diff options
347 files changed, 19260 insertions, 9516 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index c7816b7e..ae747621 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -41,17 +41,17 @@ root_template: overcloud.yaml root_environment: overcloud-resource-registry-puppet.yaml topics: - - title: Basic Configuration + - title: Base Resources Configuration description: environment_groups: - title: - description: Enable basic configuration required for OpenStack Deployment + description: Enable base configuration for all resources required for OpenStack Deployment environments: - file: overcloud-resource-registry-puppet.yaml - title: Default Configuration + title: Base resources configuration description: - - title: Deployment options + - title: Deployment Options description: environment_groups: - title: High Availability @@ -62,6 +62,15 @@ topics: description: Enable configuration of an Overcloud controller with Pacemaker requires: - overcloud-resource-registry-puppet.yaml + - title: Pacemaker options + description: + environments: + - file: environments/puppet-pacemaker-no-restart.yaml + title: Pacemaker No Restart + description: + requires: + - environments/puppet-pacemaker.yaml + - overcloud-resource-registry-puppet.yaml - title: Docker RDO description: > Docker container with heat agents for containerized compute node @@ -71,26 +80,114 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + - title: Enable TLS + description: > + environments: + - file: environments/enable-tls.yaml + title: TLS + description: > + Use this option to pass in certificates for SSL deployments. + For these values to take effect, one of the TLS endpoints + environments must also be used. + requires: + - overcloud-resource-registry-puppet.yaml + - title: TLS Endpoints + description: > + environments: + - file: environments/tls-endpoints-public-dns.yaml + title: SSL-enabled deployment with DNS name as public endpoint + description: > + Use this environment when deploying an SSL-enabled overcloud where the public + endpoint is a DNS name. + requires: + - environments/enable-tls.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/tls-endpoints-public-ip.yaml + title: SSL-enabled deployment with IP address as public endpoint + description: > + Use this environment when deploying an SSL-enabled overcloud where the public + endpoint is an IP address. + requires: + - environments/enable-tls.yaml + - overcloud-resource-registry-puppet.yaml + - title: External load balancer + description: > + Enable external load balancer + environments: + - file: environments/external-loadbalancer-vip-v6.yaml + title: External load balancer IPv6 + description: > + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/external-loadbalancer-vip.yaml + title: External load balancer IPv4 + description: > + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Additional Services + description: Deploy additional Overcloud services + environment_groups: + - title: Manila + description: + environments: + - file: environments/manila-generic-config.yaml + title: Manila + description: Enable Manila generic driver backend + requires: + - overcloud-resource-registry-puppet.yaml + - title: Sahara + description: + environments: + - file: environments/services/sahara.yaml + title: Sahara + description: Deploy Sahara service + requires: + - overcloud-resource-registry-puppet.yaml + - title: Ironic + description: + environments: + - file: environments/services/ironic.yaml + title: Ironic + description: Deploy Ironic service + requires: + - overcloud-resource-registry-puppet.yaml + - title: Mistral + description: + environments: + - file: environments/services/mistral.yaml + title: Mistral + description: Deploy Mistral service + requires: + - overcloud-resource-registry-puppet.yaml # - title: Network Interface Configuration # description: # environment_groups: - - title: Overlay network Configuration + - title: Overlay Network Configuration description: environment_groups: - title: Network Isolation - description: > - Enable the creation of Neutron networks for - isolated Overcloud traffic and configure each role to assign ports - (related to that role) on these networks. + description: environments: - file: environments/network-isolation.yaml title: Network Isolation - description: Enable Network Isolation + description: > + Enable the creation of Neutron networks for + isolated Overcloud traffic and configure each role to assign ports + (related to that role) on these networks. requires: - overcloud-resource-registry-puppet.yaml - - title: Single nic or Bonding + - file: environments/network-isolation-v6.yaml + title: Network Isolation IPv6 + description: > + Enable the creation of IPv6 Neutron networks for isolated Overcloud + traffic and configure each role to assign ports (related + to that role) on these networks. + requires: + - overcloud-resource-registry-puppet.yaml + - title: Single NIC or Bonding description: > Configure roles to use pair of bonded nics or to use Vlans on a single nic. This option assumes use of Network Isolation. @@ -104,23 +201,105 @@ topics: requires: - environments/network-isolation.yaml - overcloud-resource-registry-puppet.yaml + - file: environments/net-bond-with-vlans-no-external.yaml + title: Bond with Vlans No External Ports + description: > + Configure each role to use a pair of bonded nics (nic2 and + nic3) and configures an IP address on each relevant isolated network + for each role. This option assumes use of Network Isolation. + Sets external ports to noop. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-bond-with-vlans-v6.yaml + title: Bond with Vlans IPv6 + description: > + Configure each role to use a pair of bonded nics (nic2 and + nic3) and configures an IP address on each relevant isolated network + for each role, with IPv6 on the External network. + This option assumes use of Network Isolation IPv6. + requires: + - environments/network-isolation-v6.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-multiple-nics.yaml + title: Multiple NICs + description: > + Configures each role to use a separate NIC for + each isolated network. + This option assumes use of Network Isolation. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-multiple-nics-v6.yaml + title: Multiple NICs IPv6 + description: > + Configure each role to use a separate NIC for + each isolated network with IPv6 on the External network. + This option assumes use of Network Isolation IPv6. + requires: + - environments/network-isolation-v6.yaml + - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans.yaml - title: Single nic with Vlans + title: Single NIC with Vlans + description: > + Configure each role to use Vlans on a single NIC for + each isolated network. This option assumes use of Network Isolation. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-single-nic-with-vlans-no-external.yaml + title: Single NIC with Vlans No External Ports + description: > + Configure each role to use Vlans on a single NIC for + each isolated network. This option assumes use of Network Isolation. + Sets external ports to noop. + requires: + - environments/network-isolation.yaml + - overcloud-resource-registry-puppet.yaml + - file: environments/net-single-nic-linux-bridge-with-vlans.yaml + title: Single NIC with Linux Bridge Vlans description: > - Configure each role to use Vlans on a single nic for + Configure each role to use Vlans on a single NIC for each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - overcloud-resource-registry-puppet.yaml + - file: environments/net-single-nic-with-vlans-v6.yaml + title: Single NIC with Vlans IPv6 + description: > + Configures each role to use Vlans on a single NIC for + each isolated network with IPv6 on the External network. + This option assumes use of Network Isolation IPv6 + requires: + - environments/network-isolation-v6.yaml + - overcloud-resource-registry-puppet.yaml + - title: Management Network + description: > + Enable the creation of a system management network. This + creates a Neutron network for isolated Overcloud + system management traffic and configures each role to + assign a port (related to that role) on that network. + environments: + - file: environments/network-management.yaml + title: Management Network + description: + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/network-management-v6.yaml + title: Management Network IPv6 + description: + requires: + - overcloud-resource-registry-puppet.yaml - title: Neutron Plugin Configuration description: environment_groups: - - title: BigSwitch extensions or Cisco N1KV backend - description: + - title: Neutron Plugins + description: > + Enable various Neutron plugins and backends environments: - file: environments/neutron-ml2-bigswitch.yaml - title: BigSwitch extensions + title: BigSwitch Extensions description: > Enable Big Switch extensions, configured via puppet requires: @@ -131,28 +310,101 @@ topics: Enable a Cisco N1KV backend, configured via puppet requires: - overcloud-resource-registry-puppet.yaml - - title: Cisco Neutron plugin - description: > - Enable a Cisco Neutron plugin - environments: - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml title: Cisco Neutron plugin description: requires: - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-midonet.yaml + title: Deploy MidoNet Services + description: + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-nuage-config.yaml + title: Neutron Nuage backend + description: Enables Neutron Nuage backend on the controller + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-opencontrail.yaml + title: OpenContrail Extensions + description: Enables OpenContrail extensions + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-opendaylight.yaml + title: OpenDaylight + description: Enables OpenDaylight + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-opendaylight-l3.yaml + title: OpenDaylight with L3 DVR + description: Enables OpenDaylight with L3 DVR + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-ovs-dpdk.yaml + title: DPDK with OVS + description: Deploy DPDK with OVS + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-ovs-dvr.yaml + title: DVR + description: Enables DVR in the Overcloud + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-plumgrid.yaml + title: PLUMgrid extensions + description: Enables PLUMgrid extensions + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Nova Extensions + description: + environment_groups: + - title: Nova Extensions + description: + environments: + - file: environments/nova-nuage-config.yaml + title: Nuage backend + description: > + Enables Nuage backend on the Compute + requires: + - overcloud-resource-registry-puppet.yaml - title: Storage description: environment_groups: - - title: Cinder NetApp backend + - title: Cinder backup service + description: + environments: + - file: environments/cinder-backup.yaml + title: Cinder backup service + description: > + OpenStack Cinder Backup service with Pacemaker configured + with Puppet + requires: + - environments/puppet-pacemaker.yaml + - overcloud-resource-registry-puppet.yaml + - title: Cinder backend description: > - Enable a Cinder NetApp backend, configured via puppet + Enable various Cinder backends environments: - file: environments/cinder-netapp-config.yaml title: Cinder NetApp backend description: requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-dellsc-config.yaml + title: Cinder Dell Storage Center ISCSI backend + description: > + Enables a Cinder Dell Storage Center ISCSI backend, configured + via puppet + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-eqlx-config.yaml + title: Cinder EQLX backend + description: > + Enables a Cinder EQLX backend, configured via puppet + requires: + - overcloud-resource-registry-puppet.yaml - title: Externally managed Ceph description: > Enable the use of an externally managed Ceph cluster @@ -224,3 +476,31 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + - title: Manage Firewall + description: + environments: + - file: environments/manage-firewall.yaml + title: Manage Firewall + description: + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Operational Tools + description: + environment_groups: + - title: Monitoring agents + description: Enable monitoring agents + environments: + - file: environments/monitoring-environment.yaml + title: enable monitoring agents + description: + requires: + - overcloud-resource-registry-puppet.yaml + - title: Centralized logging support + description: Enable centralized logging clients (fluentd) + environments: + - file: environments/logging-environment.yaml + title: Enable fluentd client + description: + requires: + - overcloud-resource-registry-puppet.yaml diff --git a/default_passwords.yaml b/default_passwords.yaml new file mode 100644 index 00000000..7a47f443 --- /dev/null +++ b/default_passwords.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2016-10-14 + +description: Passwords we manage at the top level + +parameters: + DefaultMysqlRootPassword: + type: string + DefaultRabbitCookie: + type: string + DefaultHeatAuthEncryptionKey: + type: string + DefaultPcsdPassword: + type: string + DefaultHorizonSecret: + type: string + +outputs: + passwords: + description: Password data + value: + mysql_root_password: {get_param: DefaultMysqlRootPassword} + rabbit_cookie: {get_param: DefaultRabbitCookie} + heat_auth_encryption_key: {get_param: DefaultHeatAuthEncryptionKey} + pcsd_password: {get_param: DefaultPcsdPassword} + horizon_secret: {get_param: DefaultHorizonSecret} diff --git a/deployed-server/README.rst b/deployed-server/README.rst new file mode 100644 index 00000000..ce74e77b --- /dev/null +++ b/deployed-server/README.rst @@ -0,0 +1,129 @@ +TripleO with Deployed Servers +============================= + +The deployed-server set of templates can be used to deploy TripleO via +tripleo-heat-templates to servers that are already installed with a base +operating system. + +When OS::TripleO::Server is mapped to the deployed-server.yaml template via the +provided deployed-server-environment.yaml resource registry, Nova and Ironic +are not used to create any server instances. Heat continues to create the +SoftwareDeployment resources, and they are made available to the already +deployed and running servers. + +Template Usage +-------------- +To use these templates pass the included environment file to the deployment +command:: + + -e deployed-server/deployed-server-environment.yaml + +Deployed Server configuration +----------------------------- +It is currently assumed that the deployed servers being used have the required +set of software and packages already installed on them. These exact +requirements must match how such a server would look if it were deployed the +standard way via Ironic using the TripleO overcloud-full image. + +An easy way to help get this setup for development is to use an overcloud-full +image from an already existing TripleO setup. Create the vm's for the already +deployed server, and use the overcloud-full image as their disk. + +Each server must have a fqdn set that resolves to an IP address on a routable +network (e.g., the hostname should not resolve to 127.0.0.1). The hostname +will be detected on each server via the hostnamectl --static command. + +Each server also must have a route to the configured IP address on the +undercloud where the OpenStack services are listening. This is the value for +local_ip in the undercloud.conf. + +It's recommended that each server have at least 2 nic's. One used for external +management such as ssh, and one used for the OpenStack deployment itself. Since +the overcloud deployment will reconfigure networking on the configured nic to +be used by OpenStack, the external management nic is needed as a fallback so +that all connectivity is not lost in case of a configuration error. Be sure to +use correct nic config templates as needed, since the nodes will not receive +dhcp from the undercloud neutron-dhcp-agent service. + +For example, the net-config-static-bridge.yaml template could be used for +controllers, and the net-config-static.yaml template could be used for computes +by specifying: + +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: /home/stack/deployed-server/tripleo-heat-templates/net-config-static-bridge.yaml + OS::TripleO::Compute::Net::SoftwareConfig: /home/stack/deployed-server/tripleo-heat-templates/net-config-static.yaml + +In a setup where the first nic on the servers is used for external management, +set the nic's to be used for OpenStack to nic2: + +parameter_defaults: + NeutronPublicInterface: nic2 + HypervisorNeutronPublicInterface: nic2 + +The above nic config templates also require a route to the ctlplane network to +be defined. Define the needed parameters as necessary for your environment, for +example: + +parameter_defaults: + ControlPlaneDefaultRoute: 192.168.122.130 + ControlPlaneSubnetCidr: "24" + EC2MetadataIp: "192.0.2.1" + +In this example, 192.168.122.130 is the external management IP of an +undercloud, thus it is the default route for the configured local_ip value of +192.0.2.1. + + +os-collect-config +----------------- +os-collect-config on each deployed server must be manually configured to poll +the Heat API for the available SoftwareDeployments. An example configuration +for /etc/os-collect-config.conf looks like: + + [DEFAULT] + collectors=heat + command=os-refresh-config + + [heat] + # you can get these values from stackrc on the undercloud + user_id=<a user that can connect to heat> # note this must be the ID, not the username + password=<a password> + auth_url=<keystone url> + project_id=<project_id> # note, this must be the ID, not project name + stack_id=<stack_id> + resource_name=<resource_name> + +Note that the stack_id value is the id of the nested stack containing the +resource (identified by resource_name) implemented by the deployed-server.yaml +templates. + +Once the configuration for os-collect-config has been defined, the service +needs to be restarted. Once restarted, it will start polling Heat and applying +the SoftwareDeployments. + +A sample script at deployed-server/scripts/get-occ-config.sh is included that +will automatically generate the os-collect-config configuration needed on each +server, ssh to each server, copy the configuration, and restart the +os-collect-config service. + +.. warning:: + The get-occ-config.sh script is not intended for production use, as it + copies admin credentials to each of the deployed nodes. + +The script can only be used once the stack id's of the nested deployed-server +stacks have been created via Heat. This usually only takes a couple of minutes +once the deployment command has been started. Once the following output is seen +from the deployment command, the script should be ready to run: + + [Controller]: CREATE_IN_PROGRESS state changed + [NovaCompute]: CREATE_IN_PROGRESS state changed + +The user running the script must be able to ssh as root to each server. Define +the hostnames of the deployed servers you intend to use for each role type:: + + export controller_hosts="controller0 controller1 controller2" + export compute_hosts="compute0" + +Then run the script on the undercloud with a stackrc file sourced, and +the script will copy the needed os-collect-config.conf configuration to each +server and restart the os-collect-config service. diff --git a/deployed-server/ctlplane-port.yaml b/deployed-server/ctlplane-port.yaml new file mode 100644 index 00000000..eb10fba0 --- /dev/null +++ b/deployed-server/ctlplane-port.yaml @@ -0,0 +1,23 @@ +heat_template_version: 2014-10-16 + +parameters: + Hostname: + type: string + +resources: + + ControlPlanePort: + type: OS::Neutron::Port + properties: + network: ctlplane + name: + list_join: + - '-' + - - {get_param: Hostname} + - ctlplane + - port + replacement_policy: AUTO + +outputs: + ip_address: + value: {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]} diff --git a/deployed-server/deployed-server-config.yaml b/deployed-server/deployed-server-config.yaml new file mode 100644 index 00000000..8c59dc72 --- /dev/null +++ b/deployed-server/deployed-server-config.yaml @@ -0,0 +1,22 @@ +heat_template_version: 2014-10-16 +parameters: + user_data_format: + type: string + default: SOFTWARE_CONFIG + +resources: + # We just need something which returns a unique ID, but we can't + # use RandomString because RefId returns the value, not the physical + # resource ID, SoftwareConfig should work as it returns a UUID + deployed-server-config: + type: OS::Heat::SoftwareConfig + +outputs: + # FIXME(shardy) this is needed because TemplateResource returns an + # ARN not a UUID, which overflows the Deployment server_id column.. + user_data_format: + value: SOFTWARE_CONFIG + OS::stack_id: + value: {get_resource: deployed-server-config} + + diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml new file mode 100644 index 00000000..da5698e5 --- /dev/null +++ b/deployed-server/deployed-server.yaml @@ -0,0 +1,115 @@ +heat_template_version: 2014-10-16 +parameters: + image: + type: string + default: unused + flavor: + type: string + default: unused + key_name: + type: string + default: unused + security_groups: + type: json + default: [] + # Require this so we can validate the parent passes the + # correct value + user_data_format: + type: string + user_data: + type: string + default: '' + name: + type: string + default: '' + image_update_policy: + type: string + default: '' + networks: + type: comma_delimited_list + default: '' + metadata: + type: json + default: {} + software_config_transport: + default: POLL_SERVER_CFN + type: string + scheduler_hints: + type: json + description: Optional scheduler hints to pass to nova + default: {} + +resources: + # We just need something which returns a unique ID, but we can't + # use RandomString because RefId returns the value, not the physical + # resource ID, SoftwareConfig should work as it returns a UUID + deployed-server: + type: OS::TripleO::DeployedServerConfig + properties: + user_data_format: SOFTWARE_CONFIG + + InstanceIdConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + instance-id: {get_attr: [deployed-server, "OS::stack_id"]} + + InstanceIdDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: InstanceIdConfig} + server: {get_resource: deployed-server} + + HostsEntryConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + set -eux + mkdir -p $heat_outputs_path + host=$(hostnamectl --static) + echo -n "$host " > $heat_outputs_path.hosts_entry + host_ip=$(python -c "import socket; print socket.gethostbyname(\"$host\")") + echo -n "$host_ip " >> $heat_outputs_path.hosts_entry + echo >> $heat_outputs_path.hosts_entry + cat $heat_outputs_path.hosts_entry + echo -n $host_ip > $heat_outputs_path.ip_address + cat $heat_outputs_path.ip_address + echo -n $host > $heat_outputs_path.hostname + cat $heat_outputs_path.hostname + outputs: + - name: hosts_entry + description: hosts_entry + - name: ip_address + description: ip_address + - name: hostname + description: hostname + + HostsEntryDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: HostsEntryConfig} + server: {get_resource: deployed-server} + + ControlPlanePort: + type: OS::TripleO::DeployedServer::ControlPlanePort + properties: + Hostname: {get_attr: [HostsEntryDeployment, hostname]} + +outputs: + # FIXME(shardy) this is needed because TemplateResource returns an + # ARN not a UUID, which overflows the Deployment server_id column.. + OS::stack_id: + value: {get_attr: [deployed-server, "OS::stack_id"]} + networks: + value: + ctlplane: + - {get_attr: [ControlPlanePort, ip_address]} + name: + value: {get_attr: [HostsEntryDeployment, hostname]} + hosts_entry: + value: {get_attr: [HostsEntryDeployment, hosts_entry]} + ip_address: + value: {get_attr: [HostsEntryDeployment, ip_address]} diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh new file mode 100755 index 00000000..2c01174e --- /dev/null +++ b/deployed-server/scripts/get-occ-config.sh @@ -0,0 +1,113 @@ +#!/bin/bash + +set -eux + +SLEEP_TIME=5 + +CONTROLLER_HOSTS=${CONTROLLER_HOSTS:-""} +COMPUTE_HOSTS=${COMPUTE_HOSTS:-""} +BLOCKSTORAGE_HOSTS=${BLOCKSTORAGE_HOSTS:-""} +OBJECTSTORAGE_HOSTS=${OBJECTSTORAGE_HOSTS:-""} +CEPHSTORAGE_HOSTS=${CEPHSTORAGE_HOSTS:-""} +SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"~/.ssh/id_rsa"} +SSH_OPTIONS="-tt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Verbose -o PasswordAuthentication=no -o ConnectionAttempts=32" + +read -a Controller_hosts_a <<< $CONTROLLER_HOSTS +read -a Compute_hosts_a <<< $COMPUTE_HOSTS +read -a BlockStorage_hosts_a <<< $BLOCKSTORAGE_HOSTS +read -a ObjectStorage_hosts_a <<< $OBJECTSTORAGE_HOSTS +read -a CephStorage_hosts_a <<< $CEPHSTORAGE_HOSTS + +roles="Controller Compute BlockStorage ObjectStorage CephStorage" +admin_user_id=$(openstack user show admin -c id -f value) +admin_project_id=$(openstack project show admin -c id -f value) + +function check_stack { + local stack_to_check=$1 + + if [ "$stack_to_check" = "|" ]; then + echo Stack not created + return 1 + fi + + echo Checking if $1 stack is created + set +e + heat resource-list $stack_to_check + rc=$? + set -e + + if [ ! "$rc" = "0" ]; then + echo Stack $1 not yet created + fi + + return $rc +} + + +for role in $roles; do + while ! check_stack overcloud; do + sleep $SLEEP_TIME + done + + rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}') + while ! check_stack $rg_stack; do + sleep $SLEEP_TIME + rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}') + done + + stacks=$(heat resource-list $rg_stack | grep OS::TripleO::$role | awk '{print $4}') + + i=0 + + for stack in $stacks; do + server_resource_name=$role + if [ "$server_resource_name" = "Compute" ]; then + server_resource_name="NovaCompute" + fi + + server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}') + while ! check_stack $server_stack; do + sleep $SLEEP_TIME + server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}') + done + + deployed_server_stack=$(heat resource-list $server_stack | grep "deployed-server" | awk '{print $4}') + + echo "======================" + echo "$role$i os-collect-config.conf configuration:" + + config=" +[DEFAULT] +collectors=heat +command=os-refresh-config +polling_interval=30 + +[heat] +user_id=$admin_user_id +password=$OS_PASSWORD +auth_url=$OS_AUTH_URL +project_id=$admin_project_id +stack_id=$deployed_server_stack +resource_name=deployed-server-config" + + echo "$config" + echo "======================" + echo + + + host= + eval host=\${${role}_hosts_a[i]} + if [ -n "$host" ]; then + # Delete the os-collect-config.conf template so our file won't get + # overwritten + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo /bin/rm -f /usr/libexec/os-apply-config/templates/etc/os-collect-config.conf + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host "echo \"$config\" > os-collect-config.conf" + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo cp os-collect-config.conf /etc/os-collect-config.conf + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl restart os-collect-config + fi + + let i+=1 + + done + +done diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml index 3c4a9413..60b831be 100644 --- a/docker/compute-post.yaml +++ b/docker/compute-post.yaml @@ -5,8 +5,8 @@ description: > parameters: servers: type: json - NodeConfigIdentifiers: - type: json + DeployIdentifier: + type: string description: Value which changes if the node configuration may need to be re-applied DockerNamespace: type: string @@ -38,6 +38,14 @@ parameters: NeutronOpenvswitchAgentOvsVolume: type: string default: " " + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' + RoleData: + type: json + default: {} + resources: @@ -56,7 +64,11 @@ resources: outputs: - name: result config: - get_file: ../puppet/manifests/overcloud_compute.pp + list_join: + - '' + - - get_file: ../puppet/manifests/overcloud_compute.pp + - {get_param: StepConfig} + ComputePuppetDeployment: type: OS::Heat::SoftwareDeployments @@ -65,7 +77,7 @@ resources: servers: {get_param: servers} config: {get_resource: ComputePuppetConfig} input_values: - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} tripleo::packages::enable_install: True CopyEtcConfig: diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml index 2858552f..f6d61e2d 100644 --- a/docker/firstboot/install_docker_agents.yaml +++ b/docker/firstboot/install_docker_agents.yaml @@ -6,7 +6,7 @@ parameters: default: heat-docker-agents DockerNamespace: type: string - default: kollaglue + default: tripleoupstream DockerNamespaceIsRegistry: type: boolean default: false diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index cb8b2a5d..65c4e6dc 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -1,14 +1,38 @@ #!/bin/bash set -eux -# firstboot isn't split out by role yet so we handle it this way -if ! hostname | grep compute &>/dev/null; then - echo "Exiting. This script is only for the compute role." - exit 0 +/sbin/setenforce 0 +/sbin/modprobe ebtables + +# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes +chmod 666 /dev/pts/ptmx + +# We need hostname -f to return in a centos container for the puppet hook +HOSTNAME=$(hostname) +echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts + +# update docker for local insecure registry(optional) +# Note: This is different for different docker versions +# For older docker versions < 1.4.x use commented line +#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker +#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker + +# Local docker registry 1.8 +if [ $docker_namespace_is_registry ]; then + /usr/bin/systemctl stop docker.service + # if namespace is used with local registry, trim all namespacing + trim_var=$docker_registry + registry_host="${trim_var%%/*}" + /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry[ ]'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker + /usr/bin/systemctl start --no-block docker.service fi +/usr/bin/docker pull $agent_image & +DOCKER_PULL_PID=$! + mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container + # heat-docker-agents service cat <<EOF > /etc/systemd/system/heat-docker-agents.service @@ -22,7 +46,6 @@ User=root Restart=on-failure ExecStartPre=-/usr/bin/docker kill heat-agents ExecStartPre=-/usr/bin/docker rm heat-agents -ExecStartPre=/usr/bin/docker pull $agent_image ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image ExecStop=/usr/bin/docker stop heat-agents @@ -31,30 +54,6 @@ WantedBy=multi-user.target EOF -# update docker for local insecure registry(optional) -# Note: This is different for different docker versions -# For older docker versions < 1.4.x use commented line -#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker -#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker - -# Local docker registry 1.8 -if [ $docker_namespace_is_registry ]; then - # if namespace is used with local registry, trim all namespacing - trim_var=$docker_registry - registry_host="${trim_var%%/*}" - /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker -fi - -/sbin/setenforce 0 -/sbin/modprobe ebtables - -# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes -chmod 666 /dev/pts/ptmx - -# We need hostname -f to return in a centos container for the puppet hook -HOSTNAME=$(hostname) -echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts - # enable and start heat-docker-agents chmod 0640 /etc/systemd/system/heat-docker-agents.service /usr/bin/systemctl enable heat-docker-agents.service @@ -82,3 +81,5 @@ AUTO_EXTEND_POOL=yes POOL_AUTOEXTEND_PERCENT=30 POOL_AUTOEXTEND_THRESHOLD=70 EOF + +wait $DOCKER_PULL_PID diff --git a/environments/ceph-radosgw.yaml b/environments/ceph-radosgw.yaml new file mode 100644 index 00000000..a9221a2a --- /dev/null +++ b/environments/ceph-radosgw.yaml @@ -0,0 +1,5 @@ +resource_registry: + OS::TripleO::Services::CephRgw: ../puppet/services/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None diff --git a/environments/cinder-backup.yaml b/environments/cinder-backup.yaml new file mode 100644 index 00000000..f01fcbd9 --- /dev/null +++ b/environments/cinder-backup.yaml @@ -0,0 +1,4 @@ +resource_registry: + OS::TripleO::Services::CinderBackup: ../puppet/services/pacemaker/cinder-backup.yaml + # For non-pcmk managed implementation + # OS::TripleO::Services::CinderBackup: ../puppet/services/cinder-backup.yaml
\ No newline at end of file diff --git a/environments/deployed-server-environment.yaml b/environments/deployed-server-environment.yaml new file mode 100644 index 00000000..c63d399a --- /dev/null +++ b/environments/deployed-server-environment.yaml @@ -0,0 +1,4 @@ +resource_registry: + OS::TripleO::Server: ../deployed-server/deployed-server.yaml + OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml + OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/ctlplane-port.yaml diff --git a/environments/deployed-server-noop-ctlplane.yaml b/environments/deployed-server-noop-ctlplane.yaml new file mode 100644 index 00000000..cfda314d --- /dev/null +++ b/environments/deployed-server-noop-ctlplane.yaml @@ -0,0 +1,4 @@ +resource_registry: + OS::TripleO::Server: ../deployed-server/deployed-server.yaml + OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml + OS::TripleO::DeployedServer::ControlPlanePort: OS::Heat::None diff --git a/environments/docker.yaml b/environments/docker.yaml index a7e2504c..c03d8511 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -5,8 +5,6 @@ resource_registry: parameter_defaults: NovaImage: atomic-image - -parameter_defaults: # Defaults to 'tripleoupstream'. Specify a local docker registry # Example: 192.0.2.1:8787/tripleoupstream DockerNamespace: tripleoupstream diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index b4c3f08b..39ded654 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -1,52 +1,12 @@ +# Use this environment to pass in certificates for SSL deployments. +# For these values to take effect, one of the tls-endpoints-*.yaml environments +# must also be used. parameter_defaults: SSLCertificate: | The contents of your certificate go here SSLIntermediateCertificate: '' SSLKey: | The contents of the private key go here - EndpointMap: - AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} - AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} - AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} - CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} - CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} - CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} - CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} - CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} - CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} - GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} - GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} - GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} - GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} - GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} - GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} - GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} - HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} - HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} - HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} - HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} - HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} - HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} - HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} - KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} - KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} - KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} - MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} - NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} - NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} - NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} - NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} - NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} - NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} - NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} - NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} - NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} - SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} - SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} - SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} - SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} resource_registry: OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml new file mode 100644 index 00000000..cee4ae4a --- /dev/null +++ b/environments/hyperconverged-ceph.yaml @@ -0,0 +1,11 @@ +# If not using an isolated StorageMgmt network, the following regitry mapping +# should be commented. +resource_registry: + OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + +parameter_defaults: + ComputeServices: + - OS::TripleO::Services::CephOSD + +parameter_merge_strategies: + ComputeServices: merge
\ No newline at end of file diff --git a/environments/inject-trust-anchor-hiera.yaml b/environments/inject-trust-anchor-hiera.yaml new file mode 100644 index 00000000..b4908c1b --- /dev/null +++ b/environments/inject-trust-anchor-hiera.yaml @@ -0,0 +1,8 @@ +parameter_defaults: + CAMap: + first-ca-name: + content: | + The content of the CA cert goes here + second-ca-name: + content: | + The content of the CA cert goes here diff --git a/environments/ips-from-pool-all.yaml b/environments/ips-from-pool-all.yaml index f660d501..87563753 100644 --- a/environments/ips-from-pool-all.yaml +++ b/environments/ips-from-pool-all.yaml @@ -5,30 +5,36 @@ resource_registry: OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool.yaml OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml + # Management network is optional and disabled by default + #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_from_pool.yaml OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage_from_pool.yaml OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml + #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management_from_pool.yaml OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage_from_pool.yaml OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management_from_pool.yaml OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage_from_pool.yaml OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management_from_pool.yaml OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage_from_pool.yaml OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool.yaml OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management_from_pool.yaml parameter_defaults: ControllerIPs: @@ -43,6 +49,8 @@ parameter_defaults: - 172.16.3.251 tenant: - 172.16.0.251 + #management: + #- 172.16.4.251 NovaComputeIPs: # Each compute will get an IP from the lists below, first compute, first IP internal_api: @@ -51,12 +59,16 @@ parameter_defaults: - 172.16.1.252 tenant: - 172.16.0.252 + #management: + #- 172.16.4.252 CephStorageIPs: # Each ceph node will get an IP from the lists below, first node, first IP storage: - 172.16.1.253 storage_mgmt: - 172.16.3.253 + #management: + #- 172.16.4.253 SwiftStorageIPs: # Each swift node will get an IP from the lists below, first node, first IP internal_api: @@ -65,6 +77,8 @@ parameter_defaults: - 172.16.1.254 storage_mgmt: - 172.16.3.254 + #management: + #- 172.16.4.254 BlockStorageIPs: # Each cinder node will get an IP from the lists below, first node, first IP internal_api: @@ -73,3 +87,5 @@ parameter_defaults: - 172.16.1.250 storage_mgmt: - 172.16.3.250 + #management: + #- 172.16.4.250 diff --git a/environments/logging-environment.yaml b/environments/logging-environment.yaml new file mode 100644 index 00000000..eefa7026 --- /dev/null +++ b/environments/logging-environment.yaml @@ -0,0 +1,29 @@ +## A Heat environment file which can be used to set up +## logging agents + +resource_registry: + OS::TripleO::Services::FluentdClient: ../puppet/services/logging/fluentd-client.yaml + +parameter_defaults: + +## Simple configuration +# +# LoggingServers: +# - host: log0.example.com +# port: 24224 +# - host: log1.example.com +# port: 24224 +# +## Example SSL configuration +## (note the use of port 24284 for ssl connections) +# +# LoggingServers: +# - host: 192.0.2.11 +# port: 24284 +# LoggingUsesSSL: true +# LoggingSharedKey: secret +# LoggingSSLCertificate: | +# -----BEGIN CERTIFICATE----- +# ...certificate data here... +# -----END CERTIFICATE----- + diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml new file mode 100644 index 00000000..ad428686 --- /dev/null +++ b/environments/low-memory-usage.yaml @@ -0,0 +1,15 @@ +# Lower the memory usage of overcloud. +parameter_defaults: + CeilometerWorkers: 1 + CinderWorkers: 1 + GlanceWorkers: 1 + HeatWorkers: 1 + KeystoneWorkers: 1 + NeutronWorkers: 1 + NovaWorkers: 1 + SaharaWorkers: 1 + SwiftWorkers: 1 + GnocchiMetricdWorkers: 1 + + ApacheMaxRequestWorkers: 32 + ApacheServerLimit: 32 diff --git a/environments/major-upgrade-aodh-migration.yaml b/environments/major-upgrade-aodh-migration.yaml new file mode 100644 index 00000000..9d6ce73e --- /dev/null +++ b/environments/major-upgrade-aodh-migration.yaml @@ -0,0 +1,6 @@ +resource_registry: + # aodh data migration + OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml + + # no-op the rest + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker-init.yaml b/environments/major-upgrade-pacemaker-init.yaml index d98a9cdd..f4f361df 100644 --- a/environments/major-upgrade-pacemaker-init.yaml +++ b/environments/major-upgrade-pacemaker-init.yaml @@ -1,11 +1,6 @@ parameter_defaults: - UpgradeLevelNovaCompute: liberty + UpgradeLevelNovaCompute: mitaka resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml - OS::TripleO::Tasks::PackageUpdate: ../extraconfig/tasks/yum_update_noop.yaml - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker.yaml b/environments/major-upgrade-pacemaker.yaml index 61186bb0..9fb51a4d 100644 --- a/environments/major-upgrade-pacemaker.yaml +++ b/environments/major-upgrade-pacemaker.yaml @@ -1,11 +1,6 @@ parameter_defaults: - UpgradeLevelNovaCompute: liberty + UpgradeLevelNovaCompute: mitaka resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker.yaml - OS::TripleO::Tasks::PackageUpdate: ../extraconfig/tasks/yum_update_noop.yaml - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml new file mode 100644 index 00000000..4115d8b2 --- /dev/null +++ b/environments/manila-cephfsnative-config.yaml @@ -0,0 +1,18 @@ +# A Heat environment file which can be used to enable a +# a Manila CephFS Native driver backend. +resource_registry: + OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::Tripleo::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml + + +parameter_defaults: + ManilaCephFSNativeEnableBackend: true + ManilaCephFSNativeBackendName: cephfsnative + ManilaCephFSNativeDriverHandlesShareServers: false + ManilaCephFSNativeCephFSConfPath: '/etc/ceph/cephfs.conf' + ManilaCephFSNativeCephFSAuthId: 'manila' + ManilaCephFSNativeCephFSClusterName: 'ceph' + ManilaCephFSNativeCephFSEnableSnapshots: true diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml new file mode 100644 index 00000000..a847a02b --- /dev/null +++ b/environments/manila-generic-config.yaml @@ -0,0 +1,25 @@ +# This environment file enables Manila with the Generic backend. +resource_registry: + OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::Tripleo::Services::ManilaBackendGeneric: ../puppet/services/manila-backend-generic.yaml + +parameter_defaults: + ManilaServiceInstanceUser: '' + ManilaServiceInstancePassword: '' + ManilaServiceInstanceFlavorId: 2 + ManilaServiceNetworkCidr: '172.16.0.0/16' + ManilaGenericEnableBackend: true + ManilaGenericBackendName: tripleo_generic + ManilaGenericDriverHandlesShareServers: true + ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf' + ManilaGenericVolumeNameTemplate: 'manila-share-%s' + ManilaGenericVolumeSnapshotNameTemplate: 'manila-snapshot-%s' + ManilaGenericShareMountPath: '/shares' + ManilaGenericMaxTimeToCreateVolume: '180' + ManilaGenericMaxTimeToAttach: '120' + ManilaGenericServiceInstanceSmbConfigPath: '$share_mount_path/smb.conf' + ManilaGenericShareVolumeFsType: 'ext4' + ManilaGenericCinderVolumeType: '' diff --git a/environments/manila-netapp-config.yaml b/environments/manila-netapp-config.yaml new file mode 100644 index 00000000..98de6adf --- /dev/null +++ b/environments/manila-netapp-config.yaml @@ -0,0 +1,30 @@ +# This environment file enables Manila with the Netapp backend. +resource_registry: + OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::Tripleo::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml + +parameter_defaults: + ManilaNetappEnableBackend: true + ManilaNetappBackendName: tripleo_netapp + ManilaNetappDriverHandlesShareServers: true + ManilaNetappLogin: '' + ManilaNetappPassword: '' + ManilaNetappServerHostname: '' + ManilaNetappTransportType: 'http' + ManilaNetappStorageFamily: 'ontap_cluster' + ManilaNetappServerPort: 80 + ManilaNetappVolumeNameTemplate: 'share_%(share_id)s' + ManilaNetappVserver: '' + ManilaNetappVserverNameTemplate: 'os_%s' + ManilaNetappLifNameTemplate: 'os_%(net_allocation_id)s' + ManilaNetappAggrNameSearchPattern: '(.*)' + ManilaNetappRootVolumeAggr: '' + ManilaNetappRootVolume: 'root' + ManilaNetappPortNameSearchPattern: '(.*)' + ManilaNetappTraceFlags: '' + ManilaNetappEnabledShareProtocols: 'nfs3, nfs4.0' + ManilaNetappVolumeSnapshotReservePercent: 5 + ManilaNetappSnapmirrorQuiesceTimeout: 3600 diff --git a/environments/monitoring-environment.yaml b/environments/monitoring-environment.yaml new file mode 100644 index 00000000..a8ad2084 --- /dev/null +++ b/environments/monitoring-environment.yaml @@ -0,0 +1,30 @@ +## A Heat environment file which can be used to set up monitoring +## and logging agents + +resource_registry: + OS::TripleO::Services::SensuClient: ../puppet/services/monitoring/sensu-client.yaml + +parameter_defaults: + #### Sensu settings #### + ##MonitoringRabbitHost: 10.10.10.10 + ##MonitoringRabbitPort: 5672 + ##MonitoringRabbitUserName: sensu + ##MonitoringRabbitPassword: sensu + ##MonitoringRabbitUseSSL: false + ##MonitoringRabbitVhost: "/sensu" + ##SensuClientCustomConfig: + ## - api: + ## - warning: 10 + ## critical: 20 + ## openstack: + ## - username: admin + ## password: changeme + ## project_name: admin + ## auth_url: http://controller:5000/v2.0 + ## region_name: RegionOne + + #### EFK settings #### + ## TBD + + #### Grafana/Graphite settings #### + ## TBD diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml index 062c7bee..d0fc9ec6 100644 --- a/environments/network-environment.yaml +++ b/environments/network-environment.yaml @@ -15,14 +15,23 @@ resource_registry: parameter_defaults: # This section is where deployment-specific configuration is done + # CIDR subnet mask length for provisioning network + ControlPlaneSubnetCidr: '24' + # Gateway router for the provisioning network (or Undercloud IP) + ControlPlaneDefaultRoute: 192.0.2.254 + EC2MetadataIp: 192.0.2.1 # Generally the IP of the Undercloud # Customize the IP subnets to match the local environment InternalApiNetCidr: 172.17.0.0/24 StorageNetCidr: 172.18.0.0/24 StorageMgmtNetCidr: 172.19.0.0/24 TenantNetCidr: 172.16.0.0/24 ExternalNetCidr: 10.0.0.0/24 - # CIDR subnet mask length for provisioning network - ControlPlaneSubnetCidr: '24' + # Customize the VLAN IDs to match the local environment + InternalApiNetworkVlanID: 20 + StorageNetworkVlanID: 30 + StorageMgmtNetworkVlanID: 40 + TenantNetworkVlanID: 50 + ExternalNetworkVlanID: 10 # Customize the IP ranges on each network to use for static IPs and VIPs InternalApiAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}] StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}] @@ -32,19 +41,16 @@ parameter_defaults: ExternalAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.50'}] # Gateway router for the external network ExternalInterfaceDefaultRoute: 10.0.0.1 - # Gateway router for the provisioning network (or Undercloud IP) - ControlPlaneDefaultRoute: 192.0.2.254 - # Generally the IP of the Undercloud - EC2MetadataIp: 192.0.2.1 + # Uncomment if using the Management Network (see network-management.yaml) + # ManagementNetCidr: 10.0.1.0/24 + # ManagementAllocationPools: [{'start': '10.0.1.10', 'end', '10.0.1.50'}] + # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates + # ManagementInterfaceDefaultRoute: 10.0.1.1 # Define the DNS servers (maximum 2) for the overcloud nodes DnsServers: ["8.8.8.8","8.8.4.4"] - # Customize the VLAN IDs to match the local environment - InternalApiNetworkVlanID: 10 - StorageNetworkVlanID: 20 - StorageMgmtNetworkVlanID: 30 - TenantNetworkVlanID: 40 - ExternalNetworkVlanID: 50 # Set to empty string to enable multiple external networks or VLANs NeutronExternalNetworkBridge: "''" + # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling. + NeutronTunnelTypes: 'vxlan' # Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100" BondInterfaceOvsOptions: "bond_mode=active-backup" diff --git a/environments/network-isolation.yaml b/environments/network-isolation.yaml index c0420c5c..737d7d36 100644 --- a/environments/network-isolation.yaml +++ b/environments/network-isolation.yaml @@ -1,16 +1,15 @@ # Enable the creation of Neutron networks for isolated Overcloud # traffic and configure each role to assign ports (related # to that role) on these networks. -# Many networks are disabled by default because they are not used -# in a typical configuration. Override via parameter_defaults. resource_registry: OS::TripleO::Network::External: ../network/external.yaml OS::TripleO::Network::InternalApi: ../network/internal_api.yaml OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml OS::TripleO::Network::Storage: ../network/storage.yaml OS::TripleO::Network::Tenant: ../network/tenant.yaml - # Management network is optional and disabled by default - OS::TripleO::Network::Management: OS::Heat::None + # Management network is optional and disabled by default. + # To enable it, include environments/network-management.yaml + #OS::TripleO::Network::Management: ../network/management.yaml # Port assignments for the VIPs OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml @@ -19,13 +18,15 @@ resource_registry: OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml + # Port assignments for service virtual IPs for the controller role + OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml # Port assignments for the controller role OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml - OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/noop.yaml + #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the compute role OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml @@ -33,7 +34,7 @@ resource_registry: OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml - OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/noop.yaml + #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the ceph storage role OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml @@ -41,7 +42,7 @@ resource_registry: OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/noop.yaml + #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the swift storage role OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml @@ -49,7 +50,7 @@ resource_registry: OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/noop.yaml + #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the block storage role OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml @@ -57,7 +58,5 @@ resource_registry: OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/noop.yaml + #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml - # Port assignments for service virtual IPs for the controller role - OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml diff --git a/environments/network-management-v6.yaml b/environments/network-management-v6.yaml new file mode 100644 index 00000000..812e84f3 --- /dev/null +++ b/environments/network-management-v6.yaml @@ -0,0 +1,25 @@ +# Enable the creation of an IPv6 system management network. This +# creates a Neutron network for isolated Overcloud +# system management traffic and configures each role to +# assign a port (related to that role) on that network. +# Note that the basic sample NIC configuration templates +# do not include the management network, see the +# comments in the sample network config templates in +# network/config/ for an example. +resource_registry: + OS::TripleO::Network::Management: ../network/management_v6.yaml + + # Port assignments for the controller role + OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_v6.yaml + + # Port assignments for the compute role + OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management_v6.yaml + + # Port assignments for the ceph storage role + OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml + + # Port assignments for the swift storage role + OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml + + # Port assignments for the block storage role + OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management_v6.yaml diff --git a/environments/network-management.yaml b/environments/network-management.yaml index 2f0cff8b..041617be 100644 --- a/environments/network-management.yaml +++ b/environments/network-management.yaml @@ -4,7 +4,8 @@ # assign a port (related to that role) on that network. # Note that the basic sample NIC configuration templates # do not include the management network, see the -# single-nic-vlans-mgmt templates for an example. +# comments in the sample network config templates in +# network/config/ for an example. resource_registry: OS::TripleO::Network::Management: ../network/management.yaml diff --git a/environments/neutron-midonet.yaml b/environments/neutron-midonet.yaml index 463c1874..c120d0b3 100644 --- a/environments/neutron-midonet.yaml +++ b/environments/neutron-midonet.yaml @@ -3,13 +3,17 @@ resource_registry: OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml OS::TripleO::Controller::Net::SoftwareConfig: ../net-config-linux-bridge.yaml # We have to avoid any ovs bridge. MidoNet is incompatible with its datapath OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + # Override the NeutronCorePlugin to use Nuage + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginMidonet + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-midonet.yaml parameter_defaults: EnableZookeeperOnController: true EnableCassandraOnController: true NeutronCorePlugin: 'midonet.neutron.plugin_v1.MidonetPluginV2' # Overriding default core_plugin in Neutron. Don't touch it NeutronEnableIsolatedMetadata: true # MidoNet 1.9 needs this one to work. Don't change it - NeutronEnableOVSAgent: false # Other available options for MidoNet Services # TunnelZoneName: 'tunnelname' diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml new file mode 100644 index 00000000..821ad0c2 --- /dev/null +++ b/environments/neutron-ml2-ovn.yaml @@ -0,0 +1,18 @@ +# A Heat environment file which can be used to enable OVN +# extensions, configured via puppet +resource_registry: + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml + +parameter_defaults: + NeutronMechanismDrivers: ovn + OVNDbHost: '0.0.0.0' + OVNSouthboundServerPort: 6642 + OVNNorthboundServerPort: 6641 + OVNDbConnectionTimeout: 60 + OVNVifType: ovs + OVNNeutronSyncMode: log + OVNQosDriver: ovn-qos + OVNTunnelEncapType: geneve diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index 0cd49a20..e157ae35 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -1,9 +1,13 @@ # A Heat environment file which can be used to enable a # a Neutron Nuage backend on the controller, configured via puppet resource_registry: - OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + # Override the NeutronCorePlugin to use Nuage + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNuage + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml parameter_defaults: NeutronNuageOSControllerIp: '0.0.0.0' @@ -17,7 +21,6 @@ parameter_defaults: UseForwardedFor: true NeutronCorePlugin: 'neutron.plugins.nuage.plugin.NuagePlugin' NeutronEnableDHCPAgent: false - NeutronEnableOVSAgent: false NeutronServicePlugins: [] NovaOVSBridge: 'alubr0' controllerExtraConfig: diff --git a/environments/neutron-opencontrail.yaml b/environments/neutron-opencontrail.yaml index ceccd132..51575b86 100644 --- a/environments/neutron-opencontrail.yaml +++ b/environments/neutron-opencontrail.yaml @@ -1,17 +1,20 @@ # A Heat environment file which can be used to enable OpenContrail # extensions, configured via puppet resource_registry: - OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + # Override the NeutronCorePlugin to use Nuage + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginOpencontrail + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-opencontrail.yaml parameter_defaults: NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 - NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin - NeutronEnableOVSAgent: false - NeutronEnableTunnelling: false + NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2 + NeutronTunnelTypes: '' # required params: #ContrailApiServerIp: diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml new file mode 100644 index 00000000..d61270b2 --- /dev/null +++ b/environments/neutron-opendaylight-l3.yaml @@ -0,0 +1,14 @@ +# A Heat environment that can be used to deploy OpenDaylight with L3 DVR +resource_registry: + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + +parameter_defaults: + EnableOpenDaylightOnController: true + NeutronEnableForceMetadata: true + NeutronMechanismDrivers: 'opendaylight' + NeutronServicePlugins: "networking_odl.l3.l3_odl.OpenDaylightL3RouterPlugin" + OpenDaylightEnableL3: "'yes'" diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml new file mode 100644 index 00000000..8fa2e542 --- /dev/null +++ b/environments/neutron-opendaylight.yaml @@ -0,0 +1,11 @@ +# A Heat environment that can be used to deploy OpenDaylight +resource_registry: + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml + +parameter_defaults: + EnableOpenDaylightOnController: true + NeutronEnableForceMetadata: true + NeutronMechanismDrivers: 'opendaylight' diff --git a/environments/neutron-ovs-dpdk.yaml b/environments/neutron-ovs-dpdk.yaml new file mode 100644 index 00000000..004b8ac0 --- /dev/null +++ b/environments/neutron-ovs-dpdk.yaml @@ -0,0 +1,18 @@ +## A Heat environment that can be used to deploy DPDK with OVS +resource_registry: + OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-dpdk-agent.yaml + +parameter_defaults: + ## NeutronDpdkCoreList and NeutronDpdkMemoryChannels are REQUIRED settings. + ## Attempting to deploy DPDK without appropriate values will cause deployment to fail or lead to unstable deployments. + #NeutronDpdkCoreList: "" + #NeutronDpdkMemoryChannels: "" + + NeutronDatapathType: "netdev" + NeutronVhostuserSocketDir: "/var/run/openvswitch" + + #NeutronDpdkSocketMemory: "" + #NeutronDpdkDriverType: "vfio-pci" + #NovaReservedHostMemory: 4096 + #NovaVcpuPinSet: "" + diff --git a/environments/neutron-ovs-dvr.yaml b/environments/neutron-ovs-dvr.yaml new file mode 100644 index 00000000..b658d3a5 --- /dev/null +++ b/environments/neutron-ovs-dvr.yaml @@ -0,0 +1,39 @@ +# A Heat environment file that enables DVR in the overcloud. +# This works by configuring L3 and Metadata agents on the +# compute nodes. +resource_registry: + OS::TripleO::Services::ComputeNeutronL3Agent: ../puppet/services/neutron-l3-compute-dvr.yaml + OS::TripleO::Services::ComputeNeutronMetadataAgent: ../puppet/services/neutron-metadata.yaml + + # With DVR enabled, the Compute nodes also need the br-ex bridge to be + # connected to a physical network. + OS::TripleO::Compute::Net::SoftwareConfig: ../net-config-bridge.yaml + + # DVR requires a port on the external network for each compute node. + # This will usually match the one currently in use for + # OS::TripleO::Controller::Ports::ExternalPort. + # Please review your network configuration before deploying to ensure that + # this is appropriate. + OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml + +parameter_defaults: + + # DVR requires that the L2 population feature is enabled + NeutronMechanismDrivers: ['openvswitch', 'l2population'] + NeutronEnableL2Pop: 'True' + + # Setting NeutronEnableDVR enables distributed routing support in the + # ML2 plugin and agents that support this feature + NeutronEnableDVR: true + + # We also need to set the proper agent mode for the L3 agent. This will only + # affect the agent on the controller node. + NeutronL3AgentMode: 'dvr_snat' + + # L3 HA isn't supported for DVR enabled routers. If upgrading from a system + # where L3 HA is enabled and has neutron routers configured, it is + # recommended setting this value to true until such time all routers can be + # migrated to DVR routers. Once migration of the routers is complete, + # NeutronL3HA can be returned to false. All new systems should be deployed + # with NeutronL3HA set to false. + NeutronL3HA: false diff --git a/environments/neutron-plumgrid.yaml b/environments/neutron-plumgrid.yaml index 19f51cfc..87946211 100755 --- a/environments/neutron-plumgrid.yaml +++ b/environments/neutron-plumgrid.yaml @@ -1,11 +1,15 @@ # A Heat environment file which can be used to enable PLUMgrid # extensions, configured via puppet resource_registry: - OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml - # PLUMgrid doesn't require dhcp, l3, and metadata agents + # PLUMgrid doesn't require dhcp, l3, metadata, and ovs agents OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + # Override the Neutron core plugin to use PLUMgrid + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginPlumgrid + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-plumgrid.yaml parameter_defaults: NeutronCorePlugin: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2 @@ -25,6 +29,3 @@ parameter_defaults: #Optional Parameters #PLUMgridNeutronPluginVersion: present #PLUMgridPlumlibVersion: present - - # PLUMgrid doesn't require the ovs agent - NeutronEnableOVSAgent: false diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml new file mode 100755 index 00000000..9b7e51f9 --- /dev/null +++ b/environments/neutron-sriov.yaml @@ -0,0 +1,22 @@ +## A Heat environment that can be used to deploy SR-IOV +resource_registry: + OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml + +parameter_defaults: + NeutronMechanismDrivers: ['openvswitch','sriovnicswitch'] + + # Add PciPassthroughFilter to the scheduler default filters + #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] + #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"] + + # Provide the vendorid:productid of the VFs + #NeutronSupportedPCIVendorDevs: ['8086:154c','8086:10ca','8086:1520'] + + #NeutronPhysicalDevMappings: "datacentre:ens20f2" + + # Number of VFs that needs to be configured for a physical interface + #NeutronSriovNumVFs: "ens20f2:5" + + #NovaPCIPassthrough: + # - devname: "ens20f2" + # physical_network: "datacentre" diff --git a/environments/puppet-ceph-devel.yaml b/environments/puppet-ceph-devel.yaml index a2d1100f..9c8abbb4 100644 --- a/environments/puppet-ceph-devel.yaml +++ b/environments/puppet-ceph-devel.yaml @@ -1,6 +1,11 @@ # A Heat environment file which can be used to enable a Ceph # storage cluster using the controller and ceph nodes. # Rbd backends are enabled for Cinder, Glance, Gnocchi and Nova. +resource_registry: + OS::TripleO::Services::CephMon: ../puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../puppet/services/ceph-client.yaml + parameter_defaults: #NOTE: These ID's and keys should be regenerated for # a production deployment. What is here is suitable for @@ -8,9 +13,10 @@ parameter_defaults: CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' NovaEnableRbdBackend: true CinderEnableRbdBackend: true + CinderBackupBackend: ceph GlanceBackend: rbd GnocchiBackend: rbd CinderEnableIscsiBackend: false - ControllerEnableCephStorage: true diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 865e0b98..06e4f7aa 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -1,10 +1,13 @@ # A Heat environment file which can be used to enable the # use of an externally managed Ceph cluster. resource_registry: - OS::TripleO::CephClusterConfig::SoftwareConfig: ../puppet/extraconfig/ceph/ceph-external-config.yaml + OS::TripleO::Services::CephExternal: ../puppet/services/ceph-external.yaml + OS::TripleO::Services::CephMon: OS::Heat::None + OS::TripleO::Services::CephClient: OS::Heat::None + OS::TripleO::Services::CephOSD: OS::Heat::None parameter_defaults: - # NOTE: These example parameters are required when using Ceph External + # NOTE: These example parameters are required when using CephExternal #CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' #CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' #CephExternalMonHost: '172.16.1.7, 172.16.1.8' @@ -12,6 +15,7 @@ parameter_defaults: # the following parameters enable Ceph backends for Cinder, Glance, Gnocchi and Nova NovaEnableRbdBackend: true CinderEnableRbdBackend: true + CinderBackupBackend: ceph GlanceBackend: rbd GnocchiBackend: rbd # If the Ceph pools which host VMs, Volumes and Images do not match these @@ -25,3 +29,6 @@ parameter_defaults: # finally we disable the Cinder LVM backend CinderEnableIscsiBackend: false + + # Backward compatibility setting, will be removed in the future + CephAdminKey: '' diff --git a/environments/puppet-pacemaker-no-restart.yaml b/environments/puppet-pacemaker-no-restart.yaml new file mode 100644 index 00000000..67d8692d --- /dev/null +++ b/environments/puppet-pacemaker-no-restart.yaml @@ -0,0 +1,3 @@ +# use this file *in addition* to puppet-pacemaker.yaml +resource_registry: + OS::TripleO::Tasks::ControllerPostPuppetRestart: OS::Heat::None diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 679b79cb..8cfbab6d 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -4,21 +4,15 @@ resource_registry: OS::TripleO::ControllerConfig: ../puppet/controller-config-pacemaker.yaml OS::TripleO::Tasks::ControllerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml # custom pacemaker services - # NOTE: For now we will need to specify overrides to all services - # which use pacemaker. In the future (with upcoming HA light work) this - # list will hopefully be much smaller however. - OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml - OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml - OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml - OS::TripleO::Services::HeatApi: ../puppet/services/pacemaker/heat-api.yaml - OS::TripleO::Services::HeatApiCfn: ../puppet/services/pacemaker/heat-api-cfn.yaml - OS::TripleO::Services::HeatApiCloudwatch: ../puppet/services/pacemaker/heat-api-cloudwatch.yaml - OS::TripleO::Services::HeatEngine: ../puppet/services/pacemaker/heat-engine.yaml - OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/pacemaker/neutron-dhcp.yaml - OS::TripleO::Services::NeutronL3Agent: ../puppet/services/pacemaker/neutron-l3.yaml - OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/pacemaker/neutron-metadata.yaml + # NOTE: Please before adding any pacemaker-managed services, get in touch + # with bandini, Ng or beekhof + OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml - OS::TripleO::Services::Loadbalancer: ../puppet/services/pacemaker/loadbalancer.yaml - OS::TripleO::Services::Memcached: ../puppet/services/pacemaker/memcached.yaml + OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml + OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml + OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml + OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml + # Services that are disabled by default (use relevant environment files): diff --git a/environments/puppet-tenant-vlan.yaml b/environments/puppet-tenant-vlan.yaml index ed948bc5..45d2117a 100644 --- a/environments/puppet-tenant-vlan.yaml +++ b/environments/puppet-tenant-vlan.yaml @@ -1,4 +1,4 @@ parameter_defaults: NeutronNetworkType: vlan - NeutronEnableTunnelling: false + NeutronTunnelTypes: '' NeutronNetworkVLANRanges: datacentre:1:1000 diff --git a/environments/services/ironic.yaml b/environments/services/ironic.yaml new file mode 100644 index 00000000..8359f4a7 --- /dev/null +++ b/environments/services/ironic.yaml @@ -0,0 +1,4 @@ +resource_registry: + OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml + OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml + OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml diff --git a/environments/services/mistral.yaml b/environments/services/mistral.yaml new file mode 100644 index 00000000..4e99fa01 --- /dev/null +++ b/environments/services/mistral.yaml @@ -0,0 +1,4 @@ +resource_registry: + OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml + OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml + OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml diff --git a/environments/services/sahara.yaml b/environments/services/sahara.yaml new file mode 100644 index 00000000..82205dd1 --- /dev/null +++ b/environments/services/sahara.yaml @@ -0,0 +1,3 @@ +resource_registry: + OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml index da33acfd..8cf34622 100644 --- a/environments/storage-environment.yaml +++ b/environments/storage-environment.yaml @@ -1,6 +1,11 @@ ## A Heat environment file which can be used to set up storage ## backends. Defaults to Ceph used as a backend for Cinder, Glance and ## Nova ephemeral storage. +resource_registry: + OS::TripleO::Services::CephMon: ../puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../puppet/services/ceph-client.yaml + parameter_defaults: #### BACKEND SELECTION #### @@ -9,6 +14,8 @@ parameter_defaults: CinderEnableIscsiBackend: false ## Whether to enable rbd (Ceph) backend for Cinder. CinderEnableRbdBackend: true + ## Cinder Backup backend can be either 'ceph' or 'swift'. + CinderBackupBackend: ceph ## Whether to enable NFS backend for Cinder. # CinderEnableNfsBackend: false ## Whether to enable rbd (Ceph) backend for Nova ephemeral storage. @@ -43,10 +50,6 @@ parameter_defaults: #### CEPH SETTINGS #### - ## Whether to deploy Ceph OSDs on the controller nodes. By default - ## OSDs are deployed on dedicated ceph-storage nodes only. - # ControllerEnableCephStorage: false - ## When deploying Ceph Nodes through the oscplugin CLI, the following ## parameters are set automatically by the CLI. When deploying via ## heat stack-create or ceph on the controller nodes only, @@ -60,3 +63,5 @@ parameter_defaults: # CephMonKey: '' ## Ceph admin key, e.g. 