3:
- type: OS::Heat::StructuredDeployments
- depends_on: StorageRingbuilderDeployment_Step2
- properties:
- name: StorageRingbuilderDeployment_Step3
- servers: {get_param: servers}
- config: {get_resource: StoragePuppetConfig}
- input_values:
- step: 3
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- StorageDeployment_Step4:
- type: OS::Heat::StructuredDeployments
- depends_on: StorageRingbuilderDeployment_Step3
- properties:
- name: StorageDeployment_Step4
- servers: {get_param: servers}
- config: {get_resource: StoragePuppetConfig}
- input_values:
- step: 4
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- ExtraConfig:
- depends_on: StorageDeployment_Step4
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: servers}
-
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index ed52f928..899ba66d 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -1,59 +1,21 @@
-heat_template_version: 2015-04-30
+heat_template_version: 2016-10-14
description: 'OpenStack swift storage node configured by Puppet'
parameters:
- Flavor:
+ OvercloudSwiftStorageFlavor:
description: Flavor for Swift storage nodes to request when deploying.
+ default: baremetal
type: string
constraints:
- custom_constraint: nova.flavor
- HashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings
- in the ring.
- hidden: true
- type: string
- Image:
- default: overcloud-swift-storage
+ SwiftStorageImage:
+ default: overcloud-full
type: string
+ constraints:
+ - custom_constraint: glance.image
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
- MountCheck:
- default: 'false'
- description: Value of mount_check in Swift account/container/object -server.conf
- type: boolean
- MinPartHours:
- type: number
- default: 1
- description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
- PartPower:
- default: 10
- description: Partition Power to use when building Swift rings
- type: number
- RingBuild:
- default: true
- description: Whether to manage Swift rings or not
- type: boolean
- Replicas:
- type: number
- default: 3
- description: How many replicas to use in the swift rings.
- SnmpdReadonlyUserName:
- default: ro_snmp_user
- description: The user name for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- SnmpdReadonlyUserPassword:
- description: The user password for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- hidden: true
- NtpServer:
- default: ''
- description: Comma-separated list of ntp servers
- type: comma_delimited_list
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
UpdateIdentifier:
default: ''
type: string
@@ -65,10 +27,11 @@ parameters:
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
- TimeZone:
- default: 'UTC'
- description: The timezone to be set on Ceph nodes.
- type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
Hostname:
type: string
default: '' # Defaults to Heat created hostname
@@ -103,7 +66,6 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
- default: ''
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
@@ -114,7 +76,7 @@ parameters:
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
- SchedulerHints:
+ ObjectStorageSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
@@ -124,14 +86,33 @@ parameters:
ServiceConfigSettings:
type: json
default: {}
+ ServiceNames:
+ type: comma_delimited_list
+ default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
+ ConfigCommand:
+ type: string
+ description: Command which will be run whenever configuration data changes
+ default: os-refresh-config --timeout 14400
+ LoggingSources:
+ type: json
+ default: []
+ LoggingGroups:
+ type: comma_delimited_list
+ default: []
resources:
SwiftStorage:
type: OS::Nova::Server
+ metadata:
+ os-collect-config:
+ command: {get_param: ConfigCommand}
properties:
- image: {get_param: Image}
- flavor: {get_param: Flavor}
+ image: {get_param: SwiftStorageImage}
+ flavor: {get_param: OvercloudSwiftStorageFlavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
@@ -143,7 +124,7 @@ resources:
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
- scheduler_hints: {get_param: SchedulerHints}
+ scheduler_hints: {get_param: ObjectStorageSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
@@ -260,44 +241,33 @@ resources:
- heat_config_%{::deploy_config_name}
- object_extraconfig
- extraconfig
+ - service_names
- service_configs
- object
- - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
+ - bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- - common
- - network
merge_behavior: deeper
datafiles:
+ service_names:
+ mapped_data:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
- mapped_data: {get_param: ServiceConfigSettings}
- common:
- raw_data: {get_file: hieradata/common.yaml}
- network:
mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
object_extraconfig:
mapped_data: {get_param: ObjectStorageExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
object:
- raw_data: {get_file: hieradata/object.yaml}
mapped_data: # data supplied directly to this deployment configuration, etc
- swift::swift_hash_path_suffix: { get_input: swift_hash_suffix }
- tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
- tripleo::ringbuilder::part_power: { get_input: swift_part_power }
- tripleo::ringbuilder::replicas: {get_input: swift_replicas }
- swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
- swift_mount_check: {get_input: swift_mount_check }
- tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours }
- ntp::servers: {get_input: ntp_servers}
- timezone::timezone: {get_input: timezone}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
+ tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
+ tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
SwiftStorageHieraDeploy:
@@ -308,20 +278,7 @@ resources:
server: {get_resource: SwiftStorage}
config: {get_resource: SwiftStorageHieraConfig}
input_values:
- local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- swift_hash_suffix: {get_param: HashSuffix}
- swift_mount_check: {get_param: MountCheck}
- swift_min_part_hours: {get_param: MinPartHours}
- swift_ring_build: {get_param: RingBuild}
- swift_part_power: {get_param: PartPower}
- swift_replicas: { get_param: Replicas}
- ntp_servers: {get_param: NtpServer}
- timezone: {get_param: TimeZone}
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -351,6 +308,12 @@ resources:
get_param: UpdateIdentifier
outputs:
+ ip_address:
+ description: IP address of the server in the ctlplane network
+ value: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ hostname:
+ description: Hostname of the server
+ value: {get_attr: [SwiftStorage, name]}
hosts_entry:
value:
str_replace:
@@ -362,6 +325,7 @@ outputs:
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -402,17 +366,16 @@ outputs:
- '.'