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' # CephAdminKey: '' + ## Ceph client key, e.g 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + # CephClientKey: '' diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml new file mode 100644 index 00000000..0a0996d3 --- /dev/null +++ b/environments/tls-endpoints-public-dns.yaml @@ -0,0 +1,55 @@ +# Use this environment when deploying an SSL-enabled overcloud where the public +# endpoint is a DNS name. +parameter_defaults: + EndpointMap: + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml new file mode 100644 index 00000000..5a2b8839 --- /dev/null +++ b/environments/tls-endpoints-public-ip.yaml @@ -0,0 +1,55 @@ +# Use this environment when deploying an SSL-enabled overcloud where the public +# endpoint is an IP address. +parameter_defaults: + EndpointMap: + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} + GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'} + HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} diff --git a/environments/updates/update-from-keystone-admin-internal-api.yaml b/environments/updates/update-from-keystone-admin-internal-api.yaml index a9fa2bea..a5075300 100644 --- a/environments/updates/update-from-keystone-admin-internal-api.yaml +++ b/environments/updates/update-from-keystone-admin-internal-api.yaml @@ -2,10 +2,10 @@ # Keystone Admin API service is running on the Internal API network parameter_defaults: - ServiceNetMap: + ServiceNetMapDefaults: NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api - MongoDbNetwork: internal_api + MongodbNetwork: internal_api CinderApiNetwork: internal_api CinderIscsiNetwork: storage GlanceApiNetwork: storage @@ -21,7 +21,7 @@ parameter_defaults: SwiftProxyNetwork: storage HorizonNetwork: internal_api MemcachedNetwork: internal_api - RabbitMqNetwork: internal_api + RabbitmqNetwork: internal_api RedisNetwork: internal_api MysqlNetwork: internal_api CephClusterNetwork: storage_mgmt diff --git a/environments/updates/update-from-overcloud-compute-hostnames.yaml b/environments/updates/update-from-overcloud-compute-hostnames.yaml new file mode 100644 index 00000000..f628f0de --- /dev/null +++ b/environments/updates/update-from-overcloud-compute-hostnames.yaml @@ -0,0 +1,2 @@ +parameter_defaults: + ComputeHostnameFormat: '%stackname%-compute-%index%' diff --git a/environments/use-dns-for-vips.yaml b/environments/use-dns-for-vips.yaml new file mode 100644 index 00000000..daf07bc7 --- /dev/null +++ b/environments/use-dns-for-vips.yaml @@ -0,0 +1,5 @@ +# A Heat environment file which can be used to disable the writing of the VIPs +# to the /etc/hosts file in the overcloud. Use this in case you have a working +# DNS server that you will provide for the overcloud. +resource_registry: + OS::TripleO::Services::VipHosts: OS::Heat::None diff --git a/extraconfig/all_nodes/default.yaml b/extraconfig/all_nodes/default.yaml deleted file mode 100644 index 68f9eadd..00000000 --- a/extraconfig/all_nodes/default.yaml +++ /dev/null @@ -1,27 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - Noop extra config for allnodes extra cluster config - -# Parameters passed from the parent template - note if you maintain -# out-of-tree templates they may require additional parameters if the -# in-tree templates add a new role. -parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: - type: json -# Note extra parameters can be defined, then passed data via the -# environment parameter_defaults, without modifying the parent template - -outputs: - # This value should change if the configuration data has changed - # It is used to e.g re-apply puppet after hieradata values change. - config_identifier: - value: none diff --git a/extraconfig/all_nodes/mac_hostname.yaml b/extraconfig/all_nodes/mac_hostname.j2.yaml index 5883e06a..75ffc9e6 100644 --- a/extraconfig/all_nodes/mac_hostname.yaml +++ b/extraconfig/all_nodes/mac_hostname.j2.yaml @@ -9,15 +9,7 @@ description: > # out-of-tree templates they may require additional parameters if the # in-tree templates add a new role. parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json # Note extra parameters can be defined, then passed data via the # environment parameter_defaults, without modifying the parent template @@ -37,47 +29,17 @@ resources: # FIXME(shardy): Long term it'd be better if Heat SoftwareDeployments accepted # list instead of a map, then we could join the lists of servers into one # deployment instead of requiring one deployment per-role. - CollectMacDeploymentsController: +{% for role in roles %} + CollectMacDeployments{{role.name}}: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsController - servers: {get_param: controller_servers} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsCompute: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsCompute - servers: {get_param: compute_servers} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsBlockStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsBlockStorage - servers: {get_param: blockstorage_servers} + servers: {get_param: [servers, {{role.name}}]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE +{% endfor %} - CollectMacDeploymentsObjectStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsObjectStorage - servers: {get_param: objectstorage_servers} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsCephStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsCephStorage - servers: {get_param: cephstorage_servers} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - # Now we distribute all-the-macs to all nodes + # Now we distribute all-the-macs to all Controller nodes DistributeMacConfig: type: OS::Heat::SoftwareConfig properties: @@ -101,7 +63,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: DistributeMacDeploymentsController - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: DistributeMacConfig} input_values: # FIXME(shardy): It'd be more convenient if we could join these @@ -113,10 +75,3 @@ resources: objectstorage_mappings: {get_attr: [CollectMacDeploymentsObjectStorage, deploy_stdouts]} cephstorage_mappings: {get_attr: [CollectMacDeploymentsCephStorage, deploy_stdouts]} actions: ['CREATE'] # Only do this on CREATE - -outputs: - # This value should change if the configuration data has changed - # It is used to e.g re-apply puppet after hieradata values change. - config_identifier: - value: {get_attr: [DistributeMacDeploymentsController, deploy_stdouts]} - diff --git a/extraconfig/all_nodes/random_string.yaml b/extraconfig/all_nodes/random_string.j2.yaml index 49d2d8b6..9ce2ca8a 100644 --- a/extraconfig/all_nodes/random_string.yaml +++ b/extraconfig/all_nodes/random_string.j2.yaml @@ -10,15 +10,7 @@ description: > # out-of-tree templates they may require additional parameters if the # in-tree templates add a new role. parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json # Note extra parameters can be defined, then passed data via the # environment parameter_defaults, without modifying the parent template @@ -42,7 +34,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: RandomDeploymentsController - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: RandomConfig} actions: ['CREATE'] # Only do this on CREATE input_values: @@ -52,14 +44,8 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: RandomDeploymentsCompute - servers: {get_param: compute_servers} + servers: {get_param: [servers, Compute]} config: {get_resource: RandomConfig} actions: ['CREATE'] # Only do this on CREATE input_values: random_value: {get_attr: [Random, value]} - -outputs: - # This value should change if the configuration data has changed - # It is used to e.g re-apply puppet after hieradata values change. - config_identifier: - value: {get_attr: [Random, value]} diff --git a/extraconfig/all_nodes/swap-partition.j2.yaml b/extraconfig/all_nodes/swap-partition.j2.yaml new file mode 100644 index 00000000..36076b0c --- /dev/null +++ b/extraconfig/all_nodes/swap-partition.j2.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2014-10-16 + +description: > + Extra config to add swap space to nodes. + +# Parameters passed from the parent template - note if you maintain +# out-of-tree templates they may require additional parameters if the +# in-tree templates add a new role. +parameters: + servers: + type: json + swap_partition_label: + type: string + description: Swap partition label + default: 'swap1' + + +resources: + + SwapConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + set -eux + swap_partition=$(realpath /dev/disk/by-label/$swap_partition_label) + swapon $swap_partition + echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab + inputs: + - name: swap_partition_label + description: Swap partition label + default: 'swap1' + +{% for role in roles %} + {{role.name}}SwapDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + config: {get_resource: SwapConfig} + servers: {get_param: [servers, {{role.name}}]} + input_values: + swap_partition_label: {get_param: swap_partition_label} + actions: ["CREATE"] +{% endfor %} diff --git a/extraconfig/all_nodes/swap-partition.yaml b/extraconfig/all_nodes/swap-partition.yaml deleted file mode 100644 index 89a2adb0..00000000 --- a/extraconfig/all_nodes/swap-partition.yaml +++ /dev/null @@ -1,90 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - Extra config to add swap space to nodes. - -# Parameters passed from the parent template - note if you maintain -# out-of-tree templates they may require additional parameters if the -# in-tree templates add a new role. -parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: - type: json - swap_partition_label: - type: string - description: Swap partition label - default: 'swap1' - - -resources: - - SwapConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: | - #!/bin/bash - set -eux - swap_partition=$(realpath /dev/disk/by-label/$swap_partition_label) - swapon $swap_partition - echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab - inputs: - - name: swap_partition_label - description: Swap partition label - default: 'swap1' - - ControllerSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: controller_servers} - input_values: - swap_partition_label: {get_param: swap_partition_label} - actions: ["CREATE"] - - ComputeSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: compute_servers} - input_values: - swap_partition_label: {get_param: swap_partition_label} - actions: ["CREATE"] - - BlockStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: blockstorage_servers} - input_values: - swap_partition_label: {get_param: swap_partition_label} - actions: ["CREATE"] - - ObjectStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: objectstorage_servers} - input_values: - swap_partition_label: {get_param: swap_partition_label} - actions: ["CREATE"] - - CephStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: cephstorage_servers} - input_values: - swap_partition_label: {get_param: swap_partition_label} - actions: ["CREATE"] - -outputs: - config_identifier: - value: none diff --git a/extraconfig/all_nodes/swap.j2.yaml b/extraconfig/all_nodes/swap.j2.yaml new file mode 100644 index 00000000..ce65dacb --- /dev/null +++ b/extraconfig/all_nodes/swap.j2.yaml @@ -0,0 +1,58 @@ +heat_template_version: 2014-10-16 + +description: > + Extra config to add swap space to nodes. + +# Parameters passed from the parent template - note if you maintain +# out-of-tree templates they may require additional parameters if the +# in-tree templates add a new role. +parameters: + servers: + type: json + swap_size_megabytes: + type: string + description: Amount of swap space to allocate in megabytes + default: '4096' + swap_path: + type: string + description: Full path to location of swap file + default: '/swap' + + +resources: + + SwapConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + set -eux + if [ ! -f $swap_path ]; then + dd if=/dev/zero of=$swap_path count=$swap_size_megabytes bs=1M + chmod 0600 $swap_path + mkswap $swap_path + swapon $swap_path + else + echo "$swap_path already exists" + fi + echo "$swap_path swap swap defaults 0 0" >> /etc/fstab + inputs: + - name: swap_size_megabytes + description: Amount of swap space to allocate in megabytes + default: '4096' + - name: swap_path + description: Full path to location of swap file + default: '/swap' + +{% for role in roles %} + {{role.name}}SwapDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + config: {get_resource: SwapConfig} + servers: {get_param: [servers, {{role.name}}]} + input_values: + swap_size_megabytes: {get_param: swap_size_megabytes} + swap_path: {get_param: swap_path} + actions: ["CREATE"] +{% endfor %} diff --git a/extraconfig/all_nodes/swap.yaml b/extraconfig/all_nodes/swap.yaml deleted file mode 100644 index 374b1e5d..00000000 --- a/extraconfig/all_nodes/swap.yaml +++ /dev/null @@ -1,108 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - Extra config to add swap space to nodes. - -# Parameters passed from the parent template - note if you maintain -# out-of-tree templates they may require additional parameters if the -# in-tree templates add a new role. -parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: - type: json - swap_size_megabytes: - type: string - description: Amount of swap space to allocate in megabytes - default: '4096' - swap_path: - type: string - description: Full path to location of swap file - default: '/swap' - - -resources: - - SwapConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: | - #!/bin/bash - set -eux - if [ ! -f $swap_path ]; then - dd if=/dev/zero of=$swap_path count=$swap_size_megabytes bs=1M - chmod 0600 $swap_path - mkswap $swap_path - swapon $swap_path - else - echo "$swap_path already exists" - fi - echo "$swap_path swap swap defaults 0 0" >> /etc/fstab - inputs: - - name: swap_size_megabytes - description: Amount of swap space to allocate in megabytes - default: '4096' - - name: swap_path - description: Full path to location of swap file - default: '/swap' - - ControllerSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: controller_servers} - input_values: - swap_size_megabytes: {get_param: swap_size_megabytes} - swap_path: {get_param: swap_path} - actions: ["CREATE"] - - ComputeSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: compute_servers} - input_values: - swap_size_megabytes: {get_param: swap_size_megabytes} - swap_path: {get_param: swap_path} - actions: ["CREATE"] - - BlockStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: blockstorage_servers} - input_values: - swap_size_megabytes: {get_param: swap_size_megabytes} - swap_path: {get_param: swap_path} - actions: ["CREATE"] - - ObjectStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: objectstorage_servers} - input_values: - swap_size_megabytes: {get_param: swap_size_megabytes} - swap_path: {get_param: swap_path} - actions: ["CREATE"] - - CephStorageSwapDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - config: {get_resource: SwapConfig} - servers: {get_param: cephstorage_servers} - input_values: - swap_size_megabytes: {get_param: swap_size_megabytes} - swap_path: {get_param: swap_path} - actions: ["CREATE"] - -outputs: - config_identifier: - value: none diff --git a/extraconfig/tasks/aodh_data_migration.sh b/extraconfig/tasks/aodh_data_migration.sh new file mode 100644 index 00000000..d4c29673 --- /dev/null +++ b/extraconfig/tasks/aodh_data_migration.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# +# This delivers the aodh data migration script to be invoked as part of the tripleo +# major upgrade workflow to migrate all the alarm data from mongodb to mysql. +# This needs to run post controller node upgrades so new aodh mysql db configured and +# running. +# +set -eu + +#Get existing mongodb connection +MONGO_DB_CONNECTION="$(crudini --get /etc/ceilometer/ceilometer.conf database connection)" + +# Get the aodh database string from hiera data +MYSQL_DB_CONNECTION="$(crudini --get /etc/aodh/aodh.conf database connection)" + +#Run migration +/usr/bin/aodh-data-migration --nosql-conn $MONGO_DB_CONNECTION --sql-conn $MYSQL_DB_CONNECTION + + diff --git a/extraconfig/tasks/major_upgrade_ceph_mon.sh b/extraconfig/tasks/major_upgrade_ceph_mon.sh new file mode 100755 index 00000000..b633e658 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_ceph_mon.sh @@ -0,0 +1,78 @@ +#!/bin/bash +set -eu +set -o pipefail + +echo INFO: starting $(basename "$0") + +# Exit if not running +if ! pidof ceph-mon; then + echo INFO: ceph-mon is not running, skipping + exit 0 +fi + +# Exit if not Hammer +INSTALLED_VERSION=$(ceph --version | awk '{print $3}') +if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then + echo INFO: version of Ceph installed is not 0.94, skipping + exit 0 +fi + +CEPH_STATUS=$(ceph health | awk '{print $1}') +if [ ${CEPH_STATUS} = HEALTH_ERR ]; then + echo ERROR: Ceph cluster status is HEALTH_ERR, cannot be upgraded + exit 1 +fi + +# Useful when upgrading with OSDs num < replica size +if [[ ${ignore_ceph_upgrade_warnings:-False} != [Tt]rue ]]; then + timeout 300 bash -c "while [ ${CEPH_STATUS} != HEALTH_OK ]; do + echo WARNING: Waiting for Ceph cluster status to go HEALTH_OK; + sleep 30; + CEPH_STATUS=$(ceph health | awk '{print $1}') + done" +fi + +MON_PID=$(pidof ceph-mon) +MON_ID=$(hostname -s) + +# Stop daemon using Hammer sysvinit script +service ceph stop mon.${MON_ID} + +# Ensure it's stopped +timeout 60 bash -c "while kill -0 ${MON_PID} 2> /dev/null; do + sleep 2; +done" + +# Update to Jewel +yum -y -q update ceph-mon ceph + +# Restart/Exit if not on Jewel, only in that case we need the changes +UPDATED_VERSION=$(ceph --version | awk '{print $3}') +if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then + echo WARNING: Ceph was not upgraded, restarting daemons + service ceph start mon.${MON_ID} +elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then + # RPM could own some of these but we can't take risks on the pre-existing files + for d in /var/lib/ceph/mon /var/log/ceph /var/run/ceph /etc/ceph; do + chown -R ceph:ceph $d || echo WARNING: chown of $d failed + done + + # Replay udev events with newer rules + udevadm trigger + + # Enable systemd unit + systemctl enable ceph-mon.target + systemctl enable ceph-mon@${MON_ID} + systemctl start ceph-mon@${MON_ID} + + # Wait for daemon to be back in the quorum + timeout 300 bash -c "until (ceph quorum_status | jq .quorum_names | grep -sq ${MON_ID}); do + echo WARNING: Waiting for mon.${MON_ID} to re-join quorum; + sleep 10; + done" + + echo INFO: Ceph was upgraded to Jewel +else + echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention + exit 1 +fi diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh index de42b16d..dc80a724 100644 --- a/extraconfig/tasks/major_upgrade_ceph_storage.sh +++ b/extraconfig/tasks/major_upgrade_ceph_storage.sh @@ -4,32 +4,89 @@ # major upgrade workflow. # set -eu +set -o pipefail UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh -cat > $UPGRADE_SCRIPT << ENDOFCAT +cat > $UPGRADE_SCRIPT << 'ENDOFCAT' +#!/bin/bash ### DO NOT MODIFY THIS FILE ### This file is automatically delivered to the ceph-storage nodes as part of the ### tripleo upgrades workflow +set -eu + +echo INFO: starting $(basename "$0") +# Exit if not running +if ! pidof ceph-osd; then + echo INFO: ceph-osd is not running, skipping + exit 0 +fi -function systemctl_ceph { - action=\$1 - systemctl \$action ceph -} +# Exit if not Hammer +INSTALLED_VERSION=$(ceph --version | awk '{print $3}') +if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then + echo INFO: version of Ceph installed is not 0.94, skipping + exit 0 +fi -# "so that mirrors aren't rebalanced as if the OSD died" - gfidente +OSD_PIDS=$(pidof ceph-osd) +OSD_IDS=$(ls /var/lib/ceph/osd | awk 'BEGIN { FS = "-" } ; { print $2 }') + +# "so that mirrors aren't rebalanced as if the OSD died" - gfidente / leseb ceph osd set noout +ceph osd set norebalance +ceph osd set nodeep-scrub +ceph osd set noscrub + +# Stop daemon using Hammer sysvinit script +for OSD_ID in $OSD_IDS; do + service ceph stop osd.${OSD_ID} +done + +# Nice guy will return non-0 only when all failed +timeout 60 bash -c "while kill -0 ${OSD_PIDS} 2> /dev/null; do + sleep 2; +done" -systemctl_ceph stop +# Update (Ceph to Jewel) yum -y install python-zaqarclient # needed for os-collect-config yum -y update -systemctl_ceph start -ceph osd unset noout +# Restart/Exit if not on Jewel, only in that case we need the changes +UPDATED_VERSION=$(ceph --version | awk '{print $3}') +if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then + echo WARNING: Ceph was not upgraded, restarting daemon + for OSD_ID in $OSD_IDS; do + service ceph start osd.${OSD_ID} + done +elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then + # RPM could own some of these but we can't take risks on the pre-existing files + for d in /var/lib/ceph/osd /var/log/ceph /var/run/ceph /etc/ceph; do + chown -R ceph:ceph $d || echo WARNING: chown of $d failed + done + + # Replay udev events with newer rules + udevadm trigger && udevadm settle + + # Enable systemd unit + systemctl enable ceph-osd.target + for OSD_ID in $OSD_IDS; do + systemctl enable ceph-osd@${OSD_ID} + systemctl start ceph-osd@${OSD_ID} + done + echo INFO: Ceph was upgraded to Jewel +else + echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention + exit 1 +fi + +ceph osd unset noout +ceph osd unset norebalance +ceph osd unset nodeep-scrub +ceph osd unset noscrub ENDOFCAT # ensure the permissions are OK chmod 0755 $UPGRADE_SCRIPT - diff --git a/extraconfig/tasks/major_upgrade_check.sh b/extraconfig/tasks/major_upgrade_check.sh new file mode 100755 index 00000000..b65f6915 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_check.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +set -eu + +check_cluster() +{ + if pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; then + echo_error "ERROR: upgrade cannot start with some cluster nodes being offline" + exit 1 + fi +} + +check_pcsd() +{ + if pcs status 2>&1 | grep -E 'Offline'; then + echo_error "ERROR: upgrade cannot start with some pcsd daemon offline" + exit 1 + fi +} + +check_disk_for_mysql_dump() +{ + # Where to backup current database if mysql need to be upgraded + MYSQL_BACKUP_DIR=/var/tmp/mysql_upgrade_osp + MYSQL_TEMP_UPGRADE_BACKUP_DIR=/var/lib/mysql-temp-upgrade-backup + # Spare disk ratio for extra safety + MYSQL_BACKUP_SIZE_RATIO=1.2 + + # Shall we upgrade mysql data directory during the stack upgrade? + if [ "$mariadb_do_major_upgrade" = "auto" ]; then + ret=$(is_mysql_upgrade_needed) + if [ $ret = "1" ]; then + DO_MYSQL_UPGRADE=1 + else + DO_MYSQL_UPGRADE=0 + fi + echo "mysql upgrade required: $DO_MYSQL_UPGRADE" + elif [ "$mariadb_do_major_upgrade" = "no" ]; then + DO_MYSQL_UPGRADE=0 + else + DO_MYSQL_UPGRADE=1 + fi + + if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then + if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + + if [ -d "$MYSQL_BACKUP_DIR" ]; then + echo_error "Error: $MYSQL_BACKUP_DIR exists already. Likely an upgrade failed previously" + exit 1 + fi + mkdir "$MYSQL_BACKUP_DIR" + if [ $? -ne 0 ]; then + echo_error "Error: could not create temporary backup directory $MYSQL_BACKUP_DIR" + exit 1 + fi + + # the /root/.my.cnf is needed because we set the mysql root + # password from liberty onwards + backup_flags="--defaults-extra-file=/root/.my.cnf -u root --flush-privileges --all-databases --single-transaction" + # While not ideal, this step allows us to calculate exactly how much space the dump + # will need. Our main goal here is avoiding any chance of corruption due to disk space + # exhaustion + backup_size=$(mysqldump $backup_flags 2>/dev/null | wc -c) + database_size=$(du -cb /var/lib/mysql | tail -1 | awk '{ print $1 }') + free_space=$(df -B1 --output=avail "$MYSQL_BACKUP_DIR" | tail -1) + + # we need at least space for a new mysql database + dump of the existing one, + # times a small factor for additional safety room + # note: bash doesn't do floating point math or floats in if statements, + # so use python to apply the ratio and cast it back to integer + required_space=$(python -c "from __future__ import print_function; print(\"%d\" % int((($database_size + $backup_size) * $MYSQL_BACKUP_SIZE_RATIO)))") + if [ $required_space -ge $free_space ]; then + echo_error "Error: not enough free space in $MYSQL_BACKUP_DIR ($required_space bytes required)" + exit 1 + fi + fi + fi +} + +check_python_rpm() +{ + # If for some reason rpm-python are missing we want to error out early enough + if ! rpm -q rpm-python &> /dev/null; then + echo_error "ERROR: upgrade cannot start without rpm-python installed" + exit 1 + fi +} + +check_clean_cluster() +{ + if pcs status | grep -q Stopped:; then + echo_error "ERROR: upgrade cannot start with stopped resources on the cluster. Make sure that all the resources are up and running." + exit 1 + fi +} + +check_galera_root_password() +{ + # BZ: 1357112 + if [ ! -e /root/.my.cnf ]; then + echo_error "ERROR: upgrade cannot be started, the galera password is missing. The overcloud needs update." + exit 1 + fi +} diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh index 78628c8c..a1df695f 100644 --- a/extraconfig/tasks/major_upgrade_compute.sh +++ b/extraconfig/tasks/major_upgrade_compute.sh @@ -12,6 +12,8 @@ cat > $UPGRADE_SCRIPT << ENDOFCAT ### This file is automatically delivered to the compute nodes as part of the ### tripleo upgrades workflow +set -eu + # pin nova to kilo (messaging +-1) for the nova-compute service crudini --set /etc/nova/nova.conf upgrade_levels compute $upgrade_level_nova_compute diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index f5399222..d4200e5f 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -2,28 +2,83 @@ set -eu -cluster_sync_timeout=600 +cluster_sync_timeout=1800 -if pcs status 2>&1 | grep -E '(cluster is not currently running)|(OFFLINE:)'; then - echo_error "ERROR: upgrade cannot start with some cluster nodes being offline" - exit 1 +check_cluster +check_pcsd +if [[ -n $(is_bootstrap_node) ]]; then + check_clean_cluster fi +check_python_rpm +check_galera_root_password +check_disk_for_mysql_dump + +# We want to disable fencing during the cluster --stop as it might fence +# nodes where a service fails to stop, which could be fatal during an upgrade +# procedure. So we remember the stonith state. If it was enabled we reenable it +# at the end of this script +STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }') +pcs property set stonith-enabled=false + +# Migrate to HA NG +if [[ -n $(is_bootstrap_node) ]]; then + migrate_full_to_ng_ha +fi + +# After migrating the cluster to HA-NG the services not under pacemaker's control +# are still up and running. We need to stop them explicitely otherwise during the yum +# upgrade the rpm %post sections will try to do a systemctl try-restart <service>, which +# is going to take a long time because rabbit is down. By having the service stopped +# systemctl try-restart is a noop + +for service in $(services_to_migrate); do + manage_systemd_service stop "${service%%-clone}" + # So the reason for not reusing check_resource_systemd is that + # I have observed systemctl is-active returning unknown with at least + # one service that was stopped (See LP 1627254) + timeout=600 + tstart=$(date +%s) + tend=$(( $tstart + $timeout )) + check_interval=3 + while (( $(date +%s) < $tend )); do + if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then + echo "$service still active, sleeping $check_interval seconds." + sleep $check_interval + else + # we do not care if it is inactive, unknown or failed as long as it is + # not running + break + fi + + done +done + +# In case the mysql package is updated, the database on disk must be +# upgraded as well. This typically needs to happen during major +# version upgrades (e.g. 5.5 -> 5.6, 5.5 -> 10.1...) +# +# Because in-place upgrades are not supported across 2+ major versions +# (e.g. 5.5 -> 10.1), we rely on logical upgrades via dump/restore cycle +# https://bugzilla.redhat.com/show_bug.cgi?id=1341968 +# +# The default is to determine automatically if upgrade is needed based +# on mysql package versionning, but this can be overriden manually +# to support specific upgrade scenario + +if [[ -n $(is_bootstrap_node) ]]; then + if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql" + cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR" + fi -if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then - pcs resource disable httpd - check_resource httpd stopped 1800 - pcs resource disable openstack-core - check_resource openstack-core stopped 1800 pcs resource disable redis check_resource redis stopped 600 - pcs resource disable mongod - check_resource mongod stopped 600 pcs resource disable rabbitmq check_resource rabbitmq stopped 600 - pcs resource disable memcached - check_resource memcached stopped 600 pcs resource disable galera check_resource galera stopped 600 + pcs resource disable openstack-cinder-volume + check_resource openstack-cinder-volume stopped 600 # Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address: # https://bugzilla.redhat.com/show_bug.cgi?id=1330688 for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do @@ -33,7 +88,8 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) pcs cluster stop --all fi -# Swift isn't controled by pacemaker + +# Swift isn't controlled by pacemaker systemctl_swift stop tstart=$(date +%s) @@ -46,9 +102,74 @@ while systemctl is-active pacemaker; do fi done +# The reason we do an sql dump *and* we move the old dir out of +# the way is because it gives us an extra level of safety in case +# something goes wrong during the upgrade. Once the restore is +# successful we go ahead and remove it. If the directory exists +# we bail out as it means the upgrade process had issues in the last +# run. +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + if [ -d $MYSQL_TEMP_UPGRADE_BACKUP_DIR ]; then + echo_error "ERROR: mysql backup dir already exist" + exit 1 + fi + mv /var/lib/mysql $MYSQL_TEMP_UPGRADE_BACKUP_DIR +fi + yum -y install python-zaqarclient # needed for os-collect-config yum -y -q update +# We need to ensure at least those two configuration settings, otherwise +# mariadb 10.1+ won't activate galera replication. +# wsrep_cluster_address must only be set though, its value does not +# matter because it's overriden by the galera resource agent. +cat >> /etc/my.cnf.d/galera.cnf <<EOF +[mysqld] +wsrep_on = ON +wsrep_cluster_address = gcomm://localhost +EOF + +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + # Scripts run via heat have no HOME variable set and this confuses + # mysqladmin + export HOME=/root + + mkdir /var/lib/mysql || /bin/true + chown mysql:mysql /var/lib/mysql + chmod 0755 /var/lib/mysql + restorecon -R /var/lib/mysql/ + mysql_install_db --datadir=/var/lib/mysql --user=mysql + chown -R mysql:mysql /var/lib/mysql/ + + if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then + mysqld_safe --wsrep-new-cluster & + # We have a populated /root/.my.cnf with root/password here so + # we need to temporarily rename it because the newly created + # db is empty and no root password is set + mv /root/.my.cnf /root/.my.cnf.temporary + timeout 60 sh -c 'while ! mysql -e "" &> /dev/null; do sleep 1; done' + mysql -u root < "$MYSQL_BACKUP_DIR/openstack_database.sql" + mv /root/.my.cnf.temporary /root/.my.cnf + mysqladmin -u root shutdown + # The import was successful so we may remove the folder + rm -r "$MYSQL_BACKUP_DIR" + fi +fi + +# If we reached here without error we can safely blow away the origin +# mysql dir from every controller + +# TODO: What if the upgrade fails on the bootstrap node, but not on +# this controller. Data may be lost. +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + rm -r $MYSQL_TEMP_UPGRADE_BACKUP_DIR +fi + +# Let's reset the stonith back to true if it was true, before starting the cluster +if [ $STONITH_STATE == "true" ]; then + pcs -f /var/lib/pacemaker/cib/cib.xml property set stonith-enabled=true +fi + # Pin messages sent to compute nodes to kilo, these will be upgraded later crudini --set /etc/nova/nova.conf upgrade_levels compute "$upgrade_level_nova_compute" # https://bugzilla.redhat.com/show_bug.cgi?id=1284047 @@ -57,3 +178,9 @@ crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit # https://bugzilla.redhat.com/show_bug.cgi?id=1284058 # Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server" +# LP: 1615035, required only for M/N upgrade. +crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager +# LP: 1627450, required only for M/N upgrade +crudini --set /etc/nova/nova.conf DEFAULT scheduler_driver filter_scheduler + +crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index 643ae57f..fc365939 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -3,10 +3,10 @@ set -eu cluster_form_timeout=600 -cluster_settle_timeout=600 +cluster_settle_timeout=1800 galera_sync_timeout=600 -if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then +if [[ -n $(is_bootstrap_node) ]]; then pcs cluster start --all tstart=$(date +%s) @@ -26,14 +26,23 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Stopped | awk '{ print $1 }'); do pcs resource enable $vip - check_resource $vip started 60 + check_resource_pacemaker $vip started 60 done +fi - pcs resource enable galera - check_resource galera started 600 - pcs resource enable mongod - check_resource mongod started 600 +start_or_enable_service galera +check_resource galera started 600 +start_or_enable_service redis +check_resource galera started 600 +# We need mongod which is now a systemd service up and running before calling +# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes +# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely +# we should be good. +# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm +systemctl start mongod +check_resource mongod started 600 +if [[ -n $(is_bootstrap_node) ]]; then tstart=$(date +%s) while ! clustercheck; do sleep 5 @@ -53,18 +62,9 @@ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname) keystone-manage db_sync neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head nova-manage db sync - - pcs resource enable memcached - check_resource memcached started 600 - pcs resource enable rabbitmq - check_resource rabbitmq started 600 - pcs resource enable redis - check_resource redis started 600 - pcs resource enable openstack-core - check_resource openstack-core started 1800 - pcs resource enable httpd - check_resource httpd started 1800 + nova-manage api_db sync + nova-manage db online_data_migrations + gnocchi-upgrade + #TODO(marios):someone from sahara needs to check this: + # sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head fi - -# Swift isn't controled by heat -systemctl_swift start diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh new file mode 100755 index 00000000..4d72fbd8 --- /dev/null +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +set -eu + +start_or_enable_service rabbitmq +check_resource rabbitmq started 600 +start_or_enable_service redis +check_resource redis started 600 +start_or_enable_service openstack-cinder-volume +check_resource openstack-cinder-volume started 600 + + +# Swift isn't controled by pacemaker +systemctl_swift start + +# We need to start the systemd services we explicitely stopped at step _1.sh +# FIXME: Should we let puppet during the convergence step do the service enabling or +# should we add it here? +for service in $(services_to_migrate); do + manage_systemd_service start "${service%%-clone}" + check_resource_systemd "${service%%-clone}" started 600 +done diff --git a/extraconfig/tasks/major_upgrade_object_storage.sh b/extraconfig/tasks/major_upgrade_object_storage.sh index 931f4f42..f82457ce 100644 --- a/extraconfig/tasks/major_upgrade_object_storage.sh +++ b/extraconfig/tasks/major_upgrade_object_storage.sh @@ -12,6 +12,7 @@ cat > $UPGRADE_SCRIPT << ENDOFCAT ### This file is automatically delivered to the swift-storage nodes as part of the ### tripleo upgrades workflow +set -eu function systemctl_swift { action=\$1 diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index 4af3186c..30ae8d1e 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -1,16 +1,8 @@ -heat_template_version: 2014-10-16 +heat_template_version: 2016-10-14 description: 'Upgrade for Pacemaker deployments' parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json input_values: type: json @@ -20,12 +12,49 @@ parameters: type: string description: Nova Compute upgrade level default: '' + MySqlMajorUpgrade: + type: string + description: Can be auto,yes,no and influences if the major upgrade should do or detect an automatic mysql upgrade + constraints: + - allowed_values: ['auto', 'yes', 'no'] + default: 'auto' + IgnoreCephUpgradeWarnings: + type: boolean + default: false + description: If enabled, Ceph upgrade will be forced even though cluster or PGs status is not clean resources: # TODO(jistr): for Mitaka->Newton upgrades and further we can use # map_merge with input_values instead of feeding params into scripts # via str_replace on bash snippets + CephMonUpgradeConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - str_replace: + template: | + #!/bin/bash + ignore_ceph_upgrade_warnings='IGNORE_CEPH_UPGRADE_WARNINGS' + params: + IGNORE_CEPH_UPGRADE_WARNINGS: {get_param: IgnoreCephUpgradeWarnings} + - get_file: major_upgrade_ceph_mon.sh + + CephMonUpgradeDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, Controller]} + config: {get_resource: CephMonUpgradeConfig} + input_values: {get_param: input_values} + update_policy: + batch_create: + max_batch_size: 1 + rolling_update: + max_batch_size: 1 + ControllerPacemakerUpgradeConfig_Step1: type: OS::Heat::SoftwareConfig properties: @@ -39,14 +68,22 @@ resources: upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' params: UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} + - str_replace: + template: | + #!/bin/bash + mariadb_do_major_upgrade='MYSQL_MAJOR_UPGRADE' + params: + MYSQL_MAJOR_UPGRADE: {get_param: MySqlMajorUpgrade} - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_check.sh - get_file: major_upgrade_pacemaker_migrations.sh - get_file: major_upgrade_controller_pacemaker_1.sh ControllerPacemakerUpgradeDeployment_Step1: type: OS::Heat::SoftwareDeploymentGroup + depends_on: CephMonUpgradeDeployment properties: - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: ControllerPacemakerUpgradeConfig_Step1} input_values: {get_param: input_values} @@ -60,7 +97,7 @@ resources: BlockStorageUpgradeDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: blockstorage_servers} + servers: {get_param: [servers, BlockStorage]} config: {get_resource: BlockStorageUpgradeConfig} input_values: {get_param: input_values} @@ -79,7 +116,26 @@ resources: type: OS::Heat::SoftwareDeploymentGroup depends_on: BlockStorageUpgradeDeployment properties: - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: ControllerPacemakerUpgradeConfig_Step2} input_values: {get_param: input_values} + ControllerPacemakerUpgradeConfig_Step3: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_pacemaker_migrations.sh + - get_file: major_upgrade_controller_pacemaker_3.sh + + ControllerPacemakerUpgradeDeployment_Step3: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: ControllerPacemakerUpgradeDeployment_Step2 + properties: + servers: {get_param: [servers, Controller]} + config: {get_resource: ControllerPacemakerUpgradeConfig_Step3} + input_values: {get_param: input_values} + diff --git a/extraconfig/tasks/major_upgrade_pacemaker_init.yaml b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml index 623549a0..f6aa3066 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_init.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml @@ -3,15 +3,7 @@ description: 'Upgrade for Pacemaker deployments' parameters: - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json input_values: type: json @@ -43,45 +35,12 @@ resources: - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - get_param: UpgradeInitCommand - UpgradeInitControllerDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: controller_servers} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - - UpgradeInitComputeDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: compute_servers} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - - UpgradeInitBlockStorageDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: blockstorage_servers} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - - UpgradeInitObjectStorageDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: objectstorage_servers} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - - UpgradeInitCephStorageDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: cephstorage_servers} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - # TODO(jistr): for Mitaka->Newton upgrades and further we can use # map_merge with input_values instead of feeding params into scripts # via str_replace on bash snippets + # FIXME(shardy) we have hard-coded per-role *ScriptConfig's here + # Would be better to have a common config for all roles ComputeDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: @@ -97,35 +56,32 @@ resources: UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} - get_file: major_upgrade_compute.sh - ComputeDeliverUpgradeScriptDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: compute_servers} - config: {get_resource: ComputeDeliverUpgradeScriptConfig} - input_values: {get_param: input_values} - ObjectStorageDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: group: script config: {get_file: major_upgrade_object_storage.sh} - ObjectStorageDeliverUpgradeScriptDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: objectstorage_servers} - config: {get_resource: ObjectStorageDeliverUpgradeScriptConfig} - input_values: {get_param: input_values} - CephStorageDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: group: script config: {get_file: major_upgrade_ceph_storage.sh} - CephStorageDeliverUpgradeScriptDeployment: +{% for role in roles %} + UpgradeInit{{role.name}}Deployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: UpgradeInitConfig} + input_values: {get_param: input_values} + + {% if not role.name in ['Controller', 'BlockStorage'] %} + {{role.name}}DeliverUpgradeScriptDeployment: type: OS::Heat::SoftwareDeploymentGroup properties: - servers: {get_param: cephstorage_servers} - config: {get_resource: CephStorageDeliverUpgradeScriptConfig} + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig} input_values: {get_param: input_values} + {% endif %} +{% endfor %} diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index b63198db..cd78f838 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -13,63 +13,159 @@ # been already applied, it should be possible to call the function # again without damaging the deployment or failing the upgrade. -function add_missing_openstack_core_constraints { - # The CIBs are saved under /root as they might contain sensitive data - CIB="/root/migration.cib" - CIB_BACKUP="/root/backup.cib" - CIB_PUSH_NEEDED=n - - rm -f "$CIB" "$CIB_BACKUP" || /bin/true - pcs cluster cib "$CIB" - cp "$CIB" "$CIB_BACKUP" - - if ! pcs -f "$CIB" constraint --full | grep 'start openstack-sahara-api-clone then start openstack-sahara-engine-clone'; then - pcs -f "$CIB" constraint order start openstack-sahara-api-clone then start openstack-sahara-engine-clone - CIB_PUSH_NEEDED=y +# If the major version of mysql is going to change after the major +# upgrade, the database must be upgraded on disk to avoid failures +# due to internal incompatibilities between major mysql versions +# https://bugs.launchpad.net/tripleo/+bug/1587449 +# This function detects whether a database upgrade is required +# after a mysql package upgrade. It returns 0 when no major upgrade +# has to take place, 1 otherwise. +function is_mysql_upgrade_needed { + # The name of the package which provides mysql might differ + # after the upgrade. Consider the generic package name, which + # should capture the major version change (e.g. 5.5 -> 10.1) + local name="mariadb" + local output + local ret + set +e + output=$(yum -q check-update $name) + ret=$? + set -e + if [ $ret -ne 100 ]; then + # no updates so we exit + echo "0" + return fi - if ! pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-ceilometer-notification-clone'; then - pcs -f "$CIB" constraint order start openstack-core-clone then start openstack-ceilometer-notification-clone - CIB_PUSH_NEEDED=y - fi - - if ! pcs -f "$CIB" constraint --full | grep 'start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone'; then - pcs -f "$CIB" constraint order start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone - CIB_PUSH_NEEDED=y - fi + local currentepoch=$(rpm -q --qf "%{epoch}" $name) + local currentversion=$(rpm -q --qf "%{version}" $name | cut -d. -f-2) + local currentrelease=$(rpm -q --qf "%{release}" $name) + local newoutput=$(repoquery -a --pkgnarrow=updates --qf "%{epoch} %{version} %{release}\n" $name) + local newepoch=$(echo "$newoutput" | awk '{ print $1 }') + local newversion=$(echo "$newoutput" | awk '{ print $2 }' | cut -d. -f-2) + local newrelease=$(echo "$newoutput" | awk '{ print $3 }') - if pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone'; then - CID=$(pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone' | sed -e 's/.*id\://g' -e 's/)//g') - pcs -f "$CIB" constraint remove $CID - CIB_PUSH_NEEDED=y + # With this we trigger the dump restore/path if we change either epoch or + # version in the package If only the release tag changes we do not do it + # FIXME: we could refine this by trying to parse the mariadb version + # into X.Y.Z and trigger the update only if X and/or Y change. + output=$(python -c "import rpm; rc = rpm.labelCompare((\"$currentepoch\", \"$currentversion\", None), (\"$newepoch\", \"$newversion\", None)); print rc") + if [ "$output" != "-1" ]; then + echo "0" + return fi + echo "1" +} - if [ "$CIB_PUSH_NEEDED" = 'y' ]; then - pcs cluster cib-push "$CIB" - fi +# This function returns the list of services to be migrated away from pacemaker +# and to systemd. The reason to have these services in a separate function is because +# this list is needed in three different places: major_upgrade_controller_pacemaker_{1,2} +# and in the function to migrate the cluster from full HA to HA NG +function services_to_migrate { + # The following PCMK resources the ones the we are going to delete + PCMK_RESOURCE_TODELETE=" + httpd-clone + memcached-clone + mongod-clone + neutron-dhcp-agent-clone + neutron-l3-agent-clone + neutron-metadata-agent-clone + neutron-netns-cleanup-clone + neutron-openvswitch-agent-clone + neutron-ovs-cleanup-clone + neutron-server-clone + openstack-aodh-evaluator-clone + openstack-aodh-listener-clone + openstack-aodh-notifier-clone + openstack-ceilometer-api-clone + openstack-ceilometer-central-clone + openstack-ceilometer-collector-clone + openstack-ceilometer-notification-clone + openstack-cinder-api-clone + openstack-cinder-scheduler-clone + openstack-glance-api-clone + openstack-glance-registry-clone + openstack-gnocchi-metricd-clone + openstack-gnocchi-statsd-clone + openstack-heat-api-cfn-clone + openstack-heat-api-clone + openstack-heat-api-cloudwatch-clone + openstack-heat-engine-clone + openstack-nova-api-clone + openstack-nova-conductor-clone + openstack-nova-consoleauth-clone + openstack-nova-novncproxy-clone + openstack-nova-scheduler-clone + openstack-sahara-api-clone + openstack-sahara-engine-clone + " + echo $PCMK_RESOURCE_TODELETE } -function remove_ceilometer_alarm { - if pcs status | grep openstack-ceilometer-alarm; then - # Disable pacemaker resources for ceilometer-alarms - pcs resource disable openstack-ceilometer-alarm-evaluator - check_resource openstack-ceilometer-alarm-evaluator stopped 600 - pcs resource delete openstack-ceilometer-alarm-evaluator - pcs resource disable openstack-ceilometer-alarm-notifier - check_resource openstack-ceilometer-alarm-notifier stopped 600 - pcs resource delete openstack-ceilometer-alarm-notifier +# This function will migrate a mitaka system where all the resources are managed +# via pacemaker to a newton setup where only a few services will be managed by pacemaker +# On a high-level it will operate as follows: +# 1. Set the cluster in maintenance-mode so no start/stop action will actually take place +# during the conversion +# 2. Remove all the colocation constraints and then the ordering constraints, except the +# ones related to haproxy/VIPs which exist in Newton as well +# 3. Take the cluster out of maintenance-mode +# 4. Remove all the resources that won't be managed by pacemaker in newton. The +# outcome will be +# that they are stopped and removed from pacemakers control +# 5. Do a resource cleanup to make sure the cluster is in a clean state +function migrate_full_to_ng_ha { + if [[ -n $(pcmk_running) ]]; then + pcs property set maintenance-mode=true - # remove constraints - pcs constraint remove ceilometer-delay-then-ceilometer-alarm-evaluator-constraint - pcs constraint remove ceilometer-alarm-evaluator-with-ceilometer-delay-colocation - pcs constraint remove ceilometer-alarm-evaluator-then-ceilometer-alarm-notifier-constraint - pcs constraint remove ceilometer-alarm-notifier-with-ceilometer-alarm-evaluator-colocation - pcs constraint remove ceilometer-alarm-notifier-then-ceilometer-notification-constraint - pcs constraint remove ceilometer-notification-with-ceilometer-alarm-notifier-colocation + # First we go through all the colocation constraints (except the ones + # we want to keep, i.e. the haproxy/ip ones) and we remove those + COL_CONSTRAINTS=$(pcs config show | sed -n '/^Colocation Constraints:$/,/^$/p' | grep -v "Colocation Constraints:" | egrep -v "ip-.*haproxy" | awk '{print $NF}' | cut -f2 -d: |cut -f1 -d\)) + for constraint in $COL_CONSTRAINTS; do + log_debug "Deleting colocation constraint $constraint from CIB" + pcs constraint remove "$constraint" + done - fi + # Now we kill all the ordering constraints (except the haproxy/ip ones) + ORD_CONSTRAINTS=$(pcs config show | sed -n '/^Ordering Constraints:/,/^Colocation Constraints:$/p' | grep -v "Ordering Constraints:" | awk '{print $NF}' | cut -f2 -d: |cut -f1 -d\)) + for constraint in $ORD_CONSTRAINTS; do + log_debug "Deleting ordering constraint $constraint from CIB" + pcs constraint remove "$constraint" + done + # At this stage all the pacemaker resources are removed from the CIB. + # Once we remove the maintenance-mode those systemd resources will keep + # on running. They shall be systemd enabled via the puppet converge + # step later on + pcs property set maintenance-mode=false - # uninstall openstack-ceilometer-alarm package - yum -y remove openstack-ceilometer-alarm + # At this stage there are no constraints whatsoever except the haproxy/ip ones + # which we want to keep. We now disable and then delete each resource + # that will move to systemd. + # We want the systemd resources be stopped before doing "yum update", + # that way "systemctl try-restart <service>" is no-op because the + # service was down already + PCS_STATUS_OUTPUT="$(pcs status)" + for resource in $(services_to_migrate) "delay-clone" "openstack-core-clone"; do + if echo "$PCS_STATUS_OUTPUT" | grep "$resource"; then + log_debug "Deleting $resource from the CIB" + if ! pcs resource disable "$resource" --wait=600; then + echo_error "ERROR: resource $resource failed to be disabled" + exit 1 + fi + pcs resource delete --force "$resource" + else + log_debug "Service $service not found as a pacemaker resource, not trying to delete." + fi + done + # We need to do a pcs resource cleanup here + crm_resource --wait to + # make sure the cluster is in a clean state before we stop everything, + # upgrade and restart everything + pcs resource cleanup + # We are making sure here that the cluster is stable before proceeding + if ! timeout -k 10 600 crm_resource --wait; then + echo_error "ERROR: cluster remained unstable after resource cleanup for more than 600 seconds, exiting." + exit 1 + fi + fi } diff --git a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml new file mode 100644 index 00000000..b9a87d33 --- /dev/null +++ b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2014-10-16 + +description: > + Software-config for performing aodh data migration + +parameters: + servers: + type: json + input_values: + type: json + description: input values for the software deployments +resources: + + AodhMysqlMigrationScriptConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: {get_file: aodh_data_migration.sh} + + AodhMysqlMigrationScriptDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, Controller]} + config: {get_resource: AodhMysqlMigrationScriptConfig} + input_values: {get_param: input_values} diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index 7d794c97..4f17b69a 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -2,51 +2,286 @@ set -eu -function check_resource { +DEBUG="true" # set false if the verbosity is a problem +SCRIPT_NAME=$(basename $0) +function log_debug { + if [[ $DEBUG = "true" ]]; then + echo "`date` $SCRIPT_NAME tripleo-upgrade $(facter hostname) $1" + fi +} + +function is_bootstrap_node { + if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then + log_debug "Node is bootstrap" + echo "true" + fi +} +function check_resource_pacemaker { if [ "$#" -ne 3 ]; then - echo_error "ERROR: check_resource function expects 3 parameters, $# given" - exit 1 + echo_error "ERROR: check_resource function expects 3 parameters, $# given" + exit 1 fi - service=$1 - state=$2 - timeout=$3 + local service=$1 + local state=$2 + local timeout=$3 + + if [[ -z $(is_bootstrap_node) ]] ; then + log_debug "Node isn't bootstrap, skipping check for $service to be $state here " + return + else + log_debug "Node is bootstrap checking $service to be $state here" + fi if [ "$state" = "stopped" ]; then - match_for_incomplete='Started' + match_for_incomplete='Started' else # started - match_for_incomplete='Stopped' + match_for_incomplete='Stopped' fi nodes_local=$(pcs status | grep ^Online | sed 's/.*\[ \(.*\) \]/\1/g' | sed 's/ /\|/g') if timeout -k 10 $timeout crm_resource --wait; then - node_states=$(pcs status --full | grep "$service" | grep -v Clone | { egrep "$nodes_local" || true; } ) - if echo "$node_states" | grep -q "$match_for_incomplete"; then - echo_error "ERROR: cluster finished transition but $service was not in $state state, exiting." - exit 1 - else - echo "$service has $state" - fi - else - echo_error "ERROR: cluster remained unstable for more than $timeout seconds, exiting." + node_states=$(pcs status --full | grep "$service" | grep -v Clone | { egrep "$nodes_local" || true; } ) + if echo "$node_states" | grep -q "$match_for_incomplete"; then + echo_error "ERROR: cluster finished transition but $service was not in $state state, exiting." exit 1 + else + echo "$service has $state" + fi + else + echo_error "ERROR: cluster remained unstable for more than $timeout seconds, exiting." + exit 1 + fi + +} + +function pcmk_running { + if [[ $(systemctl is-active pacemaker) = "active" ]] ; then + echo "true" + fi +} + +function is_systemd_unknown { + local service=$1 + if [[ $(systemctl is-active "$service") = "unknown" ]]; then + log_debug "$service found to be unkown to systemd" + echo "true" + fi +} + +function grep_is_cluster_controlled { + local service=$1 + if [[ -n $(systemctl status $service -l | grep Drop-In -A 5 | grep pacemaker) || + -n $(systemctl status $service -l | grep "Cluster Controlled $service") ]] ; then + log_debug "$service is pcmk managed from systemctl grep" + echo "true" + fi +} + + +function is_systemd_managed { + local service=$1 + #if we have pcmk check to see if it is managed there + if [[ -n $(pcmk_running) ]]; then + if [[ -z $(pcs status --full | grep $service) && -z $(is_systemd_unknown $service) ]] ; then + log_debug "$service found to be systemd managed from pcs status" + echo "true" + fi + else + # if it is "unknown" to systemd, then it is pacemaker managed + if [[ -n $(is_systemd_unknown $service) ]] ; then + return + elif [[ -z $(grep_is_cluster_controlled $service) ]] ; then + echo "true" + fi + fi +} + +function is_pacemaker_managed { + local service=$1 + #if we have pcmk check to see if it is managed there + if [[ -n $(pcmk_running) ]]; then + if [[ -n $(pcs status --full | grep $service) ]]; then + log_debug "$service found to be pcmk managed from pcs status" + echo "true" + fi + else + # if it is unknown to systemd, then it is pcmk managed + if [[ -n $(is_systemd_unknown $service) ]]; then + echo "true" + elif [[ -n $(grep_is_cluster_controlled $service) ]] ; then + echo "true" + fi + fi +} + +function is_managed { + local service=$1 + if [[ -n $(is_pacemaker_managed $service) || -n $(is_systemd_managed $service) ]]; then + echo "true" + fi +} + +function check_resource_systemd { + + if [ "$#" -ne 3 ]; then + echo_error "ERROR: check_resource function expects 3 parameters, $# given" + exit 1 fi + local service=$1 + local state=$2 + local timeout=$3 + local check_interval=3 + + if [ "$state" = "stopped" ]; then + match_for_incomplete='active' + else # started + match_for_incomplete='inactive' + fi + + log_debug "Going to check_resource_systemd for $service to be $state" + + #sanity check is systemd managed: + if [[ -z $(is_systemd_managed $service) ]]; then + echo "ERROR - $service not found to be systemd managed." + exit 1 + fi + + tstart=$(date +%s) + tend=$(( $tstart + $timeout )) + while (( $(date +%s) < $tend )); do + if [[ "$(systemctl is-active $service)" = $match_for_incomplete ]]; then + echo "$service not yet $state, sleeping $check_interval seconds." + sleep $check_interval + else + echo "$service is $state" + return + fi + done + + echo "Timed out waiting for $service to go to $state after $timeout seconds" + exit 1 +} + + +function check_resource { + local service=$1 + local pcmk_managed=$(is_pacemaker_managed $service) + local systemd_managed=$(is_systemd_managed $service) + + if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then + log_debug "ERROR $service managed by both systemd and pcmk - SKIPPING" + return + fi + + if [[ -n $pcmk_managed ]]; then + check_resource_pacemaker $@ + return + elif [[ -n $systemd_managed ]]; then + check_resource_systemd $@ + return + fi + log_debug "ERROR cannot check_resource for $service, not managed here?" +} + +function manage_systemd_service { + local action=$1 + local service=$2 + log_debug "Going to systemctl $action $service" + systemctl $action $service +} + +function manage_pacemaker_service { + local action=$1 + local service=$2 + # not if pacemaker isn't running! + if [[ -z $(pcmk_running) ]]; then + echo "$(facter hostname) pacemaker not active, skipping $action $service here" + elif [[ -n $(is_bootstrap_node) ]]; then + log_debug "Going to pcs resource $action $service" + pcs resource $action $service + fi +} + +function stop_or_disable_service { + local service=$1 + local pcmk_managed=$(is_pacemaker_managed $service) + local systemd_managed=$(is_systemd_managed $service) + + if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then + log_debug "Skipping stop_or_disable $service due to management conflict" + return + fi + + log_debug "Stopping or disabling $service" + if [[ -n $pcmk_managed ]]; then + manage_pacemaker_service disable $service + return + elif [[ -n $systemd_managed ]]; then + manage_systemd_service stop $service + return + fi + log_debug "ERROR: $service not managed here?" +} + +function start_or_enable_service { + local service=$1 + local pcmk_managed=$(is_pacemaker_managed $service) + local systemd_managed=$(is_systemd_managed $service) + + if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then + log_debug "Skipping start_or_enable $service due to management conflict" + return + fi + + log_debug "Starting or enabling $service" + if [[ -n $pcmk_managed ]]; then + manage_pacemaker_service enable $service + return + elif [[ -n $systemd_managed ]]; then + manage_systemd_service start $service + return + fi + log_debug "ERROR $service not managed here?" +} + +function restart_service { + local service=$1 + local pcmk_managed=$(is_pacemaker_managed $service) + local systemd_managed=$(is_systemd_managed $service) + + if [[ -n $pcmk_managed && -n $systemd_managed ]] ; then + log_debug "ERROR $service managed by both systemd and pcmk - SKIPPING" + return + fi + + log_debug "Restarting $service" + if [[ -n $pcmk_managed ]]; then + manage_pacemaker_service restart $service + return + elif [[ -n $systemd_managed ]]; then + manage_systemd_service restart $service + return + fi + log_debug "ERROR $service not managed here?" } function echo_error { echo "$@" | tee /dev/fd2 } +# swift is a special case because it is/was never handled by pacemaker +# when stand-alone swift is used, only swift-proxy is running on controllers function systemctl_swift { services=( openstack-swift-account-auditor openstack-swift-account-reaper openstack-swift-account-replicator openstack-swift-account \ openstack-swift-container-auditor openstack-swift-container-replicator openstack-swift-container-updater openstack-swift-container \ openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object openstack-swift-proxy ) - action=$1 + local action=$1 case $action in stop) - services=$(systemctl | grep swift | grep running | awk '{print $1}') + services=$(systemctl | grep openstack-swift- | grep running | awk '{print $1}') ;; start) enable_swift_storage=$(hiera -c /etc/puppet/hiera.yaml 'enable_swift_storage') @@ -54,9 +289,11 @@ function systemctl_swift { services=( openstack-swift-proxy ) fi ;; - *) services=() ;; # for safetly, should never happen + *) echo "Unknown action $action passed to systemctl_swift" + exit 1 + ;; # shouldn't ever happen... esac - for S in ${services[@]}; do - systemctl $action $S + for service in ${services[@]}; do + manage_systemd_service $action $service done } diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh index b2e5be16..3da7efec 100755 --- a/extraconfig/tasks/pacemaker_resource_restart.sh +++ b/extraconfig/tasks/pacemaker_resource_restart.sh @@ -2,37 +2,24 @@ set -eux -pacemaker_status=$(systemctl is-active pacemaker) - # Run if pacemaker is running, we're the bootstrap node, # and we're updating the deployment (not creating). -if [ "$pacemaker_status" = "active" -a \ - "$(hiera bootstrap_nodeid)" = "$(facter hostname)" -a \ - "$(hiera stack_action)" = "UPDATE" ]; then - - #ensure neutron constraints like - #https://review.openstack.org/#/c/245093/ - if pcs constraint order show | grep "start neutron-server-clone then start neutron-ovs-cleanup-clone"; then - pcs constraint remove order-neutron-server-clone-neutron-ovs-cleanup-clone-mandatory - fi - - pcs resource disable httpd - check_resource httpd stopped 300 - pcs resource disable openstack-core - check_resource openstack-core stopped 1800 - - if pcs status | grep haproxy-clone; then - pcs resource restart haproxy-clone - fi - pcs resource restart redis-master - pcs resource restart mongod-clone - pcs resource restart rabbitmq-clone - pcs resource restart memcached-clone - pcs resource restart galera-master - - pcs resource enable openstack-core - check_resource openstack-core started 1800 - pcs resource enable httpd - check_resource httpd started 800 - +if [[ -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then + + TIMEOUT=600 + SERVICES_TO_RESTART="$(ls /var/lib/tripleo/pacemaker-restarts)" + PCS_STATUS_OUTPUT="$(pcs status)" + + for service in $SERVICES_TO_RESTART; do + if ! echo "$PCS_STATUS_OUTPUT" | grep $service; then + echo "Service $service not found as a pacemaker resource, cannot restart it." + exit 1 + fi + done + + for service in $SERVICES_TO_RESTART; do + echo "Restarting $service..." + pcs resource restart --wait=$TIMEOUT $service + rm -f /var/lib/tripleo/pacemaker-restarts/$service + done fi diff --git a/extraconfig/tasks/post_puppet_pacemaker.yaml b/extraconfig/tasks/post_puppet_pacemaker.yaml index fbed9ce5..b62502f8 100644 --- a/extraconfig/tasks/post_puppet_pacemaker.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker.yaml @@ -29,20 +29,9 @@ resources: config: {get_resource: ControllerPostPuppetMaintenanceModeConfig} input_values: {get_param: input_values} - ControllerPostPuppetRestartConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - get_file: pacemaker_common_functions.sh - - get_file: pacemaker_resource_restart.sh - - ControllerPostPuppetRestartDeployment: - type: OS::Heat::SoftwareDeployments + ControllerPostPuppetRestart: + type: OS::TripleO::Tasks::ControllerPostPuppetRestart depends_on: ControllerPostPuppetMaintenanceModeDeployment properties: servers: {get_param: servers} - config: {get_resource: ControllerPostPuppetRestartConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml new file mode 100644 index 00000000..52760c87 --- /dev/null +++ b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2014-10-16 +description: 'Post-Puppet restart config for Pacemaker deployments' + +parameters: + servers: + type: json + input_values: + type: json + description: input values for the software deployments + +resources: + + ControllerPostPuppetRestartConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: pacemaker_resource_restart.sh + + ControllerPostPuppetRestartDeployment: + type: OS::Heat::SoftwareDeployments + properties: + servers: {get_param: servers} + config: {get_resource: ControllerPostPuppetRestartConfig} + input_values: {get_param: input_values} diff --git a/firstboot/os-net-config-mappings.yaml b/firstboot/os-net-config-mappings.yaml new file mode 100644 index 00000000..833c3bc2 --- /dev/null +++ b/firstboot/os-net-config-mappings.yaml @@ -0,0 +1,65 @@ +heat_template_version: 2015-10-15 + +description: > + Configure os-net-config mappings for specific nodes + Your environment file needs to look like: + parameter_defaults: + NetConfigDataLookup: + node1: + nic1: "00:c8:7c:e6:f0:2e" + node2: + nic1: "00:18:7d:99:0c:b6" + This will result in the first nodeN entry where a mac matches a + local device being written as a mapping file for os-net-config in + /etc/os-net-config/mapping.yaml + +parameters: + # Note this requires a liberty heat or newer in the undercloud due to + # the 2015-10-15 (which is required to enable str_replace serializing + # the json parameter to json, another approch with a string parameter + # will be required for older heat versions) + NetConfigDataLookup: + type: json + default: {} + description: per-node configuration map + +resources: + userdata: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: OsNetConfigMappings} + + OsNetConfigMappings: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: | + #!/bin/sh + eth_addr=$(/sbin/ifconfig eth0 | grep ether | awk '{print $2}') + mkdir -p /etc/os-net-config + + # Create an os-net-config mapping file, note this defaults to + # /etc/os-net-config/mapping.yaml, so we use that name despite + # rendering the result as json + echo '$node_lookup' | python -c " + import json + import sys + import yaml + input = sys.stdin.readline() or '{}' + data = json.loads(input) + for node in data: + if '${eth_addr}' in data[node].values(): + interface_mapping = {'interface_mapping': data[node]} + with open('/etc/os-net-config/mapping.yaml', 'w') as f: + yaml.safe_dump(interface_mapping, f, default_flow_style=False) + break + " + params: + $node_lookup: {get_param: NetConfigDataLookup} + +outputs: + OS::stack_id: + value: {get_resource: userdata} diff --git a/net-config-bond.yaml b/net-config-bond.yaml index 0a162e77..ec881bdc 100644 --- a/net-config-bond.yaml +++ b/net-config-bond.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: > Software Config to drive os-net-config with 2 bonded nics on a bridge. @@ -6,9 +6,15 @@ description: > parameters: BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: | + The ovs_options string for the bond interface. Set things like + lacp=active and/or bond_mode=balance-slb using this option. type: string + constraints: + - allowed_pattern: "^((?!balance.tcp).)*$" + description: | + The balance-tcp bond mode is known to cause packet loss and + should not be used in BondInterfaceOvsOptions. ControlPlaneIp: default: '' description: IP address/subnet on the ctlplane network diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml new file mode 100644 index 00000000..6dbe5982 --- /dev/null +++ b/net-config-static-bridge-with-external-dhcp.yaml @@ -0,0 +1,99 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config for a simple bridge configured + with a static IP address for the ctlplane network. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: + default: '' + description: IP address/subnet on the management network + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: ovs_bridge + name: {get_input: bridge_name} + use_dhcp: true + members: + - + type: interface + name: {get_input: interface_name} + # force the MAC address of the bridge to this interface + primary: true + - + type: interface + # would like to do the following, but can't b/c of: + # https://bugs.launchpad.net/heat/+bug/1344284 + # name: + # list_join: + # - '/' + # - - {get_input: bridge_name} + # - ':0' + # So, just hardcode to br-ex:0 for now, br-ex is hardcoded in + # controller.yaml anyway. + name: br-ex:0 + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml index 93db8666..9f537c02 100644 --- a/network/config/bond-with-vlans/ceph-storage.yaml +++ b/network/config/bond-with-vlans/ceph-storage.yaml @@ -38,6 +38,19 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + constraints: + - allowed_pattern: "^((?!balance.tcp).)*$" + description: | + The balance-tcp bond mode is known to cause packet loss and + should not be used in BondInterfaceOvsOptions. + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number StorageNetworkVlanID: default: 30 description: Vlan ID for the storage network traffic. @@ -46,6 +59,10 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number ManagementNetworkVlanID: default: 60 description: Vlan ID for the management network traffic. @@ -57,6 +74,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -123,6 +148,8 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # device: bond1 @@ -130,6 +157,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml index bea98c19..b4d71fa3 100644 --- a/network/config/bond-with-vlans/cinder-storage.yaml +++ b/network/config/bond-with-vlans/cinder-storage.yaml @@ -38,6 +38,15 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + constraints: + - allowed_pattern: "^((?!balance.tcp).)*$" + description: | + The balance-tcp bond mode is known to cause packet loss and + should not be used in BondInterfaceOvsOptions. + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -50,6 +59,10 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number ManagementNetworkVlanID: default: 60 description: Vlan ID for the management network traffic. @@ -61,6 +74,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -134,6 +155,8 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # device: bond1 @@ -141,6 +164,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/compute-dpdk.yaml b/network/config/bond-with-vlans/compute-dpdk.yaml new file mode 100644 index 00000000..3fc764be --- /dev/null +++ b/network/config/bond-with-vlans/compute-dpdk.yaml @@ -0,0 +1,192 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config with 2 bonded nics on a bridge + with VLANs attached for the compute role. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + BondInterfaceOvsOptions: + default: '' + description: The ovs_options string for the bond interface. Set things like + lacp=active and/or bond_mode=balance-slb using this option. + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: interface + name: nic1 + use_dhcp: false + dns_servers: {get_param: DnsServers} + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} + - + type: ovs_bridge + name: {get_input: bridge_name} + members: + - + type: ovs_bond + name: bond1 + ovs_options: {get_param: BondInterfaceOvsOptions} + members: + - + type: interface + name: nic2 + primary: true + - + type: interface + name: nic3 + - + type: vlan + device: bond1 + vlan_id: {get_param: InternalApiNetworkVlanID} + addresses: + - + ip_netmask: {get_param: InternalApiIpSubnet} + - + type: vlan + device: bond1 + vlan_id: {get_param: StorageNetworkVlanID} + addresses: + - + ip_netmask: {get_param: StorageIpSubnet} + - + type: vlan + device: bond1 + vlan_id: {get_param: TenantNetworkVlanID} + addresses: + - + ip_netmask: {get_param: TenantIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: vlan + # device: bond1 + # vlan_id: {get_param: ManagementNetworkVlanID} + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} + - + type: ovs_user_bridge + name: br-link + members: + - + type: ovs_dpdk_bond + name: dpdkbond0 + members: + - + type: ovs_dpdk_port + name: dpdk0 + members: + - + type: interface + name: nic4 + - + type: ovs_dpdk_port + name: dpdk1 + members: + - + type: interface + name: nic5 + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml index 774bf02d..b2cfb0a2 100644 --- a/network/config/bond-with-vlans/compute.yaml +++ b/network/config/bond-with-vlans/compute.yaml @@ -38,6 +38,15 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + constraints: + - allowed_pattern: "^((?!balance.tcp).)*$" + description: | + The balance-tcp bond mode is known to cause packet loss and + should not be used in BondInterfaceOvsOptions. + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -46,6 +55,10 @@ parameters: default: 30 description: Vlan ID for the storage network traffic. type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number TenantNetworkVlanID: default: 50 description: Vlan ID for the tenant network traffic. @@ -61,6 +74,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -134,6 +155,8 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # device: bond1 @@ -141,6 +164,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml index d9532439..4c3e59fa 100644 --- a/network/config/bond-with-vlans/controller-no-external.yaml +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -38,6 +38,11 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + constraints: + - allowed_pattern: "^((?!balance.tcp).)*$" + description: | + The balance-tcp bond mode is known to cause packet loss and + should not be used in BondInterfaceOvsOptions. ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -62,10 +67,17 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string ExternalInterfaceDefaultRoute: default: '10.0.0.1' description: default route for the external network type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -102,6 +114,9 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} - type: ovs_bridge name: {get_input: bridge_name} @@ -148,6 +163,8 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # device: bond1 @@ -155,6 +172,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml index 7869ebfc..1361d969 100644 --- a/network/config/bond-with-vlans/controller-v6.yaml +++ b/network/config/bond-with-vlans/controller-v6.yaml @@ -40,6 +40,11 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + constraints: + - allowed_pattern: "^((?!balance.tcp).)*$" + description: | + The balance-tcp bond mode is known to cause packet loss and + should not be used in BondInterfaceOvsOptions. ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -64,10 +69,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -75,6 +76,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -106,6 +115,7 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + # IPv4 Default Route - default: true next_hop: {get_param: ControlPlaneDefaultRoute} @@ -134,6 +144,7 @@ resources: - ip_netmask: {get_param: ExternalIpSubnet} routes: + # IPv6 Default Route - default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} @@ -166,6 +177,9 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. #- # type: vlan # device: bond1 @@ -173,6 +187,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index d3627ead..677c90c5 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -38,6 +38,11 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + constraints: + - allowed_pattern: "^((?!balance.tcp).)*$" + description: | + The balance-tcp bond mode is known to cause packet loss and + should not be used in BondInterfaceOvsOptions. ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -62,10 +67,17 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string ExternalInterfaceDefaultRoute: default: '10.0.0.1' description: default route for the external network type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -158,6 +170,9 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. #- # type: vlan # device: bond1 @@ -165,6 +180,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml index de9121e5..e16d6b6e 100644 --- a/network/config/bond-with-vlans/swift-storage.yaml +++ b/network/config/bond-with-vlans/swift-storage.yaml @@ -38,6 +38,15 @@ parameters: description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using this option. type: string + constraints: + - allowed_pattern: "^((?!balance.tcp).)*$" + description: | + The balance-tcp bond mode is known to cause packet loss and + should not be used in BondInterfaceOvsOptions. + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -50,6 +59,10 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number ManagementNetworkVlanID: default: 60 description: Vlan ID for the management network traffic. @@ -61,6 +74,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -134,6 +155,8 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # device: bond1 @@ -141,6 +164,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml index 84cb0f12..c31c6e65 100644 --- a/network/config/multiple-nics/ceph-storage.yaml +++ b/network/config/multiple-nics/ceph-storage.yaml @@ -57,10 +57,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -68,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -118,6 +122,8 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: interface # name: nic7 @@ -125,6 +131,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml index 0b0218c5..4f8b7f64 100644 --- a/network/config/multiple-nics/cinder-storage.yaml +++ b/network/config/multiple-nics/cinder-storage.yaml @@ -57,10 +57,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -68,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -125,6 +129,8 @@ resources: - ip_netmask: {get_param: InternalApiIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: interface # name: nic7 @@ -132,6 +138,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index 97eef52b..77514745 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -57,10 +57,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -68,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -133,6 +137,8 @@ resources: # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: interface # name: nic7 @@ -140,6 +146,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml index b69879fb..da1f95f1 100644 --- a/network/config/multiple-nics/controller-v6.yaml +++ b/network/config/multiple-nics/controller-v6.yaml @@ -59,10 +59,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -70,6 +66,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -102,6 +106,7 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + # IPv4 Default Route - default: true next_hop: {get_param: ControlPlaneDefaultRoute} @@ -150,6 +155,7 @@ resources: - ip_netmask: {get_param: ExternalIpSubnet} routes: + # IPv6 Default Route - default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} @@ -160,6 +166,9 @@ resources: # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. #- # type: interface # name: nic7 @@ -167,6 +176,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml index 377fd116..7a1f9e5f 100644 --- a/network/config/multiple-nics/controller.yaml +++ b/network/config/multiple-nics/controller.yaml @@ -57,10 +57,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -68,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -155,6 +159,9 @@ resources: # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. #- # type: interface # name: nic7 @@ -162,6 +169,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml index b75bbd6e..05083105 100644 --- a/network/config/multiple-nics/swift-storage.yaml +++ b/network/config/multiple-nics/swift-storage.yaml @@ -57,10 +57,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -68,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -125,6 +129,8 @@ resources: - ip_netmask: {get_param: InternalApiIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: interface # name: nic7 @@ -132,6 +138,10 @@ resources: # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml index a46d7e20..fc8e8b6f 100644 --- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml @@ -29,6 +29,18 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number StorageNetworkVlanID: default: 30 description: Vlan ID for the storage network traffic. @@ -37,6 +49,14 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -44,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -99,6 +127,20 @@ resources: addresses: - ip_netmask: {get_param: StorageMgmtIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: br-storage + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml index 08613a3b..6fb247ed 100644 --- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml @@ -29,6 +29,14 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -41,6 +49,14 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -48,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -110,6 +134,20 @@ resources: addresses: - ip_netmask: {get_param: StorageMgmtIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: br-storage + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml index b6522c67..e31720d8 100644 --- a/network/config/single-nic-linux-bridge-vlans/compute.yaml +++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml @@ -29,6 +29,14 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -37,10 +45,18 @@ parameters: default: 30 description: Vlan ID for the storage network traffic. type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number TenantNetworkVlanID: default: 50 description: Vlan ID for the tenant network traffic. type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -48,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -81,7 +105,6 @@ resources: ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} - - ip_netmask: 0.0.0.0/0 default: true next_hop: {get_param: ControlPlaneDefaultRoute} members: @@ -111,6 +134,20 @@ resources: addresses: - ip_netmask: {get_param: TenantIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: {get_input: bridge_name} + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml new file mode 100644 index 00000000..80125149 --- /dev/null +++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml @@ -0,0 +1,178 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config to configure VLANs for the + controller role with IPv6 on the External network. The IPv6 default + route is on the External network, and the IPv4 default route is on + the Control Plane. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: linux_bridge + name: {get_input: bridge_name} + use_dhcp: false + dns_servers: {get_param: DnsServers} + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + # IPv4 Default Route + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} + members: + - + type: interface + name: {get_input: interface_name} + # force the MAC address of the bridge to this interface + primary: true + - + type: vlan + vlan_id: {get_param: ExternalNetworkVlanID} + device: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: ExternalIpSubnet} + routes: + # IPv6 Default Route + - + default: true + next_hop: {get_param: ExternalInterfaceDefaultRoute} + - + type: vlan + vlan_id: {get_param: InternalApiNetworkVlanID} + device: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: InternalApiIpSubnet} + - + type: vlan + vlan_id: {get_param: StorageNetworkVlanID} + device: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: StorageIpSubnet} + - + type: vlan + vlan_id: {get_param: StorageMgmtNetworkVlanID} + device: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: StorageMgmtIpSubnet} + - + type: vlan + vlan_id: {get_param: TenantNetworkVlanID} + device: {get_input: bridge_name} + addresses: + - + ip_netmask: {get_param: TenantIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: {get_input: bridge_name} + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml index 72105481..aef5d4e3 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml @@ -29,6 +29,10 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -49,10 +53,21 @@ parameters: default: 50 description: Vlan ID for the tenant network traffic. type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string ExternalInterfaceDefaultRoute: default: '10.0.0.1' description: default route for the external network type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -64,9 +79,6 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - ControlPlaneDefaultRoute: # Override this via parameter_defaults - description: The default route of the control plane network. - type: string resources: OsNetConfigImpl: @@ -92,8 +104,8 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + # IPv4 Default Route - - ip_netmask: 0.0.0.0/0 default: true next_hop: {get_param: ControlPlaneDefaultRoute} members: @@ -110,8 +122,8 @@ resources: - ip_netmask: {get_param: ExternalIpSubnet} routes: + # IPv6 Default Route - - ip_netmask: 0.0.0.0/0 default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} - @@ -142,6 +154,21 @@ resources: addresses: - ip_netmask: {get_param: TenantIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: {get_input: bridge_name} + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml index 962b9890..a5d2f966 100644 --- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml @@ -29,6 +29,14 @@ parameters: default: '' description: IP address/subnet on the tenant network type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number InternalApiNetworkVlanID: default: 20 description: Vlan ID for the internal_api network traffic. @@ -41,6 +49,14 @@ parameters: default: 40 description: Vlan ID for the storage mgmt network traffic. type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -48,6 +64,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -110,6 +134,20 @@ resources: addresses: - ip_netmask: {get_param: StorageMgmtIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: br-storage + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml index 80bc32d3..6fa288af 100644 --- a/network/config/single-nic-vlans/ceph-storage.yaml +++ b/network/config/single-nic-vlans/ceph-storage.yaml @@ -52,6 +52,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -106,12 +114,18 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml index e509443a..d1135776 100644 --- a/network/config/single-nic-vlans/cinder-storage.yaml +++ b/network/config/single-nic-vlans/cinder-storage.yaml @@ -56,6 +56,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -116,12 +124,18 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml index 8cf6825d..bd3cef34 100644 --- a/network/config/single-nic-vlans/compute.yaml +++ b/network/config/single-nic-vlans/compute.yaml @@ -56,6 +56,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -116,12 +124,18 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml index eb5e1e5a..8e8b0f5d 100644 --- a/network/config/single-nic-vlans/controller-no-external.yaml +++ b/network/config/single-nic-vlans/controller-no-external.yaml @@ -5,6 +5,10 @@ description: > controller role. No external IP is configured. parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string ExternalIpSubnet: default: '' description: IP address/subnet on the external network @@ -53,10 +57,28 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string ExternalInterfaceDefaultRoute: default: '10.0.0.1' description: default route for the external network type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string resources: OsNetConfigImpl: @@ -69,7 +91,22 @@ resources: - type: ovs_bridge name: {get_input: bridge_name} - use_dhcp: true + use_dhcp: false + dns_servers: {get_param: DnsServers} + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} members: - type: interface @@ -101,12 +138,18 @@ resources: - ip_netmask: {get_param: TenantIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml index 472e539d..ecbf2efb 100644 --- a/network/config/single-nic-vlans/controller-v6.yaml +++ b/network/config/single-nic-vlans/controller-v6.yaml @@ -59,10 +59,6 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -70,6 +66,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: + default: '10.0.0.1' + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -102,6 +106,7 @@ resources: - ip_netmask: 169.254.169.254/32 next_hop: {get_param: EC2MetadataIp} + # IPv4 Default Route - default: true next_hop: {get_param: ControlPlaneDefaultRoute} @@ -115,9 +120,10 @@ resources: type: vlan vlan_id: {get_param: ExternalNetworkVlanID} addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - + ip_netmask: {get_param: ExternalIpSubnet} routes: + # IPv6 Default Route - default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} @@ -145,12 +151,20 @@ resources: addresses: - ip_netmask: {get_param: TenantIpSubnet} - #- # Uncomment when including environments/network-management.yaml + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml index a5a0745d..c5979a89 100644 --- a/network/config/single-nic-vlans/controller.yaml +++ b/network/config/single-nic-vlans/controller.yaml @@ -57,10 +57,17 @@ parameters: default: 60 description: Vlan ID for the management network traffic. type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string ExternalInterfaceDefaultRoute: default: '10.0.0.1' description: default route for the external network type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string ControlPlaneSubnetCidr: # Override this via parameter_defaults default: '24' description: The subnet CIDR of the control plane network. @@ -137,12 +144,20 @@ resources: addresses: - ip_netmask: {get_param: TenantIpSubnet} - #- # Uncomment when including environments/network-management.yaml + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml index efc03393..7b06580c 100644 --- a/network/config/single-nic-vlans/swift-storage.yaml +++ b/network/config/single-nic-vlans/swift-storage.yaml @@ -56,6 +56,14 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string DnsServers: # Override this via parameter_defaults default: [] description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. @@ -116,12 +124,18 @@ resources: - ip_netmask: {get_param: StorageMgmtIpSubnet} # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/endpoints/build_endpoint_map.py b/network/endpoints/build_endpoint_map.py index d8cdee3d..964f58f7 100755 --- a/network/endpoints/build_endpoint_map.py +++ b/network/endpoints/build_endpoint_map.py @@ -30,7 +30,9 @@ import yaml (IN_FILE, OUT_FILE) = ('endpoint_data.yaml', 'endpoint_map.yaml') SUBST = (SUBST_IP_ADDRESS, SUBST_CLOUDNAME) = ('IP_ADDRESS', 'CLOUDNAME') -PARAMS = (PARAM_CLOUDNAME, PARAM_ENDPOINTMAP) = ('CloudName', 'EndpointMap') +PARAMS = (PARAM_CLOUD_ENDPOINTS, PARAM_ENDPOINTMAP, PARAM_NETIPMAP, + PARAM_SERVICENETMAP) = ( + 'CloudEndpoints', 'EndpointMap', 'NetIpMap', 'ServiceNetMap') FIELDS = (F_PORT, F_PROTOCOL, F_HOST) = ('port', 'protocol', 'host') ENDPOINT_TYPES = frozenset(['Internal', 'Public', 'Admin']) @@ -56,16 +58,8 @@ def load_endpoint_data(infile=None): return yaml.safe_load(f) -def vip_param_name(endpoint_type_defn): - return endpoint_type_defn['vip_param'] + 'VirtualIP' - - -def vip_param_names(config): - def ep_types(svc): - return (v for k, v in svc.items() if k in ENDPOINT_TYPES or not k) - - return set(vip_param_name(defn) - for svc in config.values() for defn in ep_types(svc)) +def net_param_name(endpoint_type_defn): + return endpoint_type_defn['net_param'] + 'Network' def endpoint_map_default(config): @@ -91,9 +85,9 @@ def make_parameter(ptype, default, description=None): def template_parameters(config): - params = collections.OrderedDict((n, make_parameter('string', '')) - for n in sorted(vip_param_names(config))) - + params = collections.OrderedDict() + params[PARAM_NETIPMAP] = make_parameter('json', {}, 'The Net IP map') + params[PARAM_SERVICENETMAP] = make_parameter('json', {}, 'The Service Net map') params[PARAM_ENDPOINTMAP] = make_parameter('json', endpoint_map_default(config), 'Mapping of service endpoint ' @@ -101,17 +95,18 @@ def template_parameters(config): 'via parameter_defaults in the ' 'resource registry.') - params[PARAM_CLOUDNAME] = make_parameter('string', - 'overcloud', - 'The DNS name of this cloud. ' - 'e.g. ci-overcloud.tripleo.org') + params[PARAM_CLOUD_ENDPOINTS] = make_parameter( + 'json', + {}, + ('A map containing the DNS names for the different endpoints ' + '(external, internal_api, etc.)')) return params def template_output_definition(endpoint_name, endpoint_variant, endpoint_type, - vip_param, + net_param, uri_suffix=None, name_override=None): def extract_field(field): @@ -122,12 +117,36 @@ def template_output_definition(endpoint_name, port = extract_field(F_PORT) protocol = extract_field(F_PROTOCOL) + host_nobrackets = { + 'str_replace': collections.OrderedDict([ + ('template', extract_field(F_HOST)), + ('params', { + SUBST_IP_ADDRESS: {'get_param': + ['NetIpMap', + {'get_param': ['ServiceNetMap', + net_param]}]}, + SUBST_CLOUDNAME: {'get_param': + [PARAM_CLOUD_ENDPOINTS, + {'get_param': ['ServiceNetMap', + net_param]}]}, + }) + ]) + } host = { 'str_replace': collections.OrderedDict([ ('template', extract_field(F_HOST)), ('params', { - SUBST_IP_ADDRESS: {'get_param': vip_param}, - SUBST_CLOUDNAME: {'get_param': PARAM_CLOUDNAME}, + SUBST_IP_ADDRESS: {'get_param': + ['NetIpMap', + {'str_replace': + {'template': 'NETWORK_uri', + 'params': {'NETWORK': + {'get_param': ['ServiceNetMap', + net_param]}}}}]}, + SUBST_CLOUDNAME: {'get_param': + [PARAM_CLOUD_ENDPOINTS, + {'get_param': ['ServiceNetMap', + net_param]}]}, }) ]) } @@ -140,6 +159,7 @@ def template_output_definition(endpoint_name, endpoint_type) return name, { + 'host_nobrackets': host_nobrackets, 'host': host, 'port': extract_field('port'), 'protocol': extract_field('protocol'), @@ -160,10 +180,9 @@ def template_endpoint_items(config): {'': None}).items(): name_override = defn.get('names', {}).get(variant) yield template_output_definition(ep_name, variant, ep_type, - vip_param_name(defn), + net_param_name(defn), suffix, name_override) - return itertools.chain.from_iterable(sorted(get_svc_endpoints(ep_name, svc)) for (ep_name, diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index c76e1360..fb01925b 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -3,102 +3,105 @@ Aodh: Internal: - vip_param: AodhApi + net_param: AodhApi Public: - vip_param: Public + net_param: Public Admin: - vip_param: AodhApi + net_param: AodhApi port: 8042 Ceilometer: Internal: - vip_param: CeilometerApi + net_param: CeilometerApi Public: - vip_param: Public + net_param: Public Admin: - vip_param: CeilometerApi + net_param: CeilometerApi port: 8777 Gnocchi: Internal: - vip_param: GnocchiApi + net_param: GnocchiApi Public: - vip_param: Public + net_param: Public Admin: - vip_param: GnocchiApi + net_param: GnocchiApi port: 8041 Cinder: Internal: - vip_param: CinderApi + net_param: CinderApi uri_suffixes: '': /v1/%(tenant_id)s V2: /v2/%(tenant_id)s + V3: /v3/%(tenant_id)s Public: - vip_param: Public + net_param: Public uri_suffixes: '': /v1/%(tenant_id)s V2: /v2/%(tenant_id)s + V3: /v3/%(tenant_id)s Admin: - vip_param: CinderApi + net_param: CinderApi uri_suffixes: '': /v1/%(tenant_id)s V2: /v2/%(tenant_id)s + V3: /v3/%(tenant_id)s port: 8776 Glance: Internal: - vip_param: GlanceApi + net_param: GlanceApi Public: - vip_param: Public + net_param: Public Admin: - vip_param: GlanceApi + net_param: GlanceApi port: 9292 GlanceRegistry: Internal: - vip_param: GlanceRegistry + net_param: GlanceRegistry port: 9191 Mysql: Internal: - vip_param: Mysql + net_param: Mysql protocol: mysql+pymysql port: 3306 Heat: Internal: - vip_param: HeatApi + net_param: HeatApi uri_suffixes: '': /v1/%(tenant_id)s Public: - vip_param: Public + net_param: Public uri_suffixes: '': /v1/%(tenant_id)s Admin: - vip_param: HeatApi + net_param: HeatApi uri_suffixes: '': /v1/%(tenant_id)s port: 8004 HeatCfn: Internal: - vip_param: HeatApi + net_param: HeatApi uri_suffixes: '': /v1 Public: - vip_param: Public + net_param: Public uri_suffixes: '': /v1 Admin: - vip_param: HeatApi + net_param: HeatApi uri_suffixes: '': /v1 port: 8000 Horizon: Public: - vip_param: Public + net_param: Public uri_suffixes: '': /dashboard port: 80 @@ -107,7 +110,7 @@ Horizon: # Required for https://bugs.launchpad.net/puppet-nova/+bug/1542486 Keystone: Internal: - vip_param: KeystonePublicApi + net_param: KeystonePublicApi uri_suffixes: '': /v2.0 EC2: /v2.0/ec2tokens @@ -115,80 +118,128 @@ Keystone: names: EC2: KeystoneEC2 Public: - vip_param: Public + net_param: Public uri_suffixes: '': /v2.0 V3: /v3 Admin: - vip_param: KeystoneAdminApi + net_param: KeystoneAdminApi uri_suffixes: '': /v2.0 V3: /v3 port: 35357 port: 5000 +Manila: + Internal: + net_param: ManilaApi + uri_suffixes: + '': /v2/%(tenant_id)s + V1: /v1/%(tenant_id)s + Public: + net_param: Public + uri_suffixes: + '': /v2/%(tenant_id)s + V1: /v1/%(tenant_id)s + Admin: + net_param: ManilaApi + uri_suffixes: + '': /v2/%(tenant_id)s + V1: /v1/%(tenant_id)s + port: 8786 + Neutron: Internal: - vip_param: NeutronApi + net_param: NeutronApi Public: - vip_param: Public + net_param: Public Admin: - vip_param: NeutronApi + net_param: NeutronApi port: 9696 Nova: Internal: - vip_param: NovaApi + net_param: NovaApi uri_suffixes: - '': /v2.1/%(tenant_id)s + '': /v2.1 Public: - vip_param: Public + net_param: Public uri_suffixes: - '': /v2.1/%(tenant_id)s + '': /v2.1 Admin: - vip_param: NovaApi + net_param: NovaApi uri_suffixes: - '': /v2.1/%(tenant_id)s + '': /v2.1 port: 8774 NovaVNCProxy: Internal: - vip_param: NovaApi + net_param: NovaApi Public: - vip_param: Public + net_param: Public Admin: - vip_param: NovaApi + net_param: NovaApi port: 6080 Swift: Internal: - vip_param: SwiftProxy + net_param: SwiftProxy uri_suffixes: '': /v1/AUTH_%(tenant_id)s S3: Public: - vip_param: Public + net_param: Public uri_suffixes: '': /v1/AUTH_%(tenant_id)s S3: Admin: - vip_param: SwiftProxy + net_param: SwiftProxy uri_suffixes: '': S3: port: 8080 +CephRgw: + Internal: + net_param: CephRgw + uri_suffixes: + '': /swift/v1 + Public: + net_param: Public + uri_suffixes: + '': /swift/v1 + Admin: + net_param: CephRgw + uri_suffixes: + '': /swift/v1 + port: 8080 + Sahara: Internal: - vip_param: SaharaApi + net_param: SaharaApi uri_suffixes: '': /v1.1/%(tenant_id)s Public: - vip_param: Public + net_param: Public uri_suffixes: '': /v1.1/%(tenant_id)s Admin: - vip_param: SaharaApi + net_param: SaharaApi uri_suffixes: '': /v1.1/%(tenant_id)s port: 8386 + +Ironic: + Internal: + net_param: IronicApi + uri_suffixes: + '': /v1 + Public: + net_param: Public + uri_suffixes: + '': /v1 + Admin: + net_param: IronicApi + uri_suffixes: + '': /v1 + port: 6385 diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index fbfa0a15..734b6431 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -8,21 +8,14 @@ description: A map of OpenStack endpoints. Since the endpoints are URLs, parameters come from net_ip_uri_map, which will include these brackets in IPv6 addresses. parameters: - AodhApiVirtualIP: {type: string, default: ''} - CeilometerApiVirtualIP: {type: string, default: ''} - CinderApiVirtualIP: {type: string, default: ''} - GlanceApiVirtualIP: {type: string, default: ''} - GlanceRegistryVirtualIP: {type: string, default: ''} - GnocchiApiVirtualIP: {type: string, default: ''} - HeatApiVirtualIP: {type: string, default: ''} - KeystoneAdminApiVirtualIP: {type: string, default: ''} - KeystonePublicApiVirtualIP: {type: string, default: ''} - MysqlVirtualIP: {type: string, default: ''} - NeutronApiVirtualIP: {type: string, default: ''} - NovaApiVirtualIP: {type: string, default: ''} - PublicVirtualIP: {type: string, default: ''} - SaharaApiVirtualIP: {type: string, default: ''} - SwiftProxyVirtualIP: {type: string, default: ''} + NetIpMap: + type: json + default: {} + description: The Net IP map + ServiceNetMap: + type: json + default: {} + description: The Service Net map EndpointMap: type: json default: @@ -32,6 +25,9 @@ parameters: CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS} + CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} + CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS} + CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS} CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS} CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS} CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS} @@ -49,9 +45,15 @@ parameters: HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS} HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS} HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS} + IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS} + IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS} + IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS} KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} + ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} @@ -70,8 +72,11 @@ parameters: SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. - CloudName: {type: string, default: overcloud, description: The DNS name - of this cloud. e.g. ci-overcloud.tripleo.org} + CloudEndpoints: + type: json + default: {} + description: A map containing the DNS names for the different endpoints + (external, internal_api, etc.) outputs: endpoint_map: value: @@ -81,8 +86,31 @@ outputs: template: get_param: [EndpointMap, AodhAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: AodhApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, AodhApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, AodhApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, AodhAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, AodhApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, AodhApiNetwork] port: get_param: [EndpointMap, AodhAdmin, port] protocol: @@ -96,8 +124,18 @@ outputs: template: get_param: [EndpointMap, AodhAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: AodhApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, AodhApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, AodhApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, AodhAdmin, port] uri_no_suffix: @@ -109,8 +147,18 @@ outputs: template: get_param: [EndpointMap, AodhAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: AodhApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, AodhApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, AodhApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, AodhAdmin, port] AodhInternal: @@ -119,8 +167,31 @@ outputs: template: get_param: [EndpointMap, AodhInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: AodhApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, AodhApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, AodhApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, AodhInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, AodhApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, AodhApiNetwork] port: get_param: [EndpointMap, AodhInternal, port] protocol: @@ -134,8 +205,18 @@ outputs: template: get_param: [EndpointMap, AodhInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: AodhApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, AodhApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, AodhApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, AodhInternal, port] uri_no_suffix: @@ -147,8 +228,18 @@ outputs: template: get_param: [EndpointMap, AodhInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: AodhApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, AodhApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, AodhApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, AodhInternal, port] AodhPublic: @@ -157,8 +248,31 @@ outputs: template: get_param: [EndpointMap, AodhPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, AodhPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, AodhPublic, port] protocol: @@ -172,8 +286,18 @@ outputs: template: get_param: [EndpointMap, AodhPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, AodhPublic, port] uri_no_suffix: @@ -185,8 +309,18 @@ outputs: template: get_param: [EndpointMap, AodhPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, AodhPublic, port] CeilometerAdmin: @@ -195,8 +329,31 @@ outputs: template: get_param: [EndpointMap, CeilometerAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CeilometerApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CeilometerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CeilometerApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CeilometerAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CeilometerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CeilometerApiNetwork] port: get_param: [EndpointMap, CeilometerAdmin, port] protocol: @@ -210,8 +367,18 @@ outputs: template: get_param: [EndpointMap, CeilometerAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CeilometerApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CeilometerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CeilometerApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CeilometerAdmin, port] uri_no_suffix: @@ -223,8 +390,18 @@ outputs: template: get_param: [EndpointMap, CeilometerAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CeilometerApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CeilometerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CeilometerApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CeilometerAdmin, port] CeilometerInternal: @@ -233,8 +410,31 @@ outputs: template: get_param: [EndpointMap, CeilometerInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CeilometerApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CeilometerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CeilometerApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CeilometerInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CeilometerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CeilometerApiNetwork] port: get_param: [EndpointMap, CeilometerInternal, port] protocol: @@ -248,8 +448,18 @@ outputs: template: get_param: [EndpointMap, CeilometerInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CeilometerApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CeilometerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CeilometerApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CeilometerInternal, port] uri_no_suffix: @@ -261,8 +471,18 @@ outputs: template: get_param: [EndpointMap, CeilometerInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CeilometerApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CeilometerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CeilometerApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CeilometerInternal, port] CeilometerPublic: @@ -271,8 +491,31 @@ outputs: template: get_param: [EndpointMap, CeilometerPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CeilometerPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, CeilometerPublic, port] protocol: @@ -286,8 +529,18 @@ outputs: template: get_param: [EndpointMap, CeilometerPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CeilometerPublic, port] uri_no_suffix: @@ -299,18 +552,297 @@ outputs: template: get_param: [EndpointMap, CeilometerPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CeilometerPublic, port] + CephRgwAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, CephRgwAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CephRgwAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CephRgwNetwork] + port: + get_param: [EndpointMap, CephRgwAdmin, port] + protocol: + get_param: [EndpointMap, CephRgwAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwAdmin, port] + - /swift/v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwAdmin, port] + CephRgwInternal: + host: + str_replace: + template: + get_param: [EndpointMap, CephRgwInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CephRgwInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CephRgwNetwork] + port: + get_param: [EndpointMap, CephRgwInternal, port] + protocol: + get_param: [EndpointMap, CephRgwInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwInternal, port] + - /swift/v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CephRgwNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CephRgwNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwInternal, port] + CephRgwPublic: + host: + str_replace: + template: + get_param: [EndpointMap, CephRgwPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CephRgwPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, CephRgwPublic, port] + protocol: + get_param: [EndpointMap, CephRgwPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwPublic, port] + - /swift/v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CephRgwPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CephRgwPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CephRgwPublic, port] CinderAdmin: host: str_replace: template: get_param: [EndpointMap, CinderAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CinderAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CinderApiNetwork] port: get_param: [EndpointMap, CinderAdmin, port] protocol: @@ -324,8 +856,18 @@ outputs: template: get_param: [EndpointMap, CinderAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderAdmin, port] - /v1/%(tenant_id)s @@ -338,8 +880,18 @@ outputs: template: get_param: [EndpointMap, CinderAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderAdmin, port] CinderInternal: @@ -348,8 +900,31 @@ outputs: template: get_param: [EndpointMap, CinderInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CinderInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CinderApiNetwork] port: get_param: [EndpointMap, CinderInternal, port] protocol: @@ -363,8 +938,18 @@ outputs: template: get_param: [EndpointMap, CinderInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderInternal, port] - /v1/%(tenant_id)s @@ -377,8 +962,18 @@ outputs: template: get_param: [EndpointMap, CinderInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderInternal, port] CinderPublic: @@ -387,8 +982,31 @@ outputs: template: get_param: [EndpointMap, CinderPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CinderPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, CinderPublic, port] protocol: @@ -402,8 +1020,18 @@ outputs: template: get_param: [EndpointMap, CinderPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderPublic, port] - /v1/%(tenant_id)s @@ -416,8 +1044,18 @@ outputs: template: get_param: [EndpointMap, CinderPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderPublic, port] CinderV2Admin: @@ -426,8 +1064,31 @@ outputs: template: get_param: [EndpointMap, CinderAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CinderAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CinderApiNetwork] port: get_param: [EndpointMap, CinderAdmin, port] protocol: @@ -441,8 +1102,18 @@ outputs: template: get_param: [EndpointMap, CinderAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderAdmin, port] - /v2/%(tenant_id)s @@ -455,8 +1126,18 @@ outputs: template: get_param: [EndpointMap, CinderAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderAdmin, port] CinderV2Internal: @@ -465,8 +1146,31 @@ outputs: template: get_param: [EndpointMap, CinderInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CinderInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CinderApiNetwork] port: get_param: [EndpointMap, CinderInternal, port] protocol: @@ -480,8 +1184,18 @@ outputs: template: get_param: [EndpointMap, CinderInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderInternal, port] - /v2/%(tenant_id)s @@ -494,8 +1208,18 @@ outputs: template: get_param: [EndpointMap, CinderInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: CinderApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderInternal, port] CinderV2Public: @@ -504,8 +1228,31 @@ outputs: template: get_param: [EndpointMap, CinderPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CinderPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, CinderPublic, port] protocol: @@ -519,8 +1266,18 @@ outputs: template: get_param: [EndpointMap, CinderPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderPublic, port] - /v2/%(tenant_id)s @@ -533,8 +1290,264 @@ outputs: template: get_param: [EndpointMap, CinderPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CinderPublic, port] + CinderV3Admin: + host: + str_replace: + template: + get_param: [EndpointMap, CinderAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CinderAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CinderApiNetwork] + port: + get_param: [EndpointMap, CinderAdmin, port] + protocol: + get_param: [EndpointMap, CinderAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CinderAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CinderAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CinderAdmin, port] + - /v3/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CinderAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CinderAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CinderAdmin, port] + CinderV3Internal: + host: + str_replace: + template: + get_param: [EndpointMap, CinderInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CinderInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CinderApiNetwork] + port: + get_param: [EndpointMap, CinderInternal, port] + protocol: + get_param: [EndpointMap, CinderInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CinderInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CinderInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CinderInternal, port] + - /v3/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CinderInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CinderInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CinderApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CinderApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CinderInternal, port] + CinderV3Public: + host: + str_replace: + template: + get_param: [EndpointMap, CinderPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CinderPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, CinderPublic, port] + protocol: + get_param: [EndpointMap, CinderPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CinderPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CinderPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CinderPublic, port] + - /v3/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CinderPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CinderPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderPublic, port] GlanceAdmin: @@ -543,8 +1556,31 @@ outputs: template: get_param: [EndpointMap, GlanceAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GlanceApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, GlanceAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, GlanceApiNetwork] port: get_param: [EndpointMap, GlanceAdmin, port] protocol: @@ -558,8 +1594,18 @@ outputs: template: get_param: [EndpointMap, GlanceAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GlanceApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GlanceAdmin, port] uri_no_suffix: @@ -571,8 +1617,18 @@ outputs: template: get_param: [EndpointMap, GlanceAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GlanceApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GlanceAdmin, port] GlanceInternal: @@ -581,8 +1637,31 @@ outputs: template: get_param: [EndpointMap, GlanceInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GlanceApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, GlanceInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, GlanceApiNetwork] port: get_param: [EndpointMap, GlanceInternal, port] protocol: @@ -596,8 +1675,18 @@ outputs: template: get_param: [EndpointMap, GlanceInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GlanceApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GlanceInternal, port] uri_no_suffix: @@ -609,8 +1698,18 @@ outputs: template: get_param: [EndpointMap, GlanceInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GlanceApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GlanceInternal, port] GlancePublic: @@ -619,8 +1718,31 @@ outputs: template: get_param: [EndpointMap, GlancePublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, GlancePublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, GlancePublic, port] protocol: @@ -634,8 +1756,18 @@ outputs: template: get_param: [EndpointMap, GlancePublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GlancePublic, port] uri_no_suffix: @@ -647,8 +1779,18 @@ outputs: template: get_param: [EndpointMap, GlancePublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GlancePublic, port] GlanceRegistryInternal: @@ -657,8 +1799,31 @@ outputs: template: get_param: [EndpointMap, GlanceRegistryInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceRegistryVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceRegistryNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GlanceRegistryNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, GlanceRegistryInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceRegistryNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, GlanceRegistryNetwork] port: get_param: [EndpointMap, GlanceRegistryInternal, port] protocol: @@ -672,8 +1837,18 @@ outputs: template: get_param: [EndpointMap, GlanceRegistryInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceRegistryVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceRegistryNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GlanceRegistryNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GlanceRegistryInternal, port] uri_no_suffix: @@ -685,8 +1860,18 @@ outputs: template: get_param: [EndpointMap, GlanceRegistryInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GlanceRegistryVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GlanceRegistryNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GlanceRegistryNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GlanceRegistryInternal, port] GnocchiAdmin: @@ -695,8 +1880,31 @@ outputs: template: get_param: [EndpointMap, GnocchiAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GnocchiApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GnocchiApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GnocchiApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, GnocchiAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GnocchiApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, GnocchiApiNetwork] port: get_param: [EndpointMap, GnocchiAdmin, port] protocol: @@ -710,8 +1918,18 @@ outputs: template: get_param: [EndpointMap, GnocchiAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GnocchiApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GnocchiApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GnocchiApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GnocchiAdmin, port] uri_no_suffix: @@ -723,8 +1941,18 @@ outputs: template: get_param: [EndpointMap, GnocchiAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GnocchiApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GnocchiApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GnocchiApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GnocchiAdmin, port] GnocchiInternal: @@ -733,8 +1961,31 @@ outputs: template: get_param: [EndpointMap, GnocchiInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GnocchiApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GnocchiApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GnocchiApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, GnocchiInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GnocchiApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, GnocchiApiNetwork] port: get_param: [EndpointMap, GnocchiInternal, port] protocol: @@ -748,8 +1999,18 @@ outputs: template: get_param: [EndpointMap, GnocchiInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GnocchiApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GnocchiApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GnocchiApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GnocchiInternal, port] uri_no_suffix: @@ -761,8 +2022,18 @@ outputs: template: get_param: [EndpointMap, GnocchiInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: GnocchiApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, GnocchiApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, GnocchiApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GnocchiInternal, port] GnocchiPublic: @@ -771,8 +2042,31 @@ outputs: template: get_param: [EndpointMap, GnocchiPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, GnocchiPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, GnocchiPublic, port] protocol: @@ -786,8 +2080,18 @@ outputs: template: get_param: [EndpointMap, GnocchiPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GnocchiPublic, port] uri_no_suffix: @@ -799,8 +2103,18 @@ outputs: template: get_param: [EndpointMap, GnocchiPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, GnocchiPublic, port] HeatAdmin: @@ -809,8 +2123,31 @@ outputs: template: get_param: [EndpointMap, HeatAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, HeatAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, HeatApiNetwork] port: get_param: [EndpointMap, HeatAdmin, port] protocol: @@ -824,8 +2161,18 @@ outputs: template: get_param: [EndpointMap, HeatAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatAdmin, port] - /v1/%(tenant_id)s @@ -838,8 +2185,18 @@ outputs: template: get_param: [EndpointMap, HeatAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatAdmin, port] HeatInternal: @@ -848,8 +2205,31 @@ outputs: template: get_param: [EndpointMap, HeatInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, HeatInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, HeatApiNetwork] port: get_param: [EndpointMap, HeatInternal, port] protocol: @@ -863,8 +2243,18 @@ outputs: template: get_param: [EndpointMap, HeatInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatInternal, port] - /v1/%(tenant_id)s @@ -877,8 +2267,18 @@ outputs: template: get_param: [EndpointMap, HeatInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatInternal, port] HeatPublic: @@ -887,8 +2287,31 @@ outputs: template: get_param: [EndpointMap, HeatPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, HeatPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, HeatPublic, port] protocol: @@ -902,8 +2325,18 @@ outputs: template: get_param: [EndpointMap, HeatPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatPublic, port] - /v1/%(tenant_id)s @@ -916,8 +2349,18 @@ outputs: template: get_param: [EndpointMap, HeatPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatPublic, port] HeatCfnAdmin: @@ -926,8 +2369,31 @@ outputs: template: get_param: [EndpointMap, HeatCfnAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, HeatCfnAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, HeatApiNetwork] port: get_param: [EndpointMap, HeatCfnAdmin, port] protocol: @@ -941,8 +2407,18 @@ outputs: template: get_param: [EndpointMap, HeatCfnAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatCfnAdmin, port] - /v1 @@ -955,8 +2431,18 @@ outputs: template: get_param: [EndpointMap, HeatCfnAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatCfnAdmin, port] HeatCfnInternal: @@ -965,8 +2451,31 @@ outputs: template: get_param: [EndpointMap, HeatCfnInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, HeatCfnInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, HeatApiNetwork] port: get_param: [EndpointMap, HeatCfnInternal, port] protocol: @@ -980,8 +2489,18 @@ outputs: template: get_param: [EndpointMap, HeatCfnInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatCfnInternal, port] - /v1 @@ -994,8 +2513,18 @@ outputs: template: get_param: [EndpointMap, HeatCfnInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: HeatApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, HeatApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, HeatApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatCfnInternal, port] HeatCfnPublic: @@ -1004,8 +2533,31 @@ outputs: template: get_param: [EndpointMap, HeatCfnPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, HeatCfnPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, HeatCfnPublic, port] protocol: @@ -1019,8 +2571,18 @@ outputs: template: get_param: [EndpointMap, HeatCfnPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatCfnPublic, port] - /v1 @@ -1033,8 +2595,18 @@ outputs: template: get_param: [EndpointMap, HeatCfnPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HeatCfnPublic, port] HorizonPublic: @@ -1043,8 +2615,31 @@ outputs: template: get_param: [EndpointMap, HorizonPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, HorizonPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, HorizonPublic, port] protocol: @@ -1058,8 +2653,18 @@ outputs: template: get_param: [EndpointMap, HorizonPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HorizonPublic, port] - /dashboard @@ -1072,18 +2677,297 @@ outputs: template: get_param: [EndpointMap, HorizonPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, HorizonPublic, port] + IronicAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, IronicAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, IronicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, IronicApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, IronicAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, IronicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, IronicApiNetwork] + port: + get_param: [EndpointMap, IronicAdmin, port] + protocol: + get_param: [EndpointMap, IronicAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, IronicAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, IronicAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, IronicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, IronicApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, IronicAdmin, port] + - /v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, IronicAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, IronicAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, IronicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, IronicApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, IronicAdmin, port] + IronicInternal: + host: + str_replace: + template: + get_param: [EndpointMap, IronicInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, IronicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, IronicApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, IronicInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, IronicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, IronicApiNetwork] + port: + get_param: [EndpointMap, IronicInternal, port] + protocol: + get_param: [EndpointMap, IronicInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, IronicInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, IronicInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, IronicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, IronicApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, IronicInternal, port] + - /v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, IronicInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, IronicInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, IronicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, IronicApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, IronicInternal, port] + IronicPublic: + host: + str_replace: + template: + get_param: [EndpointMap, IronicPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, IronicPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, IronicPublic, port] + protocol: + get_param: [EndpointMap, IronicPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, IronicPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, IronicPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, IronicPublic, port] + - /v1 + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, IronicPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, IronicPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, IronicPublic, port] KeystoneAdmin: host: str_replace: template: get_param: [EndpointMap, KeystoneAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, KeystoneAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, KeystoneAdminApiNetwork] port: get_param: [EndpointMap, KeystoneAdmin, port] protocol: @@ -1097,8 +2981,18 @@ outputs: template: get_param: [EndpointMap, KeystoneAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystoneAdmin, port] - /v2.0 @@ -1111,8 +3005,18 @@ outputs: template: get_param: [EndpointMap, KeystoneAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystoneAdmin, port] KeystoneEC2: @@ -1121,8 +3025,31 @@ outputs: template: get_param: [EndpointMap, KeystoneInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystonePublicApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, KeystoneInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] port: get_param: [EndpointMap, KeystoneInternal, port] protocol: @@ -1136,8 +3063,18 @@ outputs: template: get_param: [EndpointMap, KeystoneInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystonePublicApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystoneInternal, port] - /v2.0/ec2tokens @@ -1150,8 +3087,18 @@ outputs: template: get_param: [EndpointMap, KeystoneInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystonePublicApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystoneInternal, port] KeystoneInternal: @@ -1160,8 +3107,31 @@ outputs: template: get_param: [EndpointMap, KeystoneInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystonePublicApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, KeystoneInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] port: get_param: [EndpointMap, KeystoneInternal, port] protocol: @@ -1175,8 +3145,18 @@ outputs: template: get_param: [EndpointMap, KeystoneInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystonePublicApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystoneInternal, port] - /v2.0 @@ -1189,8 +3169,18 @@ outputs: template: get_param: [EndpointMap, KeystoneInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystonePublicApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystoneInternal, port] KeystonePublic: @@ -1199,8 +3189,31 @@ outputs: template: get_param: [EndpointMap, KeystonePublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, KeystonePublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, KeystonePublic, port] protocol: @@ -1214,8 +3227,18 @@ outputs: template: get_param: [EndpointMap, KeystonePublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystonePublic, port] - /v2.0 @@ -1228,8 +3251,18 @@ outputs: template: get_param: [EndpointMap, KeystonePublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystonePublic, port] KeystoneV3Admin: @@ -1238,8 +3271,31 @@ outputs: template: get_param: [EndpointMap, KeystoneAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, KeystoneAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, KeystoneAdminApiNetwork] port: get_param: [EndpointMap, KeystoneAdmin, port] protocol: @@ -1253,8 +3309,18 @@ outputs: template: get_param: [EndpointMap, KeystoneAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystoneAdmin, port] - /v3 @@ -1267,8 +3333,18 @@ outputs: template: get_param: [EndpointMap, KeystoneAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystoneAdminApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystoneAdminApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystoneAdmin, port] KeystoneV3Internal: @@ -1277,8 +3353,31 @@ outputs: template: get_param: [EndpointMap, KeystoneInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystonePublicApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, KeystoneInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] port: get_param: [EndpointMap, KeystoneInternal, port] protocol: @@ -1292,8 +3391,18 @@ outputs: template: get_param: [EndpointMap, KeystoneInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystonePublicApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystoneInternal, port] - /v3 @@ -1306,8 +3415,18 @@ outputs: template: get_param: [EndpointMap, KeystoneInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: KeystonePublicApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, KeystonePublicApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, KeystonePublicApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystoneInternal, port] KeystoneV3Public: @@ -1316,8 +3435,31 @@ outputs: template: get_param: [EndpointMap, KeystonePublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, KeystonePublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, KeystonePublic, port] protocol: @@ -1331,8 +3473,18 @@ outputs: template: get_param: [EndpointMap, KeystonePublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystonePublic, port] - /v3 @@ -1345,18 +3497,543 @@ outputs: template: get_param: [EndpointMap, KeystonePublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, KeystonePublic, port] + ManilaAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ManilaApiNetwork] + port: + get_param: [EndpointMap, ManilaAdmin, port] + protocol: + get_param: [EndpointMap, ManilaAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaAdmin, port] + - /v2/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaAdmin, port] + ManilaInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ManilaApiNetwork] + port: + get_param: [EndpointMap, ManilaInternal, port] + protocol: + get_param: [EndpointMap, ManilaInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaInternal, port] + - /v2/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaInternal, port] + ManilaPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ManilaPublic, port] + protocol: + get_param: [EndpointMap, ManilaPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaPublic, port] + - /v2/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaPublic, port] + ManilaV1Admin: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ManilaApiNetwork] + port: + get_param: [EndpointMap, ManilaAdmin, port] + protocol: + get_param: [EndpointMap, ManilaAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaAdmin, port] + - /v1/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaAdmin, port] + ManilaV1Internal: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ManilaApiNetwork] + port: + get_param: [EndpointMap, ManilaInternal, port] + protocol: + get_param: [EndpointMap, ManilaInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaInternal, port] + - /v1/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ManilaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ManilaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaInternal, port] + ManilaV1Public: + host: + str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ManilaPublic, port] + protocol: + get_param: [EndpointMap, ManilaPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ManilaPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaPublic, port] + - /v1/%(tenant_id)s + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ManilaPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ManilaPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ManilaPublic, port] MysqlInternal: host: str_replace: template: get_param: [EndpointMap, MysqlInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: MysqlVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MysqlNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, MysqlNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, MysqlInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MysqlNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, MysqlNetwork] port: get_param: [EndpointMap, MysqlInternal, port] protocol: @@ -1370,8 +4047,18 @@ outputs: template: get_param: [EndpointMap, MysqlInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: MysqlVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MysqlNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, MysqlNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, MysqlInternal, port] uri_no_suffix: @@ -1383,8 +4070,18 @@ outputs: template: get_param: [EndpointMap, MysqlInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: MysqlVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, MysqlNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, MysqlNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, MysqlInternal, port] NeutronAdmin: @@ -1393,8 +4090,31 @@ outputs: template: get_param: [EndpointMap, NeutronAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NeutronApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NeutronApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NeutronApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NeutronAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NeutronApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, NeutronApiNetwork] port: get_param: [EndpointMap, NeutronAdmin, port] protocol: @@ -1408,8 +4128,18 @@ outputs: template: get_param: [EndpointMap, NeutronAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NeutronApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NeutronApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NeutronApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NeutronAdmin, port] uri_no_suffix: @@ -1421,8 +4151,18 @@ outputs: template: get_param: [EndpointMap, NeutronAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NeutronApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NeutronApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NeutronApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NeutronAdmin, port] NeutronInternal: @@ -1431,8 +4171,31 @@ outputs: template: get_param: [EndpointMap, NeutronInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NeutronApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NeutronApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NeutronApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NeutronInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NeutronApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, NeutronApiNetwork] port: get_param: [EndpointMap, NeutronInternal, port] protocol: @@ -1446,8 +4209,18 @@ outputs: template: get_param: [EndpointMap, NeutronInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NeutronApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NeutronApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NeutronApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NeutronInternal, port] uri_no_suffix: @@ -1459,8 +4232,18 @@ outputs: template: get_param: [EndpointMap, NeutronInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NeutronApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NeutronApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NeutronApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NeutronInternal, port] NeutronPublic: @@ -1469,8 +4252,31 @@ outputs: template: get_param: [EndpointMap, NeutronPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NeutronPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, NeutronPublic, port] protocol: @@ -1484,8 +4290,18 @@ outputs: template: get_param: [EndpointMap, NeutronPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NeutronPublic, port] uri_no_suffix: @@ -1497,8 +4313,18 @@ outputs: template: get_param: [EndpointMap, NeutronPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NeutronPublic, port] NovaAdmin: @@ -1507,8 +4333,31 @@ outputs: template: get_param: [EndpointMap, NovaAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, NovaApiNetwork] port: get_param: [EndpointMap, NovaAdmin, port] protocol: @@ -1522,11 +4371,21 @@ outputs: template: get_param: [EndpointMap, NovaAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaAdmin, port] - - /v2.1/%(tenant_id)s + - /v2.1 uri_no_suffix: list_join: - '' @@ -1536,8 +4395,18 @@ outputs: template: get_param: [EndpointMap, NovaAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaAdmin, port] NovaInternal: @@ -1546,8 +4415,31 @@ outputs: template: get_param: [EndpointMap, NovaInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, NovaApiNetwork] port: get_param: [EndpointMap, NovaInternal, port] protocol: @@ -1561,11 +4453,21 @@ outputs: template: get_param: [EndpointMap, NovaInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaInternal, port] - - /v2.1/%(tenant_id)s + - /v2.1 uri_no_suffix: list_join: - '' @@ -1575,8 +4477,18 @@ outputs: template: get_param: [EndpointMap, NovaInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaInternal, port] NovaPublic: @@ -1585,8 +4497,31 @@ outputs: template: get_param: [EndpointMap, NovaPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, NovaPublic, port] protocol: @@ -1600,11 +4535,21 @@ outputs: template: get_param: [EndpointMap, NovaPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaPublic, port] - - /v2.1/%(tenant_id)s + - /v2.1 uri_no_suffix: list_join: - '' @@ -1614,8 +4559,18 @@ outputs: template: get_param: [EndpointMap, NovaPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaPublic, port] NovaVNCProxyAdmin: @@ -1624,8 +4579,31 @@ outputs: template: get_param: [EndpointMap, NovaVNCProxyAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaVNCProxyAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, NovaApiNetwork] port: get_param: [EndpointMap, NovaVNCProxyAdmin, port] protocol: @@ -1639,8 +4617,18 @@ outputs: template: get_param: [EndpointMap, NovaVNCProxyAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaVNCProxyAdmin, port] uri_no_suffix: @@ -1652,8 +4640,18 @@ outputs: template: get_param: [EndpointMap, NovaVNCProxyAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaVNCProxyAdmin, port] NovaVNCProxyInternal: @@ -1662,8 +4660,31 @@ outputs: template: get_param: [EndpointMap, NovaVNCProxyInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaVNCProxyInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, NovaApiNetwork] port: get_param: [EndpointMap, NovaVNCProxyInternal, port] protocol: @@ -1677,8 +4698,18 @@ outputs: template: get_param: [EndpointMap, NovaVNCProxyInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaVNCProxyInternal, port] uri_no_suffix: @@ -1690,8 +4721,18 @@ outputs: template: get_param: [EndpointMap, NovaVNCProxyInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: NovaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaVNCProxyInternal, port] NovaVNCProxyPublic: @@ -1700,8 +4741,31 @@ outputs: template: get_param: [EndpointMap, NovaVNCProxyPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaVNCProxyPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, NovaVNCProxyPublic, port] protocol: @@ -1715,8 +4779,18 @@ outputs: template: get_param: [EndpointMap, NovaVNCProxyPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaVNCProxyPublic, port] uri_no_suffix: @@ -1728,8 +4802,18 @@ outputs: template: get_param: [EndpointMap, NovaVNCProxyPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaVNCProxyPublic, port] SaharaAdmin: @@ -1738,8 +4822,31 @@ outputs: template: get_param: [EndpointMap, SaharaAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SaharaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SaharaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, SaharaAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SaharaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, SaharaApiNetwork] port: get_param: [EndpointMap, SaharaAdmin, port] protocol: @@ -1753,8 +4860,18 @@ outputs: template: get_param: [EndpointMap, SaharaAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SaharaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SaharaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SaharaAdmin, port] - /v1.1/%(tenant_id)s @@ -1767,8 +4884,18 @@ outputs: template: get_param: [EndpointMap, SaharaAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SaharaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SaharaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SaharaAdmin, port] SaharaInternal: @@ -1777,8 +4904,31 @@ outputs: template: get_param: [EndpointMap, SaharaInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SaharaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SaharaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, SaharaInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SaharaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, SaharaApiNetwork] port: get_param: [EndpointMap, SaharaInternal, port] protocol: @@ -1792,8 +4942,18 @@ outputs: template: get_param: [EndpointMap, SaharaInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SaharaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SaharaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SaharaInternal, port] - /v1.1/%(tenant_id)s @@ -1806,8 +4966,18 @@ outputs: template: get_param: [EndpointMap, SaharaInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SaharaApiVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SaharaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SaharaApiNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SaharaInternal, port] SaharaPublic: @@ -1816,8 +4986,31 @@ outputs: template: get_param: [EndpointMap, SaharaPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, SaharaPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, SaharaPublic, port] protocol: @@ -1831,8 +5024,18 @@ outputs: template: get_param: [EndpointMap, SaharaPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SaharaPublic, port] - /v1.1/%(tenant_id)s @@ -1845,8 +5048,18 @@ outputs: template: get_param: [EndpointMap, SaharaPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SaharaPublic, port] SwiftAdmin: @@ -1855,8 +5068,31 @@ outputs: template: get_param: [EndpointMap, SwiftAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, SwiftAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, SwiftProxyNetwork] port: get_param: [EndpointMap, SwiftAdmin, port] protocol: @@ -1870,8 +5106,18 @@ outputs: template: get_param: [EndpointMap, SwiftAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftAdmin, port] uri_no_suffix: @@ -1883,8 +5129,18 @@ outputs: template: get_param: [EndpointMap, SwiftAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftAdmin, port] SwiftInternal: @@ -1893,8 +5149,31 @@ outputs: template: get_param: [EndpointMap, SwiftInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, SwiftInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, SwiftProxyNetwork] port: get_param: [EndpointMap, SwiftInternal, port] protocol: @@ -1908,8 +5187,18 @@ outputs: template: get_param: [EndpointMap, SwiftInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftInternal, port] - /v1/AUTH_%(tenant_id)s @@ -1922,8 +5211,18 @@ outputs: template: get_param: [EndpointMap, SwiftInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftInternal, port] SwiftPublic: @@ -1932,8 +5231,31 @@ outputs: template: get_param: [EndpointMap, SwiftPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, SwiftPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, SwiftPublic, port] protocol: @@ -1947,8 +5269,18 @@ outputs: template: get_param: [EndpointMap, SwiftPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftPublic, port] - /v1/AUTH_%(tenant_id)s @@ -1961,8 +5293,18 @@ outputs: template: get_param: [EndpointMap, SwiftPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftPublic, port] SwiftS3Admin: @@ -1971,8 +5313,31 @@ outputs: template: get_param: [EndpointMap, SwiftAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, SwiftAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, SwiftProxyNetwork] port: get_param: [EndpointMap, SwiftAdmin, port] protocol: @@ -1986,8 +5351,18 @@ outputs: template: get_param: [EndpointMap, SwiftAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftAdmin, port] uri_no_suffix: @@ -1999,8 +5374,18 @@ outputs: template: get_param: [EndpointMap, SwiftAdmin, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftAdmin, port] SwiftS3Internal: @@ -2009,8 +5394,31 @@ outputs: template: get_param: [EndpointMap, SwiftInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, SwiftInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, SwiftProxyNetwork] port: get_param: [EndpointMap, SwiftInternal, port] protocol: @@ -2024,8 +5432,18 @@ outputs: template: get_param: [EndpointMap, SwiftInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftInternal, port] uri_no_suffix: @@ -2037,8 +5455,18 @@ outputs: template: get_param: [EndpointMap, SwiftInternal, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: SwiftProxyVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, SwiftProxyNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, SwiftProxyNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftInternal, port] SwiftS3Public: @@ -2047,8 +5475,31 @@ outputs: template: get_param: [EndpointMap, SwiftPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, SwiftPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] port: get_param: [EndpointMap, SwiftPublic, port] protocol: @@ -2062,8 +5513,18 @@ outputs: template: get_param: [EndpointMap, SwiftPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftPublic, port] uri_no_suffix: @@ -2075,7 +5536,17 @@ outputs: template: get_param: [EndpointMap, SwiftPublic, host] params: - CLOUDNAME: {get_param: CloudName} - IP_ADDRESS: {get_param: PublicVirtualIP} + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftPublic, port] diff --git a/network/management_v6.yaml b/network/management_v6.yaml new file mode 100644 index 00000000..a5e70667 --- /dev/null +++ b/network/management_v6.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2015-04-30 + +description: > + Management network. System administration, SSH, DNS, NTP, etc. This network + would usually be the default gateway for the non-controller nodes. + +parameters: + # the defaults here work for static IP assignment (IPAM) only + ManagementNetCidr: + default: 'fd00:fd00:fd00:6000::/64' + description: Cidr for the management network. + type: string + ManagementNetValueSpecs: + default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'} + description: Value specs for the management network. + type: json + ManagementNetAdminStateUp: + default: false + description: This admin state of of the network. + type: boolean + ManagementNetShared: + default: false + description: Whether this network is shared across all tenants. + type: boolean + ManagementNetName: + default: management + description: The name of the management network. + type: string + ManagementSubnetName: + default: management_subnet + description: The name of the management subnet in Neutron. + type: string + ManagementAllocationPools: + default: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}] + description: Ip allocation pool range for the management network. + type: json + IPv6AddressMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 address mode + type: string + IPv6RAMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 router advertisement mode + type: string + +resources: + ManagementNetwork: + type: OS::Neutron::Net + properties: + admin_state_up: {get_param: ManagementNetAdminStateUp} + name: {get_param: ManagementNetName} + shared: {get_param: ManagementNetShared} + value_specs: {get_param: ManagementNetValueSpecs} + + ManagementSubnet: + type: OS::Neutron::Subnet + properties: + ip_version: 6 + ipv6_address_mode: {get_param: IPv6AddressMode} + ipv6_ra_mode: {get_param: IPv6RAMode} + cidr: {get_param: ManagementNetCidr} + name: {get_param: ManagementSubnetName} + network: {get_resource: ManagementNetwork} + allocation_pools: {get_param: ManagementAllocationPools} + +outputs: + OS::stack_id: + description: Neutron management network + value: {get_resource: ManagementNetwork} diff --git a/network/networks.yaml b/network/networks.yaml index ab50ae11..d3ae482b 100644 --- a/network/networks.yaml +++ b/network/networks.yaml @@ -21,3 +21,6 @@ resources: ManagementNetwork: type: OS::TripleO::Network::Management + + NetworkExtraConfig: + type: OS::TripleO::Network::ExtraConfig diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml index baa544e7..e541049d 100644 --- a/network/ports/external_from_pool_v6.yaml +++ b/network/ports/external_from_pool_v6.yaml @@ -49,4 +49,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: ExternalNetCidr}, 1]} diff --git a/network/ports/from_service.yaml b/network/ports/from_service.yaml index 3d61910e..782b6b07 100644 --- a/network/ports/from_service.yaml +++ b/network/ports/from_service.yaml @@ -24,6 +24,12 @@ parameters: description: The name of the undercloud Neutron control plane default: ctlplane type: string + FixedIPs: # Here for compatibility with ctlplane_vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json ServiceVips: default: {} type: json diff --git a/network/ports/from_service_v6.yaml b/network/ports/from_service_v6.yaml index 2dd0a0ee..80060b57 100644 --- a/network/ports/from_service_v6.yaml +++ b/network/ports/from_service_v6.yaml @@ -24,6 +24,12 @@ parameters: description: The name of the undercloud Neutron control plane default: ctlplane type: string + FixedIPs: # Here for compatibility with ctlplane_vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json ServiceVips: default: {} type: json diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml index 8d0a91b6..afb144ba 100644 --- a/network/ports/internal_api_from_pool_v6.yaml +++ b/network/ports/internal_api_from_pool_v6.yaml @@ -49,4 +49,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: InternalApiNetCidr}, 1]} diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml new file mode 100644 index 00000000..4c1cc216 --- /dev/null +++ b/network/ports/management_from_pool_v6.yaml @@ -0,0 +1,52 @@ +heat_template_version: 2015-10-15 + +description: > + Returns an IP from a network mapped list of IPs. This version is for IPv6 + addresses. The ip_address_uri output will have brackets for use in URLs. + +parameters: + ManagementNetName: + description: Name of the management network + default: management + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatability with noop.yaml + description: IP address on the control plane + default: '' + type: string + IPPool: + default: {} + description: A network mapped list of IPs + type: json + NodeIndex: + default: 0 + description: Index of the IP to get from Pool + type: number + ManagementNetCidr: + default: 'fd00:fd00:fd00:6000::/64' + description: Cidr for the management network. + type: string + +outputs: + ip_address: + description: management network IP + value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} + ip_address_uri: + description: management network IP (for compatibility with management_v6.yaml) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} + - ']' + ip_subnet: + description: IP/Subnet CIDR for the management network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} + - '/' + - {str_split: ['/', {get_param: ManagementNetCidr}, 1]} diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index 32272bd6..07e2de4c 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 parameters: ControlPlaneIpList: @@ -22,6 +22,15 @@ parameters: ManagementIpList: default: [] type: comma_delimited_list + EnabledServices: + default: [] + type: comma_delimited_list + ServiceNetMap: + default: {} + type: json + ServiceHostnameList: + default: [] + type: comma_delimited_list outputs: net_ip_map: @@ -36,3 +45,48 @@ outputs: storage_mgmt: {get_param: StorageMgmtIpList} tenant: {get_param: TenantIpList} management: {get_param: ManagementIpList} + service_ips: + description: > + Map of enabled services to a list of their IP addresses + value: + yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(not isString($[1]))) + data: + map: + map_replace: + - map_replace: + - map_merge: + repeat: + template: + SERVICE_node_ips: SERVICE_network + for_each: + SERVICE: {get_param: EnabledServices} + - values: {get_param: ServiceNetMap} + - values: + ctlplane: {get_param: ControlPlaneIpList} + external: {get_param: ExternalIpList} + internal_api: {get_param: InternalApiIpList} + storage: {get_param: StorageIpList} + storage_mgmt: {get_param: StorageMgmtIpList} + tenant: {get_param: TenantIpList} + management: {get_param: ManagementIpList} + service_hostnames: + description: > + Map of enabled services to a list of hostnames where they're running + value: + yaql: + # If ServiceHostnameList is empty the role is deployed with zero nodes + # therefore we don't want to add any *_node_names to the map + expression: dict($.data.map.items().where(len($[1]) > 0)) + data: + map: + map_merge: + repeat: + template: + SERVICE_node_names: {get_param: ServiceHostnameList} + for_each: + SERVICE: {get_param: EnabledServices} diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index 78c7c32c..fcf2eeee 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -82,32 +82,22 @@ outputs: storage_mgmt: {get_param: StorageMgmtIp} tenant: {get_param: TenantIp} management: {get_param: ManagementIp} - net_ip_subnet_map: - description: > - A Hash containing a mapping of network names to assigned IPs/CIDR - for a specific machine. - value: - ctlplane: + ctlplane_subnet: list_join: - '' - - {get_param: ControlPlaneIp} - '/' - {get_param: ControlPlaneSubnetCidr} - external: {get_param: ExternalIpSubnet} - internal_api: {get_param: InternalApiIpSubnet} - storage: {get_param: StorageIpSubnet} - storage_mgmt: {get_param: StorageMgmtIpSubnet} - tenant: {get_param: TenantIpSubnet} - management: {get_param: ManagementIpSubnet} - net_ip_uri_map: - description: > - A Hash containing a mapping of network names to assigned IPs for a - specific machine with brackets around IPv6 addresses for use in URLs. - value: - ctlplane: {get_param: ControlPlaneIp} - external: {get_param: ExternalIpUri} - internal_api: {get_param: InternalApiIpUri} - storage: {get_param: StorageIpUri} - storage_mgmt: {get_param: StorageMgmtIpUri} - tenant: {get_param: TenantIpUri} - management: {get_param: ManagementIpUri} + external_subnet: {get_param: ExternalIpSubnet} + internal_api_subnet: {get_param: InternalApiIpSubnet} + storage_subnet: {get_param: StorageIpSubnet} + storage_mgmt_subnet: {get_param: StorageMgmtIpSubnet} + tenant_subnet: {get_param: TenantIpSubnet} + management_subnet: {get_param: ManagementIpSubnet} + ctlplane_uri: {get_param: ControlPlaneIp} + external_uri: {get_param: ExternalIpUri} + internal_api_uri: {get_param: InternalApiIpUri} + storage_uri: {get_param: StorageIpUri} + storage_mgmt_uri: {get_param: StorageMgmtIpUri} + tenant_uri: {get_param: TenantIpUri} + management_uri: {get_param: ManagementIpUri} diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml index a40a0bfc..71e6e811 100644 --- a/network/ports/net_vip_map_external.yaml +++ b/network/ports/net_vip_map_external.yaml @@ -45,12 +45,6 @@ parameters: StorageMgmtIpUri: default: '' type: string - TenantIp: - default: '' - type: string - TenantIpUri: - default: '' - type: string outputs: net_ip_map: @@ -63,13 +57,8 @@ outputs: internal_api: {get_param: InternalApiNetworkVip} storage: {get_param: StorageNetworkVip} storage_mgmt: {get_param: StorageMgmtNetworkVip} - net_ip_uri_map: - description: > - A Hash containing a mapping of netowrk names to assigned IPs for a - specific machine with brackets around IPv6 addresses for use in URLs. - value: - ctlplane: {get_param: ControlPlaneIP} - external: {get_param: ExternalNetworkVip} - internal_api: {get_param: InternalApiNetworkVip} - storage: {get_param: StorageNetworkVip} - storage_mgmt: {get_param: StorageMgmtNetworkVip} + ctlplane_uri: {get_param: ControlPlaneIP} + external_uri: {get_param: ExternalNetworkVip} + internal_api_uri: {get_param: InternalApiNetworkVip} + storage_uri: {get_param: StorageNetworkVip} + storage_mgmt_uri: {get_param: StorageMgmtNetworkVip} diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml index f6d67fe8..8d054349 100644 --- a/network/ports/net_vip_map_external_v6.yaml +++ b/network/ports/net_vip_map_external_v6.yaml @@ -45,12 +45,6 @@ parameters: StorageMgmtIpUri: default: '' type: string - TenantIp: - default: '' - type: string - TenantIpUri: - default: '' - type: string outputs: net_ip_map: @@ -63,31 +57,26 @@ outputs: internal_api: {get_param: InternalApiNetworkVip} storage: {get_param: StorageNetworkVip} storage_mgmt: {get_param: StorageMgmtNetworkVip} - net_ip_uri_map: - description: > - A Hash containing a mapping of netowrk names to assigned IPs for a - specific machine with brackets around IPv6 addresses for use in URLs. - value: - ctlplane: {get_param: ControlPlaneIP} - external: + ctlplane_uri: {get_param: ControlPlaneIP} + external_uri: list_join: - '' - - '[' - {get_param: ExternalNetworkVip} - ']' - internal_api: + internal_api_uri: list_join: - '' - - '[' - {get_param: InternalApiNetworkVip} - ']' - storage: + storage_uri: list_join: - '' - - '[' - {get_param: StorageNetworkVip} - ']' - storage_mgmt: + storage_mgmt_uri: list_join: - '' - - '[' diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml index 328f8385..18faf1bd 100644 --- a/network/ports/storage_from_pool_v6.yaml +++ b/network/ports/storage_from_pool_v6.yaml @@ -49,4 +49,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: StorageNetCidr}, 1]} diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml index 50470c92..e1145a31 100644 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ b/network/ports/storage_mgmt_from_pool_v6.yaml @@ -49,4 +49,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: StorageMgmtNetCidr}, 1]} diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml index bbe6f736..d4f0d29c 100644 --- a/network/ports/tenant_from_pool_v6.yaml +++ b/network/ports/tenant_from_pool_v6.yaml @@ -48,4 +48,4 @@ outputs: - '' - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - '/' - - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_param: TenantNetCidr}, 1]} diff --git a/network/service_net_map.yaml b/network/service_net_map.yaml new file mode 100644 index 00000000..6e5c2449 --- /dev/null +++ b/network/service_net_map.yaml @@ -0,0 +1,100 @@ +heat_template_version: 2016-10-14 + +description: > + Mapping of service_name_network -> network name + +parameters: + ServiceNetMap: + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + default: {} + type: json + + ServiceNetMapDefaults: + default: + ApacheNetwork: internal_api + NeutronTenantNetwork: tenant + CeilometerApiNetwork: internal_api + AodhApiNetwork: internal_api + GnocchiApiNetwork: internal_api + MongodbNetwork: internal_api + CinderApiNetwork: internal_api + CinderIscsiNetwork: storage + GlanceApiNetwork: storage + GlanceRegistryNetwork: internal_api + IronicApiNetwork: ctlplane + IronicNetwork: ctlplane + KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints + KeystonePublicApiNetwork: internal_api + ManilaApiNetwork: internal_api + NeutronApiNetwork: internal_api + HeatApiNetwork: internal_api + HeatApiCfnNetwork: internal_api + HeatApiCloudwatchNetwork: internal_api + NovaApiNetwork: internal_api + NovaMetadataNetwork: internal_api + NovaVncProxyNetwork: internal_api + SwiftStorageNetwork: storage_mgmt + SwiftProxyNetwork: storage + SaharaApiNetwork: internal_api + HorizonNetwork: internal_api + MemcachedNetwork: internal_api + RabbitmqNetwork: internal_api + RedisNetwork: internal_api + MysqlNetwork: internal_api + CephClusterNetwork: storage_mgmt + CephMonNetwork: storage + CephRgwNetwork: storage + ControllerHostnameResolveNetwork: internal_api + ComputeHostnameResolveNetwork: internal_api + BlockStorageHostnameResolveNetwork: internal_api + ObjectStorageHostnameResolveNetwork: internal_api + CephStorageHostnameResolveNetwork: storage + PublicNetwork: external + OpenDaylightApiNetwork: internal_api + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. + type: json + + # We define mappings to work around names that break when doing the + # CamelCase to snake_case conversion to align with service_names + ServiceNetMapDeprecatedMapping: + default: + MongoDbNetwork: MongodbNetwork + RabbitMqNetwork: RabbitmqNetwork + CephPublicNetwork: CephMonNetwork + SwiftMgmtNetwork: SwiftStorageNetwork + description: Mapping older deprecated service names, intended for + internal use only, this will be removed in future. + type: json + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - ServiceNetMapDeprecatedMapping + +outputs: + service_net_map: + value: + map_merge: + - {get_param: ServiceNetMapDefaults} + - map_replace: + - {get_param: ServiceNetMap} + - keys: {get_param: ServiceNetMapDeprecatedMapping} + + service_net_map_lower: + value: + # This does a conversion from CamelCase to snake_case, + # e.g HeatApiNetwork becomes heat_api_network so it + # matches the service names. + yaql: + expression: dict($.data.map.items().select([ regex(`([a-z0-9])([A-Z])`).replace($[0], '\\1_\\2').toLower(), $[1]])) + data: + map: + map_merge: + - {get_param: ServiceNetMapDefaults} + - map_replace: + - {get_param: ServiceNetMap} + - keys: {get_param: ServiceNetMapDeprecatedMapping} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml new file mode 100644 index 00000000..a7185a43 --- /dev/null +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -0,0 +1,206 @@ +resource_registry: + OS::TripleO::BlockStorage: puppet/cinder-storage.yaml + OS::TripleO::Compute: puppet/compute.yaml + OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment + OS::TripleO::Controller: puppet/controller.yaml + OS::TripleO::ObjectStorage: puppet/swift-storage.yaml + OS::TripleO::CephStorage: puppet/ceph-storage.yaml + # set to controller-config-pacemaker.yaml to enable pacemaker + OS::TripleO::ControllerConfig: puppet/controller-config.yaml + OS::TripleO::PostDeploySteps: puppet/post.yaml + OS::TripleO::ComputeConfig: puppet/compute-config.yaml + OS::TripleO::BlockStorageConfig: puppet/blockstorage-config.yaml + OS::TripleO::ObjectStorageConfig: puppet/objectstorage-config.yaml + OS::TripleO::CephStorageConfig: puppet/cephstorage-config.yaml + OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml + OS::TripleO::DefaultPasswords: default_passwords.yaml + + # Tasks (for internal TripleO usage) + OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None + OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml + +{% for role in roles %} + OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None + OS::TripleO::Tasks::{{role.name}}PostConfig: OS::Heat::None + + OS::TripleO::{{role.name}}ExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml + + # Port assignments for the {{role.name}} role + OS::TripleO::{{role.name}}::Ports::ExternalPort: network/ports/noop.yaml + OS::TripleO::{{role.name}}::Ports::InternalApiPort: network/ports/noop.yaml + OS::TripleO::{{role.name}}::Ports::StoragePort: network/ports/noop.yaml + OS::TripleO::{{role.name}}::Ports::StorageMgmtPort: network/ports/noop.yaml + OS::TripleO::{{role.name}}::Ports::TenantPort: network/ports/noop.yaml + OS::TripleO::{{role.name}}::Ports::ManagementPort: network/ports/noop.yaml + + OS::TripleO::{{role.name}}::Net::SoftwareConfig: net-config-noop.yaml +{% endfor %} + + # This resource registry entry will override the one generated by default + # in the jinja loop + OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml + + OS::TripleO::Server: OS::Nova::Server + + # This creates the "heat-admin" user for all OS images by default + # To disable, replace with firstboot/userdata_default.yaml + OS::TripleO::NodeAdminUserData: firstboot/userdata_heat_admin.yaml + + # Hooks for operator extra config + # NodeUserData == Cloud-init additional user-data, e.g cloud-config + # ControllerExtraConfigPre == Controller configuration pre service deployment + # NodeExtraConfig == All nodes configuration pre service deployment + # NodeExtraConfigPost == All nodes configuration post service deployment + OS::TripleO::NodeUserData: firstboot/userdata_default.yaml + OS::TripleO::NodeTLSCAData: OS::Heat::None + OS::TripleO::NodeTLSData: OS::Heat::None + OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml + OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml + + # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy + # phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when + # configuration with knowledge of all nodes in the cluster is required vs single + # node configuration in the pre_deploy step. + # See extraconfig/all_nodes/* for examples + OS::TripleO::AllNodesExtraConfig: OS::Heat::None + + # TripleO overcloud networks + OS::TripleO::Network: network/networks.yaml + + OS::TripleO::Network::External: OS::Heat::None + OS::TripleO::Network::InternalApi: OS::Heat::None + OS::TripleO::Network::StorageMgmt: OS::Heat::None + OS::TripleO::Network::Storage: OS::Heat::None + OS::TripleO::Network::Tenant: OS::Heat::None + OS::TripleO::Network::Management: OS::Heat::None + + OS::TripleO::Network::ExtraConfig: OS::Heat::None + + OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml + OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml + OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml + + # Port assignments for the VIPs + OS::TripleO::Network::Ports::ExternalVipPort: network/ports/noop.yaml + OS::TripleO::Network::Ports::InternalApiVipPort: network/ports/noop.yaml + OS::TripleO::Network::Ports::StorageVipPort: network/ports/noop.yaml + OS::TripleO::Network::Ports::StorageMgmtVipPort: network/ports/noop.yaml + OS::TripleO::Network::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml + + # Service to network Mappings + OS::TripleO::ServiceNetMap: network/service_net_map.yaml + + # Service Endpoint Mappings + OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml + + # validation resources + OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml + + # services + OS::TripleO::Services: puppet/services/services.yaml + OS::TripleO::Services::Apache: puppet/services/apache.yaml + OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml + OS::TripleO::Services::CephMon: OS::Heat::None + OS::TripleO::Services::CephRgw: OS::Heat::None + OS::TripleO::Services::CephOSD: OS::Heat::None + OS::TripleO::Services::CephClient: OS::Heat::None + OS::TripleO::Services::CephExternal: OS::Heat::None + OS::TripleO::Services::CinderApi: puppet/services/cinder-api.yaml + OS::TripleO::Services::CinderBackup: OS::Heat::None + OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml + OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml + OS::TripleO::Services::Core: OS::Heat::None + OS::TripleO::Services::Keystone: puppet/services/keystone.yaml + OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml + OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml + OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml + OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml + OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml + OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml + OS::TripleO::Services::Kernel: puppet/services/kernel.yaml + OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml + OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml + OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml + OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml + # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated + # the multinode job ControllerServices after this patch merges + OS::TripleO::Services::NeutronServer: puppet/services/neutron-api.yaml + OS::TripleO::Services::NeutronApi: puppet/services/neutron-api.yaml + OS::TripleO::Services::NeutronCorePlugin: puppet/services/neutron-plugin-ml2.yaml + # can be the same as NeutronCorePlugin but some vendors install different + # things where VMs run + OS::TripleO::Services::ComputeNeutronCorePlugin: puppet/services/neutron-plugin-ml2.yaml + # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin) + OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml + OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml + OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml + OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml + OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml + OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::Pacemaker: OS::Heat::None + OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None + OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml + OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml + OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml + OS::TripleO::Services::Memcached: puppet/services/memcached.yaml + OS::TripleO::Services::SaharaApi: OS::Heat::None + OS::TripleO::Services::SaharaEngine: OS::Heat::None + OS::TripleO::Services::Redis: puppet/services/database/redis.yaml + OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml + OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml + OS::TripleO::Services::NovaApi: puppet/services/nova-api.yaml + OS::TripleO::Services::NovaMetadata: puppet/services/nova-metadata.yaml + OS::TripleO::Services::NovaScheduler: puppet/services/nova-scheduler.yaml + OS::TripleO::Services::NovaConsoleauth: puppet/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaVncProxy: puppet/services/nova-vnc-proxy.yaml + OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml + OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml + OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml + OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml + OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml + OS::TripleO::Services::SwiftRingBuilder: puppet/services/swift-ringbuilder.yaml + OS::TripleO::Services::Snmp: puppet/services/snmp.yaml + OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml + OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml + OS::TripleO::Services::CeilometerCollector: puppet/services/ceilometer-collector.yaml + OS::TripleO::Services::CeilometerExpirer: puppet/services/ceilometer-expirer.yaml + OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml + OS::TripleO::Services::CeilometerAgentNotification: puppet/services/ceilometer-agent-notification.yaml + OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml + OS::TripleO::Services::Horizon: puppet/services/horizon.yaml + #Gnocchi services + OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml + OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml + OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml + OS::TripleO::Services::VipHosts: puppet/services/vip-hosts.yaml + # Services that are disabled by default (use relevant environment files): + OS::TripleO::Services::FluentdClient: OS::Heat::None + OS::TripleO::LoggingConfiguration: puppet/services/logging/fluentd-config.yaml + OS::Tripleo::Services::ManilaApi: OS::Heat::None + OS::Tripleo::Services::ManilaScheduler: OS::Heat::None + OS::Tripleo::Services::ManilaShare: OS::Heat::None + OS::Tripleo::Services::ManilaBackendGeneric: OS::Heat::None + OS::Tripleo::Services::ManilaBackendNetapp: OS::Heat::None + OS::Tripleo::Services::ManilaBackendCephFs: OS::Heat::None + OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::AodhApi: puppet/services/aodh-api.yaml + OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml + OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml + OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml + OS::TripleO::Services::MistralEngine: OS::Heat::None + OS::TripleO::Services::MistralApi: OS::Heat::None + OS::TripleO::Services::MistralExecutor: OS::Heat::None + OS::TripleO::Services::IronicApi: OS::Heat::None + OS::TripleO::Services::IronicConductor: OS::Heat::None + OS::TripleO::Services::NovaIronic: OS::Heat::None + OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml + OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml + OS::TripleO::Services::OpenDaylight: OS::Heat::None + OS::TripleO::Services::OpenDaylightOvs: OS::Heat::None + OS::TripleO::Services::SensuClient: OS::Heat::None + +parameter_defaults: + EnablePackageInstall: false + SoftwareConfigTransport: POLL_TEMP_URL diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml deleted file mode 100644 index 950f1b68..00000000 --- a/overcloud-resource-registry-puppet.yaml +++ /dev/null @@ -1,142 +0,0 @@ -resource_registry: - OS::TripleO::BlockStorage: puppet/cinder-storage.yaml - OS::TripleO::BlockStorage::Net::SoftwareConfig: net-config-noop.yaml - OS::TripleO::Compute: puppet/compute.yaml - OS::TripleO::Compute::Net::SoftwareConfig: net-config-noop.yaml - OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment - OS::TripleO::Controller: puppet/controller.yaml - OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml - OS::TripleO::ObjectStorage: puppet/swift-storage.yaml - OS::TripleO::ObjectStorage::Net::SoftwareConfig: net-config-noop.yaml - OS::TripleO::CephStorage: puppet/ceph-storage.yaml - OS::TripleO::CephStorage::Net::SoftwareConfig: net-config-noop.yaml - OS::TripleO::ControllerPostDeployment: puppet/controller-post.yaml - # set to controller-config-pacemaker.yaml to enable pacemaker - OS::TripleO::ControllerConfig: puppet/controller-config.yaml - OS::TripleO::ComputePostDeployment: puppet/compute-post.yaml - OS::TripleO::ObjectStoragePostDeployment: puppet/swift-storage-post.yaml - OS::TripleO::BlockStoragePostDeployment: puppet/cinder-storage-post.yaml - OS::TripleO::CephStoragePostDeployment: puppet/ceph-storage-post.yaml - OS::TripleO::SwiftDevicesAndProxy::SoftwareConfig: puppet/swift-devices-and-proxy-config.yaml - OS::TripleO::CephClusterConfig::SoftwareConfig: puppet/ceph-cluster-config.yaml - OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml - OS::TripleO::BootstrapNode::SoftwareConfig: puppet/bootstrap-config.yaml - - # Tasks (for internal TripleO usage) - OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None - OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml - OS::TripleO::Tasks::ControllerPrePuppet: OS::Heat::None - OS::TripleO::Tasks::ControllerPostPuppet: OS::Heat::None - - # This creates the "heat-admin" user for all OS images by default - # To disable, replace with firstboot/userdata_default.yaml - OS::TripleO::NodeAdminUserData: firstboot/userdata_heat_admin.yaml - - # Hooks for operator extra config - # NodeUserData == Cloud-init additional user-data, e.g cloud-config - # ControllerExtraConfigPre == Controller configuration pre service deployment - # NodeExtraConfig == All nodes configuration pre service deployment - # NodeExtraConfigPost == All nodes configuration post service deployment - OS::TripleO::NodeUserData: firstboot/userdata_default.yaml - OS::TripleO::NodeTLSCAData: puppet/extraconfig/tls/no-ca.yaml - OS::TripleO::NodeTLSData: puppet/extraconfig/tls/no-tls.yaml - OS::TripleO::ControllerExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml - OS::TripleO::ComputeExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml - OS::TripleO::CephStorageExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml - OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml - OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml - - # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy - # phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when - # configuration with knowledge of all nodes in the cluster is required vs single - # node configuration in the pre_deploy step. - OS::TripleO::AllNodesExtraConfig: extraconfig/all_nodes/default.yaml - - # TripleO overcloud networks - OS::TripleO::Network: network/networks.yaml - OS::TripleO::VipConfig: puppet/vip-config.yaml - - OS::TripleO::Network::External: OS::Heat::None - OS::TripleO::Network::InternalApi: OS::Heat::None - OS::TripleO::Network::StorageMgmt: OS::Heat::None - OS::TripleO::Network::Storage: OS::Heat::None - OS::TripleO::Network::Tenant: OS::Heat::None - OS::TripleO::Network::Management: OS::Heat::None - - OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml - OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml - OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml - - # Port assignments for the VIPs - OS::TripleO::Network::Ports::ExternalVipPort: network/ports/noop.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageVipPort: network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: network/ports/noop.yaml - OS::TripleO::Network::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml - - # Port assignments for the controller role - OS::TripleO::Controller::Ports::ExternalPort: network/ports/noop.yaml - OS::TripleO::Controller::Ports::InternalApiPort: network/ports/noop.yaml - OS::TripleO::Controller::Ports::StoragePort: network/ports/noop.yaml - OS::TripleO::Controller::Ports::StorageMgmtPort: network/ports/noop.yaml - OS::TripleO::Controller::Ports::TenantPort: network/ports/noop.yaml - OS::TripleO::Controller::Ports::ManagementPort: network/ports/noop.yaml - - # Port assignments for the compute role - OS::TripleO::Compute::Ports::ExternalPort: network/ports/noop.yaml - OS::TripleO::Compute::Ports::InternalApiPort: network/ports/noop.yaml - OS::TripleO::Compute::Ports::StoragePort: network/ports/noop.yaml - OS::TripleO::Compute::Ports::StorageMgmtPort: network/ports/noop.yaml - OS::TripleO::Compute::Ports::TenantPort: network/ports/noop.yaml - OS::TripleO::Compute::Ports::ManagementPort: network/ports/noop.yaml - - # Port assignments for the ceph storage role - OS::TripleO::CephStorage::Ports::ExternalPort: network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::InternalApiPort: network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::StoragePort: network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::StorageMgmtPort: network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::TenantPort: network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::ManagementPort: network/ports/noop.yaml - - # Port assignments for the swift storage role - OS::TripleO::SwiftStorage::Ports::ExternalPort: network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::InternalApiPort: network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::StoragePort: network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::TenantPort: network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::ManagementPort: network/ports/noop.yaml - - # Port assignments for the block storage role - OS::TripleO::BlockStorage::Ports::ExternalPort: network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::InternalApiPort: network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::StoragePort: network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::StorageMgmtPort: network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::TenantPort: network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::ManagementPort: network/ports/noop.yaml - - # Service Endpoint Mappings - OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml - - # validation resources - OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml - - # services - OS::TripleO::Services: puppet/services/services.yaml - OS::TripleO::Services::Keystone: puppet/services/keystone.yaml - OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml - OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml - OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml - OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml - OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml - OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml - OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml - OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml - OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml - OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml - OS::TripleO::Services::Loadbalancer: puppet/services/loadbalancer.yaml - OS::TripleO::Services::Memcached: puppet/services/memcached.yaml - OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml - -parameter_defaults: - EnablePackageInstall: false - SoftwareConfigTransport: POLL_TEMP_URL diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml deleted file mode 120000 index 23dc6464..00000000 --- a/overcloud-without-mergepy.yaml +++ /dev/null @@ -1 +0,0 @@ -overcloud.yaml