- - {get_attr: [SwiftStorage, name]}
- management
+ CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [SwiftStorage, name]}
+ - ctlplane
nova_server_resource:
description: Heat resource handle for the swift storage server
value:
{get_resource: SwiftStorage}
- swift_device:
- description: Swift device formatted for swift-ring-builder
- value:
- str_replace:
- template: 'r1z1-IP:%PORT%/d1'
- params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
@@ -431,11 +394,3 @@ outputs:
management_ip_address:
description: IP address of the server in the management network
value: {get_attr: [ManagementPort, ip_address]}
- config_identifier:
- description: identifier which changes if the node configuration may need re-applying
- value:
- list_join:
- - ','
- - - {get_attr: [SwiftStorageHieraDeploy, deploy_stdout]}
- - {get_attr: [NodeTLSCAData, deploy_stdout]}
- - {get_param: UpdateIdentifier}
diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml
deleted file mode 100644
index 92234b6c..00000000
--- a/puppet/vip-config.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- Configure hieradata for service -> virtual IP mappings.
-
-resources:
- VipConfigImpl:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- vip_data:
- mapped_data:
- keystone_admin_api_vip: {get_input: keystone_admin_api_vip}
- keystone_public_api_vip: {get_input: keystone_public_api_vip}
- neutron_api_vip: {get_input: neutron_api_vip}
- # TODO: pass a `midonet_api_vip` var
- midonet_api_vip: {get_input: neutron_api_vip}
- cinder_api_vip: {get_input: cinder_api_vip}
- glance_api_vip: {get_input: glance_api_vip}
- glance_registry_vip: {get_input: glance_registry_vip}
- sahara_api_vip: {get_input: sahara_api_vip}
- swift_proxy_vip: {get_input: swift_proxy_vip}
- nova_api_vip: {get_input: nova_api_vip}
- nova_metadata_vip: {get_input: nova_metadata_vip}
- ceilometer_api_vip: {get_input: ceilometer_api_vip}
- aodh_api_vip: {get_input: aodh_api_vip}
- gnocchi_api_vip: {get_input: gnocchi_api_vip}
- heat_api_vip: {get_input: heat_api_vip}
- horizon_vip: {get_input: horizon_vip}
- redis_vip: {get_input: redis_vip}
- mysql_vip: {get_input: mysql_vip}
- public_virtual_ip: {get_input: public_virtual_ip}
- controller_virtual_ip: {get_input: control_virtual_ip}
- internal_api_virtual_ip: {get_input: internal_api_virtual_ip}
- storage_virtual_ip: {get_input: storage_virtual_ip}
- storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip}
- # public_virtual_ip and controller_virtual_ip are needed in
- # both HAproxy & keepalived.
- tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip}
- tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip}
- tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip}
- tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip}
- tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip}
- tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip}
- tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip}
- tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip}
-
-
-outputs:
- OS::stack_id:
- description: The VipConfigImpl resource.
- value: {get_resource: VipConfigImpl}
diff --git a/roles_data.yaml b/roles_data.yaml
new file mode 100644
index 00000000..fe98d827
--- /dev/null
+++ b/roles_data.yaml
@@ -0,0 +1,164 @@
+# Specifies which roles (groups of nodes) will be deployed
+# Note this is used as an input to the various *.j2.yaml
+# jinja2 templates, so that they are converted into *.yaml
+# during the plan creation (via a mistral action/workflow).