\ No newline at end of file diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml new file mode 100644 index 00000000..bd699f50 --- /dev/null +++ b/overcloud.j2.yaml @@ -0,0 +1,570 @@ +heat_template_version: 2016-10-14 + +description: > + Deploy an OpenStack environment, consisting of several node types (roles), + Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage + roles enable independent scaling of the storage components, but the minimal + deployment is one Controller and one Compute node. + + +# TODO(shadower): we should probably use the parameter groups to put +# some order in here. +parameters: + + # Common parameters (not specific to a role) + CloudName: + default: overcloud.localdomain + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + type: string + CloudNameInternal: + default: overcloud.internalapi.localdomain + description: > + The DNS name of this cloud's internal API endpoint. E.g. + 'ci-overcloud.internalapi.tripleo.org'. + type: string + CloudNameStorage: + default: overcloud.storage.localdomain + description: > + The DNS name of this cloud's storage endpoint. E.g. + 'ci-overcloud.storage.tripleo.org'. + type: string + CloudNameStorageManagement: + default: overcloud.storagemgmt.localdomain + description: > + The DNS name of this cloud's storage management endpoint. E.g. + 'ci-overcloud.storagemgmt.tripleo.org'. + type: string + CloudNameCtlplane: + default: overcloud.ctlplane.localdomain + description: > + The DNS name of this cloud's storage management endpoint. E.g. + 'ci-overcloud.management.tripleo.org'. + type: string + ControlFixedIPs: + default: [] + description: Should be used for arbitrary ips. + type: json + InternalApiVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the InternalApiVirtualInterface port. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + NeutronControlPlaneID: + default: 'ctlplane' + type: string + description: Neutron ID or name for ctlplane network. + NeutronPublicInterface: + default: nic1 + description: What interface to bridge onto br-ex for network nodes. + type: string + PublicVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the PublicVirtualInterface port. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + RabbitCookieSalt: + type: string + default: unset + description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. + StorageVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the StorageVirtualInterface port. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + StorageMgmtVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the StorageMgmgVirtualInterface port. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + RedisVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the virtual IP used by Redis. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + CloudDomain: + default: 'localdomain' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. + ServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. + type: json + +# Compute-specific params +# FIXME(shardy) handle these deprecated names as they don't match compute.yaml + HypervisorNeutronPhysicalBridge: + default: 'br-ex' + description: > + An OVS bridge to create on each hypervisor. This defaults to br-ex the + same as the control plane nodes, as we have a uniform configuration of + the openvswitch agent. Typically should not need to be changed. + type: string + HypervisorNeutronPublicInterface: + default: nic1 + description: What interface to add to the HypervisorNeutronPhysicalBridge. + type: string + + # Jinja loop for Role in role_data.yaml +{% for role in roles %} + # Parameters generated for {{role.name}} Role + {{role.name}}Services: + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the {{role.name}} role. + type: comma_delimited_list + default: {{role.ServicesDefault|default([])}} + + {{role.name}}Count: + description: Number of {{role.name}} nodes to deploy + type: number + default: {{role.CountDefault|default(0)}} + + {{role.name}}HostnameFormat: + type: string + description: > + Format for {{role.name}} node hostnames + Note %index% is translated into the index of the node, e.g 0/1/2 etc + and %stackname% is replaced with the stack name e.g overcloud + {% if role.HostnameFormatDefault %} + default: "{{role.HostnameFormatDefault}}" + {% else %} + default: "%stackname%-{{role.name.lower()}}-%index%" + {% endif %} + + {{role.name}}RemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from {{role.name}} ResourceGroup when + doing an update which requires removal of specific resources. + Example format ComputeRemovalPolicies: [{'resource_list': ['0']}] + +{% if role.name != 'Compute' %} + {{role.name}}SchedulerHints: +{% else %} + NovaComputeSchedulerHints: +{% endif %} + type: json + description: Optional scheduler hints to pass to nova + default: {} +{% endfor %} + + # Identifiers to trigger tasks on nodes + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. + +resources: + + HeatAuthEncryptionKey: + type: OS::Heat::RandomString + + PcsdPassword: + type: OS::Heat::RandomString + properties: + length: 16 + + HorizonSecret: + type: OS::Heat::RandomString + properties: + length: 10 + + ServiceNetMap: + type: OS::TripleO::ServiceNetMap + + EndpointMap: + type: OS::TripleO::EndpointMap + properties: + CloudEndpoints: + external: {get_param: CloudName} + internal_api: {get_param: CloudNameInternal} + storage: {get_param: CloudNameStorage} + storage_mgmt: {get_param: CloudNameStorageManagement} + ctlplane: {get_param: CloudNameCtlplane} + NetIpMap: {get_attr: [VipMap, net_ip_map]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + + # Jinja loop for Role in roles_data.yaml +{% for role in roles %} + # Resources generated for {{role.name}} Role + {{role.name}}ServiceChain: + type: OS::TripleO::Services + properties: + Services: + get_param: {{role.name}}Services + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} + + {{role.name}}AllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: {{role.name}}AllNodesDeployment + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [{{role.name}}, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [{{role.name}}, resource.0.ip_address]} + + {{role.name}}AllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: {{role.name}}AllNodesDeployment + properties: + name: {{role.name}}AllNodesValidationDeployment + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + + {{role.name}}IpListMap: + type: OS::TripleO::Network::Ports::NetIpListMap + properties: + ControlPlaneIpList: {get_attr: [{{role.name}}, ip_address]} + ExternalIpList: {get_attr: [{{role.name}}, external_ip_address]} + InternalApiIpList: {get_attr: [{{role.name}}, internal_api_ip_address]} + StorageIpList: {get_attr: [{{role.name}}, storage_ip_address]} + StorageMgmtIpList: {get_attr: [{{role.name}}, storage_mgmt_ip_address]} + TenantIpList: {get_attr: [{{role.name}}, tenant_ip_address]} + ManagementIpList: {get_attr: [{{role.name}}, management_ip_address]} + EnabledServices: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} + ServiceHostnameList: {get_attr: [{{role.name}}, hostname]} + + {{role.name}}: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: {{role.name}}Count} + removal_policies: {get_param: {{role.name}}RemovalPolicies} + resource_def: + type: OS::TripleO::{{role.name}} + properties: + CloudDomain: {get_param: CloudDomain} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + Hostname: + str_replace: + template: {get_param: {{role.name}}HostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + NodeIndex: '%index%' + {% if role.name != 'Compute' %} + {{role.name}}SchedulerHints: {get_param: {{role.name}}SchedulerHints} + {% else %} + NovaComputeSchedulerHints: {get_param: NovaComputeSchedulerHints} + {% endif %} + ServiceConfigSettings: + map_merge: + - get_attr: [{{role.name}}ServiceChain, role_data, config_settings] + {% for r in roles %} + - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings] + {% endfor %} + # This next step combines two yaql passes: + # - The inner one does a deep merge on the service_config_settings for all roles + # - The outer one filters the map based on the services enabled for the role + # then merges the result into one map. + - yaql: + expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {}) + data: + map: + yaql: + expression: $.data.where($ != null).reduce($1.mergeWith($2), {}) + data: + {% for r in roles %} + - get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings] + {% endfor %} + services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} + ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]} + LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} + LoggingGroups: {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]} +{% endfor %} + + allNodesConfig: + type: OS::TripleO::AllNodes::SoftwareConfig + properties: + cloud_name_external: {get_param: CloudName} + cloud_name_internal_api: {get_param: CloudNameInternal} + cloud_name_storage: {get_param: CloudNameStorage} + cloud_name_storage_mgmt: {get_param: CloudNameStorageManagement} + cloud_name_ctlplane: {get_param: CloudNameCtlplane} + hosts: +{% for role in roles %} + - list_join: + - '\n' + - {get_attr: [{{role.name}}, hosts_entry]} +{% endfor %} + enabled_services: + list_join: + - ',' +{% for role in roles %} + - {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} +{% endfor %} + controller_ips: {get_attr: [Controller, ip_address]} + controller_names: {get_attr: [Controller, hostname]} + service_ips: + # Note (shardy) this somewhat complex yaql may be replaced + # with a map_deep_merge function in ocata. It merges the + # list of maps, but appends to colliding lists when a service + # is deployed on more than one role + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) + data: + l: +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, service_ips]} +{% endfor %} + service_node_names: + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) + data: + l: +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, service_hostnames]} +{% endfor %} + # FIXME(shardy): These require further work to move into service_ips + memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} + keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} + keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} + NetVipMap: {get_attr: [VipMap, net_ip_map]} + RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} + DeployIdentifier: {get_param: DeployIdentifier} + UpdateIdentifier: {get_param: UpdateIdentifier} + + MysqlRootPassword: + type: OS::Heat::RandomString + properties: + length: 10 + + RabbitCookie: + type: OS::Heat::RandomString + properties: + length: 20 + salt: {get_param: RabbitCookieSalt} + + DefaultPasswords: + type: OS::TripleO::DefaultPasswords + properties: + DefaultMysqlRootPassword: {get_attr: [MysqlRootPassword, value]} + DefaultRabbitCookie: {get_attr: [RabbitCookie, value]} + DefaultHeatAuthEncryptionKey: {get_attr: [HeatAuthEncryptionKey, value]} + DefaultPcsdPassword: {get_attr: [PcsdPassword, value]} + DefaultHorizonSecret: {get_attr: [HorizonSecret, value]} + + # creates the network architecture + Networks: + type: OS::TripleO::Network + + ControlVirtualIP: + type: OS::Neutron::Port + depends_on: Networks + properties: + name: control_virtual_ip + network: {get_param: NeutronControlPlaneID} + fixed_ips: {get_param: ControlFixedIPs} + replacement_policy: AUTO + + RedisVirtualIP: + depends_on: Networks + type: OS::TripleO::Network::Ports::RedisVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + ControlPlaneNetwork: {get_param: NeutronControlPlaneID} + PortName: redis_virtual_ip + NetworkName: {get_attr: [ServiceNetMap, service_net_map, RedisNetwork]} + ServiceName: redis + FixedIPs: {get_param: RedisVirtualFixedIPs} + + # The public VIP is on the External net, falls back to ctlplane + PublicVirtualIP: + depends_on: Networks + type: OS::TripleO::Network::Ports::ExternalVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + ControlPlaneNetwork: {get_param: NeutronControlPlaneID} + PortName: public_virtual_ip + FixedIPs: {get_param: PublicVirtualFixedIPs} + + InternalApiVirtualIP: + depends_on: Networks + type: OS::TripleO::Network::Ports::InternalApiVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + PortName: internal_api_virtual_ip + FixedIPs: {get_param: InternalApiVirtualFixedIPs} + + StorageVirtualIP: + depends_on: Networks + type: OS::TripleO::Network::Ports::StorageVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + PortName: storage_virtual_ip + FixedIPs: {get_param: StorageVirtualFixedIPs} + + StorageMgmtVirtualIP: + depends_on: Networks + type: OS::TripleO::Network::Ports::StorageMgmtVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + PortName: storage_management_virtual_ip + FixedIPs: {get_param: StorageMgmtVirtualFixedIPs} + + VipMap: + type: OS::TripleO::Network::Ports::NetVipMap + properties: + ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} + ExternalIpUri: {get_attr: [PublicVirtualIP, ip_address_uri]} + InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} + InternalApiIpUri: {get_attr: [InternalApiVirtualIP, ip_address_uri]} + StorageIp: {get_attr: [StorageVirtualIP, ip_address]} + StorageIpUri: {get_attr: [StorageVirtualIP, ip_address_uri]} + StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]} + StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]} + # No tenant or management VIP required + + # All Nodes Validations + AllNodesValidationConfig: + type: OS::TripleO::AllNodes::Validation + properties: + PingTestIps: + list_join: + - ' ' + - - {get_attr: [Controller, resource.0.external_ip_address]} + - {get_attr: [Controller, resource.0.internal_api_ip_address]} + - {get_attr: [Controller, resource.0.storage_ip_address]} + - {get_attr: [Controller, resource.0.storage_mgmt_ip_address]} + - {get_attr: [Controller, resource.0.tenant_ip_address]} + - {get_attr: [Controller, resource.0.management_ip_address]} + + UpdateWorkflow: + type: OS::TripleO::Tasks::UpdateWorkflow + properties: + servers: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} +{% endfor %} + input_values: + deploy_identifier: {get_param: DeployIdentifier} + update_identifier: {get_param: UpdateIdentifier} + + # Optional ExtraConfig for all nodes - all roles are passed in here, but + # the nested template may configure each role differently (or not at all) + AllNodesExtraConfig: + type: OS::TripleO::AllNodesExtraConfig + depends_on: + - UpdateWorkflow +{% for role in roles %} + - {{role.name}}AllNodesValidationDeployment +{% endfor %} + properties: +{% for role in roles %} + servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} +{% endfor %} + + # Post deployment steps for all roles + AllNodesDeploySteps: + type: OS::TripleO::PostDeploySteps + properties: + servers: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} +{% endfor %} + role_data: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} +{% endfor %} + +outputs: + ManagedEndpoints: + description: Asserts that the keystone endpoints have been provisioned. + value: true + KeystoneURL: + description: URL for the Overcloud Keystone service + value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]} + KeystoneAdminVip: + description: Keystone Admin VIP endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} + PublicVip: + description: Controller VIP for public API endpoints + value: {get_attr: [VipMap, net_ip_map, external]} + AodhInternalVip: + description: VIP for Aodh API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]} + CeilometerInternalVip: + description: VIP for Ceilometer API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]} + CephRgwInternalVip: + description: VIP for Ceph RGW internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CephRgwNetwork]}]} + CinderInternalVip: + description: VIP for Cinder API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]} + GlanceInternalVip: + description: VIP for Glance API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]} + GnocchiInternalVip: + description: VIP for Gnocchi API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]} + HeatInternalVip: + description: VIP for Heat API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]} + IronicInternalVip: + description: VIP for Ironic API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]} + KeystoneInternalVip: + description: VIP for Keystone API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} + ManilaInternalVip: + description: VIP for Manila API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]} + NeutronInternalVip: + description: VIP for Neutron API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]} + NovaInternalVip: + description: VIP for Nova API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]} + OpenDaylightInternalVip: + description: VIP for OpenDaylight API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, OpenDaylightApiNetwork]}]} + SaharaInternalVip: + description: VIP for Sahara API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]} + SwiftInternalVip: + description: VIP for Swift Proxy internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]} + EndpointMap: + description: | + Mapping of the resources with the needed info for their endpoints. + This includes the protocol used, the IP, port and also a full + representation of the URI. + value: {get_attr: [EndpointMap, endpoint_map]} + HostsEntry: + description: | + The content that should be appended to your /etc/hosts if you want to get + hostname-based access to the deployed nodes (useful for testing without + setting up a DNS). + value: {get_attr: [allNodesConfig, hosts_entries]} + EnabledServices: + description: The services enabled on each role + value: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} +{% endfor %} diff --git a/overcloud.yaml b/overcloud.yaml deleted file mode 100644 index 3adfa3e1..00000000 --- a/overcloud.yaml +++ /dev/null @@ -1,1671 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Deploy an OpenStack environment, consisting of several node types (roles), - Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage - roles enable independent scaling of the storage components, but the minimal - deployment is one Controller and one Compute node. - - -# TODO(shadower): we should probably use the parameter groups to put -# some order in here. -parameters: - - # Common parameters (not specific to a role) - AdminPassword: - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AodhPassword: - description: The password for the aodh services. - type: string - hidden: true - CeilometerBackend: - default: 'mongodb' - description: The ceilometer backend type. - type: string - CeilometerMeteringSecret: - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - description: The password for the ceilometer service account. - type: string - hidden: true - CeilometerMeterDispatcher: - default: 'database' - description: Dispatcher to process meter data - type: string - constraints: - - allowed_values: ['gnocchi', 'database'] - # This has to be an UUID so for now we generate it outside the template - CephClusterFSID: - default: '' - type: string - description: The Ceph cluster FSID. Must be a UUID. - CephMonKey: - default: '' - description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. - type: string - hidden: true - CephAdminKey: - default: '' - description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. - type: string - hidden: true - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CephClientKey: - default: '' - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. - type: string - hidden: true - CephExternalMonHost: - default: '' - type: string - description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - CloudName: - default: overcloud - description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org - type: string - ControlFixedIPs: - default: [] - description: Should be used for arbitrary ips. - type: json - CorosyncIPv6: - default: false - description: Enable IPv6 in Corosync - type: boolean - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - HAProxySyslogAddress: - default: /dev/log - description: Syslog address where HAproxy will send its log - type: string - HorizonAllowedHosts: - default: '*' - description: A list of IP/Hostname allowed to connect to horizon - type: comma_delimited_list - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - InternalApiVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the InternalApiVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - KeyName: - default: default - description: Name of an existing Nova key pair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - MemcachedIPv6: - default: false - description: Enable IPv6 features in Memcached. - type: boolean - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: comma_delimited_list - default: "datacentre:br-ex" - NeutronControlPlaneID: - default: 'ctlplane' - type: string - description: Neutron ID or name for ctlplane network. - NeutronEnableTunnelling: - type: string - default: "True" - NeutronEnableL2Pop: - type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. - default: "False" - NeutronFlatNetworks: - type: comma_delimited_list - default: 'datacentre' - description: > - If set, flat networks to configure in neutron plugins. Defaults to - 'datacentre' to permit external network creation. - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron. - type: comma_delimited_list - NeutronPassword: - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge for each control plane node, - and that port will be given the IP address returned by neutron from the - public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling - overcloud.yaml to include the deployment of VLAN ports to the control - plane. - type: string - NeutronComputeAgentMode: - default: 'dvr' - description: Agent mode for the neutron-l3-agent on the compute hosts - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NeutronDVR: - default: 'False' - description: Whether to configure Neutron Distributed Virtual Routers - type: string - NeutronMetadataProxySharedSecret: - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronTenantMtu: - description: > - The default MTU for tenant networks. For VXLAN/GRE tunneling, this should - be at least 50 bytes smaller than the MTU on the physical network. This - value will be used to set the MTU on the virtual Ethernet device. - This value will be used to construct the NeutronDnsmasqOptions, since that - will determine the MTU that is assigned to the VM host through DHCP. - default: "1400" - type: string - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. - type: comma_delimited_list - NeutronTunnelIdRanges: - description: | - Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronCorePlugin: - default: 'ml2' - description: | - The core plugin for Neutron. The value should be the entrypoint to be loaded - from neutron.core_plugins namespace. - type: string - NeutronServicePlugins: - default: "router,qos" - description: | - Comma-separated list of service plugin entrypoints to be loaded from the - neutron.service_plugins namespace. - type: comma_delimited_list - NeutronTypeDrivers: - default: "vxlan,vlan,flat,gre" - description: | - Comma-separated list of network type driver entrypoints to be loaded. - type: comma_delimited_list - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. - type: comma_delimited_list - NeutronPluginExtensions: - default: "qos,port_security" - description: | - Comma-separated list of extensions enabled for the Neutron plugin. - type: comma_delimited_list - NeutronAgentExtensions: - default: "qos" - description: | - Comma-separated list of extensions enabled for the Neutron agents. - type: comma_delimited_list - NeutronAllowL3AgentFailover: - default: 'False' - description: Allow automatic l3-agent failover - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NovaIPv6: - default: false - description: Enable IPv6 features in Nova - type: boolean - NovaPassword: - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list - MongoDbNoJournal: - default: false - description: Should MongoDb journaling be disabled - type: boolean - MongoDbIPv6: - default: false - description: Enable IPv6 if MongoDB VIP is IPv6 - type: boolean - PublicVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the PublicVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - RabbitCookieSalt: - type: string - default: unset - description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - RedisPassword: - description: The password for Redis - type: string - hidden: true - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - StorageVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the StorageVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - StorageMgmtVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the StorageMgmgVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json - TimeZone: - default: 'UTC' - description: The timezone to be set on nodes. - type: string - CloudDomain: - default: 'localdomain' - type: string - description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. - ServerMetadata: - default: {} - description: > - Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. - type: json - - # Controller-specific params - CinderLVMLoopDeviceSize: - default: 10280 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderNfsMountOptions: - default: '' - description: > - Mount options for NFS mounts used by Cinder NFS backend. Effective - when CinderEnableNfsBackend is true. - type: string - CinderNfsServers: - default: '' - description: > - NFS servers used by Cinder NFS backend. Effective when - CinderEnableNfsBackend is true. - type: comma_delimited_list - CinderPassword: - description: The password for the cinder service account, used by cinder-api. - type: string - hidden: true - CinderISCSIHelper: - default: lioadm - description: The iSCSI helper to use with cinder. - type: string - ControllerCount: - type: number - default: 1 - constraints: - - range: {min: 1} - controllerExtraConfig: - default: {} - description: | - Deprecated. Use ControllerExtraConfig via parameter_defaults instead. - type: json - controllerImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - OvercloudControlFlavor: - description: Flavor for control nodes to request when deploying. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - EnableFencing: - default: false - description: Whether to enable fencing in Pacemaker or not. - type: boolean - EnableGalera: - default: true - description: Whether to use Galera instead of regular MariaDB. - type: boolean - ControllerEnableCephStorage: - default: false - description: Whether to deploy Ceph Storage (OSD) on the Controller - type: boolean - ControllerEnableSwiftStorage: - default: true - description: Whether to enable Swift Storage on the Controller - type: boolean - ControllerSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - ExtraConfig: - default: {} - description: | - Additional configuration to inject into the cluster. The format required - may be implementation specific, e.g puppet hieradata. Any role specific - ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig. - type: json - FencingConfig: - default: {} - description: | - Pacemaker fencing configuration. The JSON should have - the following structure: - { - "devices": [ - { - "agent": "AGENT_NAME", - "host_mac": "HOST_MAC_ADDRESS", - "params": {"PARAM_NAME": "PARAM_VALUE"} - } - ] - } - For instance: - { - "devices": [ - { - "agent": "fence_xvm", - "host_mac": "52:54:00:aa:bb:cc", - "params": { - "multicast_address": "225.0.0.12", - "port": "baremetal_0", - "manage_fw": true, - "manage_key_file": true, - "key_file": "/etc/fence_xvm.key", - "key_file_password": "abcdef" - } - } - ] - } - type: json - GnocchiBackend: - default: file - description: The short name of the Gnocchi backend to use. Should be one - of swift, rbd or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] - GnocchiIndexerBackend: - default: 'mysql' - description: The short name of the Gnocchi indexer backend to use. - type: string - GnocchiPassword: - description: The password for the gnocchi service account. - type: string - hidden: true - InstanceNameTemplate: - default: 'instance-%08x' - description: Template string to be used to generate instance names - type: string - ManageFirewall: - default: false - description: Whether to manage IPtables rules. - type: boolean - PurgeFirewallRules: - default: false - description: Whether IPtables rules should be purged before setting up the ones. - type: boolean - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - MysqlMaxConnections: - description: Configures MySQL max_connections config setting - type: number - default: 4096 - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: A custom IP address to put onto the NeutronPublicInterface. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - SwiftHashSuffix: - description: A random string to be used as a salt when hashing to determine mappings in the ring. - type: string - hidden: true - SwiftMountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - SwiftMinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - SwiftPartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - SwiftReplicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. - SaharaPassword: - description: The password for the sahara service account. - type: string - hidden: true - -# Compute-specific params - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - ComputeCount: - type: number - default: 1 - HypervisorNeutronPhysicalBridge: - default: 'br-ex' - description: > - An OVS bridge to create on each hypervisor. This defaults to br-ex the - same as the control plane nodes, as we have a uniform configuration of - the openvswitch agent. Typically should not need to be changed. - type: string - HypervisorNeutronPublicInterface: - default: nic1 - description: What interface to add to the HypervisorNeutronPhysicalBridge. - type: string - NeutronNetworkVLANRanges: - default: 'datacentre:1:1000' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list - NovaComputeDriver: - type: string - default: libvirt.LibvirtDriver - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeLibvirtType: - default: kvm - type: string - NovaComputeLibvirtVifDriver: - default: '' - description: Libvirt VIF driver configuration for the network - type: string - NovaComputeSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean - NovaImage: - type: string - default: overcloud-full - constraints: - - custom_constraint: glance.image - NovaOVSBridge: - default: 'br-int' - description: Name of integration bridge used by Open vSwitch - type: string - NovaSecurityGroupAPI: - default: 'neutron' - description: The full class name of the security API class - type: string - OvercloudComputeFlavor: - description: Use this flavor - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - ServiceNetMap: - default: - NeutronTenantNetwork: tenant - CeilometerApiNetwork: internal_api - AodhApiNetwork: internal_api - GnocchiApiNetwork: internal_api - MongoDbNetwork: internal_api - CinderApiNetwork: internal_api - CinderIscsiNetwork: storage - GlanceApiNetwork: storage - GlanceRegistryNetwork: internal_api - KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints - KeystonePublicApiNetwork: internal_api - NeutronApiNetwork: internal_api - HeatApiNetwork: internal_api - NovaApiNetwork: internal_api - NovaMetadataNetwork: internal_api - NovaVncProxyNetwork: internal_api - SwiftMgmtNetwork: storage_mgmt - SwiftProxyNetwork: storage - SaharaApiNetwork: internal_api - HorizonNetwork: internal_api - MemcachedNetwork: internal_api - RabbitMqNetwork: internal_api - RedisNetwork: internal_api - MysqlNetwork: internal_api - CephClusterNetwork: storage_mgmt - CephPublicNetwork: storage - ControllerHostnameResolveNetwork: internal_api - ComputeHostnameResolveNetwork: internal_api - BlockStorageHostnameResolveNetwork: internal_api - ObjectStorageHostnameResolveNetwork: internal_api - CephStorageHostnameResolveNetwork: storage - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - - ControllerServices: - default: - - OS::TripleO::Services::Keystone - - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - - OS::TripleO::Services::HeatApi - - OS::TripleO::Services::HeatApiCfn - - OS::TripleO::Services::HeatApiCloudwatch - - OS::TripleO::Services::HeatEngine - - OS::TripleO::Services::NeutronDhcpAgent - - OS::TripleO::Services::NeutronL3Agent - - OS::TripleO::Services::NeutronMetadataAgent - - OS::TripleO::Services::RabbitMQ - - OS::TripleO::Services::Loadbalancer - - OS::TripleO::Services::Memcached - - OS::TripleO::Services::SwiftProxy - description: A list of service resources (configured in the Heat - resource_registry) which represent nested stacks - for each service that should get installed on the Controllers. - type: comma_delimited_list - - ComputeServices: - default: [] - description: A list of service resources (configured in the Heat - resource_registry) which represent nested stacks - for each service that should get installed on the Compute Nodes. - type: comma_delimited_list - -# Block storage specific parameters - BlockStorageCount: - type: number - default: 0 - BlockStorageImage: - default: overcloud-full - type: string - OvercloudBlockStorageFlavor: - description: Flavor for block storage nodes to request when deploying. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - BlockStorageExtraConfig: - default: {} - description: | - BlockStorage specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - BlockStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - - -# Object storage specific parameters - ObjectStorageCount: - type: number - default: 0 - OvercloudSwiftStorageFlavor: - description: Flavor for Swift storage nodes to request when deploying. - default: baremetal - type: string - constraints: - - custom_constraint: nova.flavor - SwiftStorageImage: - default: overcloud-full - type: string - ObjectStorageExtraConfig: - default: {} - description: | - ObjectStorage specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - ObjectStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - ObjectStorageServices: - default: [] - description: A list of service resources (configured in the Heat - resource_registry) which represent nested stacks - for each service that should get installed on the ObjectStorage nodes. - Note this role currently only supports steps 2, 3 and 4 configuration. - type: comma_delimited_list - - -# Ceph storage specific parameters - CephStorageCount: - type: number - default: 0 - CephStorageImage: - default: overcloud-full - type: string - OvercloudCephStorageFlavor: - default: baremetal - description: Flavor for Ceph storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - CephStorageExtraConfig: - default: {} - description: | - CephStorage specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - CephStorageSchedulerHints: - type: json - description: Optional scheduler hints to pass to nova - default: {} - CephStorageServices: - default: [] - description: A list of service resources (configured in the Heat - resource_registry) which represent nested stacks - for each service that should get installed on the CephStorage nodes. - type: comma_delimited_list - - # Hostname format for each role - # Note %index% is translated into the index of the node, e.g 0/1/2 etc - # and %stackname% is replaced with OS::stack_name in the template below. - # If you want to use the heat generated names, pass '' (empty string). - ControllerHostnameFormat: - type: string - description: Format for Controller node hostnames - default: '%stackname%-controller-%index%' - ComputeHostnameFormat: - type: string - description: Format for Compute node hostnames - default: '%stackname%-novacompute-%index%' - BlockStorageHostnameFormat: - type: string - description: Format for BlockStorage node hostnames - default: '%stackname%-blockstorage-%index%' - ObjectStorageHostnameFormat: - type: string - description: Format for SwiftStorage node hostnames - default: '%stackname%-objectstorage-%index%' - CephStorageHostnameFormat: - type: string - description: Format for CephStorage node hostnames - default: '%stackname%-cephstorage-%index%' - - # Identifiers to trigger tasks on nodes - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - - # If you want to remove a specific node from a resource group, you can pass - # the node name or id as a <Group>RemovalPolicies parameter, for example: - # ComputeRemovalPolicies: [{'resource_list': ['0']}] - ControllerRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ControllerResourceGroup when - doing an update which requires removal of specific resources. - ComputeRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ComputeResourceGroup when - doing an update which requires removal of specific resources. - BlockStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from BlockStorageResourceGroup when - doing an update which requires removal of specific resources. - ObjectStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from ObjectStorageResourceGroup when - doing an update which requires removal of specific resources. - CephStorageRemovalPolicies: - default: [] - type: json - description: > - List of resources to be removed from CephStorageResourceGroup when - doing an update which requires removal of specific resources. - -parameter_groups: -- label: deprecated - description: Do not use deprecated params, they will be removed. - parameters: - - controllerExtraConfig - - -resources: - - HeatAuthEncryptionKey: - type: OS::Heat::RandomString - - PcsdPassword: - type: OS::Heat::RandomString - properties: - length: 16 - - HorizonSecret: - type: OS::Heat::RandomString - properties: - length: 10 - - EndpointMap: - type: OS::TripleO::EndpointMap - properties: - CloudName: {get_param: CloudName} - CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - AodhApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} - CinderApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - GlanceRegistryVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - GnocchiApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} - HeatApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - MysqlVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - NovaApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - SaharaApiVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} - SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - PublicVirtualIP: {get_attr: [VipMap, net_ip_uri_map, external]} - - ControllerServiceChain: - type: OS::TripleO::Services - depends_on: Networks - properties: - Services: {get_param: ControllerServices} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - - Controller: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ControllerCount} - removal_policies: {get_param: ControllerRemovalPolicies} - resource_def: - type: OS::TripleO::Controller - properties: - AdminPassword: {get_param: AdminPassword} - AodhPassword: {get_param: AodhPassword} - CeilometerBackend: {get_param: CeilometerBackend} - CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} - CeilometerPassword: {get_param: CeilometerPassword} - CeilometerMeterDispatcher: {get_param: CeilometerMeterDispatcher} - CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} - CinderNfsMountOptions: {get_param: CinderNfsMountOptions} - CinderNfsServers: {get_param: CinderNfsServers} - CinderPassword: {get_param: CinderPassword} - CinderISCSIHelper: {get_param: CinderISCSIHelper} - CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} - CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} - CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} - CloudDomain: {get_param: CloudDomain} - ControlVirtualInterface: {get_param: ControlVirtualInterface} - controllerExtraConfig: {get_param: controllerExtraConfig} - CorosyncIPv6: {get_param: CorosyncIPv6} - Debug: {get_param: Debug} - EnableFencing: {get_param: EnableFencing} - ManageFirewall: {get_param: ManageFirewall} - PurgeFirewallRules: {get_param: PurgeFirewallRules} - EnableGalera: {get_param: EnableGalera} - EnableCephStorage: {get_param: ControllerEnableCephStorage} - EnableSwiftStorage: {get_param: ControllerEnableSwiftStorage} - ExtraConfig: {get_param: ExtraConfig} - FencingConfig: {get_param: FencingConfig} - Flavor: {get_param: OvercloudControlFlavor} - GnocchiPassword: {get_param: GnocchiPassword} - GnocchiBackend: {get_param: GnocchiBackend} - GnocchiIndexerBackend: {get_param: GnocchiIndexerBackend} - HAProxySyslogAddress: {get_param: HAProxySyslogAddress} - HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} - HorizonAllowedHosts: {get_param: HorizonAllowedHosts} - HorizonSecret: {get_resource: HorizonSecret} - Image: {get_param: controllerImage} - ImageUpdatePolicy: {get_param: ImageUpdatePolicy} - InstanceNameTemplate: {get_param: InstanceNameTemplate} - KeyName: {get_param: KeyName} - MemcachedIPv6: {get_param: MemcachedIPv6} - MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]} - MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize} - MysqlMaxConnections: {get_param: MysqlMaxConnections} - MysqlRootPassword: {get_attr: [MysqlRootPassword, value]} - NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP} - NeutronFlatNetworks: {get_param: NeutronFlatNetworks} - NeutronBridgeMappings: {get_param: NeutronBridgeMappings} - NeutronTenantMtu: {get_param: NeutronTenantMtu} - NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} - NeutronEnableL2Pop: {get_param: NeutronEnableL2Pop} - NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges} - NeutronPublicInterface: {get_param: NeutronPublicInterface} - NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute} - NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} - NeutronPassword: {get_param: NeutronPassword} - NeutronDVR: {get_param: NeutronDVR} - NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} - NeutronAgentMode: {get_param: NeutronAgentMode} - NeutronCorePlugin: {get_param: NeutronCorePlugin} - NeutronServicePlugins: {get_param: NeutronServicePlugins} - NeutronTypeDrivers: {get_param: NeutronTypeDrivers} - NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers} - NeutronPluginExtensions: {get_param: NeutronPluginExtensions} - NeutronAgentExtensions: {get_param: NeutronAgentExtensions} - NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} - NeutronL3HA: {get_param: NeutronL3HA} - NeutronNetworkType: {get_param: NeutronNetworkType} - NeutronTunnelTypes: {get_param: NeutronTunnelTypes} - NovaIPv6: {get_param: NovaIPv6} - NovaPassword: {get_param: NovaPassword} - NtpServer: {get_param: NtpServer} - MongoDbNoJournal: {get_param: MongoDbNoJournal} - MongoDbIPv6: {get_param: MongoDbIPv6} - PcsdPassword: {get_resource: PcsdPassword} - PublicVirtualInterface: {get_param: PublicVirtualInterface} - RabbitPassword: {get_param: RabbitPassword} - RabbitUserName: {get_param: RabbitUserName} - RabbitCookie: {get_attr: [RabbitCookie, value]} - RabbitClientUseSSL: {get_param: RabbitClientUseSSL} - RabbitClientPort: {get_param: RabbitClientPort} - RedisPassword: {get_param: RedisPassword} - SaharaPassword: {get_param: SaharaPassword} - SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} - SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} - RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} - RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]} - SwiftHashSuffix: {get_param: SwiftHashSuffix} - SwiftMountCheck: {get_param: SwiftMountCheck} - SwiftMinPartHours: {get_param: SwiftMinPartHours} - SwiftPartPower: {get_param: SwiftPartPower} - SwiftReplicas: { get_param: SwiftReplicas} - TimeZone: {get_param: TimeZone} - VirtualIP: {get_attr: [VipMap, net_ip_map, ctlplane]} # deprecated. Use per service VIP settings instead now. - PublicVirtualIP: {get_attr: [VipMap, net_ip_map, external]} - ServiceNetMap: {get_param: ServiceNetMap} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - CeilometerApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - AodhApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} - GnocchiApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} - CinderApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - HeatApiVirtualIPUri: {get_attr: [VipMap, net_ip_uri_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - SwiftProxyVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - NovaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - SaharaApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: ControllerHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - NodeIndex: '%index%' - ServerMetadata: {get_param: ServerMetadata} - SchedulerHints: {get_param: ControllerSchedulerHints} - ServiceConfigSettings: {get_attr: [ControllerServiceChain, config_settings]} - - ComputeServiceChain: - type: OS::TripleO::Services - properties: - Services: {get_param: ComputeServices} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - - Compute: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ComputeCount} - removal_policies: {get_param: ComputeRemovalPolicies} - resource_def: - type: OS::TripleO::Compute - properties: - AdminPassword: {get_param: AdminPassword} - CeilometerComputeAgent: {get_param: CeilometerComputeAgent} - CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} - CeilometerPassword: {get_param: CeilometerPassword} - CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} - CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} - Debug: {get_param: Debug} - ExtraConfig: {get_param: ExtraConfig} - Flavor: {get_param: OvercloudComputeFlavor} - GlanceHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - Image: {get_param: NovaImage} - ImageUpdatePolicy: {get_param: ImageUpdatePolicy} - KeyName: {get_param: KeyName} - KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - NeutronBridgeMappings: {get_param: NeutronBridgeMappings} - NeutronTenantMtu: {get_param: NeutronTenantMtu} - NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} - NeutronEnableL2Pop : {get_param: NeutronEnableL2Pop} - NeutronFlatNetworks: {get_param: NeutronFlatNetworks} - NeutronHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - NeutronNetworkType: {get_param: NeutronNetworkType} - NeutronTunnelTypes: {get_param: NeutronTunnelTypes} - NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges} - NeutronPassword: {get_param: NeutronPassword} - NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge} - NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface} - NeutronDVR: {get_param: NeutronDVR} - NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} - NeutronAgentMode: {get_param: NeutronComputeAgentMode} - NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} - NeutronCorePlugin: {get_param: NeutronCorePlugin} - NeutronServicePlugins: {get_param: NeutronServicePlugins} - NeutronTypeDrivers: {get_param: NeutronTypeDrivers} - NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers} - NeutronAgentExtensions: {get_param: NeutronAgentExtensions} - # L3 HA and Failover is not relevant for Computes, should be removed - NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} - NeutronL3HA: {get_param: NeutronL3HA} - NovaApiHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - NovaComputeDriver: {get_param: NovaComputeDriver} - NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig} - NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType} - NovaComputeLibvirtVifDriver: {get_param: NovaComputeLibvirtVifDriver} - NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend} - NovaIPv6: {get_param: NovaIPv6} - NovaPublicIP: {get_attr: [VipMap, net_ip_map, external]} - NovaPassword: {get_param: NovaPassword} - NovaOVSBridge: {get_param: NovaOVSBridge} - NovaSecurityGroupAPI: {get_param: NovaSecurityGroupAPI} - NtpServer: {get_param: NtpServer} - RabbitHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} - RabbitPassword: {get_param: RabbitPassword} - RabbitUserName: {get_param: RabbitUserName} - RabbitClientUseSSL: {get_param: RabbitClientUseSSL} - RabbitClientPort: {get_param: RabbitClientPort} - SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} - SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} - ServiceNetMap: {get_param: ServiceNetMap} - TimeZone: {get_param: TimeZone} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: ComputeHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - CloudDomain: {get_param: CloudDomain} - ServerMetadata: {get_param: ServerMetadata} - SchedulerHints: {get_param: NovaComputeSchedulerHints} - NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [ComputeServiceChain, config_settings]} - - - BlockStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: BlockStorageCount} - removal_policies: {get_param: BlockStorageRemovalPolicies} - resource_def: - type: OS::TripleO::BlockStorage - properties: - Debug: {get_param: Debug} - Image: {get_param: BlockStorageImage} - CinderISCSIHelper: {get_param: CinderISCSIHelper} - CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} - # Purpose of the dedicated BlockStorage nodes should be to use their local LVM - CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} - CinderPassword: {get_param: CinderPassword} - KeyName: {get_param: KeyName} - Flavor: {get_param: OvercloudBlockStorageFlavor} - VirtualIP: {get_attr: [VipMap, net_ip_map, ctlplane]} - GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - RabbitPassword: {get_param: RabbitPassword} - RabbitUserName: {get_param: RabbitUserName} - RabbitClientUseSSL: {get_param: RabbitClientUseSSL} - RabbitClientPort: {get_param: RabbitClientPort} - TimeZone: {get_param: TimeZone} - NtpServer: {get_param: NtpServer} - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: BlockStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - ServiceNetMap: {get_param: ServiceNetMap} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - ExtraConfig: {get_param: ExtraConfig} - BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig} - CloudDomain: {get_param: CloudDomain} - ServerMetadata: {get_param: ServerMetadata} - SchedulerHints: {get_param: BlockStorageSchedulerHints} - NodeIndex: '%index%' - - ObjectStorageServiceChain: - type: OS::TripleO::Services - properties: - Services: {get_param: ObjectStorageServices} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - - ObjectStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: ObjectStorageCount} - removal_policies: {get_param: ObjectStorageRemovalPolicies} - resource_def: - type: OS::TripleO::ObjectStorage - properties: - KeyName: {get_param: KeyName} - Flavor: {get_param: OvercloudSwiftStorageFlavor} - HashSuffix: {get_param: SwiftHashSuffix} - MountCheck: {get_param: SwiftMountCheck} - MinPartHours: {get_param: SwiftMinPartHours} - PartPower: {get_param: SwiftPartPower} - Image: {get_param: SwiftStorageImage} - Replicas: { get_param: SwiftReplicas} - TimeZone: {get_param: TimeZone} - NtpServer: {get_param: NtpServer} - UpdateIdentifier: {get_param: UpdateIdentifier} - ServiceNetMap: {get_param: ServiceNetMap} - Hostname: - str_replace: - template: {get_param: ObjectStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - ExtraConfig: {get_param: ExtraConfig} - ObjectStorageExtraConfig: {get_param: ObjectStorageExtraConfig} - CloudDomain: {get_param: CloudDomain} - ServerMetadata: {get_param: ServerMetadata} - SchedulerHints: {get_param: ObjectStorageSchedulerHints} - NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, config_settings]} - - CephStorageServiceChain: - type: OS::TripleO::Services - properties: - Services: {get_param: CephStorageServices} - EndpointMap: {get_attr: [EndpointMap, endpoint_map]} - - CephStorage: - type: OS::Heat::ResourceGroup - depends_on: Networks - properties: - count: {get_param: CephStorageCount} - removal_policies: {get_param: CephStorageRemovalPolicies} - resource_def: - type: OS::TripleO::CephStorage - properties: - Image: {get_param: CephStorageImage} - KeyName: {get_param: KeyName} - Flavor: {get_param: OvercloudCephStorageFlavor} - NtpServer: {get_param: NtpServer} - ServiceNetMap: {get_param: ServiceNetMap} - TimeZone: {get_param: TimeZone} - UpdateIdentifier: {get_param: UpdateIdentifier} - Hostname: - str_replace: - template: {get_param: CephStorageHostnameFormat} - params: - '%stackname%': {get_param: 'OS::stack_name'} - ExtraConfig: {get_param: ExtraConfig} - CephStorageExtraConfig: {get_param: CephStorageExtraConfig} - CloudDomain: {get_param: CloudDomain} - ServerMetadata: {get_param: ServerMetadata} - SchedulerHints: {get_param: CephStorageSchedulerHints} - NodeIndex: '%index%' - ServiceConfigSettings: {get_attr: [CephStorageServiceChain, config_settings]} - - ControllerIpListMap: - type: OS::TripleO::Network::Ports::NetIpListMap - properties: - ControlPlaneIpList: {get_attr: [Controller, ip_address]} - ExternalIpList: {get_attr: [Controller, external_ip_address]} - InternalApiIpList: {get_attr: [Controller, internal_api_ip_address]} - StorageIpList: {get_attr: [Controller, storage_ip_address]} - StorageMgmtIpList: {get_attr: [Controller, storage_mgmt_ip_address]} - TenantIpList: {get_attr: [Controller, tenant_ip_address]} - ManagementIpList: {get_attr: [Controller, management_ip_address]} - - allNodesConfig: - type: OS::TripleO::AllNodes::SoftwareConfig - properties: - compute_hosts: {get_attr: [Compute, hosts_entry]} - controller_hosts: {get_attr: [Controller, hosts_entry]} - controller_ips: {get_attr: [Controller, ip_address]} - block_storage_hosts: {get_attr: [BlockStorage, hosts_entry]} - object_storage_hosts: {get_attr: [ObjectStorage, hosts_entry]} - ceph_storage_hosts: {get_attr: [CephStorage, hosts_entry]} - controller_names: {get_attr: [Controller, hostname]} - rabbit_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} - mongo_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} - redis_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} - memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} - mysql_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - horizon_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - heat_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - swift_proxy_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - ceilometer_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - aodh_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} - gnocchi_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} - nova_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - nova_metadata_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} - glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - glance_registry_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - cinder_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - neutron_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - sahara_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} - DeployIdentifier: {get_param: DeployIdentifier} - UpdateIdentifier: {get_param: UpdateIdentifier} - - MysqlRootPassword: - type: OS::Heat::RandomString - properties: - length: 10 - - MysqlClusterUniquePart: - type: OS::Heat::RandomString - properties: - length: 10 - - RabbitCookie: - type: OS::Heat::RandomString - properties: - length: 20 - salt: {get_param: RabbitCookieSalt} - - # creates the network architecture - Networks: - type: OS::TripleO::Network - - ControlVirtualIP: - type: OS::Neutron::Port - depends_on: Networks - properties: - name: control_virtual_ip - network: {get_param: NeutronControlPlaneID} - fixed_ips: {get_param: ControlFixedIPs} - replacement_policy: AUTO - - RedisVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::RedisVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ControlPlaneNetwork: {get_param: NeutronControlPlaneID} - PortName: redis_virtual_ip - NetworkName: {get_param: [ServiceNetMap, RedisNetwork]} - ServiceName: redis - - # The public VIP is on the External net, falls back to ctlplane - PublicVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::ExternalVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ControlPlaneNetwork: {get_param: NeutronControlPlaneID} - PortName: public_virtual_ip - FixedIPs: {get_param: PublicVirtualFixedIPs} - - InternalApiVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::InternalApiVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: internal_api_virtual_ip - FixedIPs: {get_param: InternalApiVirtualFixedIPs} - - StorageVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::StorageVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: storage_virtual_ip - FixedIPs: {get_param: StorageVirtualFixedIPs} - - StorageMgmtVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::StorageMgmtVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: storage_management_virtual_ip - FixedIPs: {get_param: StorageMgmtVirtualFixedIPs} - - VipMap: - type: OS::TripleO::Network::Ports::NetVipMap - properties: - ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} - ExternalIpUri: {get_attr: [PublicVirtualIP, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} - InternalApiIpUri: {get_attr: [InternalApiVirtualIP, ip_address_uri]} - StorageIp: {get_attr: [StorageVirtualIP, ip_address]} - StorageIpUri: {get_attr: [StorageVirtualIP, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]} - StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]} - # No tenant or management VIP required - - VipConfig: - type: OS::TripleO::VipConfig - - VipDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: VipDeployment - config: {get_resource: VipConfig} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - input_values: - # service VIP mappings - keystone_admin_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - keystone_public_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - neutron_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - cinder_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - glance_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - glance_registry_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - swift_proxy_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - nova_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - nova_metadata_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} - ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - aodh_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} - gnocchi_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} - heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - redis_vip: {get_attr: [RedisVirtualIP, ip_address]} - mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} - # direct configuration of Virtual IPs for each network - control_virtual_ip: {get_attr: [VipMap, net_ip_map, ctlplane]} - public_virtual_ip: {get_attr: [VipMap, net_ip_map, external]} - internal_api_virtual_ip: {get_attr: [VipMap, net_ip_map, internal_api]} - sahara_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} - storage_virtual_ip: {get_attr: [VipMap, net_ip_map, storage]} - storage_mgmt_virtual_ip: {get_attr: [VipMap, net_ip_map, storage_mgmt]} - - ControllerBootstrapNodeConfig: - type: OS::TripleO::BootstrapNode::SoftwareConfig - properties: - bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]} - bootstrap_nodeid_ip: {get_attr: [Controller, resource.0.ip_address]} - - ControllerBootstrapNodeDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ControllerBootstrapNodeDeployment - config: {get_attr: [ControllerBootstrapNodeConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ControllerSwiftDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ControllerSwiftDeployment - config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ObjectStorageSwiftDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ObjectStorageSwiftDeployment - config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]} - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - - SwiftDevicesAndProxyConfig: - type: OS::TripleO::SwiftDevicesAndProxy::SoftwareConfig - properties: - controller_swift_devices: {get_attr: [Controller, swift_device]} - object_store_swift_devices: {get_attr: [ObjectStorage, swift_device]} - controller_swift_proxy_memcaches: {get_attr: [Controller, swift_proxy_memcache]} - - ComputeCephDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ComputeCephDeployment - config: {get_attr: [CephClusterConfig, config_id]} - servers: {get_attr: [Compute, attributes, nova_server_resource]} - - ControllerCephDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ControllerCephDeployment - config: {get_attr: [CephClusterConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - CephStorageCephDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: CephStorageCephDeployment - config: {get_attr: [CephClusterConfig, config_id]} - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - - CephClusterConfig: - type: OS::TripleO::CephClusterConfig::SoftwareConfig - properties: - ceph_storage_count: {get_param: CephStorageCount} - ceph_fsid: {get_param: CephClusterFSID} - ceph_mon_key: {get_param: CephMonKey} - ceph_admin_key: {get_param: CephAdminKey} - ceph_client_key: {get_param: CephClientKey} - ceph_external_mon_ips: {get_param: CephExternalMonHost} - ceph_mon_names: {get_attr: [Controller, hostname]} - ceph_mon_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} - - ControllerAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ControllerAllNodesDeployment - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ComputeAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ComputeAllNodesDeployment - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [Compute, attributes, nova_server_resource]} - - BlockStorageAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: BlockStorageAllNodesDeployment - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - - ObjectStorageAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ObjectStorageAllNodesDeployment - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - - CephStorageAllNodesDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: CephStorageAllNodesDeployment - config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - - # All Nodes Validations - AllNodesValidationConfig: - type: OS::TripleO::AllNodes::Validation - properties: - PingTestIps: - list_join: - - ' ' - - - {get_attr: [Controller, resource.0.external_ip_address]} - - {get_attr: [Controller, resource.0.internal_api_ip_address]} - - {get_attr: [Controller, resource.0.storage_ip_address]} - - {get_attr: [Controller, resource.0.storage_mgmt_ip_address]} - - {get_attr: [Controller, resource.0.tenant_ip_address]} - - ControllerAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: ControllerAllNodesDeployment - properties: - name: ControllerAllNodesValidationDeployment - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - - ComputeAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: ComputeAllNodesDeployment - properties: - name: ComputeAllNodesValidationDeployment - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [Compute, attributes, nova_server_resource]} - - BlockStorageAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: BlockStorageAllNodesDeployment - properties: - name: BlockStorageAllNodesValidationDeployment - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - - ObjectStorageAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: ObjectStorageAllNodesDeployment - properties: - name: ObjectStorageAllNodesValidationDeployment - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - - CephStorageAllNodesValidationDeployment: - type: OS::Heat::StructuredDeployments - depends_on: CephStorageAllNodesDeployment - properties: - name: CephStorageAllNodesValidationDeployment - config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - - UpdateWorkflow: - type: OS::TripleO::Tasks::UpdateWorkflow - properties: - controller_servers: {get_attr: [Controller, attributes, nova_server_resource]} - compute_servers: {get_attr: [Compute, attributes, nova_server_resource]} - blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - input_values: - deploy_identifier: {get_param: DeployIdentifier} - update_identifier: {get_param: UpdateIdentifier} - - # Optional ExtraConfig for all nodes - all roles are passed in here, but - # the nested template may configure each role differently (or not at all) - AllNodesExtraConfig: - type: OS::TripleO::AllNodesExtraConfig - depends_on: - - UpdateWorkflow - - ComputeAllNodesValidationDeployment - - BlockStorageAllNodesValidationDeployment - - ObjectStorageAllNodesValidationDeployment - - CephStorageAllNodesValidationDeployment - - ControllerAllNodesValidationDeployment - properties: - controller_servers: {get_attr: [Controller, attributes, nova_server_resource]} - compute_servers: {get_attr: [Compute, attributes, nova_server_resource]} - blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - - # Nested stack deployment runs after all other controller deployments - ControllerNodesPostDeployment: - type: OS::TripleO::ControllerPostDeployment - depends_on: [ControllerBootstrapNodeDeployment, ControllerAllNodesDeployment, ControllerSwiftDeployment, ControllerCephDeployment] - properties: - servers: {get_attr: [Controller, attributes, nova_server_resource]} - NodeConfigIdentifiers: - allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} - controller_config: {get_attr: [Controller, attributes, config_identifier]} - deployment_identifier: {get_param: DeployIdentifier} - StepConfig: {get_attr: [ControllerServiceChain, step_config]} - - ComputeNodesPostDeployment: - type: OS::TripleO::ComputePostDeployment - depends_on: [ComputeAllNodesDeployment, ComputeCephDeployment] - properties: - servers: {get_attr: [Compute, attributes, nova_server_resource]} - NodeConfigIdentifiers: - allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} - compute_config: {get_attr: [Compute, attributes, config_identifier]} - deployment_identifier: {get_param: DeployIdentifier} - StepConfig: {get_attr: [ComputeServiceChain, step_config]} - - ObjectStorageNodesPostDeployment: - type: OS::TripleO::ObjectStoragePostDeployment - depends_on: [ObjectStorageSwiftDeployment, ObjectStorageAllNodesDeployment] - properties: - servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} - NodeConfigIdentifiers: - allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} - objectstorage_config: {get_attr: [ObjectStorage, attributes, config_identifier]} - deployment_identifier: {get_param: DeployIdentifier} - StepConfig: {get_attr: [ObjectStorageServiceChain, step_config]} - - BlockStorageNodesPostDeployment: - type: OS::TripleO::BlockStoragePostDeployment - depends_on: [ControllerNodesPostDeployment, BlockStorageAllNodesDeployment] - properties: - servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} - NodeConfigIdentifiers: - allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} - blockstorage_config: {get_attr: [BlockStorage, attributes, config_identifier]} - deployment_identifier: {get_param: DeployIdentifier} - - CephStorageNodesPostDeployment: - type: OS::TripleO::CephStoragePostDeployment - depends_on: [ControllerNodesPostDeployment, CephStorageCephDeployment, CephStorageAllNodesDeployment] - properties: - servers: {get_attr: [CephStorage, attributes, nova_server_resource]} - NodeConfigIdentifiers: - allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} - cephstorage_config: {get_attr: [CephStorage, attributes, config_identifier]} - deployment_identifier: {get_param: DeployIdentifier} - StepConfig: {get_attr: [CephStorageServiceChain, step_config]} - -outputs: - KeystoneURL: - description: URL for the Overcloud Keystone service - value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]} - KeystoneAdminVip: - description: Keystone Admin VIP endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - PublicVip: - description: Controller VIP for public API endpoints - value: {get_attr: [VipMap, net_ip_map, external]} - AodhInternalVip: - description: VIP for Aodh API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} - CeilometerInternalVip: - description: VIP for Ceilometer API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - CinderInternalVip: - description: VIP for Cinder API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - GlanceInternalVip: - description: VIP for Glance API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - GnocchiInternalVip: - description: VIP for Gnocchi API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} - HeatInternalVip: - description: VIP for Heat API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - KeystoneInternalVip: - description: VIP for Keystone API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - NeutronInternalVip: - description: VIP for Neutron API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - NovaInternalVip: - description: VIP for Nova API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - SaharaInternalVip: - description: VIP for Sahara API internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} - SwiftInternalVip: - description: VIP for Swift Proxy internal endpoint - value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - EndpointMap: - description: | - Mapping of the resources with the needed info for their endpoints. - This includes the protocol used, the IP, port and also a full - representation of the URI. - value: {get_attr: [EndpointMap, endpoint_map]} - HostsEntry: - description: | - The content that should be appended to your /etc/hosts if you want to get - hostname-based access to the deployed nodes (useful for testing without - setting up a DNS). - value: {get_attr: [allNodesConfig, hosts_entries]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index b065ddd2..c764d4ef 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -1,64 +1,47 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: 'All Nodes Config for Puppet' parameters: - compute_hosts: - type: comma_delimited_list - controller_hosts: + cloud_name_external: + type: string + cloud_name_internal_api: + type: string + cloud_name_storage: + type: string + cloud_name_storage_mgmt: + type: string + cloud_name_ctlplane: + type: string + hosts: type: comma_delimited_list + # FIXME(shardy) this can be comma_delimited_list when + # https://bugs.launchpad.net/heat/+bug/1617019 is fixed + enabled_services: + type: string controller_ips: type: comma_delimited_list - block_storage_hosts: - type: comma_delimited_list - object_storage_hosts: - type: comma_delimited_list - ceph_storage_hosts: - type: comma_delimited_list + service_ips: + type: json + service_node_names: + type: json controller_names: type: comma_delimited_list - rabbit_node_ips: - type: comma_delimited_list - mongo_node_ips: - type: comma_delimited_list - redis_node_ips: - type: comma_delimited_list memcache_node_ips: type: comma_delimited_list - mysql_node_ips: - type: comma_delimited_list - horizon_node_ips: - type: comma_delimited_list - heat_api_node_ips: - type: comma_delimited_list - swift_proxy_node_ips: - type: comma_delimited_list - ceilometer_api_node_ips: - type: comma_delimited_list - aodh_api_node_ips: - type: comma_delimited_list - nova_api_node_ips: - type: comma_delimited_list - nova_metadata_node_ips: - type: comma_delimited_list - glance_api_node_ips: - type: comma_delimited_list - glance_registry_node_ips: - type: comma_delimited_list - gnocchi_api_node_ips: - type: comma_delimited_list - cinder_api_node_ips: - type: comma_delimited_list - neutron_api_node_ips: - type: comma_delimited_list keystone_public_api_node_ips: type: comma_delimited_list keystone_admin_api_node_ips: type: comma_delimited_list - sahara_api_node_ips: - type: comma_delimited_list - + NetVipMap: + type: json + RedisVirtualIP: + type: string + default: '' + ServiceNetMap: + type: json DeployIdentifier: type: string + default: '' description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. @@ -84,232 +67,149 @@ resources: hosts: list_join: - "\n" - - - list_join: - - "\n" - - {get_param: compute_hosts} - - list_join: - - "\n" - - {get_param: controller_hosts} - - list_join: - - "\n" - - {get_param: block_storage_hosts} - - list_join: - - "\n" - - {get_param: object_storage_hosts} - - list_join: - - "\n" - - {get_param: ceph_storage_hosts} + - {get_param: hosts} hiera: datafiles: - RedHat: - raw_data: {get_file: hieradata/RedHat.yaml} + bootstrap_node: + mapped_data: + bootstrap_nodeid: {get_input: bootstrap_nodeid} + bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip} all_nodes: mapped_data: - controller_node_ips: - list_join: - - ',' - - {get_param: controller_ips} - controller_node_names: - list_join: - - ',' - - {get_param: controller_names} - galera_node_names: - list_join: - - ',' - - {get_param: controller_names} - rabbit_node_ips: &rabbit_nodes_array - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: rabbit_node_ips} - mongo_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: mongo_node_ips} - redis_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: redis_node_ips} - memcache_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: memcache_node_ips} - memcache_node_ips_v6: - str_replace: - template: "['inet6:[SERVERS_LIST]']" - params: - SERVERS_LIST: - list_join: - - "]','inet6:[" - - {get_param: memcache_node_ips} - mysql_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: mysql_node_ips} - horizon_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: horizon_node_ips} - heat_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: heat_api_node_ips} - swift_proxy_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: swift_proxy_node_ips} - ceilometer_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: ceilometer_api_node_ips} - aodh_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: aodh_api_node_ips} - gnocchi_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: gnocchi_api_node_ips} - nova_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: nova_api_node_ips} - nova_metadata_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: nova_metadata_node_ips} - glance_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: glance_api_node_ips} - glance_registry_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: glance_registry_node_ips} - cinder_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: cinder_api_node_ips} - neutron_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: neutron_api_node_ips} - # TODO: pass a `midonet_api_node_ips` var - midonet_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: neutron_api_node_ips} - keystone_public_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: keystone_public_api_node_ips} - keystone_admin_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: keystone_admin_api_node_ips} - sahara_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: sahara_api_node_ips} + map_merge: + - enabled_services: {get_param: enabled_services} + # This writes out a mapping of service_name_enabled: 'true' + # For any services not enabled, hiera foo_enabled will + # return nil, as it's undefined + - map_merge: + repeat: + template: + # Note this must be string 'true' due to + # https://bugs.launchpad.net/heat/+bug/1617203 + SERVICE_enabled: 'true' + for_each: + SERVICE: + str_split: [',', {get_param: enabled_services}] + # Dynamically generate per-service network data + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_merge: + repeat: + template: + SERVICE_network: SERVICE_network + for_each: + SERVICE: + str_split: [',', {get_param: enabled_services}] + - values: {get_param: ServiceNetMap} + # Keystone doesn't provide separate entries for the public + # and admin endpoints, so we need to add them here manually + # like we do in the vip-config below + - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]} + keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]} + # provides a mapping of service_name_ips to a list of IPs + - {get_param: service_ips} + - {get_param: service_node_names} + - controller_node_ips: + list_join: + - ',' + - {get_param: controller_ips} + controller_node_names: + list_join: + - ',' + - {get_param: controller_names} + memcached_node_ips_v6: + str_replace: + template: "['inet6:[SERVERS_LIST]']" + params: + SERVERS_LIST: + list_join: + - "]','inet6:[" + - {get_param: memcache_node_ips} + keystone_public_api_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: keystone_public_api_node_ips} + keystone_admin_api_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: keystone_admin_api_node_ips} - # NOTE(gfidente): interpolation with %{} in the - # hieradata file can't be used as it returns string - ceilometer::rabbit_hosts: *rabbit_nodes_array - aodh::rabbit_hosts: *rabbit_nodes_array - cinder::rabbit_hosts: *rabbit_nodes_array - glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array - heat::rabbit_hosts: *rabbit_nodes_array - neutron::rabbit_hosts: *rabbit_nodes_array - nova::rabbit_hosts: *rabbit_nodes_array - keystone::rabbit_hosts: *rabbit_nodes_array - sahara::rabbit_hosts: *rabbit_nodes_array - - deploy_identifier: {get_param: DeployIdentifier} - update_identifier: {get_param: UpdateIdentifier} - stack_action: {get_param: StackAction} + deploy_identifier: {get_param: DeployIdentifier} + update_identifier: {get_param: UpdateIdentifier} + stack_action: {get_param: StackAction} + vip_data: + mapped_data: + map_merge: + # Dynamically generate per-service VIP data based on enabled_services + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g internal_api with the IP from NetVipMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_replace: + - map_merge: + repeat: + template: + SERVICE_vip: SERVICE_network + for_each: + SERVICE: + str_split: [',', {get_param: enabled_services}] + - values: {get_param: ServiceNetMap} + - values: {get_param: NetVipMap} + - keystone_admin_api_vip: + get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}] + keystone_public_api_vip: + get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}] + public_virtual_ip: {get_param: [NetVipMap, external]} + controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} + storage_virtual_ip: {get_param: [NetVipMap, storage]} + storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + redis_vip: {get_param: RedisVirtualIP} + # public_virtual_ip and controller_virtual_ip are needed in + # both HAproxy & keepalived. + tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} + tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]} + tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP} + tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]} + cloud_name_external: {get_param: cloud_name_external} + cloud_name_internal_api: {get_param: cloud_name_internal_api} + cloud_name_storage: {get_param: cloud_name_storage} + cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt} + cloud_name_ctlplane: {get_param: cloud_name_ctlplane} outputs: config_id: diff --git a/puppet/blockstorage-config.yaml b/puppet/blockstorage-config.yaml new file mode 100644 index 00000000..e455c4cb --- /dev/null +++ b/puppet/blockstorage-config.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2015-04-30 + +description: > + A software config which runs manifests/overcloud_volume.pp + +parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' + +resources: + + BlockStoragePuppetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number + outputs: + - name: result + config: + list_join: + - '' + - - get_file: manifests/overcloud_volume.pp + - {get_param: StepConfig} + +outputs: + OS::stack_id: + description: The software config which runs overcloud_controller.pp + value: {get_resource: BlockStoragePuppetConfigImpl} diff --git a/puppet/bootstrap-config.yaml b/puppet/bootstrap-config.yaml deleted file mode 100644 index d88eebdf..00000000 --- a/puppet/bootstrap-config.yaml +++ /dev/null @@ -1,28 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Bootstrap Config Puppet' - -parameters: - bootstrap_nodeid: - type: string - bootstrap_nodeid_ip: - type: string - -resources: - - BootstrapNodeConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - bootstrap_node: - mapped_data: - bootstrap_nodeid: {get_param: bootstrap_nodeid} - bootstrap_nodeid_ip: {get_param: bootstrap_nodeid_ip} - -outputs: - config_id: - description: The ID of the BootstrapNodeConfigImpl resource. - value: - {get_resource: BootstrapNodeConfigImpl} diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml deleted file mode 100644 index f5873ddb..00000000 --- a/puppet/ceph-cluster-config.yaml +++ /dev/null @@ -1,141 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Ceph Cluster config data for Puppet' - -parameters: - ceph_storage_count: - default: 0 - type: number - description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. - ceph_external_mon_ips: - default: '' - type: string - description: List of external Ceph Mon host IPs. - ceph_client_key: - default: '' - type: string - description: Ceph key used to create the client user keyring. - ceph_fsid: - default: '' - type: string - ceph_admin_key: - default: '' - type: string - ceph_mon_key: - default: '' - type: string - ceph_mon_names: - type: comma_delimited_list - ceph_mon_ips: - type: comma_delimited_list - NovaRbdPoolName: - default: vms - type: string - CinderRbdPoolName: - default: volumes - type: string - GlanceRbdPoolName: - default: images - type: string - GnocchiRbdPoolName: - default: metrics - type: string - CephClientUserName: - default: openstack - type: string - CephIPv6: - default: False - type: boolean - -resources: - CephClusterConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - ceph_cluster: - mapped_data: - ceph_ipv6: {get_param: CephIPv6} - ceph_storage_count: {get_param: ceph_storage_count} - ceph_mon_initial_members: - list_join: - - ',' - - {get_param: ceph_mon_names} - ceph_mon_host: - list_join: - - ',' - - {get_param: ceph_mon_ips} - ceph_mon_host_v6: - str_replace: - template: "'[IPS_LIST]'" - params: - IPS_LIST: - list_join: - - '],[' - - {get_param: ceph_mon_ips} - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} - ceph::profile::params::fsid: {get_param: ceph_fsid} - ceph::profile::params::mon_key: {get_param: ceph_mon_key} - # We should use a separated key for the non-admin clients - ceph::profile::params::client_keys: - str_replace: - template: "{ - client.admin: { - secret: 'ADMIN_KEY', - mode: '0600', - cap_mon: 'allow *', - cap_osd: 'allow *', - cap_mds: 'allow *' - }, - client.bootstrap-osd: { - secret: 'ADMIN_KEY', - keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', - cap_mon: 'allow profile bootstrap-osd' - }, - client.CLIENT_USER: { - secret: 'CLIENT_KEY', - mode: '0644', - cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' - } - }" - params: - CLIENT_USER: {get_param: CephClientUserName} - CLIENT_KEY: {get_param: ceph_client_key} - ADMIN_KEY: {get_param: ceph_admin_key} - NOVA_POOL: {get_param: NovaRbdPoolName} - CINDER_POOL: {get_param: CinderRbdPoolName} - GLANCE_POOL: {get_param: GlanceRbdPoolName} - GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} - nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} - cinder_rbd_pool_name: {get_param: CinderRbdPoolName} - glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} - gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} - gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} - nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} - glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} - nova::compute::rbd::rbd_keyring: - list_join: - - '.' - - - 'client' - - {get_param: CephClientUserName} - gnocchi::storage::ceph::ceph_keyring: - list_join: - - '.' - - - '/etc/ceph/ceph' - - 'client' - - {get_param: CephClientUserName} - - 'keyring' - ceph_client_user_name: {get_param: CephClientUserName} - ceph_pools: - - {get_param: CinderRbdPoolName} - - {get_param: NovaRbdPoolName} - - {get_param: GlanceRbdPoolName} - - {get_param: GnocchiRbdPoolName} - -outputs: - config_id: - description: The ID of the CephClusterConfigImpl resource. - value: - {get_resource: CephClusterConfigImpl} diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml deleted file mode 100644 index 2b9ae751..00000000 --- a/puppet/ceph-storage-post.yaml +++ /dev/null @@ -1,80 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - OpenStack ceph storage node post deployment for Puppet - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - CephStorageArtifactsConfig: - type: deploy-artifacts.yaml - - CephStorageArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: servers} - config: {get_resource: CephStorageArtifactsConfig} - input_values: - update_identifier: {get_param: NodeConfigIdentifiers} - - CephStoragePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - inputs: - - name: step - outputs: - - name: result - config: - list_join: - - '' - - - get_file: manifests/overcloud_cephstorage.pp - - {get_param: StepConfig} - - CephStorageDeployment_Step2: - type: OS::Heat::StructuredDeployments - depends_on: CephStorageArtifactsDeploy - properties: - name: CephStorageDeployment_Step2 - servers: {get_param: servers} - config: {get_resource: CephStoragePuppetConfig} - input_values: - step: 2 - update_identifier: {get_param: NodeConfigIdentifiers} - - CephStorageDeployment_Step3: - type: OS::Heat::StructuredDeployments - depends_on: CephStorageDeployment_Step2 - properties: - name: CephStorageDeployment_Step3 - servers: {get_param: servers} - config: {get_resource: CephStoragePuppetConfig} - input_values: - step: 3 - update_identifier: {get_param: NodeConfigIdentifiers} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - depends_on: CephStorageDeployment_Step3 - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index eedb35e4..03a53b00 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -1,14 +1,15 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: 'OpenStack ceph storage node configured by Puppet' parameters: - Flavor: + OvercloudCephStorageFlavor: description: Flavor for the Ceph Storage node. + default: baremetal type: string constraints: - custom_constraint: nova.flavor - Image: + CephStorageImage: type: string - default: overcloud-ceph-storage + default: overcloud-full constraints: - custom_constraint: glance.image ImageUpdatePolicy: @@ -21,23 +22,16 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json - TimeZone: - default: 'UTC' - description: The timezone to be set on Ceph nodes. - type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json UpdateIdentifier: default: '' type: string @@ -78,7 +72,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -89,7 +82,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + CephStorageSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -99,14 +92,33 @@ parameters: ServiceConfigSettings: type: json default: {} + ServiceNames: + type: comma_delimited_list + default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] + ConfigCommand: + type: string + description: Command which will be run whenever configuration data changes + default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] resources: CephStorage: - type: OS::Nova::Server + type: OS::TripleO::Server + metadata: + os-collect-config: + command: {get_param: ConfigCommand} properties: - image: {get_param: Image} + image: {get_param: CephStorageImage} image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Flavor} + flavor: {get_param: OvercloudCephStorageFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -118,7 +130,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: CephStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -232,12 +244,7 @@ resources: config: {get_resource: CephStorageConfig} server: {get_resource: CephStorage} input_values: - ntp_servers: {get_param: NtpServer} - timezone: {get_param: TimeZone} - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} CephStorageConfig: type: OS::Heat::StructuredConfig @@ -250,36 +257,32 @@ resources: - heat_config_%{::deploy_config_name} - ceph_extraconfig - extraconfig + - service_names - service_configs - - ceph_cluster # provided by CephClusterConfig - - ceph + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - - common - - network merge_behavior: deeper datafiles: + service_names: + mapped_data: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: - mapped_data: {get_param: ServiceConfigSettings} - common: - raw_data: {get_file: hieradata/common.yaml} - network: mapped_data: - net_ip_map: {get_attr: [NetIpMap, net_ip_map]} - net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} - net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} ceph_extraconfig: mapped_data: {get_param: CephStorageExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} ceph: - raw_data: {get_file: hieradata/ceph.yaml} mapped_data: - ntp::servers: {get_input: ntp_servers} - timezone::timezone: {get_input: timezone} - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} - ceph::profile::params::public_network: {get_input: ceph_public_network} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -316,6 +319,12 @@ resources: get_param: UpdateIdentifier outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [CephStorage, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [CephStorage, name]} hosts_entry: value: str_replace: @@ -327,6 +336,7 @@ outputs: STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST TENANTIP TENANTHOST.DOMAIN TENANTHOST MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST + CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -367,6 +377,12 @@ outputs: - '.' - - {get_attr: [CephStorage, name]} - management + CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + CTLPLANEHOST: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - ctlplane nova_server_resource: description: Heat resource handle for the ceph storage server value: @@ -389,12 +405,3 @@ outputs: management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: - list_join: - - ',' - - - {get_attr: [CephStorageDeployment, deploy_stdout]} - - {get_attr: [NodeTLSCAData, deploy_stdout]} - - {get_attr: [CephStorageExtraConfigPre, deploy_stdout]} - - {get_param: UpdateIdentifier} diff --git a/puppet/cephstorage-config.yaml b/puppet/cephstorage-config.yaml new file mode 100644 index 00000000..3f428609 --- /dev/null +++ b/puppet/cephstorage-config.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2015-04-30 + +description: > + A software config which runs manifests/overcloud_cephstorage.pp + +parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' + +resources: + + CephStoragePuppetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number + outputs: + - name: result + config: + list_join: + - '' + - - get_file: manifests/overcloud_cephstorage.pp + - {get_param: StepConfig} + +outputs: + OS::stack_id: + description: The software config which runs overcloud_controller.pp + value: {get_resource: CephStoragePuppetConfigImpl} diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml deleted file mode 100644 index f470203f..00000000 --- a/puppet/cinder-storage-post.yaml +++ /dev/null @@ -1,53 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'OpenStack cinder storage post deployment for Puppet' - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - -resources: - - VolumeArtifactsConfig: - type: deploy-artifacts.yaml - - VolumeArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: servers} - config: {get_resource: VolumeArtifactsConfig} - input_values: - update_identifier: {get_param: NodeConfigIdentifiers} - - VolumePuppetConfig: - type: OS::Heat::SoftwareConfig - depends_on: VolumeArtifactsDeploy - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - outputs: - - name: result - config: - get_file: manifests/overcloud_volume.pp - - VolumeDeployment_Step1: - type: OS::Heat::StructuredDeployments - properties: - name: VolumeDeployment_Step1 - servers: {get_param: servers} - config: {get_resource: VolumePuppetConfig} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - depends_on: VolumeDeployment_Step1 - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index d760de5e..a66ea08b 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -1,32 +1,11 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: 'OpenStack cinder storage configured by Puppet' parameters: - Image: - default: overcloud-cinder-volume - type: string - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderISCSIHelper: - default: lioadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 10280 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderPassword: - description: The password for the cinder service and db account, used by cinder-api. - type: string - hidden: true - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - VirtualIP: # deprecated. Use per service VIPs instead. - default: '' + BlockStorageImage: + default: overcloud-full type: string + constraints: + - custom_constraint: glance.image ExtraConfig: default: {} description: | @@ -41,47 +20,16 @@ parameters: BlockStorageIPs: default: {} type: json - Flavor: + OvercloudBlockStorageFlavor: description: Flavor for block storage nodes to request when deploying. type: string + default: baremetal constraints: - custom_constraint: nova.flavor KeyName: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string - RabbitPassword: - type: string - hidden: true - RabbitUserName: - default: 'guest' - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean UpdateIdentifier: default: '' type: string @@ -105,13 +53,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - TimeZone: - default: 'UTC' - description: The timezone to be set on Cinder nodes. - type: string - GlanceApiVirtualIP: - type: string - default: '' NetworkDeploymentActions: type: comma_delimited_list description: > @@ -125,7 +66,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -136,22 +76,43 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + BlockStorageSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} NodeIndex: type: number default: 0 - + ServiceConfigSettings: + type: json + default: {} + ServiceNames: + type: comma_delimited_list + default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] + ConfigCommand: + type: string + description: Command which will be run whenever configuration data changes + default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] resources: BlockStorage: - type: OS::Nova::Server + type: OS::TripleO::Server + metadata: + os-collect-config: + command: {get_param: ConfigCommand} properties: image: - {get_param: Image} - flavor: {get_param: Flavor} + {get_param: BlockStorageImage} + flavor: {get_param: OvercloudBlockStorageFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -163,7 +124,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: BlockStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -277,38 +238,6 @@ resources: server: {get_resource: BlockStorage} config: {get_resource: BlockStorageConfig} input_values: - debug: {get_param: Debug} - cinder_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://cinder:' - - {get_param: CinderPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/cinder' - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - cinder_lvm_loop_device_size: - str_replace: - template: sizeM - params: - size: {get_param: CinderLVMLoopDeviceSize} - cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} - cinder_iscsi_ip_address: - str_replace: - template: "'IP'" - params: - IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} - glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: {get_param: NtpServer} - timezone: {get_param: TimeZone} - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Map heat metadata into hiera datafiles @@ -323,45 +252,33 @@ resources: - heat_config_%{::deploy_config_name} - volume_extraconfig - extraconfig + - service_names + - service_configs - volume + - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - - common - - network merge_behavior: deeper datafiles: - common: - raw_data: {get_file: hieradata/common.yaml} - network: + service_names: + mapped_data: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: mapped_data: - net_ip_map: {get_attr: [NetIpMap, net_ip_map]} - net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} - net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} volume_extraconfig: mapped_data: {get_param: BlockStorageExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} volume: - raw_data: {get_file: hieradata/volume.yaml} mapped_data: - # Cinder - cinder::debug: {get_input: debug} - cinder::setup_test_volume::size: {get_input: cinder_lvm_loop_device_size} - cinder_iscsi_helper: {get_input: cinder_iscsi_helper} - cinder::database_connection: {get_input: cinder_dsn} - cinder::rabbit_userid: {get_input: rabbit_username} - cinder::rabbit_password: {get_input: rabbit_password} - cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - cinder::rabbit_port: {get_input: rabbit_client_port} - cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} - cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} - cinder::glance::glance_api_servers: {get_input: glance_api_servers} - ntp::servers: {get_input: ntp_servers} - timezone::timezone: {get_input: timezone} - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -392,6 +309,12 @@ resources: get_param: UpdateIdentifier outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [BlockStorage, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [BlockStorage, name]} hosts_entry: value: str_replace: @@ -403,6 +326,7 @@ outputs: STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST TENANTIP TENANTHOST.DOMAIN TENANTHOST MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST + CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -443,6 +367,12 @@ outputs: - '.' - - {get_attr: [BlockStorage, name]} - management + CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + CTLPLANEHOST: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - ctlplane nova_server_resource: description: Heat resource handle for the block storage server value: @@ -465,11 +395,3 @@ outputs: management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: - list_join: - - '' - - - {get_attr: [BlockStorageDeployment, deploy_stdout]} - - {get_attr: [NodeTLSCAData, deploy_stdout]} - - {get_param: UpdateIdentifier} diff --git a/puppet/compute-config.yaml b/puppet/compute-config.yaml new file mode 100644 index 00000000..2314c47d --- /dev/null +++ b/puppet/compute-config.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2015-04-30 + +description: > + A software config which runs manifests/overcloud_compute.pp + +parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' + +resources: + + ComputePuppetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number + outputs: + - name: result + config: + list_join: + - '' + - - get_file: manifests/overcloud_compute.pp + - {get_param: StepConfig} + +outputs: + OS::stack_id: + description: The software config which runs overcloud_controller.pp + value: {get_resource: ComputePuppetConfigImpl} diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml deleted file mode 100644 index 698cadba..00000000 --- a/puppet/compute-post.yaml +++ /dev/null @@ -1,92 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - OpenStack compute node post deployment for Puppet. - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - ComputeArtifactsConfig: - type: deploy-artifacts.yaml - - ComputeArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: servers} - config: {get_resource: ComputeArtifactsConfig} - input_values: - update_identifier: {get_param: NodeConfigIdentifiers} - - ComputePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - inputs: - - name: step - outputs: - - name: result - config: - list_join: - - '' - - - get_file: manifests/overcloud_compute.pp - - {get_param: StepConfig} - - ComputeServicesBaseDeployment_Step2: - type: OS::Heat::StructuredDeployments - depends_on: [ComputeArtifactsDeploy] - properties: - name: ComputeServicesBaseDeployment_Step2 - servers: {get_param: servers} - config: {get_resource: ComputePuppetConfig} - input_values: - step: 2 - update_identifier: {get_param: NodeConfigIdentifiers} - - ComputeOvercloudServicesDeployment_Step3: - type: OS::Heat::StructuredDeployments - depends_on: ComputeServicesBaseDeployment_Step2 - properties: - name: ComputeOvercloudServicesDeployment_Step3 - servers: {get_param: servers} - config: {get_resource: ComputePuppetConfig} - input_values: - step: 3 - update_identifier: {get_param: NodeConfigIdentifiers} - - ComputeOvercloudServicesDeployment_Step4: - type: OS::Heat::StructuredDeployments - depends_on: ComputeOvercloudServicesDeployment_Step3 - properties: - name: ComputeOvercloudServicesDeployment_Step4 - servers: {get_param: servers} - config: {get_resource: ComputePuppetConfig} - input_values: - step: 4 - update_identifier: {get_param: NodeConfigIdentifiers} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - depends_on: ComputeOvercloudServicesDeployment_Step4 - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} - diff --git a/puppet/compute.yaml b/puppet/compute.yaml index b7f7f4a5..0205d0a6 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -1,56 +1,24 @@ -heat_template_version: 2015-10-15 +heat_template_version: 2016-10-14 description: > OpenStack hypervisor node configured via Puppet. parameters: - AdminPassword: - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - description: The password for the ceilometer service account. - type: string - hidden: true - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string ExtraConfig: default: {} description: | Additional hiera configuration to inject into the cluster. Note that NovaComputeExtraConfig takes precedence over ExtraConfig. type: json - Flavor: + OvercloudComputeFlavor: description: Flavor for the nova compute node + default: baremetal type: string constraints: - custom_constraint: nova.flavor - GlanceHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - Image: + NovaImage: type: string - default: overcloud-compute + default: overcloud-full constraints: - custom_constraint: glance.image ImageUpdatePolicy: @@ -63,53 +31,6 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - KeystoneAdminApiVirtualIP: - type: string - default: '' - KeystonePublicApiVirtualIP: - type: string - default: '' - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: comma_delimited_list - default: "datacentre:br-ex" - NeutronEnableTunnelling: - type: string - default: "True" - NeutronEnableL2Pop: - type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. - default: "False" - NeutronFlatNetworks: - type: comma_delimited_list - default: 'datacentre' - description: > - If set, flat networks to configure in neutron plugins. - NeutronHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - NeutronNetworkType: - type: comma_delimited_list - description: The tenant network type for Neutron. - default: 'vxlan' - NeutronNetworkVLANRanges: - default: 'datacentre:1:1000' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list - NeutronPassword: - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true NeutronPhysicalBridge: default: 'br-ex' description: An OVS bridge to create for accessing external networks. @@ -118,92 +39,9 @@ parameters: default: nic1 description: A port to add to the NeutronPhysicalBridge. type: string - NeutronTenantMtu: - description: > - The default MTU for tenant networks. For VXLAN/GRE tunneling, this should - be at least 50 bytes smaller than the MTU on the physical network. This - value will be used to set the MTU on the virtual Ethernet device. - This number is related to the value of NeutronDnsmasqOptions, since that - will determine the MTU that is assigned to the VM host through DHCP. - default: 1400 - type: number - NeutronTunnelTypes: - type: comma_delimited_list - description: | - The tunnel types for the Neutron tenant network. - default: 'vxlan' - NeutronTunnelIdRanges: - description: | - Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronPublicInterfaceRawDevice: - default: '' - type: string - NeutronDVR: - default: 'False' - type: string - NeutronMetadataProxySharedSecret: - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronCorePlugin: - default: 'ml2' - description: | - The core plugin for Neutron. The value should be the entrypoint to be loaded - from neutron.core_plugins namespace. - type: string - NeutronServicePlugins: - default: "router,qos" - description: | - Comma-separated list of service plugin entrypoints to be loaded from the - neutron.service_plugins namespace. - type: comma_delimited_list - NeutronTypeDrivers: - default: "vxlan,vlan,flat,gre" - description: | - Comma-separated list of network type driver entrypoints to be loaded. - type: comma_delimited_list - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. - type: comma_delimited_list - NeutronAgentExtensions: - default: "qos" - description: | - Comma-separated list of extensions enabled for the Neutron agents. - type: comma_delimited_list - # Not relevant for Computes, should be removed - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - # Not relevant for Computes, should be removed - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string NodeIndex: type: number default: 0 - NovaApiHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - NovaComputeDriver: - type: string - default: libvirt.LibvirtDriver NovaComputeExtraConfig: default: {} description: | @@ -213,77 +51,6 @@ parameters: NovaComputeIPs: default: {} type: json - NovaComputeLibvirtType: - type: string - default: kvm - NovaComputeLibvirtVifDriver: - default: '' - description: Libvirt VIF driver configuration for the network - type: string - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean - NovaIPv6: - default: false - description: Enable IPv6 features in Nova - type: boolean - NovaPassword: - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NovaPublicIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - NovaOVSBridge: - default: 'br-int' - description: Name of integration bridge used by Open vSwitch - type: string - NovaSecurityGroupAPI: - default: 'neutron' - description: The full class name of the security API class - type: string - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list - RabbitHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - UpgradeLevelNovaCompute: - type: string - description: Nova Compute upgrade level - default: '' - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -294,10 +61,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - TimeZone: - default: 'UTC' - description: The timezone to be set on compute nodes. - type: string UpdateIdentifier: default: '' type: string @@ -324,7 +87,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -335,24 +97,42 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + NovaComputeSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} ServiceConfigSettings: type: json default: {} + ServiceNames: + type: comma_delimited_list + default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] + ConfigCommand: + type: string + description: Command which will be run whenever configuration data changes + default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] resources: NovaCompute: - type: OS::Nova::Server + type: OS::TripleO::Server + metadata: + os-collect-config: + command: {get_param: ConfigCommand} properties: - image: - {get_param: Image} + image: {get_param: NovaImage} image_update_policy: get_param: ImageUpdatePolicy - flavor: {get_param: Flavor} + flavor: {get_param: OvercloudComputeFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -364,7 +144,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: NovaComputeSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -484,118 +264,39 @@ resources: - heat_config_%{::deploy_config_name} - compute_extraconfig - extraconfig + - service_names - service_configs - compute - - ceph_cluster # provided by CephClusterConfig - - ceph + - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - - common - - network - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - midonet_data # Optionally provided by AllNodesExtraConfig - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre + - cisco_aci_data # Optionally provided by ComputeExtraConfigPre merge_behavior: deeper datafiles: + service_names: + mapped_data: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: - mapped_data: {get_param: ServiceConfigSettings} + mapped_data: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} - common: - raw_data: {get_file: hieradata/common.yaml} - network: - mapped_data: - net_ip_map: {get_attr: [NetIpMap, net_ip_map]} - net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} - net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} - ceph: - raw_data: {get_file: hieradata/ceph.yaml} compute: - raw_data: {get_file: hieradata/compute.yaml} mapped_data: - cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} - nova::use_ipv6: {get_input: nova_ipv6} - nova::debug: {get_input: debug} - nova::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - nova::rabbit_port: {get_input: rabbit_client_port} - nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} - nova_compute_driver: {get_input: nova_compute_driver} - nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} - nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver} - nova_api_host: {get_input: nova_api_host} - nova::compute::vncproxy_host: {get_input: nova_public_ip} - nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} - # TUNNELLED mode provides a security enhancement when using shared storage but is not - # supported when not using shared storage. - # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 - # In future versions of QEMU (2.6, mostly), Dan's native encryption - # work will obsolete the need to use TUNNELLED transport mode. - nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend} - rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} - nova_password: {get_input: nova_password} - nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} - nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} - nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol} - nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host} - nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port} - nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge} - nova::network::neutron::security_group_api: {get_input: nova_security_group_api} - ceilometer::debug: {get_input: debug} - ceilometer::rabbit_userid: {get_input: rabbit_username} - ceilometer::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - ceilometer::rabbit_port: {get_input: rabbit_client_port} - ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} - ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} - ceilometer_compute_agent: {get_input: ceilometer_compute_agent} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - nova::glance_api_servers: {get_input: glance_api_servers} - neutron::debug: {get_input: debug} - neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_username} - neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - neutron::rabbit_port: {get_input: rabbit_client_port} - neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks} - neutron_host: {get_input: neutron_host} - neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} - - neutron::network_device_mtu: {get_input: neutron_tenant_mtu} - neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types} - neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types} - neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions} - neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} - neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} - neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings} - neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} - neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} - neutron_physical_bridge: {get_input: neutron_physical_bridge} - neutron_public_interface: {get_input: neutron_public_interface} - nova::network::neutron::neutron_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} - neutron_router_distributed: {get_input: neutron_router_distributed} - neutron_agent_mode: {get_input: neutron_agent_mode} - neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - neutron::core_plugin: {get_input: neutron_core_plugin} - neutron::service_plugins: {get_input: neutron_service_plugins} - neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} - neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers} - neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - keystone_public_api_virtual_ip: {get_input: keystone_vip} - admin_password: {get_input: admin_password} - ntp::servers: {get_input: ntp_servers} - timezone::timezone: {get_input: timezone} - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment @@ -605,117 +306,6 @@ resources: config: {get_resource: NovaComputeConfig} server: {get_resource: NovaCompute} input_values: - cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} - debug: {get_param: Debug} - nova_compute_driver: {get_param: NovaComputeDriver} - nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} - nova_compute_libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} - nova_public_ip: {get_param: NovaPublicIP} - nova_api_host: {get_param: NovaApiHost} - nova_password: {get_param: NovaPassword} - nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} - nova_ipv6: {get_param: NovaIPv6} - cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} - nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} - nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} - # Remove brackets that may come if the IP address is IPv6. - # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value - nova_vncproxy_host: - str_replace: - template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} - params: - '[': '' - ']': '' - nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} - nova_ovs_bridge: {get_param: NovaOVSBridge} - nova_security_group_api: {get_param: NovaSecurityGroupAPI} - upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_compute_agent: {get_param: CeilometerComputeAgent} - ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} - neutron_flat_networks: - str_replace: - template: NETWORKS - params: - NETWORKS: {get_param: NeutronFlatNetworks} - neutron_host: {get_param: NeutronHost} - neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} - neutron_tunnel_id_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronTunnelIdRanges} - neutron_vni_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronVniRanges} - neutron_tenant_network_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronNetworkType} - neutron_tunnel_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronTunnelTypes} - neutron_network_vlan_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: - str_replace: - template: MAPPINGS - params: - MAPPINGS: {get_param: NeutronBridgeMappings} - neutron_tenant_mtu: {get_param: NeutronTenantMtu} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} - neutron_physical_bridge: {get_param: NeutronPhysicalBridge} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_password: {get_param: NeutronPassword} - neutron_agent_mode: {get_param: NeutronAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_core_plugin: {get_param: NeutronCorePlugin} - neutron_service_plugins: - str_replace: - template: PLUGINS - params: - PLUGINS: {get_param: NeutronServicePlugins} - neutron_type_drivers: - str_replace: - template: DRIVERS - params: - DRIVERS: {get_param: NeutronTypeDrivers} - neutron_mechanism_drivers: - str_replace: - template: MECHANISMS - params: - MECHANISMS: {get_param: NeutronMechanismDrivers} - neutron_agent_extensions: - str_replace: - template: AGENT_EXTENSIONS - params: - AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]} - neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} - keystone_vip: {get_param: KeystonePublicApiVirtualIP} - admin_password: {get_param: AdminPassword} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: {get_param: NtpServer} - timezone: {get_param: TimeZone} - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Resource for site-specific injection of root certificate @@ -791,6 +381,7 @@ outputs: STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST TENANTIP TENANTHOST.DOMAIN TENANTHOST MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST + CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -831,16 +422,13 @@ outputs: - '.' - - {get_attr: [NovaCompute, name]} - management + CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + CTLPLANEHOST: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - ctlplane nova_server_resource: description: Heat resource handle for the Nova compute server value: {get_resource: NovaCompute} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: - list_join: - - ',' - - - {get_attr: [NovaComputeDeployment, deploy_stdout]} - - {get_attr: [NodeTLSCAData, deploy_stdout]} - - {get_attr: [ComputeExtraConfigPre, deploy_stdout]} - - {get_param: UpdateIdentifier} diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml index dfebcf82..b313f5de 100644 --- a/puppet/controller-config-pacemaker.yaml +++ b/puppet/controller-config-pacemaker.yaml @@ -23,13 +23,13 @@ resources: enable_debug: {get_param: ConfigDebug} enable_hiera: True enable_facter: False + modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules outputs: - name: result config: list_join: - '' - - get_file: manifests/overcloud_controller_pacemaker.pp - - get_file: manifests/ringbuilder.pp - {get_param: StepConfig} outputs: diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml index 458aff32..99c7b26e 100644 --- a/puppet/controller-config.yaml +++ b/puppet/controller-config.yaml @@ -23,13 +23,16 @@ resources: enable_debug: {get_param: ConfigDebug} enable_hiera: True enable_facter: False + modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules outputs: - name: result + inputs: + - name: step + type: Number config: list_join: - '' - - get_file: manifests/overcloud_controller.pp - - get_file: manifests/ringbuilder.pp - {get_param: StepConfig} outputs: diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml deleted file mode 100644 index 36f9b4f8..00000000 --- a/puppet/controller-post.yaml +++ /dev/null @@ -1,117 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - OpenStack controller node post deployment for Puppet. - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - ControllerArtifactsConfig: - type: deploy-artifacts.yaml - - ControllerArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: servers} - config: {get_resource: ControllerArtifactsConfig} - - ControllerPrePuppet: - type: OS::TripleO::Tasks::ControllerPrePuppet - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerPuppetConfig: - type: OS::TripleO::ControllerConfig - properties: - StepConfig: {get_param: StepConfig} - - # Step through a series of Puppet runs using the same manifest. - # NOTE: To enable stepping through the deployments via heat hooks, - # you must observe the glob naming defined in overcloud-steps.yaml - # e.g all Deployment resources should have a *Deployment_StepN suffix - ControllerLoadBalancerDeployment_Step1: - type: OS::Heat::StructuredDeployments - depends_on: [ControllerPrePuppet, ControllerArtifactsDeploy] - properties: - name: ControllerLoadBalancerDeployment_Step1 - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 1 - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerServicesBaseDeployment_Step2: - type: OS::Heat::StructuredDeployments - depends_on: ControllerLoadBalancerDeployment_Step1 - properties: - name: ControllerServicesBaseDeployment_Step2 - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 2 - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerOvercloudServicesDeployment_Step3: - type: OS::Heat::StructuredDeployments - depends_on: ControllerServicesBaseDeployment_Step2 - properties: - name: ControllerOvercloudServicesDeployment_Step3 - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 3 - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerOvercloudServicesDeployment_Step4: - type: OS::Heat::StructuredDeployments - depends_on: ControllerOvercloudServicesDeployment_Step3 - properties: - name: ControllerOvercloudServicesDeployment_Step4 - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 4 - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerOvercloudServicesDeployment_Step5: - type: OS::Heat::StructuredDeployments - depends_on: ControllerOvercloudServicesDeployment_Step4 - properties: - name: ControllerOvercloudServicesDeployment_Step5 - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 5 - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerPostPuppet: - type: OS::TripleO::Tasks::ControllerPostPuppet - depends_on: ControllerOvercloudServicesDeployment_Step5 - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: NodeConfigIdentifiers} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - depends_on: ControllerPostPuppet - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 9c0d8e82..ccb517f8 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -1,102 +1,9 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack controller node configured by Puppet. parameters: - AdminPassword: - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AodhApiVirtualIP: - type: string - default: '' - AodhPassword: - description: The password for the aodh services. - type: string - hidden: true - CeilometerApiVirtualIP: - type: string - default: '' - CeilometerBackend: - default: 'mongodb' - description: The ceilometer backend type. - type: string - CeilometerMeteringSecret: - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - description: The password for the ceilometer service and db account. - type: string - hidden: true - CeilometerStoreEvents: - default: false - description: Whether to store events in ceilometer. - type: boolean - CeilometerMeterDispatcher: - default: 'database' - description: Dispatcher to process meter data - type: string - constraints: - - allowed_values: ['gnocchi', 'database'] - CinderApiVirtualIP: - type: string - default: '' - CeilometerWorkers: - default: 0 - description: Number of workers for Ceilometer service. - type: number - CinderEnableDBPurge: - default: true - description: | - Whether to create cron job for purging soft deleted rows in Cinder database. - type: boolean - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - CinderISCSIHelper: - default: lioadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 10280 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderNfsMountOptions: - default: '' - description: > - Mount options for NFS mounts used by Cinder NFS backend. Effective - when CinderEnableNfsBackend is true. - type: string - CinderNfsServers: - default: '' - description: > - NFS servers used by Cinder NFS backend. Effective when - CinderEnableNfsBackend is true. - type: comma_delimited_list - CinderPassword: - description: The password for the cinder service and db account, used by cinder-api. - type: string - hidden: true - CinderBackendConfig: - default: {} - description: Contains parameters to configure Cinder backends. Typically - set via parameter_defaults in the resource registry. - type: json - CinderWorkers: - default: 0 - description: Number of workers for Cinder service. - type: number controllerExtraConfig: default: {} description: | @@ -116,484 +23,45 @@ parameters: ... } type: json - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - CorosyncIPv6: - default: false - description: Enable IPv6 in Corosync - type: boolean Debug: default: '' description: Set to True to enable debugging on all services. type: string - EnableFencing: - default: false - description: Whether to enable fencing in Pacemaker or not. - type: boolean - EnableGalera: - default: true - description: Whether to use Galera instead of regular MariaDB. - type: boolean EnableLoadBalancer: default: true description: Whether to deploy a LoadBalancer on the Controller type: boolean - EnableCephStorage: - default: false - description: Whether to deploy Ceph Storage (OSD) on the Controller - type: boolean - EnableSwiftStorage: - default: true - description: Whether to enable Swift Storage on the Controller - type: boolean ExtraConfig: default: {} description: | Additional hieradata to inject into the cluster, note that ControllerExtraConfig takes precedence over ExtraConfig. type: json - FencingConfig: - default: {} - description: | - Pacemaker fencing configuration. The JSON should have - the following structure: - { - "devices": [ - { - "agent": "AGENT_NAME", - "host_mac": "HOST_MAC_ADDRESS", - "params": {"PARAM_NAME": "PARAM_VALUE"} - } - ] - } - For instance: - { - "devices": [ - { - "agent": "fence_xvm", - "host_mac": "52:54:00:aa:bb:cc", - "params": { - "multicast_address": "225.0.0.12", - "port": "baremetal_0", - "manage_fw": true, - "manage_key_file": true, - "key_file": "/etc/fence_xvm.key", - "key_file_password": "abcdef" - } - } - ] - } - type: json - Flavor: + OvercloudControlFlavor: description: Flavor for control nodes to request when deploying. + default: baremetal type: string constraints: - custom_constraint: nova.flavor - GnocchiBackend: - default: file - description: The short name of the Gnocchi backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] - GnocchiIndexerBackend: - default: 'mysql' - description: The short name of the Gnocchi indexer backend to use. - type: string - GnocchiApiVirtualIP: - type: string - default: '' - GnocchiPassword: - description: The password for the gnocchi service and db account. - type: string - hidden: true - HAProxyStatsPassword: - description: Password for HAProxy stats endpoint - type: string - HAProxyStatsUser: - description: User for HAProxy stats endpoint - default: admin - type: string - HAProxySyslogAddress: - default: /dev/log - description: Syslog address where HAproxy will send its log - type: string - HeatAuthEncryptionKey: - description: Auth encryption key for heat-engine - type: string - hidden: true - HorizonAllowedHosts: - default: '*' - description: A list of IP/Hostname allowed to connect to horizon - type: comma_delimited_list - HorizonSecret: - description: Secret key for Django + controllerImage: type: string - hidden: true - Image: - type: string - default: overcloud-control + default: overcloud-full constraints: - custom_constraint: glance.image ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. type: string - InstanceNameTemplate: - default: 'instance-%08x' - description: Template string to be used to generate instance names - type: string KeyName: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string constraints: - custom_constraint: nova.keypair - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint - ManageFirewall: - default: false - description: Whether to manage IPtables rules. - type: boolean - MemcachedIPv6: - default: false - description: Enable IPv6 features in Memcached. - type: boolean - PurgeFirewallRules: - default: false - description: Whether IPtables rules should be purged before setting up the new ones. - type: boolean - SaharaApiVirtualIP: - type: string - default: '' - SaharaPassword: - default: unset - description: The password for the sahara service account, used by sahara-api. - type: string - hidden: true - MysqlClusterUniquePart: - description: A unique identifier of the MySQL cluster the controller is in. - type: string - default: 'unset' # Has to be here because of the ignored empty value bug - # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 - # constraints: - # - length: {min: 4, max: 10} - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - MysqlMaxConnections: - description: Configures MySQL max_connections config setting - type: number - default: 4096 - MysqlClustercheckPassword: - type: string - hidden: true - MysqlRootPassword: - type: string - hidden: true - default: '' # Has to be here because of the ignored empty value bug - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: comma_delimited_list - default: "datacentre:br-ex" - NeutronEnableOVSAgent: - description: Knob to enable/disable OVS Agent - type: boolean - default: true - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronDVR: - default: 'False' - description: Whether to configure Neutron Distributed Virtual Routers - type: string - NeutronMetadataProxySharedSecret: - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronCorePlugin: - default: 'ml2' - description: | - The core plugin for Neutron. The value should be the entrypoint to be loaded - from neutron.core_plugins namespace. - type: string - NeutronServicePlugins: - default: "router,qos" - description: | - Comma-separated list of service plugin entrypoints to be loaded from the - neutron.service_plugins namespace. - type: comma_delimited_list - NeutronTypeDrivers: - default: "vxlan,vlan,flat,gre" - description: | - Comma-separated list of network type driver entrypoints to be loaded. - type: comma_delimited_list - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. - type: comma_delimited_list - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronEnableTunnelling: - type: string - default: "True" - NeutronEnableL2Pop: - type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. - default: "False" - NeutronFlatNetworks: - type: comma_delimited_list - default: 'datacentre' - description: If set, flat networks to configure in neutron plugins. - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron. - type: comma_delimited_list - NeutronNetworkVLANRanges: - default: 'datacentre:1:1000' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list - NeutronPassword: - description: The password for the neutron service and db account, used by neutron agents. - type: string - hidden: true NeutronPublicInterface: default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge for each control plane node, - and that port will be given the IP address returned by neutron from the - public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling - overcloud.yaml to include the deployment of VLAN ports to the control - plane. - type: string - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: A custom IP address to put onto the NeutronPublicInterface. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string - NeutronTenantMtu: - description: > - The default MTU for tenant networks. For VXLAN/GRE tunneling, this should - be at least 50 bytes smaller than the MTU on the physical network. This - value will be used to set the MTU on the virtual Ethernet device. - This number is related to the value of NeutronDnsmasqOptions, since that - will determine the MTU that is assigned to the VM host through DHCP. - default: 1400 - type: number - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. - type: comma_delimited_list - NeutronTunnelIdRanges: - description: | - Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronPluginExtensions: - default: "qos,port_security" - description: | - Comma-separated list of extensions enabled for the Neutron plugin. - type: comma_delimited_list - NeutronAgentExtensions: - default: "qos" - description: | - Comma-separated list of extensions enabled for the Neutron agents. - type: comma_delimited_list - NovaApiVirtualIP: - type: string - default: '' - NeutronWorkers: - default: 0 - description: Number of workers for Neutron service. - type: number - NovaEnableDBPurge: - default: true - description: | - Whether to create cron job for purging soft deleted rows in Nova database. - type: boolean - NovaIPv6: - default: false - description: Enable IPv6 features in Nova - type: boolean - NovaPassword: - description: The password for the nova service and db account, used by nova-api. - type: string - hidden: true - NovaWorkers: - default: 0 - description: Number of workers for Nova service. - type: number - MongoDbNoJournal: - default: false - description: Should MongoDb journaling be disabled - type: boolean - MongoDbIPv6: - default: false - description: Enable IPv6 if Mongo DB VIP is IPv6 - type: boolean - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list - PcsdPassword: - type: string - description: The password for the 'pcsd' user. - hidden: true - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - PublicVirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - RabbitCookie: - type: string - default: '' # Has to be here because of the ignored empty value bug - hidden: true - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - RedisPassword: - type: string - description: The password to access the Redis service - hidden: true - RedisVirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - RedisVirtualIPUri: - type: string - default: '' # Has to be here because of the ignored empty value bug - description: An IP address which is wrapped in brackets in case of IPv6 - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - SwiftHashSuffix: - description: A random string to be used as a salt when hashing to determine mappings - in the ring. - hidden: true - type: string - SwiftMountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - SwiftMinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - SwiftPartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - SwiftRingBuild: - default: true - description: Whether to manage Swift rings or not - type: boolean - SwiftProxyVirtualIP: - type: string - default: '' - SwiftReplicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. - TimeZone: - default: 'UTC' - description: The timezone to be set on controller nodes. - type: string - UpgradeLevelNovaCompute: - type: string - description: Nova Compute upgrade level - default: '' - VirtualIP: # DEPRECATED: use per service settings instead - type: string - default: '' # Has to be here because of the ignored empty value bug - HeatApiVirtualIP: - type: string - default: '' - HeatApiVirtualIPUri: - type: string - default: '' - MysqlVirtualIP: - type: string - default: '' - NeutronApiVirtualIP: - type: string - default: '' - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -633,7 +101,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -644,13 +111,29 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + ControllerSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} ServiceConfigSettings: type: json default: {} + ServiceNames: + type: comma_delimited_list + default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] + ConfigCommand: + type: string + description: Command which will be run whenever configuration data changes + default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] parameter_groups: - label: deprecated @@ -661,11 +144,14 @@ parameter_groups: resources: Controller: - type: OS::Nova::Server + type: OS::TripleO::Server + metadata: + os-collect-config: + command: {get_param: ConfigCommand} properties: - image: {get_param: Image} + image: {get_param: controllerImage} image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Flavor} + flavor: {get_param: OvercloudControlFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -677,7 +163,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: ControllerSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -811,304 +297,8 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} - ceilometer_workers: {get_param: CeilometerWorkers} - cinder_workers: {get_param: CinderWorkers} - nova_workers: {get_param: NovaWorkers} - neutron_workers: {get_param: NeutronWorkers} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} - haproxy_log_address: {get_param: HAProxySyslogAddress} - haproxy_stats_password: {get_param: HAProxyStatsPassword} - haproxy_stats_user: {get_param: HAProxyStatsUser} - heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} - horizon_allowed_hosts: {get_param: HorizonAllowedHosts} - horizon_secret: {get_param: HorizonSecret} - admin_password: {get_param: AdminPassword} - neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} - debug: {get_param: Debug} - cinder_enable_db_purge: {get_param: CinderEnableDBPurge} - cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} - cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} - cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} - cinder_nfs_servers: - str_replace: - template: SERVERS - params: - SERVERS: {get_param: CinderNfsServers} - cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} - cinder_password: {get_param: CinderPassword} - cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} - cinder_backend_config: {get_param: CinderBackendConfig} - cinder_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://cinder:' - - {get_param: CinderPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/cinder' - cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]} - cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]} - cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} - cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} - cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} - cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} - keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } - enable_fencing: {get_param: EnableFencing} - enable_galera: {get_param: EnableGalera} enable_load_balancer: {get_param: EnableLoadBalancer} - enable_ceph_storage: {get_param: EnableCephStorage} - enable_swift_storage: {get_param: EnableSwiftStorage} - manage_firewall: {get_param: ManageFirewall} - purge_firewall_rules: {get_param: PurgeFirewallRules} - mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - mysql_max_connections: {get_param: MysqlMaxConnections} - mysql_root_password: {get_param: MysqlRootPassword} - mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} - mysql_cluster_name: - str_replace: - template: tripleo-CLUSTER - params: - CLUSTER: {get_param: MysqlClusterUniquePart} - neutron_flat_networks: - str_replace: - template: NETWORKS - params: - NETWORKS: {get_param: NeutronFlatNetworks} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_agent_mode: {get_param: NeutronAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_core_plugin: {get_param: NeutronCorePlugin} - neutron_service_plugins: - str_replace: - template: PLUGINS - params: - PLUGINS: {get_param: NeutronServicePlugins} - neutron_type_drivers: - str_replace: - template: DRIVERS - params: - DRIVERS: {get_param: NeutronTypeDrivers} - neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent} - neutron_mechanism_drivers: - str_replace: - template: MECHANISMS - params: - MECHANISMS: {get_param: NeutronMechanismDrivers} - neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron_l3_ha: {get_param: NeutronL3HA} - neutron_network_vlan_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: - str_replace: - template: MAPPINGS - params: - MAPPINGS: {get_param: NeutronBridgeMappings} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} - neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag} - neutron_tunnel_id_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronTunnelIdRanges} - neutron_vni_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronVniRanges} - neutron_tenant_network_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronNetworkType} - neutron_tunnel_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronTunnelTypes} - neutron_plugin_extensions: - str_replace: - template: PLUGIN_EXTENSIONS - params: - PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions} - neutron_agent_extensions: - str_replace: - template: AGENT_EXTENSIONS - params: - AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} - neutron_password: {get_param: NeutronPassword} - neutron_tenant_mtu: {get_param: NeutronTenantMtu} - neutron_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://neutron:' - - {get_param: NeutronPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/ovs_neutron?charset=utf8' - neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } - neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } - neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } - neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } - nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } - ceilometer_backend: {get_param: CeilometerBackend} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_store_events: {get_param: CeilometerStoreEvents} - aodh_password: {get_param: AodhPassword} - aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } - aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } - aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } - ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher} - gnocchi_password: {get_param: GnocchiPassword} - gnocchi_backend: {get_param: GnocchiBackend} - gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend} - ceilometer_coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - {get_param: RedisVirtualIPUri} - - ':6379/' - ceilometer_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://ceilometer:' - - {get_param: CeilometerPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/ceilometer' - gnocchi_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://gnocchi:' - - {get_param: GnocchiPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/gnocchi' - gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} - gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } - gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } - ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} - ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} - ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - nova_enable_db_purge: {get_param: NovaEnableDBPurge} - nova_ipv6: {get_param: NovaIPv6} - corosync_ipv6: {get_param: CorosyncIPv6} - memcached_ipv6: {get_param: MemcachedIPv6} - nova_password: {get_param: NovaPassword} - nova_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://nova:' - - {get_param: NovaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/nova' - nova_api_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://nova_api:' - - {get_param: NovaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/nova_api' - upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} - instance_name_template: {get_param: InstanceNameTemplate} - nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]} - nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]} - nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} - fencing_config: {get_param: FencingConfig} - pcsd_password: {get_param: PcsdPassword} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_cookie: {get_param: RabbitCookie} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - mongodb_no_journal: {get_param: MongoDbNoJournal} - mongodb_ipv6: {get_param: MongoDbIPv6} - ntp_servers: {get_param: NtpServer} - timezone: {get_param: TimeZone} - control_virtual_interface: {get_param: ControlVirtualInterface} - public_virtual_interface: {get_param: PublicVirtualInterface} - swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_part_power: {get_param: SwiftPartPower} - swift_ring_build: {get_param: SwiftRingBuild} - swift_replicas: {get_param: SwiftReplicas} - swift_min_part_hours: {get_param: SwiftMinPartHours} - swift_mount_check: {get_param: SwiftMountCheck} - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - sahara_password: {get_param: SaharaPassword} - sahara_public_url: {get_param: [EndpointMap, SaharaPublic, uri]} - sahara_internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} - sahara_admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} - sahara_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://sahara:' - - {get_param: SaharaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/sahara' - swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - cinder_iscsi_network: - str_replace: - template: "'IP'" - params: - IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} - cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} - heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - keystone_region: {get_param: KeystoneRegion} - mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} - neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} - ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} - gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} - nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} - horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - horizon_subnet: - str_replace: - template: "['SUBNET']" - params: - SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} - redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} - redis_password: {get_param: RedisPassword} - redis_vip: {get_param: RedisVirtualIP} - sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} - memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} - mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - mysql_virtual_ip: {get_param: MysqlVirtualIP} - ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} - ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} # Map heat metadata into hiera datafiles ControllerConfig: @@ -1123,32 +313,31 @@ resources: - controller_extraconfig - extraconfig - service_configs + - service_names - controller - - database - - object - - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - - ceph_cluster # provided by CephClusterConfig - - ceph - bootstrap_node # provided by BootstrapNodeConfig - all_nodes # provided by allNodesConfig - - vip_data # provided by vip-config + - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - - common - - network - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre - midonet_data #Optionally provided by AllNodesExtraConfig - - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre - - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre + - cisco_aci_data # Optionally provided by ControllerExtraConfigPre merge_behavior: deeper datafiles: + service_names: + mapped_data: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: - mapped_data: {get_param: ServiceConfigSettings} + mapped_data: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} controller_extraconfig: mapped_data: map_merge: @@ -1156,333 +345,18 @@ resources: - {get_param: ControllerExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} - common: - raw_data: {get_file: hieradata/common.yaml} - network: - mapped_data: - net_ip_map: {get_attr: [NetIpMap, net_ip_map]} - net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} - net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} - ceph: - raw_data: {get_file: hieradata/ceph.yaml} - mapped_data: - ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} - ceph::profile::params::public_network: {get_input: ceph_public_network} - ceph::profile::params::public_addr: {get_input: ceph_public_ip} - database: - raw_data: {get_file: hieradata/database.yaml} - object: - raw_data: {get_file: hieradata/object.yaml} controller: - raw_data: {get_file: hieradata/controller.yaml} mapped_data: # data supplied directly to this deployment configuration, etc bootstack_nodeid: {get_input: bootstack_nodeid} # Pacemaker - enable_fencing: {get_input: enable_fencing} enable_load_balancer: {get_input: enable_load_balancer} - hacluster_pwd: {get_input: pcsd_password} - corosync_ipv6: {get_input: corosync_ipv6} - tripleo::fencing::config: {get_input: fencing_config} - - # Swift - # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml - swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network} - swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} - swift::swift_hash_path_suffix: {get_input: swift_hash_suffix} - tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } - tripleo::ringbuilder::part_power: {get_input: swift_part_power} - tripleo::ringbuilder::replicas: {get_input: swift_replicas} - tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} - swift_mount_check: {get_input: swift_mount_check} - - # Cinder - cinder_enable_db_purge: {get_input: cinder_enable_db_purge} - cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} - cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend} - cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options} - cinder_nfs_servers: {get_input: cinder_nfs_servers} - cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} - cinder_iscsi_helper: {get_input: cinder_iscsi_helper} - cinder_iscsi_ip_address: {get_input: cinder_iscsi_network} - cinder::database_connection: {get_input: cinder_dsn} - cinder::api::keystone_password: {get_input: cinder_password} - cinder::api::auth_uri: {get_input: keystone_auth_uri} - cinder::api::identity_uri: {get_input: keystone_identity_uri} - cinder::api::bind_host: {get_input: cinder_api_network} - cinder::rabbit_userid: {get_input: rabbit_username} - cinder::rabbit_password: {get_input: rabbit_password} - cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - cinder::rabbit_port: {get_input: rabbit_client_port} - cinder::debug: {get_input: debug} - cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} - cinder::glance::glance_api_servers: {get_input: glance_api_servers} - cinder_backend_config: {get_input: CinderBackendConfig} - cinder::db::mysql::password: {get_input: cinder_password} - cinder::keystone::auth::public_url: {get_input: cinder_public_url } - cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } - cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } - cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 } - cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 } - cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 } - cinder::keystone::auth::password: {get_input: cinder_password } - cinder::keystone::auth::region: {get_input: keystone_region} - - # Glance - glance::api::bind_host: {get_input: glance_api_network} - glance::registry::bind_host: {get_input: glance_registry_network} - glance::keystone::auth::region: {get_input: keystone_region} - - # Heat - heat::api::bind_host: {get_input: heat_api_network} - heat::api_cloudwatch::bind_host: {get_input: heat_api_network} - heat::api_cfn::bind_host: {get_input: heat_api_network} - heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} - - # Keystone - keystone::admin_bind_host: {get_input: keystone_admin_api_network} - keystone::public_bind_host: {get_input: keystone_public_api_network} - keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} - keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} - # MongoDB - mongodb::server::bind_ip: {get_input: mongo_db_network} - mongodb::server::nojournal: {get_input: mongodb_no_journal} - mongodb::server::ipv6: {get_input: mongodb_ipv6} - # MySQL - admin_password: {get_input: admin_password} - enable_galera: {get_input: enable_galera} - enable_ceph_storage: {get_input: enable_ceph_storage} - enable_swift_storage: {get_input: enable_swift_storage} - mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} - mysql_max_connections: {get_input: mysql_max_connections} - mysql::server::root_password: {get_input: mysql_root_password} - mysql_clustercheck_password: {get_input: mysql_clustercheck_password} - mysql_cluster_name: {get_input: mysql_cluster_name} - mysql_bind_host: {get_input: mysql_network} - mysql_virtual_ip: {get_input: mysql_virtual_ip} - - # Neutron - neutron::bind_host: {get_input: neutron_api_network} - neutron::server::auth_uri: {get_input: keystone_auth_uri} - neutron::server::auth_url: {get_input: keystone_identity_uri} - neutron::server::database_connection: {get_input: neutron_dsn} - neutron::server::api_workers: {get_input: neutron_workers} - neutron::network_device_mtu: {get_input: neutron_tenant_mtu} - neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} - neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} - neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} - neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks} - neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} - neutron_agent_mode: {get_input: neutron_agent_mode} - neutron_router_distributed: {get_input: neutron_router_distributed} - neutron::core_plugin: {get_input: neutron_core_plugin} - neutron::service_plugins: {get_input: neutron_service_plugins} - neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent} - neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} - neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers} - neutron::plugins::ml2::extension_drivers: {get_input: neutron_plugin_extensions} - neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} - neutron::server::l3_ha: {get_input: neutron_l3_ha} - neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} - neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} - neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings} - neutron_public_interface: {get_input: neutron_public_interface} - neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} - neutron_public_interface_tag: {get_input: neutron_public_interface_tag} - neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types} - neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types} - neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions} - neutron::server::password: {get_input: neutron_password} - neutron_dsn: {get_input: neutron_dsn} - neutron::db::mysql::password: {get_input: neutron_password} - neutron::keystone::auth::public_url: {get_input: neutron_public_url } - neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } - neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } - neutron::keystone::auth::password: {get_input: neutron_password } - neutron::keystone::auth::region: {get_input: keystone_region} - neutron::server::notifications::auth_url: {get_input: neutron_auth_url} - neutron::server::notifications::tenant_name: 'service' - neutron::server::notifications::project_name: 'service' - neutron::server::notifications::password: {get_input: nova_password} - - # Ceilometer - ceilometer_backend: {get_input: ceilometer_backend} - ceilometer_mysql_conn_string: {get_input: ceilometer_dsn} - ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} - ceilometer::rabbit_userid: {get_input: rabbit_username} - ceilometer::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - ceilometer::rabbit_port: {get_input: rabbit_client_port} - ceilometer::debug: {get_input: debug} - ceilometer::api::host: {get_input: ceilometer_api_network} - ceilometer::api::keystone_password: {get_input: ceilometer_password} - ceilometer::api::auth_uri: {get_input: keystone_auth_uri} - ceilometer::api::identity_uri: {get_input: keystone_identity_uri} - ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} - ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} - ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events} - ceilometer::db::mysql::password: {get_input: ceilometer_password} - ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher} - ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url } - ceilometer::dispatcher::gnocchi::filter_project: 'service' - ceilometer::dispatcher::gnocchi::archive_policy: 'low' - ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' - ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url } - ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url } - ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url } - ceilometer::keystone::auth::password: {get_input: ceilometer_password } - ceilometer::keystone::auth::region: {get_input: keystone_region} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - - # Aodh - aodh::rabbit_userid: {get_input: rabbit_username} - aodh::rabbit_password: {get_input: rabbit_password} - aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - aodh::rabbit_port: {get_input: rabbit_client_port} - aodh::debug: {get_input: debug} - aodh::wsgi::apache::ssl: false - aodh::wsgi::apache::bind_host: {get_input: aodh_api_network} - aodh::api::service_name: 'httpd' - aodh::api::host: {get_input: aodh_api_network} - aodh::api::keystone_password: {get_input: aodh_password} - aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri} - aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri} - aodh::auth::auth_password: {get_input: aodh_password} - aodh::db::mysql::password: {get_input: aodh_password} - # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination - aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url} - aodh::keystone::auth::public_url: {get_input: aodh_public_url } - aodh::keystone::auth::internal_url: {get_input: aodh_internal_url } - aodh::keystone::auth::admin_url: {get_input: aodh_admin_url } - aodh::keystone::auth::password: {get_input: aodh_password } - aodh::keystone::auth::region: {get_input: keystone_region} - - # Gnocchi - gnocchi_backend: {get_input: gnocchi_backend} - gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend} - gnocchi_mysql_conn_string: {get_input: gnocchi_dsn} - gnocchi::debug: {get_input: debug} - gnocchi::wsgi::apache::ssl: false - gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network} - gnocchi::api::service_name: 'httpd' - gnocchi::api::host: {get_input: gnocchi_api_network} - gnocchi::api::keystone_password: {get_input: gnocchi_password} - gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri} - gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri} - gnocchi::db::mysql::password: {get_input: gnocchi_password} - gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri} - gnocchi::storage::swift::swift_key: {get_input: gnocchi_password} - gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url } - gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url } - gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url } - gnocchi::keystone::auth::password: {get_input: gnocchi_password } - gnocchi::keystone::auth::region: {get_input: keystone_region} - # Nova - nova::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - nova::rabbit_port: {get_input: rabbit_client_port} - nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} - nova::debug: {get_input: debug} - nova::use_ipv6: {get_input: nova_ipv6} - nova::api::auth_uri: {get_input: keystone_auth_uri} - nova::api::identity_uri: {get_input: keystone_identity_uri} - nova::api::api_bind_address: {get_input: nova_api_network} - nova::api::metadata_listen: {get_input: nova_metadata_network} - nova::api::admin_password: {get_input: nova_password} - nova::api::osapi_compute_workers: {get_input: nova_workers} - nova::api::metadata_workers: {get_input: nova_workers} - nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} - nova::database_connection: {get_input: nova_dsn} - nova::api_database_connection: {get_input: nova_api_dsn} - nova::glance_api_servers: {get_input: glance_api_servers} - nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - nova::api::instance_name_template: {get_input: instance_name_template} - nova::network::neutron::neutron_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} - nova::vncproxy::host: {get_input: nova_api_network} - nova::db::mysql::password: {get_input: nova_password} - nova::db::mysql_api::password: {get_input: nova_password} - nova_enable_db_purge: {get_input: nova_enable_db_purge} - nova::keystone::auth::public_url: {get_input: nova_public_url} - nova::keystone::auth::internal_url: {get_input: nova_internal_url} - nova::keystone::auth::admin_url: {get_input: nova_admin_url} - nova::keystone::auth::password: {get_input: nova_password } - nova::keystone::auth::region: {get_input: keystone_region} - - # Horizon - apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} - apache::ip: {get_input: horizon_network} - horizon::allowed_hosts: {get_input: horizon_allowed_hosts} - horizon::django_debug: {get_input: debug} - horizon::secret_key: {get_input: horizon_secret} - horizon::bind_address: {get_input: horizon_network} - horizon::keystone_url: {get_input: keystone_auth_uri} - - # Sahara - sahara::host: {get_input: sahara_api_network} - sahara::plugins: - - cdh - - hdp - - mapr - - vanilla - - spark - - storm - sahara::admin_password: {get_input: sahara_password} - sahara::auth_uri: {get_input: keystone_auth_uri} - sahara::admin_user: sahara - sahara::identity_uri: {get_input: keystone_identity_uri} - sahara::use_neutron: true - sahara::database_connection: {get_input: sahara_dsn} - sahara::debug: {get_input: debug} - sahara::rpc_backend: rabbit - sahara::rabbit_userid: {get_input: rabbit_username} - sahara::rabbit_password: {get_input: rabbit_password} - sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - sahara::rabbit_port: {get_input: rabbit_client_port} - sahara::db::mysql::password: {get_input: sahara_password} - sahara::keystone::auth::public_url: {get_input: sahara_public_url } - sahara::keystone::auth::internal_url: {get_input: sahara_internal_url } - sahara::keystone::auth::admin_url: {get_input: sahara_admin_url } - sahara::keystone::auth::password: {get_input: sahara_password } - sahara::keystone::auth::region: {get_input: keystone_region} - # RabbitMQ - rabbitmq::node_ip_address: {get_input: rabbitmq_network} - rabbitmq::erlang_cookie: {get_input: rabbit_cookie} - # Redis - redis::bind: {get_input: redis_network} - redis::requirepass: {get_input: redis_password} - redis::masterauth: {get_input: redis_password} - redis::sentinel_auth_pass: {get_input: redis_password} - redis_vip: {get_input: redis_vip} - # Firewall - tripleo::firewall::manage_firewall: {get_input: manage_firewall} - tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc - memcached_ipv6: {get_input: memcached_ipv6} - memcached::listen_ip: {get_input: memcached_network} - neutron_public_interface_ip: {get_input: neutron_public_interface_ip} - ntp::servers: {get_input: ntp_servers} - timezone::timezone: {get_input: timezone} - control_virtual_interface: {get_input: control_virtual_interface} - public_virtual_interface: {get_input: public_virtual_interface} - tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address} tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user} - tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password} - tripleo::haproxy::redis_password: {get_input: redis_password} - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: @@ -1550,6 +424,7 @@ outputs: STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST TENANTIP TENANTHOST.DOMAIN TENANTHOST MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST + CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -1590,34 +465,16 @@ outputs: - '.' - - {get_attr: [Controller, name]} - management + CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} + CTLPLANEHOST: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane nova_server_resource: description: Heat resource handle for the Nova compute server value: {get_resource: Controller} - swift_device: - description: Swift device formatted for swift-ring-builder - value: - str_replace: - template: 'r1z1-IP:%PORT%/d1' - params: - IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - swift_proxy_memcache: - description: Swift proxy-memcache value - value: - str_replace: - template: "IP:11211" - params: - IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} - config_identifier: - description: identifier which changes if the controller configuration may need re-applying - value: - list_join: - - ',' - - - {get_attr: [ControllerDeployment, deploy_stdout]} - - {get_attr: [NodeTLSCAData, deploy_stdout]} - - {get_attr: [NodeTLSData, deploy_stdout]} - - {get_attr: [ControllerExtraConfigPre, deploy_stdout]} - - {get_param: UpdateIdentifier} tls_key_modulus_md5: description: MD5 checksum of the TLS Key Modulus value: {get_attr: [NodeTLSData, key_modulus_md5]} diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml index 3e455347..6a2ea4d5 100644 --- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml +++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml @@ -4,15 +4,7 @@ description: Configure hieradata for all MidoNet nodes parameters: # Parameters passed from the parent template - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json EnableZookeeperOnController: @@ -102,18 +94,10 @@ resources: type: OS::Heat::StructuredDeploymentGroup properties: config: {get_resource: NetworkMidoNetConfig} - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} NetworkMidonetDeploymentComputes: type: OS::Heat::StructuredDeploymentGroup properties: config: {get_resource: NetworkMidoNetConfig} - servers: {get_param: compute_servers} - -outputs: - config_identifier: - value: - list_join: - - ' ' - - - {get_attr: [NetworkMidonetDeploymentControllers, deploy_stdouts]} - - {get_attr: [NetworkMidonetDeploymentComputes, deploy_stdouts]} + servers: {get_param: [servers, Compute]} diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index 71445800..7bda0cd5 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -4,15 +4,7 @@ description: Configure hieradata for Network Cisco configuration parameters: # Parameters passed from the parent template - controller_servers: - type: json - compute_servers: - type: json - blockstorage_servers: - type: json - objectstorage_servers: - type: json - cephstorage_servers: + servers: type: json # extra parameters passed via parameter_defaults @@ -140,7 +132,7 @@ resources: properties: name: NetworkCiscoDeployment config: {get_resource: NetworkCiscoConfig} - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} input_values: UCSM_ip: {get_param: NetworkUCSMIp} UCSM_username: {get_param: NetworkUCSMUsername} @@ -187,7 +179,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsController - servers: {get_param: controller_servers} + servers: {get_param: [servers, Controller]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -195,7 +187,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsCompute - servers: {get_param: compute_servers} + servers: {get_param: [servers, Compute]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -203,7 +195,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsBlockStorage - servers: {get_param: blockstorage_servers} + servers: {get_param: [servers, BlockStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -211,7 +203,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsObjectStorage - servers: {get_param: objectstorage_servers} + servers: {get_param: [servers, ObjectStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -219,7 +211,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsCephStorage - servers: {get_param: cephstorage_servers} + servers: {get_param: [servers, CephStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -294,7 +286,7 @@ resources: type: OS::Heat::SoftwareDeployment properties: name: MappingToNexusDeploymentsController - server: {get_param: [controller_servers, '0']} + server: {get_param: [servers, Controller, '0']} config: {get_resource: MappingToNexusConfig} input_values: # FIXME(shardy): It'd be more convenient if we could join these @@ -338,16 +330,8 @@ resources: depends_on: MappingToNexusDeploymentsController properties: name: MappingToUCSMDeploymentsController - server: {get_param: [controller_servers, '0']} + server: {get_param: [servers, Controller, '0']} config: {get_resource: MappingToUCSMConfig} input_values: ucsm_config: {get_param: NetworkUCSMHostList} actions: ['CREATE'] # Only do this on CREATE - -outputs: - # The Deployment applying the hieradata outputs the derived config-id, which - # changes if the input_values change, so if the stdouts from - # NetworkCiscoDeployment change, we need to reapply puppet (which will - # happen if we return a different config_identifier) - config_identifier: - value: {get_attr: [NetworkCiscoDeployment, deploy_stdouts]} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml deleted file mode 100644 index 308c609a..00000000 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ /dev/null @@ -1,115 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Configure parameters for an external Ceph cluster via Puppet.' - -parameters: - ceph_storage_count: - default: 0 - type: number - description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. - ceph_external_mon_ips: - default: '' - type: string - description: List of external Ceph Mon host IPs. - ceph_client_key: - default: '' - type: string - description: Ceph key used to create the 'openstack' user keyring. - ceph_fsid: - default: '' - type: string - # The following parameters are unused for external Ceph clusters and - # are here and exist for compatibility - ceph_admin_key: - default: '' - type: string - ceph_mon_key: - default: '' - type: string - ceph_mon_names: - type: comma_delimited_list - ceph_mon_ips: - type: comma_delimited_list - NovaRbdPoolName: - default: vms - type: string - CinderRbdPoolName: - default: volumes - type: string - GlanceRbdPoolName: - default: images - type: string - GnocchiRbdPoolName: - default: metrics - type: string - CephClientUserName: - default: openstack - type: string - CephIPv6: - default: False - type: boolean - -resources: - CephClusterConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - ceph_cluster: - mapped_data: - ceph_storage_count: {get_param: ceph_storage_count} - enable_external_ceph: true - ceph_ipv6: {get_param: CephIPv6} - ceph_mon_host: {get_param: ceph_external_mon_ips} - ceph_mon_host_v6: {get_param: ceph_external_mon_ips} - ceph::profile::params::fsid: {get_param: ceph_fsid} - ceph::profile::params::client_keys: - str_replace: - template: "{ - client.CLIENT_USER: { - secret: 'CLIENT_KEY', - mode: '0644', - cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' - } - }" - params: - CLIENT_USER: {get_param: CephClientUserName} - CLIENT_KEY: {get_param: ceph_client_key} - NOVA_POOL: {get_param: NovaRbdPoolName} - CINDER_POOL: {get_param: CinderRbdPoolName} - GLANCE_POOL: {get_param: GlanceRbdPoolName} - GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} - nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} - cinder_rbd_pool_name: {get_param: CinderRbdPoolName} - glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} - gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} - gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} - nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} - glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} - nova::compute::rbd::rbd_keyring: - list_join: - - '.' - - - 'client' - - {get_param: CephClientUserName} - gnocchi::storage::ceph::ceph_keyring: - list_join: - - '.' - - - '/etc/ceph/ceph' - - 'client' - - {get_param: CephClientUserName} - - 'keyring' - ceph_client_user_name: {get_param: CephClientUserName} - ceph_pools: - - {get_param: CinderRbdPoolName} - - {get_param: NovaRbdPoolName} - - {get_param: GlanceRbdPoolName} - - {get_param: GnocchiRbdPoolName} - -outputs: - config_id: - description: The ID of the CephClusterConfigImpl resource. - value: - {get_resource: CephClusterConfigImpl} diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml index e496553a..f5b1f0e6 100644 --- a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml +++ b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml @@ -32,6 +32,18 @@ resources: contrail::vrouter::provision_vrouter::keystone_admin_tenant_name: admin contrail::vrouter::provision_vrouter::keystone_admin_password: '"%{::admin_password}"' + contrail::vnc_api::vnc_api_config: + 'auth/AUTHN_TYPE': + value: keystone + 'auth/AUTHN_PROTOCOL': + value: http + 'auth/AUTHN_SERVER': + value: "%{hiera('keystone_admin_api_vip')}" + 'auth/AUTHN_PORT': + value: 35357 + 'auth/AUTHN_URL': + value: '/v2.0/tokens' + ComputeContrailDeployment: type: OS::Heat::StructuredDeployment properties: diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml index 9b6981bb..9423208e 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml @@ -51,7 +51,7 @@ resources: datafiles: cinder_dellsc_data: mapped_data: - cinder_enable_dellsc_backend: {get_input: EnableDellScBackend} + tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_input: EnableDellScBackend} cinder::backend::dellsc_iscsi::volume_backend_name: {get_input: DellScBackendName} cinder::backend::dellsc_iscsi::san_ip: {get_input: DellScSanIp} cinder::backend::dellsc_iscsi::san_login: {get_input: DellScSanLogin} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml index 36db334e..c7af6f22 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml @@ -50,7 +50,7 @@ resources: datafiles: cinder_eqlx_data: mapped_data: - cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend} + tripleo::profile::base::cinder::volume::cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend} cinder::backend::eqlx::volume_backend_name: {get_input: EqlxBackendName} cinder::backend::eqlx::san_ip: {get_input: EqlxSanIp} cinder::backend::eqlx::san_login: {get_input: EqlxSanLogin} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml index ab442f2b..6ff90881 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml @@ -87,7 +87,7 @@ resources: datafiles: cinder_netapp_data: mapped_data: - cinder_enable_netapp_backend: {get_input: EnableNetappBackend} + tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend} cinder::backend::netapp::title: {get_input: NetappBackendName} cinder::backend::netapp::netapp_login: {get_input: NetappLogin} cinder::backend::netapp::netapp_password: {get_input: NetappPassword} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml deleted file mode 100644 index a4cfea07..00000000 --- a/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml +++ /dev/null @@ -1,91 +0,0 @@ -heat_template_version: 2015-04-30 - -description: Configure hieradata for Nuage configuration on the Controller - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - - # Config specific parameters, to be provided via parameter_defaults - NeutronNuageOSControllerIp: - description: IP address of the OpenStack Controller - type: string - - NeutronNuageNetPartitionName: - description: Specifies the title that you will see on the VSD - type: string - default: 'default_name' - - NeutronNuageVSDIp: - description: IP address and port of the Virtual Services Directory - type: string - - NeutronNuageVSDUsername: - description: Username to be used to log into VSD - type: string - - NeutronNuageVSDPassword: - description: Password to be used to log into VSD - type: string - - NeutronNuageVSDOrganization: - description: Organization parameter required to log into VSD - type: string - default: 'organization' - - NeutronNuageBaseURIVersion: - description: URI version to be used based on the VSD release - type: string - default: 'default_uri_version' - - NeutronNuageCMSId: - description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD - type: string - - UseForwardedFor: - description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. - type: boolean - default: false - -resources: - NeutronNuageConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - neutron_nuage_data: - mapped_data: - neutron::plugins::nuage::nuage_oscontroller_ip: {get_input: NuageOSControllerIp} - neutron::plugins::nuage::nuage_net_partition_name: {get_input: NuageNetPartitionName} - neutron::plugins::nuage::nuage_vsd_ip: {get_input: NuageVSDIp} - neutron::plugins::nuage::nuage_vsd_username: {get_input: NuageVSDUsername} - neutron::plugins::nuage::nuage_vsd_password: {get_input: NuageVSDPassword} - neutron::plugins::nuage::nuage_vsd_organization: {get_input: NuageVSDOrganization} - neutron::plugins::nuage::nuage_base_uri_version: {get_input: NuageBaseURIVersion} - neutron::plugins::nuage::nuage_cms_id: {get_input: NuageCMSId} - nova::api::use_forwarded_for: {get_input: NovaUseForwardedFor} - - NeutronNuageDeployment: - type: OS::Heat::StructuredDeployment - properties: - name: NeutronNuageDeployment - config: {get_resource: NeutronNuageConfig} - server: {get_param: server} - input_values: - NuageOSControllerIp: {get_param: NeutronNuageOSControllerIp} - NuageNetPartitionName: {get_param: NeutronNuageNetPartitionName} - NuageVSDIp: {get_param: NeutronNuageVSDIp} - NuageVSDUsername: {get_param: NeutronNuageVSDUsername} - NuageVSDPassword: {get_param: NeutronNuageVSDPassword} - NuageVSDOrganization: {get_param: NeutronNuageVSDOrganization} - NuageBaseURIVersion: {get_param: NeutronNuageBaseURIVersion} - NuageCMSId: {get_param: NeutronNuageCMSId} - NovaUseForwardedFor: {get_param: UseForwardedFor} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [NeutronNuageDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml deleted file mode 100644 index 5c686fe7..00000000 --- a/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml +++ /dev/null @@ -1,62 +0,0 @@ -heat_template_version: 2015-04-30 - -description: Controller hieradata for Neutron OpenContrail configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - ContrailApiServerIp: - description: IP address of the OpenContrail API server - type: string - ContrailApiServerPort: - description: Port of the OpenContrail API - type: string - default: 8082 - ContrailMultiTenancy: - description: Whether to enable multi tenancy - type: boolean - default: false - ContrailExtensions: - description: List of OpenContrail extensions to be enabled - type: comma_delimited_list - default: '' - -resources: - ControllerContrailConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - neutron_opencontrail_data: - mapped_data: - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions - - neutron::plugins::opencontrail::api_server_ip: {get_input: contrail_api_server_ip} - neutron::plugins::opencontrail::api_server_port: {get_input: contrail_api_server_port} - neutron::plugins::opencontrail::multi_tenancy: {get_input: contrail_multi_tenancy} - neutron::plugins::opencontrail::contrail_extensions: {get_input: contrail_extensions} - neutron::plugins::opencontrail::keystone_auth_url: '"%{hiera(''keystone_auth_uri'')}"' - neutron::plugins::opencontrail::keystone_admin_user: admin - neutron::plugins::opencontrail::keystone_admin_tenant_name: admin - neutron::plugins::opencontrail::keystone_admin_password: '"%{hiera(''admin_password'')}"' - neutron::plugins::opencontrail::keystone_admin_token: '"%{hiera(''keystone::admin_token'')}"' - - ControllerContrailDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ControllerContrailConfig} - server: {get_param: server} - input_values: - contrail_api_server_ip: {get_param: ContrailApiServerIp} - contrail_api_server_port: {get_param: ContrailApiServerPort} - contrail_multi_tenancy: {get_param: ContrailMultiTenancy} - contrail_extensions: {get_param: ContrailExtensions} - - -outputs: - deploy_stdout: - description: Output of the extra hiera data deployment - value: {get_attr: [ControllerContrailDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml deleted file mode 100755 index 7c0a7ad2..00000000 --- a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml +++ /dev/null @@ -1,113 +0,0 @@ -heat_template_version: 2015-04-30 - -description: Controller hieradata for Neutron PLUMgrid configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - PLUMgridDirectorServer: - description: IP address of the PLUMgrid Director Server - type: string - default: 127.0.0.1 - PLUMgridDirectorServerPort: - description: Port of the PLUMgrid Director Server - type: string - default: 443 - PLUMgridUsername: - description: Username for PLUMgrid platform - type: string - PLUMgridPassword: - description: Password for PLUMgrid platform - type: string - hidden: true - PLUMgridServerTimeOut: - description: Request timeout duration (seconds) to PLUMgrid platform - type: string - default: 99 - PLUMgridNovaMetadataIP: - description: IP address of Nova Metadata - type: string - default: 169.254.169.254 - PLUMgridNovaMetadataPort: - description: Port of Nova Metadata - type: string - default: 8775 - PLUMgridL2GatewayVendor: - description: Vendor for L2 Gateway Switch - type: string - default: vendor - PLUMgridL2GatewayUsername: - description: Username for L2 Gateway Switch - type: string - default: username - PLUMgridL2GatewayPassword: - description: Password for L2 Gateway Switch - type: string - hidden: true - PLUMgridIdentityVersion: - description: Keystone Identity version - type: string - default: v2.0 - PLUMgridConnectorType: - description: Neutron Network Connector Type - type: string - default: distributed - PLUMgridNeutronPluginVersion: - description: PLUMgrid Neutron Plugin version - type: string - default: present - PLUMgridPlumlibVersion: - description: PLUMgrid Plumlib version - type: string - default: present - - -resources: - ControllerPLUMgridConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - neutron_plumgrid_data: - mapped_data: - neutron::plugins::plumgrid::director_server: {get_input: plumgrid_director_server} - neutron::plugins::plumgrid::director_server_port: {get_input: plumgrid_director_server_port} - neutron::plugins::plumgrid::username: {get_input: plumgrid_username} - neutron::plugins::plumgrid::password: {get_input: plumgrid_password} - neutron::plugins::plumgrid::nova_metadata_ip: {get_input: plumgrid_nova_metadata_ip} - neutron::plugins::plumgrid::nova_metadata_port: {get_input: plumgrid_nova_metadata_port} - neutron::plugins::plumgrid::l2gateway_vendor: {get_input: plumgrid_l2gateway_vendor} - neutron::plugins::plumgrid::l2gateway_sw_username: {get_input: plumgrid_l2gateway_sw_username} - neutron::plugins::plumgrid::l2gateway_sw_password: {get_input: plumgrid_l2gateway_sw_password} - neutron::plugins::plumgrid::connector_type: {get_input: plumgrid_connector_type} - neutron::plugins::plumgrid::identity_version: {get_input: plumgrid_identity_version} - neutron::plugins::plumgrid::package_ensure: {get_input: plumgrid_neutron_plugin_version} - neutron::plugins::plumgrid::plumlib_package_ensure: {get_input: plumgrid_plumlib_version} - - ControllerPLUMgridDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ControllerPLUMgridConfig} - server: {get_param: server} - input_values: - plumgrid_director_server: {get_param: PLUMgridDirectorServer} - plumgrid_director_server_port: {get_param: PLUMgridDirectorServerPort} - plumgrid_username: {get_param: PLUMgridUsername} - plumgrid_password: {get_param: PLUMgridPassword} - plumgrid_nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP} - plumgrid_nova_metadata_port: {get_param: PLUMgridNovaMetadataPort} - plumgrid_l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor} - plumgrid_l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername} - plumgrid_l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword} - plumgrid_identity_version: {get_param: PLUMgridIdentityVersion} - plumgrid_connector_type: {get_param: PLUMgridConnectorType} - plumgrid_neutron_plugin_version: {get_param: PLUMgridNeutronPluginVersion} - plumgrid_plumlib_version: {get_param: PLUMgridPlumlibVersion} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [ControllerPLUMgridDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/tls/no-ca.yaml b/puppet/extraconfig/tls/no-ca.yaml deleted file mode 100644 index 5862a85c..00000000 --- a/puppet/extraconfig/tls/no-ca.yaml +++ /dev/null @@ -1,17 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - This is a default no-op template which can be passed to the - OS::Nova::Server resources. This template can be replaced with - a different implementation via the resource registry, such that - deployers may customize their configuration. - -parameters: - server: # Here for compatibility with controller.yaml - description: ID of the controller node to apply this config to - type: string - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: 'Root CA cert injection not enabled.' diff --git a/puppet/extraconfig/tls/no-tls.yaml b/puppet/extraconfig/tls/no-tls.yaml deleted file mode 100644 index a2b5c569..00000000 --- a/puppet/extraconfig/tls/no-tls.yaml +++ /dev/null @@ -1,34 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - This is a default no-op template. This defines the parameters that - need to be passed in order to have TLS enabled in the controller - nodes. This template can be replaced with a different - implementation via the resource registry, such that deployers - may customize their configuration. - -parameters: - DeployedSSLCertificatePath: - default: '' - description: > - The filepath of the certificate as it will be stored in the controller. - type: string - NodeIndex: # Here for compatibility with puppet/controller.yaml - default: 0 - type: number - server: # Here for compatibility with puppet/controller.yaml - description: ID of the controller node to apply this config to - type: string - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: 'TLS not enabled.' - deployed_ssl_certificate_path: - value: '' - key_modulus_md5: - description: Key SSL Modulus - value: '' - cert_modulus_md5: - description: Certificate SSL Modulus - value: '' diff --git a/puppet/hieradata/RedHat.yaml b/puppet/hieradata/RedHat.yaml deleted file mode 100644 index 25902828..00000000 --- a/puppet/hieradata/RedHat.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# RedHat specific overrides go here -rabbitmq::package_provider: 'yum' - -# The Galera package should work in cluster and -# non-cluster modes based on the config file. -# We set the package name here explicitly so -# that it matches what we pre-install -# in tripleo-puppet-elements. -mysql::server::package_name: 'mariadb-galera-server' diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml deleted file mode 100644 index 1e480e60..00000000 --- a/puppet/hieradata/ceph.yaml +++ /dev/null @@ -1,12 +0,0 @@ -ceph::profile::params::osd_journal_size: 1024 -ceph::profile::params::osd_pool_default_pg_num: 32 -ceph::profile::params::osd_pool_default_pgp_num: 32 -ceph::profile::params::osd_pool_default_size: 3 -ceph::profile::params::osd_pool_default_min_size: 1 -ceph::profile::params::osds: {/srv/data: {}} -ceph::profile::params::manage_repo: false -ceph::profile::params::authentication_type: cephx - -ceph_classes: [] - -ceph_osd_selinux_permissive: true diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml deleted file mode 100644 index 65cf9577..00000000 --- a/puppet/hieradata/common.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# Common Hiera data gets applied to all nodes -ssh::server::storeconfigs_enabled: false - -# ceilometer settings used by compute and controller ceilo auth settings -ceilometer::agent::auth::auth_region: 'regionOne' -ceilometer::agent::auth::auth_tenant_name: 'service' - -aodh::auth::auth_region: 'regionOne' -aodh::auth::auth_tenant_name: 'service' - -gnocchi::auth::auth_region: 'regionOne' -gnocchi::auth::auth_tenant_name: 'service' - -nova::api::admin_tenant_name: 'service' -nova::network::neutron::neutron_project_name: 'service' -nova::network::neutron::neutron_username: 'neutron' -nova::network::neutron::dhcp_domain: '' - -neutron::allow_overlapping_ips: true -neutron::server::project_name: 'service' - -kernel_modules: - nf_conntrack: {} - -sysctl_settings: - net.ipv4.tcp_keepalive_intvl: - value: 1 - net.ipv4.tcp_keepalive_probes: - value: 5 - net.ipv4.tcp_keepalive_time: - value: 5 - net.nf_conntrack_max: - value: 500000 - net.netfilter.nf_conntrack_max: - value: 500000 - # prevent neutron bridges from autoconfiguring ipv6 addresses - net.ipv6.conf.default.accept_ra: - value: 0 - net.ipv6.conf.default.autoconf: - value: 0 - net.core.netdev_max_backlog: - value: 10000 - -nova::rabbit_heartbeat_timeout_threshold: 60 -neutron::rabbit_heartbeat_timeout_threshold: 60 -cinder::rabbit_heartbeat_timeout_threshold: 60 -ceilometer::rabbit_heartbeat_timeout_threshold: 60 -heat::rabbit_heartbeat_timeout_threshold: 60 -keystone::rabbit_heartbeat_timeout_threshold: 60 - -nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml deleted file mode 100644 index 1e888f39..00000000 --- a/puppet/hieradata/compute.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Hiera data here applies to all compute nodes - -nova::notify_on_state_change: 'vm_and_task_state' -nova::notification_driver: messagingv2 -nova::compute::enabled: true -nova::compute::instance_usage_audit: true -nova::compute::instance_usage_audit_period: 'hour' -nova::compute::vnc_enabled: true - -nova::compute::libvirt::migration_support: true - -nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" - -nova::network::neutron::neutron_auth_type: 'v3password' - -# Changing the default from 512MB. The current templates can not deploy -# overclouds with swap. On an idle compute node, we see ~1024MB of RAM -# used. 2048 is suggested to account for other possible operations for -# example openvswitch. -nova::compute::reserved_host_memory: 2048 - -ceilometer::agent::auth::auth_tenant_name: 'service' -ceilometer::agent::auth::auth_endpoint_type: 'internalURL' - -compute_classes: [] diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml deleted file mode 100644 index de6e3db1..00000000 --- a/puppet/hieradata/controller.yaml +++ /dev/null @@ -1,304 +0,0 @@ -# Hiera data here applies to all controller nodes - -nova::api::enabled: true -nova::conductor::enabled: true -nova::consoleauth::enabled: true -nova::vncproxy::enabled: true -nova::scheduler::enabled: true - -# gnocchi -gnocchi::db::sync::extra_opts: '--skip-storage' -gnocchi::storage::swift::swift_user: 'service:gnocchi' -gnocchi::storage::swift::swift_auth_version: 2 -gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' -gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3' -gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' -gnocchi::statsd::flush_delay: 10 -gnocchi::statsd::archive_policy_name: 'low' - -# rabbitmq -rabbitmq::delete_guest_user: false -rabbitmq::wipe_db_on_cookie_change: true -rabbitmq::port: '5672' -rabbitmq::package_source: undef -rabbitmq::repos_ensure: false -rabbitmq_environment: - RABBITMQ_NODENAME: "rabbit@%{::hostname}" - RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' -rabbitmq_kernel_variables: - inet_dist_listen_min: '35672' - inet_dist_listen_max: '35672' -rabbitmq_config_variables: - tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' - cluster_partition_handling: 'pause_minority' - loopback_users: '[]' - -mongodb::server::replset: tripleo -mongodb::server::journal: false - -redis::port: 6379 -redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" -redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" -redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' - -# keystone -keystone::roles::admin::email: 'root@localhost' - -# service tenant -glance::api::keystone_tenant: 'service' -aodh::api::keystone_tenant: 'service' -glance::registry::keystone_tenant: 'service' -neutron::server::auth_tenant: 'service' -neutron::agents::metadata::auth_tenant: 'service' -neutron::agents::l3::router_delete_namespaces: True -cinder::api::keystone_tenant: 'service' -swift::proxy::authtoken::admin_tenant_name: 'service' -ceilometer::api::keystone_tenant: 'service' -gnocchi::api::keystone_tenant: 'service' -heat::keystone_tenant: 'service' -sahara::admin_tenant_name: 'service' -aodh::keystone::auth::tenant: 'service' -ceilometer::keystone::auth::tenant: 'service' -cinder::keystone::auth::tenant: 'service' -glance::keystone::auth::tenant: 'service' -gnocchi::keystone::auth::tenant: 'service' -heat::keystone::auth::tenant: 'service' -neutron::keystone::auth::tenant: 'service' -nova::keystone::auth::tenant: 'service' -sahara::keystone::auth::tenant: 'service' -swift::keystone::auth::tenant: 'service' - -# keystone -keystone::cron::token_flush::maxdelay: 3600 -keystone::roles::admin::service_tenant: 'service' -keystone::roles::admin::admin_tenant: 'admin' -keystone::cron::token_flush::destination: '/dev/null' -keystone::config::keystone_config: - DEFAULT/secure_proxy_ssl_header: - value: 'HTTP_X_FORWARDED_PROTO' - ec2/driver: - value: 'keystone.contrib.ec2.backends.sql.Ec2' -keystone::service_name: 'httpd' -keystone::wsgi::apache::ssl: false - -#swift -swift::proxy::pipeline: - - 'catch_errors' - - 'healthcheck' - - 'cache' - - 'ratelimit' - - 'tempurl' - - 'formpost' - - 'authtoken' - - 'keystone' - - 'staticweb' - - 'proxy-logging' - - 'proxy-server' - -swift::proxy::account_autocreate: true -swift::keystone::auth::configure_s3_endpoint: false -swift::keystone::auth::operator_roles: - - admin - - swiftoperator - -# glance -glance::api::pipeline: 'keystone' -glance::api::show_image_direct_url: true -glance::registry::pipeline: 'keystone' -glance::backend::swift::swift_store_create_container_on_put: true -glance_file_pcmk_directory: '/var/lib/glance/images' - -# neutron -neutron::server::sync_db: true - -# nova -nova::notify_on_state_change: 'vm_and_task_state' -nova::api::default_floating_pool: 'public' -nova::api::sync_db_api: true -nova::api::enable_proxy_headers_parsing: true -nova::scheduler::filter::ram_allocation_ratio: '1.0' -nova::cron::archive_deleted_rows::hour: '*/12' -nova::cron::archive_deleted_rows::destination: '/dev/null' -nova::notification_driver: messaging - -# ceilometer -ceilometer::agent::auth::auth_endpoint_type: 'internalURL' - -# cinder -cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler -cinder::cron::db_purge::destination: '/dev/null' -cinder::host: hostgroup -cinder_user_enabled_backends: [] - -# TODO(jaosorior): Move to cinder profile once cinder is moved as a composable -# service. -cinder::api::enable_proxy_headers_parsing: true - -# heat -heat::engine::configure_delegated_roles: false -heat::engine::trusts_delegated_roles: [] -heat::instance_user: '' -heat::cron::purge_deleted::age: 30 -heat::cron::purge_deleted::age_type: 'days' -heat::cron::purge_deleted::maxdelay: 3600 -heat::cron::purge_deleted::destination: '/dev/null' -heat::keystone::domain::domain_name: 'heat_stack' -heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' -heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' -heat::auth_plugin: 'password' - -# pacemaker -pacemaker::corosync::cluster_name: 'tripleo_cluster' -pacemaker::corosync::manage_fw: false -pacemaker::resource_defaults::defaults: - resource-stickiness: { value: INFINITY } -corosync_token_timeout: 10000 - -# horizon -horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache -horizon::django_session_engine: 'django.contrib.sessions.backends.cache' -horizon::vhost_extra_params: - add_listen: false - priority: 10 - access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' - -# mysql -mysql::server::manage_config_file: true - - -tripleo::haproxy::keystone_admin: true -tripleo::haproxy::keystone_public: true -tripleo::haproxy::neutron: true -tripleo::haproxy::cinder: true -tripleo::haproxy::glance_api: true -tripleo::haproxy::glance_registry: true -tripleo::haproxy::nova_osapi: true -tripleo::haproxy::nova_metadata: true -tripleo::haproxy::nova_novncproxy: true -tripleo::haproxy::mysql: true -tripleo::haproxy::redis: true -tripleo::haproxy::sahara: true -tripleo::haproxy::swift_proxy_server: true -tripleo::haproxy::ceilometer: true -tripleo::haproxy::aodh: true -tripleo::haproxy::gnocchi: true -tripleo::haproxy::heat_api: true -tripleo::haproxy::heat_cloudwatch: true -tripleo::haproxy::heat_cfn: true -tripleo::haproxy::horizon: true - -controller_classes: [] -# firewall -tripleo::firewall::firewall_rules: - '101 mongodb_config': - port: 27019 - '102 mongodb_sharding': - port: 27018 - '103 mongod': - port: 27017 - '104 mysql galera': - port: - - 873 - - 3306 - - 4444 - - 4567 - - 4568 - - 9200 - '105 ntp': - port: 123 - proto: udp - '106 vrrp': - proto: vrrp - '107 haproxy stats': - port: 1993 - '108 redis': - port: - - 6379 - - 26379 - '109 rabbitmq': - port: - - 5672 - - 35672 - '110 ceph': - port: - - 6789 - - '6800-6810' - '111 keystone': - port: - - 5000 - - 13000 - - 35357 - - 13357 - '112 glance': - port: - - 9292 - - 9191 - - 13292 - '113 nova': - port: - - 6080 - - 13080 - - 8773 - - 3773 - - 8774 - - 13774 - - 8775 - '114 neutron server': - port: - - 9696 - - 13696 - '115 neutron dhcp input': - proto: 'udp' - port: 67 - '116 neutron dhcp output': - proto: 'udp' - chain: 'OUTPUT' - port: 68 - '118 neutron vxlan networks': - proto: 'udp' - port: 4789 - '119 cinder': - port: - - 8776 - - 13776 - '120 iscsi initiator': - port: 3260 - '121 memcached': - port: 11211 - '122 swift proxy': - port: - - 8080 - - 13808 - '123 swift storage': - port: - - 873 - - 6000 - - 6001 - - 6002 - '124 ceilometer': - port: - - 8777 - - 13777 - '125 heat': - port: - - 8000 - - 13800 - - 8003 - - 13003 - - 8004 - - 13004 - '126 horizon': - port: - - 80 - - 443 - '127 snmp': - port: 161 - proto: 'udp' - '128 aodh': - port: - - 8042 - - 13042 - '129 gnocchi-api': - port: - - 8041 - - 13041 diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml deleted file mode 100644 index 4eb199c8..00000000 --- a/puppet/hieradata/database.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Nova -nova::db::mysql::user: nova -nova::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -nova::db::mysql::dbname: nova -nova::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -nova::db::mysql_api::user: nova_api -nova::db::mysql_api::host: "%{hiera('mysql_virtual_ip')}" -nova::db::mysql_api::dbname: nova_api -nova::db::mysql_api::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -# Glance -glance::db::mysql::user: glance -glance::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -glance::db::mysql::dbname: glance -glance::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -# Keystone -keystone::db::mysql::user: keystone -keystone::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -keystone::db::mysql::dbname: keystone -keystone::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -# Neutron -neutron::db::mysql::user: neutron -neutron::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -neutron::db::mysql::dbname: ovs_neutron -neutron::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -# Cinder -cinder::db::mysql::user: cinder -cinder::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -cinder::db::mysql::dbname: cinder -cinder::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -# Heat -heat::db::mysql::user: heat -heat::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -heat::db::mysql::dbname: heat -heat::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -# Ceilometer -ceilometer::db::mysql::user: ceilometer -ceilometer::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -ceilometer::db::mysql::dbname: ceilometer -ceilometer::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -# Gnocchi -gnocchi::db::mysql::user: gnocchi -gnocchi::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -gnocchi::db::mysql::dbname: gnocchi -gnocchi::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -sahara::db::mysql::user: sahara -sahara::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -sahara::db::mysql::dbname: sahara -sahara::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" diff --git a/puppet/hieradata/object.yaml b/puppet/hieradata/object.yaml deleted file mode 100644 index d4a0e81d..00000000 --- a/puppet/hieradata/object.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Hiera data for swift storage nodes -swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' -swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' - -swift::storage::all::object_pipeline: - - healthcheck - - recon - - object-server -swift::storage::all::container_pipeline: - - healthcheck - - container-server -swift::storage::all::account_pipeline: - - healthcheck - - account-server - -swift::proxy::keystone::operator_roles: - - admin - - swiftoperator - - ResellerAdmin - -object_classes: [] diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml deleted file mode 100644 index 8640c0a7..00000000 --- a/puppet/hieradata/volume.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# Hiera data here applies to all volume storage nodes - -# cinder -cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler - -cinder::config::cinder_config: - DEFAULT/nova_catalog_info: - value: 'compute:Compute Service:internalURL' - DEFAULT/swift_catalog_info: - value: 'object-store:swift:internalURL' - -cinder_user_enabled_backends: [] - -volume_classes: []
\ No newline at end of file diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 4add2f02..2653badf 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -13,49 +13,9 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - -if hiera('step') >= 1 { - - create_resources(kmod::load, hiera('kernel_modules'), {}) - create_resources(sysctl::value, hiera('sysctl_settings'), {}) - Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - - include ::timezone - - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } +if hiera('step') >= 4 { + hiera_include('ceph_classes', []) } -if hiera('step') >= 3 { - if str2bool(hiera('ceph_osd_selinux_permissive', true)) { - exec { 'set selinux to permissive on boot': - command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", - onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", - path => ['/usr/bin', '/usr/sbin'], - } - - exec { 'set selinux to permissive': - command => 'setenforce 0', - onlyif => "which setenforce && getenforce | grep -i 'enforcing'", - path => ['/usr/bin', '/usr/sbin'], - } -> Class['ceph::profile::osd'] - } - - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::client - include ::ceph::profile::osd - - hiera_include('ceph_classes') - package_manifest{'/var/lib/tripleo/installed-packages/overcloud_ceph': ensure => present} -} +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_ceph', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index cf20c0ca..f96c193c 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -13,211 +13,9 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - -create_resources(kmod::load, hiera('kernel_modules'), { }) -create_resources(sysctl::value, hiera('sysctl_settings'), { }) -Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - -include ::timezone - if hiera('step') >= 4 { - - file { ['/etc/libvirt/qemu/networks/autostart/default.xml', - '/etc/libvirt/qemu/networks/default.xml']: - ensure => absent, - before => Service['libvirt'], - } - # in case libvirt has been already running before the Puppet run, make - # sure the default network is destroyed - exec { 'libvirt-default-net-destroy': - command => '/usr/bin/virsh net-destroy default', - onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"', - before => Service['libvirt'], - } - - # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique - exec { 'reset-iscsi-initiator-name': - command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', - onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', - }-> - - file { '/etc/iscsi/.initiator_reset': - ensure => present, - } - - include ::nova - include ::nova::config - include ::nova::compute - - $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) - $rbd_persistent_storage = hiera('rbd_persistent_storage', false) - if $rbd_ephemeral_storage or $rbd_persistent_storage { - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::client - - $client_keys = hiera('ceph::profile::params::client_keys') - $client_user = join(['client.', hiera('ceph_client_user_name')]) - class { '::nova::compute::rbd': - libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], - } - } - - if hiera('cinder_enable_nfs_backend', false) { - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] - } - - package { 'nfs-utils': } -> Service['nova-compute'] - } - - if str2bool(hiera('nova::use_ipv6', false)) { - $vncserver_listen = '::0' - } else { - $vncserver_listen = '0.0.0.0' - } - - if $rbd_ephemeral_storage { - class { '::nova::compute::libvirt': - libvirt_disk_cachemodes => ['network=writeback'], - libvirt_hw_disk_discard => 'unmap', - vncserver_listen => $vncserver_listen, - } - } else { - class { '::nova::compute::libvirt' : - vncserver_listen => $vncserver_listen, - } - } - - nova_config { - 'DEFAULT/my_ip': value => $ipaddress; - 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; - 'DEFAULT/host': value => $fqdn; - } - - if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - file { '/etc/libvirt/qemu.conf': - ensure => present, - content => hiera('midonet_libvirt_qemu_data') - } - } - include ::nova::network::neutron - include ::neutron - include ::neutron::config - - # If the value of core plugin is set to 'nuage', - # include nuage agent, - # If the value of core plugin is set to 'midonet', - # include midonet agent, - # else use the default value of 'ml2' - if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { - include ::nuage::vrs - include ::nova::compute::neutron - - class { '::nuage::metadataagent': - nova_os_tenant_name => hiera('nova::api::admin_tenant_name'), - nova_os_password => hiera('nova_password'), - nova_metadata_ip => hiera('nova_metadata_node_ips'), - nova_auth_ip => hiera('keystone_public_api_virtual_ip'), - } - } - elsif hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - - # TODO(devvesa) provide non-controller ips for these services - $zookeeper_node_ips = hiera('neutron_api_node_ips') - $cassandra_node_ips = hiera('neutron_api_node_ips') - - class { '::tripleo::network::midonet::agent': - zookeeper_servers => $zookeeper_node_ips, - cassandra_seeds => $cassandra_node_ips - } - } - elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { - - include ::contrail::vrouter - # NOTE: it's not possible to use this class without a functional - # contrail controller up and running - #class {'::contrail::vrouter::provision_vrouter': - # require => Class['contrail::vrouter'], - #} - } - elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { - # forward all ipv4 traffic - # this is required for the vms to pass through the gateways public interface - sysctl::value { 'net.ipv4.ip_forward': value => '1' } - - # ifc_ctl_pp needs to be invoked by root as part of the vif.py when a VM is powered on - file { '/etc/sudoers.d/ifc_ctl_sudoers': - ensure => file, - owner => root, - group => root, - mode => '0440', - content => "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *\n", - } - } - else { - - # NOTE: this code won't live in puppet-neutron until Neutron OVS agent - # can be gracefully restarted. See https://review.openstack.org/#/c/297211 - # In the meantime, it's safe to restart the agent on each change in neutron.conf, - # because Puppet changes are supposed to be done during bootstrap and upgrades. - # Some resource managed by Neutron_config (like messaging and logging options) require - # a restart of OVS agent. This code does it. - # In Newton, OVS agent will be able to be restarted gracefully so we'll drop the code - # from here and fix it in puppet-neutron. - Neutron_config<||> ~> Service['neutron-ovs-agent-service'] - - include ::neutron::plugins::ml2 - include ::neutron::agents::ml2::ovs - - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), - } - } - - if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::agents::bigswitch - } - } - - neutron_config { - 'DEFAULT/host': value => $fqdn; - } - - include ::ceilometer - include ::ceilometer::config - include ::ceilometer::agent::compute - include ::ceilometer::agent::auth - - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - - hiera_include('compute_classes') - package_manifest{ '/var/lib/tripleo/installed-packages/overcloud_compute': ensure => present } - + hiera_include('compute_classes', []) } + +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_compute', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 53bf62c7..25bdbfb2 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -13,568 +13,9 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - -$enable_load_balancer = hiera('enable_load_balancer', true) - -if hiera('step') >= 1 { - - create_resources(kmod::load, hiera('kernel_modules'), {}) - create_resources(sysctl::value, hiera('sysctl_settings'), {}) - Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - -} - -if hiera('step') >= 2 { - - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } - - include ::timezone - - # MongoDB - if downcase(hiera('ceilometer_backend')) == 'mongodb' { - include ::mongodb::globals - include ::mongodb::client - include ::mongodb::server - # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and - # without the brackets as 'members' argument for the 'mongodb_replset' - # resource. - if str2bool(hiera('mongodb::server::ipv6', false)) { - $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') - $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') - } else { - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') - } - $mongo_node_string = join($mongo_node_ips_with_port, ',') - - $mongodb_replset = hiera('mongodb::server::replset') - $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" - if downcase(hiera('bootstrap_nodeid')) == $::hostname { - mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port_nobr, - } - } - } - - # Redis - $redis_node_ips = hiera('redis_node_ips') - $redis_master_hostname = downcase(hiera('bootstrap_nodeid')) - - if $redis_master_hostname == $::hostname { - $slaveof = undef - } else { - $slaveof = "${redis_master_hostname} 6379" - } - class {'::redis' : - slaveof => $slaveof, - } - - if count($redis_node_ips) > 1 { - Class['::tripleo::redis_notification'] -> Service['redis-sentinel'] - include ::redis::sentinel - include ::tripleo::redis_notification - } - - if str2bool(hiera('enable_galera', true)) { - $mysql_config_file = '/etc/my.cnf.d/galera.cnf' - } else { - $mysql_config_file = '/etc/my.cnf.d/server.cnf' - } - # TODO Galara - # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we - # set bind-address to a hostname instead of an ip address; to move Mysql - # from internal_api on another network we'll have to customize both - # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap - class { '::mysql::server': - config_file => $mysql_config_file, - override_options => { - 'mysqld' => { - 'bind-address' => $::hostname, - 'max_connections' => hiera('mysql_max_connections'), - 'open_files_limit' => '-1', - }, - }, - remove_default_accounts => true, - } - - # FIXME: this should only occur on the bootstrap host (ditto for db syncs) - # Create all the database schemas - include ::nova::db::mysql - include ::nova::db::mysql_api - include ::neutron::db::mysql - include ::cinder::db::mysql - include ::sahara::db::mysql - if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { - include ::gnocchi::db::mysql - } - if downcase(hiera('ceilometer_backend')) == 'mysql' { - include ::ceilometer::db::mysql - include ::aodh::db::mysql - } - - $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) - - if $enable_ceph { - $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_initial_members => $mon_initial_members, - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::mon - } - - if str2bool(hiera('enable_ceph_storage', false)) { - if str2bool(hiera('ceph_osd_selinux_permissive', true)) { - exec { 'set selinux to permissive on boot': - command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", - onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", - path => ['/usr/bin', '/usr/sbin'], - } - - exec { 'set selinux to permissive': - command => 'setenforce 0', - onlyif => "which setenforce && getenforce | grep -i 'enforcing'", - path => ['/usr/bin', '/usr/sbin'], - } -> Class['ceph::profile::osd'] - } - - include ::ceph::conf - include ::ceph::profile::osd - } - - if str2bool(hiera('enable_external_ceph', false)) { - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::client - } - -} #END STEP 2 - if hiera('step') >= 4 { - - $nova_ipv6 = hiera('nova::use_ipv6', false) - if $nova_ipv6 { - $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') - } else { - $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') - } - - class { '::nova' : - memcached_servers => $memcached_servers - } - include ::nova::config - include ::nova::api - include ::nova::cert - include ::nova::conductor - include ::nova::consoleauth - include ::nova::network::neutron - include ::nova::vncproxy - include ::nova::scheduler - include ::nova::scheduler::filter - - if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - - # TODO(devvesa) provide non-controller ips for these services - $zookeeper_node_ips = hiera('neutron_api_node_ips') - $cassandra_node_ips = hiera('neutron_api_node_ips') - - # Run zookeeper in the controller if configured - if hiera('enable_zookeeper_on_controller') { - class {'::tripleo::cluster::zookeeper': - zookeeper_server_ips => $zookeeper_node_ips, - # TODO: create a 'bind' hiera key for zookeeper - zookeeper_client_ip => hiera('neutron::bind_host'), - zookeeper_hostnames => hiera('controller_node_names') - } - } - - # Run cassandra in the controller if configured - if hiera('enable_cassandra_on_controller') { - class {'::tripleo::cluster::cassandra': - cassandra_servers => $cassandra_node_ips, - # TODO: create a 'bind' hiera key for cassandra - cassandra_ip => hiera('neutron::bind_host'), - } - } - - class {'::tripleo::network::midonet::agent': - zookeeper_servers => $zookeeper_node_ips, - cassandra_seeds => $cassandra_node_ips - } - - class {'::tripleo::network::midonet::api': - zookeeper_servers => $zookeeper_node_ips, - vip => hiera('public_virtual_ip'), - keystone_ip => hiera('public_virtual_ip'), - keystone_admin_token => hiera('keystone::admin_token'), - # TODO: create a 'bind' hiera key for api - bind_address => hiera('neutron::bind_host'), - admin_password => hiera('admin_password') - } - - # TODO: find a way to get an empty list from hiera - class {'::neutron': - service_plugins => [] - } - - } - else { - - # ML2 plugin - include ::neutron - } - - include ::neutron::config - include ::neutron::server - include ::neutron::server::notifications - - # If the value of core plugin is set to 'nuage' or'opencontrail' or 'plumgrid', - # include nuage or opencontrail or plumgrid core plugins - # else use the default value of 'ml2' - if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { - include ::neutron::plugins::nuage - } elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { - include ::neutron::plugins::opencontrail - } - elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { - class { '::neutron::plugins::plumgrid' : - connection => hiera('neutron::server::database_connection'), - controller_priv_host => hiera('keystone_admin_api_vip'), - admin_password => hiera('admin_password'), - metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), - } - } else { - - # If the value of core plugin is set to 'midonet', - # skip all the ML2 configuration - if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - - class {'::neutron::plugins::midonet': - midonet_api_ip => hiera('public_virtual_ip'), - keystone_tenant => hiera('neutron::server::auth_tenant'), - keystone_password => hiera('neutron::server::password') - } - } else { - - include ::neutron::plugins::ml2 - include ::neutron::agents::ml2::ovs - - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus1000v - - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), - } - - class { '::n1k_vsm': - n1kv_source => hiera('n1kv_vsm_source', undef), - n1kv_version => hiera('n1kv_vsm_version', undef), - pacemaker_control => false, - } - } - - if 'cisco_ucsm' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::ucsm - } - if 'cisco_nexus' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus - include ::neutron::plugins::ml2::cisco::type_nexus_vxlan - } - - if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::bigswitch::restproxy - include ::neutron::agents::bigswitch - } - Service['neutron-server'] -> Service['neutron-ovs-agent-service'] - } - - Service['neutron-server'] -> Service['neutron-metadata'] - } - - include ::cinder - include ::cinder::config - include ::cinder::api - include ::cinder::glance - include ::cinder::scheduler - include ::cinder::volume - include ::cinder::ceilometer - class { '::cinder::setup_test_volume': - size => join([hiera('cinder_lvm_loop_device_size'), 'M']), - } - - $cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) - if $cinder_enable_iscsi { - $cinder_iscsi_backend = 'tripleo_iscsi' - - cinder::backend::iscsi { $cinder_iscsi_backend : - iscsi_ip_address => hiera('cinder_iscsi_ip_address'), - iscsi_helper => hiera('cinder_iscsi_helper'), - } - } - - if $enable_ceph { - - $ceph_pools = hiera('ceph_pools') - ceph::pool { $ceph_pools : - pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), - pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), - size => hiera('ceph::profile::params::osd_pool_default_size'), - } - - $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] - - } else { - $cinder_pool_requires = [] - } - - if hiera('cinder_enable_rbd_backend', false) { - $cinder_rbd_backend = 'tripleo_ceph' - - cinder::backend::rbd { $cinder_rbd_backend : - backend_host => hiera('cinder::host'), - rbd_pool => hiera('cinder_rbd_pool_name'), - rbd_user => hiera('ceph_client_user_name'), - rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => $cinder_pool_requires, - } - } - - if hiera('cinder_enable_eqlx_backend', false) { - $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - - cinder::backend::eqlx { $cinder_eqlx_backend : - volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), - san_ip => hiera('cinder::backend::eqlx::san_ip', undef), - san_login => hiera('cinder::backend::eqlx::san_login', undef), - san_password => hiera('cinder::backend::eqlx::san_password', undef), - san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), - eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), - eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), - eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), - eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), - } - } - - if hiera('cinder_enable_dellsc_backend', false) { - $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : - volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), - san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), - san_login => hiera('cinder::backend::dellsc_iscsi::san_login', undef), - san_password => hiera('cinder::backend::dellsc_iscsi::san_password', undef), - dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), - iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), - iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), - dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), - dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), - } - } - - if hiera('cinder_enable_netapp_backend', false) { - $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - - if hiera('cinder::backend::netapp::nfs_shares', undef) { - $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') - } - - cinder::backend::netapp { $cinder_netapp_backend : - netapp_login => hiera('cinder::backend::netapp::netapp_login', undef), - netapp_password => hiera('cinder::backend::netapp::netapp_password', undef), - netapp_server_hostname => hiera('cinder::backend::netapp::netapp_server_hostname', undef), - netapp_server_port => hiera('cinder::backend::netapp::netapp_server_port', undef), - netapp_size_multiplier => hiera('cinder::backend::netapp::netapp_size_multiplier', undef), - netapp_storage_family => hiera('cinder::backend::netapp::netapp_storage_family', undef), - netapp_storage_protocol => hiera('cinder::backend::netapp::netapp_storage_protocol', undef), - netapp_transport_type => hiera('cinder::backend::netapp::netapp_transport_type', undef), - netapp_vfiler => hiera('cinder::backend::netapp::netapp_vfiler', undef), - netapp_volume_list => hiera('cinder::backend::netapp::netapp_volume_list', undef), - netapp_vserver => hiera('cinder::backend::netapp::netapp_vserver', undef), - netapp_partner_backend_name => hiera('cinder::backend::netapp::netapp_partner_backend_name', undef), - nfs_shares => $cinder_netapp_nfs_shares, - nfs_shares_config => hiera('cinder::backend::netapp::nfs_shares_config', undef), - netapp_copyoffload_tool_path => hiera('cinder::backend::netapp::netapp_copyoffload_tool_path', undef), - netapp_controller_ips => hiera('cinder::backend::netapp::netapp_controller_ips', undef), - netapp_sa_password => hiera('cinder::backend::netapp::netapp_sa_password', undef), - netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef), - netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef), - netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef), - } - } - - if hiera('cinder_enable_nfs_backend', false) { - $cinder_nfs_backend = 'tripleo_nfs' - - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] - } - - package {'nfs-utils': } -> - cinder::backend::nfs { $cinder_nfs_backend : - nfs_servers => hiera('cinder_nfs_servers'), - nfs_mount_options => hiera('cinder_nfs_mount_options',''), - nfs_shares_config => '/etc/cinder/shares-nfs.conf', - } - } - - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) - class { '::cinder::backends' : - enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), - } - - # swift storage - if str2bool(hiera('enable_swift_storage', true)) { - class { '::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), - } - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } - } - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - } - - # Ceilometer - $ceilometer_backend = downcase(hiera('ceilometer_backend')) - case $ceilometer_backend { - /mysql/ : { - $ceilometer_database_connection = hiera('ceilometer_mysql_conn_string') - } - default : { - $ceilometer_database_connection = $ceilometer_mongodb_conn_string - } - } - include ::ceilometer - include ::ceilometer::config - include ::ceilometer::api - include ::ceilometer::agent::notification - include ::ceilometer::agent::central - include ::ceilometer::expirer - include ::ceilometer::collector - include ::ceilometer::agent::auth - include ::ceilometer::dispatcher::gnocchi - class { '::ceilometer::db' : - database_connection => $ceilometer_database_connection, - } - - Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } - - # Aodh - class { '::aodh' : - database_connection => $ceilometer_database_connection, - } - include ::aodh::db::sync - # To manage the upgrade: - Exec['ceilometer-dbsync'] -> Exec['aodh-db-sync'] - include ::aodh::auth - include ::aodh::api - include ::aodh::wsgi::apache - include ::aodh::evaluator - include ::aodh::notifier - include ::aodh::listener - include ::aodh::client - - # Sahara - include ::sahara - include ::sahara::service::api - include ::sahara::service::engine - - # Horizon - include ::apache::mod::remoteip - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - $_profile_support = 'cisco' - } else { - $_profile_support = 'None' - } - $neutron_options = {'profile_support' => $_profile_support } - - $memcached_ipv6 = hiera('memcached_ipv6', false) - if $memcached_ipv6 { - $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') - } else { - $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') - } - - class { '::horizon': - cache_server_ip => $horizon_memcached_servers, - neutron_options => $neutron_options, - } - - # Gnocchi - $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string') - class { '::gnocchi': - database_connection => $gnocchi_database_connection, - } - include ::gnocchi::api - include ::gnocchi::wsgi::apache - include ::gnocchi::client - include ::gnocchi::db::sync - include ::gnocchi::storage - include ::gnocchi::metricd - include ::gnocchi::statsd - $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')) - case $gnocchi_backend { - 'swift': { include ::gnocchi::storage::swift } - 'file': { include ::gnocchi::storage::file } - 'rbd': { include ::gnocchi::storage::ceph } - default: { fail('Unrecognized gnocchi_backend parameter.') } - } - - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - - hiera_include('controller_classes') - -} #END STEP 4 - -if hiera('step') >= 5 { - $nova_enable_db_purge = hiera('nova_enable_db_purge', true) - $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) - - if $nova_enable_db_purge { - include ::nova::cron::archive_deleted_rows - } - if $cinder_enable_db_purge { - include ::cinder::cron::db_purge - } -} #END STEP 5 + hiera_include('controller_classes', []) +} $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index d6d14a83..d329d5fc 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -13,1386 +13,9 @@ # License for the specific language governing permissions and limitations # under the License. -Pcmk_resource <| |> { - tries => 10, - try_sleep => 3, +if hiera('step') >= 4 { + hiera_include('controller_classes', []) } -# TODO(jistr): use pcs resource provider instead of just no-ops -Service <| - tag == 'aodh-service' or - tag == 'cinder-service' or - tag == 'ceilometer-service' or - tag == 'gnocchi-service' or - tag == 'neutron-service' or - tag == 'nova-service' or - tag == 'sahara-service' -|> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', -} - -include ::tripleo::packages -include ::tripleo::firewall - -if $::hostname == downcase(hiera('bootstrap_nodeid')) { - $pacemaker_master = true - $sync_db = true -} else { - $pacemaker_master = false - $sync_db = false -} - -$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5 -$enable_load_balancer = hiera('enable_load_balancer', true) - -# When to start and enable services which haven't been Pacemakerized -# FIXME: remove when we start all OpenStack services using Pacemaker -# (occurrences of this variable will be gradually replaced with false) -$non_pcmk_start = hiera('step') >= 5 - -if hiera('step') >= 1 { - - create_resources(kmod::load, hiera('kernel_modules'), {}) - create_resources(sysctl::value, hiera('sysctl_settings'), {}) - Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - - include ::timezone - - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } - - $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) - $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) - if $corosync_ipv6 { - $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000), '--ipv6' => '' } - } else { - $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000) } - } - class { '::pacemaker': - hacluster_pwd => hiera('hacluster_pwd'), - } -> - class { '::pacemaker::corosync': - cluster_members => $pacemaker_cluster_members, - setup_cluster => $pacemaker_master, - cluster_setup_extras => $cluster_setup_extras, - } - class { '::pacemaker::stonith': - disable => !$enable_fencing, - } - if $enable_fencing { - include ::tripleo::fencing - - # enable stonith after all Pacemaker resources have been created - Pcmk_resource<||> -> Class['tripleo::fencing'] - Pcmk_constraint<||> -> Class['tripleo::fencing'] - Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing'] - # enable stonith after all fencing devices have been created - Class['tripleo::fencing'] -> Class['pacemaker::stonith'] - } - - # FIXME(gfidente): sets 200secs as default start timeout op - # param; until we can use pcmk global defaults we'll still - # need to add it to every resource which redefines op params - Pacemaker::Resource::Service { - op_params => 'start timeout=200s stop timeout=200s', - } - - if downcase(hiera('ceilometer_backend')) == 'mongodb' { - include ::mongodb::globals - include ::mongodb::client - class { '::mongodb::server' : - service_manage => false, - } - } - - # Redis - class { '::redis' : - service_manage => false, - notify_service => false, - } - - # Galera - if str2bool(hiera('enable_galera', true)) { - $mysql_config_file = '/etc/my.cnf.d/galera.cnf' - } else { - $mysql_config_file = '/etc/my.cnf.d/server.cnf' - } - $galera_nodes = downcase(hiera('galera_node_names', $::hostname)) - $galera_nodes_count = count(split($galera_nodes, ',')) - - # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we - # set bind-address to a hostname instead of an ip address; to move Mysql - # from internal_api on another network we'll have to customize both - # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap - $mysql_bind_host = hiera('mysql_bind_host') - $mysqld_options = { - 'mysqld' => { - 'skip-name-resolve' => '1', - 'binlog_format' => 'ROW', - 'default-storage-engine' => 'innodb', - 'innodb_autoinc_lock_mode' => '2', - 'innodb_locks_unsafe_for_binlog'=> '1', - 'query_cache_size' => '0', - 'query_cache_type' => '0', - 'bind-address' => $::hostname, - 'max_connections' => hiera('mysql_max_connections'), - 'open_files_limit' => '-1', - 'wsrep_on' => 'ON', - 'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so', - 'wsrep_cluster_name' => 'galera_cluster', - 'wsrep_cluster_address' => "gcomm://${galera_nodes}", - 'wsrep_slave_threads' => '1', - 'wsrep_certify_nonPK' => '1', - 'wsrep_max_ws_rows' => '131072', - 'wsrep_max_ws_size' => '1073741824', - 'wsrep_debug' => '0', - 'wsrep_convert_LOCK_to_trx' => '0', - 'wsrep_retry_autocommit' => '1', - 'wsrep_auto_increment_control' => '1', - 'wsrep_drupal_282555_workaround'=> '0', - 'wsrep_causal_reads' => '0', - 'wsrep_sst_method' => 'rsync', - 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;", - }, - } - - class { '::mysql::server': - create_root_user => false, - create_root_my_cnf => false, - config_file => $mysql_config_file, - override_options => $mysqld_options, - remove_default_accounts => $pacemaker_master, - service_manage => false, - service_enabled => false, - } - -} - -if hiera('step') >= 2 { - - # NOTE(gfidente): the following vars are needed on all nodes so they - # need to stay out of pacemaker_master conditional. - # The addresses mangling will hopefully go away when we'll be able to - # configure the connection string via hostnames, until then, we need to pass - # the list of IPv6 addresses *with* port and without the brackets as 'members' - # argument for the 'mongodb_replset' resource. - if str2bool(hiera('mongodb::server::ipv6', false)) { - $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') - $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') - } else { - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') - } - $mongodb_replset = hiera('mongodb::server::replset') - - if $pacemaker_master { - - include ::pacemaker::resource_defaults - - # Create an openstack-core dummy resource. See RHBZ 1290121 - pacemaker::resource::ocf { 'openstack-core': - ocf_agent_name => 'heartbeat:Dummy', - clone_params => true, - } - - if downcase(hiera('ceilometer_backend')) == 'mongodb' { - pacemaker::resource::service { $::mongodb::params::service_name : - op_params => 'start timeout=370s stop timeout=200s', - clone_params => true, - require => Class['::mongodb::server'], - } - # NOTE (spredzy) : The replset can only be run - # once all the nodes have joined the cluster. - mongodb_conn_validator { $mongo_node_ips_with_port : - timeout => '600', - require => Pacemaker::Resource::Service[$::mongodb::params::service_name], - before => Mongodb_replset[$mongodb_replset], - } - mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port_nobr, - } - } - - pacemaker::resource::ocf { 'galera' : - ocf_agent_name => 'heartbeat:galera', - op_params => 'promote timeout=300s on-fail=block', - master_params => '', - meta_params => "master-max=${galera_nodes_count} ordered=true", - resource_params => "additional_parameters='--open-files-limit=16384' enable_creation=true wsrep_cluster_address='gcomm://${galera_nodes}'", - require => Class['::mysql::server'], - before => Exec['galera-ready'], - } - - pacemaker::resource::ocf { 'redis': - ocf_agent_name => 'heartbeat:redis', - master_params => '', - meta_params => 'notify=true ordered=true interleave=true', - resource_params => 'wait_last_known_master=true', - require => Class['::redis'], - } - - } - $mysql_root_password = hiera('mysql::server::root_password') - $mysql_clustercheck_password = hiera('mysql_clustercheck_password') - # This step is to create a sysconfig clustercheck file with the root user and empty password - # on the first install only (because later on the clustercheck db user will be used) - # We are using exec and not file in order to not have duplicate definition errors in puppet - # when we later set the the file to contain the clustercheck data - exec { 'create-root-sysconfig-clustercheck': - command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck", - unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck', - } - - exec { 'galera-ready' : - command => '/usr/bin/clustercheck >/dev/null', - timeout => 30, - tries => 180, - try_sleep => 10, - environment => ['AVAILABLE_WHEN_READONLY=0'], - require => Exec['create-root-sysconfig-clustercheck'], - } - - xinetd::service { 'galera-monitor' : - port => '9200', - server => '/usr/bin/clustercheck', - per_source => 'UNLIMITED', - log_on_success => '', - log_on_failure => 'HOST', - flags => 'REUSE', - service_type => 'UNLISTED', - user => 'root', - group => 'root', - require => Exec['create-root-sysconfig-clustercheck'], - } - # We add a clustercheck db user and we will switch /etc/sysconfig/clustercheck - # to it in a later step. We do this only on one node as it will replicate on - # the other members. We also make sure that the permissions are the minimum necessary - if $pacemaker_master { - mysql_user { 'clustercheck@localhost': - ensure => 'present', - password_hash => mysql_password($mysql_clustercheck_password), - require => Exec['galera-ready'], - } - mysql_grant { 'clustercheck@localhost/*.*': - ensure => 'present', - options => ['GRANT'], - privileges => ['PROCESS'], - table => '*.*', - user => 'clustercheck@localhost', - } - } - - # Create all the database schemas - if $sync_db { - class { '::nova::db::mysql': - require => Exec['galera-ready'], - } - class { '::nova::db::mysql_api': - require => Exec['galera-ready'], - } - class { '::neutron::db::mysql': - require => Exec['galera-ready'], - } - class { '::cinder::db::mysql': - require => Exec['galera-ready'], - } - - if downcase(hiera('ceilometer_backend')) == 'mysql' { - class { '::ceilometer::db::mysql': - require => Exec['galera-ready'], - } - } - - if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { - class { '::gnocchi::db::mysql': - require => Exec['galera-ready'], - } - } - class { '::sahara::db::mysql': - require => Exec['galera-ready'], - } - } - - # Ceph - $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) - - if $enable_ceph { - $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_initial_members => $mon_initial_members, - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::mon - } - - if str2bool(hiera('enable_ceph_storage', false)) { - if str2bool(hiera('ceph_osd_selinux_permissive', true)) { - exec { 'set selinux to permissive on boot': - command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", - onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", - path => ['/usr/bin', '/usr/sbin'], - } - - exec { 'set selinux to permissive': - command => 'setenforce 0', - onlyif => "which setenforce && getenforce | grep -i 'enforcing'", - path => ['/usr/bin', '/usr/sbin'], - } -> Class['ceph::profile::osd'] - } - - include ::ceph::conf - include ::ceph::profile::osd - } - - if str2bool(hiera('enable_external_ceph', false)) { - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::client - } - - -} #END STEP 2 - -if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { - # At this stage we are guaranteed that the clustercheck db user exists - # so we switch the resource agent to use it. - file { '/etc/sysconfig/clustercheck' : - ensure => file, - mode => '0600', - owner => 'root', - group => 'root', - content => "MYSQL_USERNAME=clustercheck\n -MYSQL_PASSWORD='${mysql_clustercheck_password}'\n -MYSQL_HOST=localhost\n", - } - - $nova_ipv6 = hiera('nova::use_ipv6', false) - if $nova_ipv6 { - $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') - } else { - $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') - } - - class { '::nova' : - memcached_servers => $memcached_servers - } - - include ::nova::config - - class { '::nova::api' : - sync_db => $sync_db, - sync_db_api => $sync_db, - manage_service => false, - enabled => false, - } - class { '::nova::cert' : - manage_service => false, - enabled => false, - } - class { '::nova::conductor' : - manage_service => false, - enabled => false, - } - class { '::nova::consoleauth' : - manage_service => false, - enabled => false, - } - class { '::nova::vncproxy' : - manage_service => false, - enabled => false, - } - include ::nova::scheduler::filter - class { '::nova::scheduler' : - manage_service => false, - enabled => false, - } - include ::nova::network::neutron - - if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - - # TODO(devvesa) provide non-controller ips for these services - $zookeeper_node_ips = hiera('neutron_api_node_ips') - $cassandra_node_ips = hiera('neutron_api_node_ips') - - # Run zookeeper in the controller if configured - if hiera('enable_zookeeper_on_controller') { - class {'::tripleo::cluster::zookeeper': - zookeeper_server_ips => $zookeeper_node_ips, - # TODO: create a 'bind' hiera key for zookeeper - zookeeper_client_ip => hiera('neutron::bind_host'), - zookeeper_hostnames => split(hiera('controller_node_names'), ',') - } - } - - # Run cassandra in the controller if configured - if hiera('enable_cassandra_on_controller') { - class {'::tripleo::cluster::cassandra': - cassandra_servers => $cassandra_node_ips, - # TODO: create a 'bind' hiera key for cassandra - cassandra_ip => hiera('neutron::bind_host'), - } - } - - class {'::tripleo::network::midonet::agent': - zookeeper_servers => $zookeeper_node_ips, - cassandra_seeds => $cassandra_node_ips - } - - class {'::tripleo::network::midonet::api': - zookeeper_servers => $zookeeper_node_ips, - vip => hiera('public_virtual_ip'), - keystone_ip => hiera('public_virtual_ip'), - keystone_admin_token => hiera('keystone::admin_token'), - # TODO: create a 'bind' hiera key for api - bind_address => hiera('neutron::bind_host'), - admin_password => hiera('admin_password') - } - - # Configure Neutron - class {'::neutron': - service_plugins => [] - } - - } - else { - # Neutron class definitions - include ::neutron - } - - include ::neutron::config - class { '::neutron::server' : - sync_db => $sync_db, - manage_service => false, - enabled => false, - } - include ::neutron::server::notifications - if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { - include ::neutron::plugins::nuage - } - if hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { - include ::neutron::plugins::opencontrail - } - if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - class {'::neutron::plugins::midonet': - midonet_api_ip => hiera('public_virtual_ip'), - keystone_tenant => hiera('neutron::server::auth_tenant'), - keystone_password => hiera('neutron::server::password') - } - } - if hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { - class { '::neutron::plugins::plumgrid' : - connection => hiera('neutron::server::database_connection'), - controller_priv_host => hiera('keystone_admin_api_vip'), - admin_password => hiera('admin_password'), - metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), - } - } - include ::neutron::plugins::ml2 - class { '::neutron::agents::ml2::ovs': - manage_service => false, - enabled => false, - } - - if 'cisco_ucsm' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::ucsm - } - if 'cisco_nexus' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus - include ::neutron::plugins::ml2::cisco::type_nexus_vxlan - } - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus1000v - - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), - } - - class { '::n1k_vsm': - n1kv_source => hiera('n1kv_vsm_source', undef), - n1kv_version => hiera('n1kv_vsm_version', undef), - } - } - - if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::bigswitch::restproxy - include ::neutron::agents::bigswitch - } - - include ::cinder - include ::cinder::config - class { '::cinder::api': - sync_db => $sync_db, - manage_service => false, - enabled => false, - } - class { '::cinder::scheduler' : - manage_service => false, - enabled => false, - } - class { '::cinder::volume' : - manage_service => false, - enabled => false, - } - include ::cinder::glance - include ::cinder::ceilometer - class { '::cinder::setup_test_volume': - size => join([hiera('cinder_lvm_loop_device_size'), 'M']), - } - - $cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) - if $cinder_enable_iscsi { - $cinder_iscsi_backend = 'tripleo_iscsi' - - cinder::backend::iscsi { $cinder_iscsi_backend : - iscsi_ip_address => hiera('cinder_iscsi_ip_address'), - iscsi_helper => hiera('cinder_iscsi_helper'), - } - } - - if $enable_ceph { - - $ceph_pools = hiera('ceph_pools') - ceph::pool { $ceph_pools : - pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), - pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), - size => hiera('ceph::profile::params::osd_pool_default_size'), - } - - $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] - - } else { - $cinder_pool_requires = [] - } - - if hiera('cinder_enable_rbd_backend', false) { - $cinder_rbd_backend = 'tripleo_ceph' - - cinder::backend::rbd { $cinder_rbd_backend : - backend_host => hiera('cinder::host'), - rbd_pool => hiera('cinder_rbd_pool_name'), - rbd_user => hiera('ceph_client_user_name'), - rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => $cinder_pool_requires, - } - } - - if hiera('cinder_enable_eqlx_backend', false) { - $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - - cinder::backend::eqlx { $cinder_eqlx_backend : - volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), - san_ip => hiera('cinder::backend::eqlx::san_ip', undef), - san_login => hiera('cinder::backend::eqlx::san_login', undef), - san_password => hiera('cinder::backend::eqlx::san_password', undef), - san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), - eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), - eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), - eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), - eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), - } - } - - if hiera('cinder_enable_dellsc_backend', false) { - $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : - volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), - san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), - san_login => hiera('cinder::backend::dellsc_iscsi::san_login', undef), - san_password => hiera('cinder::backend::dellsc_iscsi::san_password', undef), - dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), - iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), - iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), - dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), - dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), - } - } - - if hiera('cinder_enable_netapp_backend', false) { - $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - - if hiera('cinder::backend::netapp::nfs_shares', undef) { - $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') - } - - cinder::backend::netapp { $cinder_netapp_backend : - netapp_login => hiera('cinder::backend::netapp::netapp_login', undef), - netapp_password => hiera('cinder::backend::netapp::netapp_password', undef), - netapp_server_hostname => hiera('cinder::backend::netapp::netapp_server_hostname', undef), - netapp_server_port => hiera('cinder::backend::netapp::netapp_server_port', undef), - netapp_size_multiplier => hiera('cinder::backend::netapp::netapp_size_multiplier', undef), - netapp_storage_family => hiera('cinder::backend::netapp::netapp_storage_family', undef), - netapp_storage_protocol => hiera('cinder::backend::netapp::netapp_storage_protocol', undef), - netapp_transport_type => hiera('cinder::backend::netapp::netapp_transport_type', undef), - netapp_vfiler => hiera('cinder::backend::netapp::netapp_vfiler', undef), - netapp_volume_list => hiera('cinder::backend::netapp::netapp_volume_list', undef), - netapp_vserver => hiera('cinder::backend::netapp::netapp_vserver', undef), - netapp_partner_backend_name => hiera('cinder::backend::netapp::netapp_partner_backend_name', undef), - nfs_shares => $cinder_netapp_nfs_shares, - nfs_shares_config => hiera('cinder::backend::netapp::nfs_shares_config', undef), - netapp_copyoffload_tool_path => hiera('cinder::backend::netapp::netapp_copyoffload_tool_path', undef), - netapp_controller_ips => hiera('cinder::backend::netapp::netapp_controller_ips', undef), - netapp_sa_password => hiera('cinder::backend::netapp::netapp_sa_password', undef), - netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef), - netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef), - netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef), - } - } - - if hiera('cinder_enable_nfs_backend', false) { - $cinder_nfs_backend = 'tripleo_nfs' - - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] - } - - package { 'nfs-utils': } -> - cinder::backend::nfs { $cinder_nfs_backend: - nfs_servers => hiera('cinder_nfs_servers'), - nfs_mount_options => hiera('cinder_nfs_mount_options',''), - nfs_shares_config => '/etc/cinder/shares-nfs.conf', - } - } - - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) - class { '::cinder::backends' : - enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), - } - - class { '::sahara': - sync_db => $sync_db, - } - class { '::sahara::service::api': - manage_service => false, - enabled => false, - } - class { '::sahara::service::engine': - manage_service => false, - enabled => false, - } - - # swift storage - if str2bool(hiera('enable_swift_storage', true)) { - class {'::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), - } - class {'::swift::storage::account': - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, - } - class {'::swift::storage::container': - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, - } - class {'::swift::storage::object': - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, - } - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } - } - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - } - - # Ceilometer - case downcase(hiera('ceilometer_backend')) { - /mysql/: { - $ceilometer_database_connection = hiera('ceilometer_mysql_conn_string') - } - default: { - $mongo_node_string = join($mongo_node_ips_with_port, ',') - $ceilometer_database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" - } - } - include ::ceilometer - include ::ceilometer::config - class { '::ceilometer::api' : - manage_service => false, - enabled => false, - } - class { '::ceilometer::agent::notification' : - manage_service => false, - enabled => false, - } - class { '::ceilometer::agent::central' : - manage_service => false, - enabled => false, - } - class { '::ceilometer::collector' : - manage_service => false, - enabled => false, - } - include ::ceilometer::expirer - class { '::ceilometer::db' : - database_connection => $ceilometer_database_connection, - sync_db => $sync_db, - } - include ::ceilometer::agent::auth - include ::ceilometer::dispatcher::gnocchi - - Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } - - # httpd/apache and horizon - # NOTE(gfidente): server-status can be consumed by the pacemaker resource agent - class { '::apache' : - service_enable => false, - # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? - } - include ::apache::mod::remoteip - include ::apache::mod::status - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - $_profile_support = 'cisco' - } else { - $_profile_support = 'None' - } - $neutron_options = {'profile_support' => $_profile_support } - - $memcached_ipv6 = hiera('memcached_ipv6', false) - if $memcached_ipv6 { - $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') - } else { - $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') - } - - class { '::horizon': - cache_server_ip => $horizon_memcached_servers, - neutron_options => $neutron_options, - } - - # Aodh - class { '::aodh' : - database_connection => $ceilometer_database_connection, - } - include ::aodh::config - include ::aodh::auth - include ::aodh::client - include ::aodh::wsgi::apache - class { '::aodh::api': - manage_service => false, - enabled => false, - service_name => 'httpd', - } - class { '::aodh::evaluator': - manage_service => false, - enabled => false, - } - class { '::aodh::notifier': - manage_service => false, - enabled => false, - } - class { '::aodh::listener': - manage_service => false, - enabled => false, - } - - # Gnocchi - $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string') - include ::gnocchi::client - if $sync_db { - include ::gnocchi::db::sync - } - include ::gnocchi::storage - $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')) - case $gnocchi_backend { - 'swift': { include ::gnocchi::storage::swift } - 'file': { include ::gnocchi::storage::file } - 'rbd': { include ::gnocchi::storage::ceph } - default: { fail('Unrecognized gnocchi_backend parameter.') } - } - class { '::gnocchi': - database_connection => $gnocchi_database_connection, - } - class { '::gnocchi::api' : - manage_service => false, - enabled => false, - service_name => 'httpd', - } - class { '::gnocchi::wsgi::apache' : - ssl => false, - } - class { '::gnocchi::metricd' : - manage_service => false, - enabled => false, - } - class { '::gnocchi::statsd' : - manage_service => false, - enabled => false, - } - - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - - hiera_include('controller_classes') - -} #END STEP 4 - -if hiera('step') >= 5 { - # We now make sure that the root db password is set to a random one - # At first installation /root/.my.cnf will be empty and we connect without a root - # password. On second runs or updates /root/.my.cnf will already be populated - # with proper credentials. This step happens on every node because this sql - # statement does not automatically replicate across nodes. - exec { 'galera-set-root-password': - command => "/bin/touch /root/.my.cnf && /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; flush privileges;\" | /bin/mysql --defaults-extra-file=/root/.my.cnf -u root", - } - file { '/root/.my.cnf' : - ensure => file, - mode => '0600', - owner => 'root', - group => 'root', - content => "[client] -user=root -password=\"${mysql_root_password}\" - -[mysql] -user=root -password=\"${mysql_root_password}\"", - require => Exec['galera-set-root-password'], - } - - $nova_enable_db_purge = hiera('nova_enable_db_purge', true) - $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) - - if $nova_enable_db_purge { - include ::nova::cron::archive_deleted_rows - } - if $cinder_enable_db_purge { - include ::cinder::cron::db_purge - } - - if $pacemaker_master { - - pacemaker::constraint::base { 'openstack-core-then-httpd-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::apache::params::service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::apache::params::service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'galera-then-openstack-core-constraint': - constraint_type => 'order', - first_resource => 'galera-master', - second_resource => 'openstack-core-clone', - first_action => 'promote', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['galera'], - Pacemaker::Resource::Ocf['openstack-core']], - } - - # Cinder - pacemaker::resource::service { $::cinder::params::api_service : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::cinder::params::scheduler_service : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::cinder::params::volume_service : } - - pacemaker::constraint::base { 'keystone-then-cinder-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::cinder::params::api_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::cinder::params::api_service]], - } - pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint': - constraint_type => 'order', - first_resource => "${::cinder::params::api_service}-clone", - second_resource => "${::cinder::params::scheduler_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], - } - pacemaker::constraint::colocation { 'cinder-scheduler-with-cinder-api-colocation': - source => "${::cinder::params::scheduler_service}-clone", - target => "${::cinder::params::api_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], - } - pacemaker::constraint::base { 'cinder-scheduler-then-cinder-volume-constraint': - constraint_type => 'order', - first_resource => "${::cinder::params::scheduler_service}-clone", - second_resource => $::cinder::params::volume_service, - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], - } - pacemaker::constraint::colocation { 'cinder-volume-with-cinder-scheduler-colocation': - source => $::cinder::params::volume_service, - target => "${::cinder::params::scheduler_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], - } - - # Sahara - pacemaker::resource::service { $::sahara::params::api_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::sahara::params::engine_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'keystone-then-sahara-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::sahara::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint': - constraint_type => 'order', - first_resource => "${::sahara::params::api_service_name}-clone", - second_resource => "${::sahara::params::engine_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], - Pacemaker::Resource::Service[$::sahara::params::engine_service_name]], - } - - if hiera('neutron::enable_ovs_agent', true) { - pacemaker::resource::service { $::neutron::params::ovs_agent_service: - clone_params => 'interleave=true', - } - } - if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - pacemaker::resource::service {'tomcat': - clone_params => 'interleave=true', - } - } - if hiera('neutron::enable_ovs_agent', true) { - pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service: - ocf_agent_name => 'neutron:OVSCleanup', - clone_params => 'interleave=true', - } - pacemaker::resource::ocf { 'neutron-netns-cleanup': - ocf_agent_name => 'neutron:NetnsCleanup', - clone_params => 'interleave=true', - } - - # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent - pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_cleanup_service}-clone", - second_resource => 'neutron-netns-cleanup-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], - } - pacemaker::constraint::colocation { 'neutron-ovs-cleanup-to-netns-cleanup-colocation': - source => 'neutron-netns-cleanup-clone', - target => "${::neutron::params::ovs_cleanup_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], - } - pacemaker::constraint::base { 'neutron-netns-cleanup-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => 'neutron-netns-cleanup-clone', - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - pacemaker::constraint::colocation { 'neutron-netns-cleanup-to-openvswitch-agent-colocation': - source => "${::neutron::params::ovs_agent_service}-clone", - target => 'neutron-netns-cleanup-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - } - if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - #midonet-chain chain keystone-->neutron-server-->dhcp-->metadata->tomcat - pacemaker::constraint::base { 'neutron-server-to-dhcp-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::dhcp_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - pacemaker::constraint::base { 'neutron-dhcp-agent-to-metadata-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::dhcp_agent_service}-clone", - second_resource => "${::neutron::params::metadata_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]], - } - pacemaker::constraint::base { 'neutron-metadata-agent-to-tomcat-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::metadata_agent_service}-clone", - second_resource => 'tomcat-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service], - Pacemaker::Resource::Service['tomcat']], - } - pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-metadata-agent-colocation': - source => "${::neutron::params::metadata_agent_service}-clone", - target => "${::neutron::params::dhcp_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]], - } - } - - # Nova - pacemaker::resource::service { $::nova::params::api_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::nova::params::conductor_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::nova::params::consoleauth_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::nova::params::vncproxy_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::nova::params::scheduler_service_name : - clone_params => 'interleave=true', - } - - pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::nova::params::consoleauth_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::consoleauth_service_name}-clone", - second_resource => "${::nova::params::vncproxy_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], - } - pacemaker::constraint::colocation { 'nova-vncproxy-with-nova-consoleauth-colocation': - source => "${::nova::params::vncproxy_service_name}-clone", - target => "${::nova::params::consoleauth_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], - } - pacemaker::constraint::base { 'nova-vncproxy-then-nova-api-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::vncproxy_service_name}-clone", - second_resource => "${::nova::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], - Pacemaker::Resource::Service[$::nova::params::api_service_name]], - } - pacemaker::constraint::colocation { 'nova-api-with-nova-vncproxy-colocation': - source => "${::nova::params::api_service_name}-clone", - target => "${::nova::params::vncproxy_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], - Pacemaker::Resource::Service[$::nova::params::api_service_name]], - } - pacemaker::constraint::base { 'nova-api-then-nova-scheduler-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::api_service_name}-clone", - second_resource => "${::nova::params::scheduler_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], - Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], - } - pacemaker::constraint::colocation { 'nova-scheduler-with-nova-api-colocation': - source => "${::nova::params::scheduler_service_name}-clone", - target => "${::nova::params::api_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], - Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], - } - pacemaker::constraint::base { 'nova-scheduler-then-nova-conductor-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::scheduler_service_name}-clone", - second_resource => "${::nova::params::conductor_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], - Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], - } - pacemaker::constraint::colocation { 'nova-conductor-with-nova-scheduler-colocation': - source => "${::nova::params::conductor_service_name}-clone", - target => "${::nova::params::scheduler_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], - Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], - } - - # Ceilometer and Aodh - case downcase(hiera('ceilometer_backend')) { - /mysql/: { - pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - } - default: { - pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: - clone_params => 'interleave=true', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::mongodb::params::service_name]], - } - } - } - pacemaker::resource::service { $::ceilometer::params::collector_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::ceilometer::params::api_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::ceilometer::params::agent_notification_service_name : - clone_params => 'interleave=true', - } - # Fedora doesn't know `require-all` parameter for constraints yet - if $::operatingsystem == 'Fedora' { - $redis_ceilometer_constraint_params = undef - $redis_aodh_constraint_params = undef - } else { - $redis_ceilometer_constraint_params = 'require-all=false' - $redis_aodh_constraint_params = 'require-all=false' - } - pacemaker::constraint::base { 'redis-then-ceilometer-central-constraint': - constraint_type => 'order', - first_resource => 'redis-master', - second_resource => "${::ceilometer::params::agent_central_service_name}-clone", - first_action => 'promote', - second_action => 'start', - constraint_params => $redis_ceilometer_constraint_params, - require => [Pacemaker::Resource::Ocf['redis'], - Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name]], - } - pacemaker::constraint::base { 'redis-then-aodh-evaluator-constraint': - constraint_type => 'order', - first_resource => 'redis-master', - second_resource => "${::aodh::params::evaluator_service_name}-clone", - first_action => 'promote', - second_action => 'start', - constraint_params => $redis_aodh_constraint_params, - require => [Pacemaker::Resource::Ocf['redis'], - Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name]], - } - pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::ceilometer::params::agent_central_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::ceilometer::params::agent_notification_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint': - constraint_type => 'order', - first_resource => "${::ceilometer::params::agent_central_service_name}-clone", - second_resource => "${::ceilometer::params::collector_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], - } - pacemaker::constraint::base { 'ceilometer-collector-then-ceilometer-api-constraint': - constraint_type => 'order', - first_resource => "${::ceilometer::params::collector_service_name}-clone", - second_resource => "${::ceilometer::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::api_service_name]], - } - pacemaker::constraint::colocation { 'ceilometer-api-with-ceilometer-collector-colocation': - source => "${::ceilometer::params::api_service_name}-clone", - target => "${::ceilometer::params::collector_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], - } - # Aodh - pacemaker::resource::service { $::aodh::params::evaluator_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::aodh::params::notifier_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::aodh::params::listener_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint': - constraint_type => 'order', - first_resource => "${::aodh::params::evaluator_service_name}-clone", - second_resource => "${::aodh::params::notifier_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], - } - pacemaker::constraint::colocation { 'aodh-notifier-with-aodh-evaluator-colocation': - source => "${::aodh::params::notifier_service_name}-clone", - target => "${::aodh::params::evaluator_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], - } - pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint': - constraint_type => 'order', - first_resource => "${::aodh::params::evaluator_service_name}-clone", - second_resource => "${::aodh::params::listener_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], - } - pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation': - source => "${::aodh::params::listener_service_name}-clone", - target => "${::aodh::params::evaluator_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], - } - if downcase(hiera('ceilometer_backend')) == 'mongodb' { - pacemaker::constraint::base { 'mongodb-then-ceilometer-central-constraint': - constraint_type => 'order', - first_resource => "${::mongodb::params::service_name}-clone", - second_resource => "${::ceilometer::params::agent_central_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Service[$::mongodb::params::service_name]], - } - } - - # gnocchi - pacemaker::resource::service { $::gnocchi::params::metricd_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::gnocchi::params::statsd_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'gnocchi-metricd-then-gnocchi-statsd-constraint': - constraint_type => 'order', - first_resource => "${::gnocchi::params::metricd_service_name}-clone", - second_resource => "${::gnocchi::params::statsd_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], - Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], - } - pacemaker::constraint::colocation { 'gnocchi-statsd-with-metricd-colocation': - source => "${::gnocchi::params::statsd_service_name}-clone", - target => "${::gnocchi::params::metricd_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], - Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], - } - - # Horizon and Keystone - pacemaker::resource::service { $::apache::params::service_name: - clone_params => 'interleave=true', - verify_on_create => true, - require => [File['/etc/keystone/ssl/certs/ca.pem'], - File['/etc/keystone/ssl/private/signing_key.pem'], - File['/etc/keystone/ssl/certs/signing_cert.pem']], - } - - #VSM - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - pacemaker::resource::ocf { 'vsm-p' : - ocf_agent_name => 'heartbeat:VirtualDomain', - resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml', - require => Class['n1k_vsm'], - meta_params => 'resource-stickiness=INFINITY', - } - if str2bool(hiera('n1k_vsm::pacemaker_control', true)) { - pacemaker::resource::ocf { 'vsm-s' : - ocf_agent_name => 'heartbeat:VirtualDomain', - resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml', - require => Class['n1k_vsm'], - meta_params => 'resource-stickiness=INFINITY', - } - pacemaker::constraint::colocation { 'vsm-colocation-contraint': - source => 'vsm-p', - target => 'vsm-s', - score => '-INFINITY', - require => [Pacemaker::Resource::Ocf['vsm-p'], - Pacemaker::Resource::Ocf['vsm-s']], - } - } - } - - } - -} #END STEP 5 - $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 3585c993..414a06ba 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -13,49 +13,9 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - -if hiera('step') >= 1 { - create_resources(kmod::load, hiera('kernel_modules'), {}) - create_resources(sysctl::value, hiera('sysctl_settings'), {}) - Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - - include ::timezone - - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } -} - if hiera('step') >= 4 { - class { '::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), - } - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } - } - - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - - hiera_include('object_classes') + hiera_include('object_classes', []) } -package_manifest{'/var/lib/tripleo/installed-packages/overcloud_object': ensure => present} +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_object', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 134dc43b..e1cdadd5 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -13,49 +13,9 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::packages -include ::tripleo::firewall - -create_resources(kmod::load, hiera('kernel_modules'), {}) -create_resources(sysctl::value, hiera('sysctl_settings'), {}) -Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - -include ::timezone - -include ::cinder -include ::cinder::config -include ::cinder::glance -include ::cinder::volume -include ::cinder::setup_test_volume - -$cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) -if $cinder_enable_iscsi { - $cinder_iscsi_backend = 'tripleo_iscsi' - - cinder::backend::iscsi { $cinder_iscsi_backend : - iscsi_ip_address => hiera('cinder_iscsi_ip_address'), - iscsi_helper => hiera('cinder_iscsi_helper'), - } -} - -$cinder_enabled_backends = any2array($cinder_iscsi_backend) -class { '::cinder::backends' : - enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), -} - -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], +if hiera('step') >= 4 { + hiera_include('volume_classes', []) } -hiera_include('volume_classes') -package_manifest{'/var/lib/tripleo/installed-packages/overcloud_volume': ensure => present} +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_volume', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp deleted file mode 100644 index 2411ff84..00000000 --- a/puppet/manifests/ringbuilder.pp +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -define add_devices( - $swift_zones = '1' -){ - - # NOTE(dprince): Swift zones is not yet properly wired into the Heat - # templates. See: https://review.openstack.org/#/c/97758/3 - # For now our regex supports the r1z1-192.0.2.6:%PORT%/d1 syntax or the - # newer r1z%<controller or SwiftStorage><N>%-192.0.2.6:%PORT%/d1 syntax. - $server_num_or_device = regsubst($name,'^r1z%+[A-Za-z]*([0-9]+)%+-(.*)$','\1') - if (is_integer($server_num_or_device)) { - $server_num = $server_num_or_device - } else { - $server_num = '1' - } - # Function to place server in its zone. Zone is calculated by - # server number in heat template modulo the number of zones + 1. - $zone = (($server_num%$swift_zones) + 1) - - # add the rings - $base = regsubst($name,'^r1.*-(.*)$','\1') - $object = regsubst($base, '%PORT%', '6000') - ring_object_device { $object: - zone => '1', - weight => 100, - } - $container = regsubst($base, '%PORT%', '6001') - ring_container_device { $container: - zone => '1', - weight => 100, - } - $account = regsubst($base, '%PORT%', '6002') - ring_account_device { $account: - zone => '1', - weight => 100, - } -} - -class tripleo::ringbuilder ( - $swift_zones = '1', - $devices = '', - $build_ring = true, - $part_power, - $replicas, - $min_part_hours, -) { - - validate_bool($build_ring) - - if $build_ring { - - $device_array = strip(split(rstrip($devices), ',')) - - # create local rings - swift::ringbuilder::create{ ['object', 'account', 'container']: - part_power => $part_power, - replicas => min(count($device_array), $replicas), - min_part_hours => $min_part_hours, - } -> - - # add all other devices - add_devices {$device_array: - swift_zones => $swift_zones, - } -> - - # rebalance - swift::ringbuilder::rebalance{ ['object', 'account', 'container']: - seed => 999, - } - - Ring_object_device<| |> ~> Exec['rebalance_object'] - Ring_object_device<| |> ~> Exec['rebalance_account'] - Ring_object_device<| |> ~> Exec['rebalance_container'] - - } -} - -if hiera('step') >= 2 { - # pre-install swift here so we can build rings - include ::swift -} - -if hiera('step') >= 3 { - include ::tripleo::ringbuilder -} diff --git a/puppet/objectstorage-config.yaml b/puppet/objectstorage-config.yaml new file mode 100644 index 00000000..33480544 --- /dev/null +++