+#
+# The format is a list, with the following format:
+#
+# * name: (string) mandatory, name of the role, must be unique
+#
+# CountDefault: (number) optional, default number of nodes, defaults to 0
+# sets the default for the {{role.name}}Count parameter in overcloud.yaml
+#
+# HostnameFormatDefault: (string) optional default format string for hostname
+# defaults to '%stackname%-{{role.name.lower()}}-%index%'
+# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
+#
+# ServicesDefault: (list) optional default list of services to be deployed
+# on the role, defaults to an empty list. Sets the default for the
+# {{role.name}}Services parameter in overcloud.yaml
+
+- name: Controller
+ CountDefault: 1
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Core
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::GlanceRegistry
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaVncProxy
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::CeilometerApi
+ - OS::TripleO::Services::CeilometerCollector
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::Tripleo::Services::ManilaApi
+ - OS::Tripleo::Services::ManilaScheduler
+ - OS::Tripleo::Services::ManilaBackendGeneric
+ - OS::Tripleo::Services::ManilaBackendNetapp
+ - OS::Tripleo::Services::ManilaBackendCephFs
+ - OS::Tripleo::Services::ManilaShare
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::OpenDaylight
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::VipHosts
+
+- name: Compute
+ CountDefault: 1
+ HostnameFormatDefault: '%stackname%-novacompute-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephClient
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronL3Agent
+ - OS::TripleO::Services::ComputeNeutronMetadataAgent
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::VipHosts
+
+- name: BlockStorage
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::VipHosts
+
+- name: ObjectStorage
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::VipHosts
+
+- name: CephStorage
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::VipHosts
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 2da873d0..95c7d025 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -17,27 +17,65 @@ import traceback
import yaml
+required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords']
+
def exit_usage():
print('Usage %s <yaml file or directory>' % sys.argv[0])
sys.exit(1)
+
+def validate_service(filename, tpl):
+ if 'outputs' in tpl and 'role_data' in tpl['outputs']:
+ if 'value' not in tpl['outputs']['role_data']:
+ print('ERROR: invalid role_data for filename: %s'
+ % filename)
+ return 1
+ role_data = tpl['outputs']['role_data']['value']
+ if 'service_name' not in role_data:
+ print('ERROR: service_name is required in role_data for %s.'
+ % filename)
+ return 1
+ # service_name must match the filename, but with an underscore
+ if (role_data['service_name'] !=
+ os.path.basename(filename).split('.')[0].replace("-", "_")):
+ print('ERROR: service_name should match file name for service: %s.'
+ % filename)
+ return 1
+ if 'parameters' in tpl:
+ for param in required_params:
+ if param not in tpl['parameters']:
+ print('ERROR: parameter %s is required for %s.'
+ % (param, filename))
+ return 1
+ return 0
+
+
def validate(filename):
print('Validating %s' % filename)
+ retval = 0
try:
tpl = yaml.load(open(filename).read())
+
+ if (filename.startswith('./puppet/services/') and
+ filename != './puppet/services/services.yaml'):
+ retval = validate_service(filename, tpl)
+
except Exception:
print(traceback.format_exc())
return 1
# yaml is OK, now walk the parameters and output a warning for unused ones
- for p in tpl.get('parameters', {}):
- str_p = '\'%s\'' % p
- in_resources = str_p in str(tpl.get('resources', {}))
- in_outputs = str_p in str(tpl.get('outputs', {}))
- if not in_resources and not in_outputs:
- print('Warning: parameter %s in template %s appears to be unused'
- % (p, filename))
+ if 'heat_template_version' in tpl:
+ for p in tpl.get('parameters', {}):
+ if p in required_params:
+ continue
+ str_p = '\'%s\'' % p
+ in_resources = str_p in str(tpl.get('resources', {}))
+ in_outputs = str_p in str(tpl.get('outputs', {}))
+ if not in_resources and not in_outputs:
+ print('Warning: parameter %s in template %s '
+ 'appears to be unused' % (p, filename))
- return 0
+ return retval
if len(sys.argv) < 2:
exit_usage()
@@ -50,7 +88,7 @@ for base_path in path_args:
if os.path.isdir(base_path):
for subdir, dirs, files in os.walk(base_path):
for f in files:
- if f.endswith('.yaml'):
+ if f.endswith('.yaml') and not f.endswith('.j2.yaml'):
file_path = os.path.join(subdir, f)
failed = validate(file_path)
if failed: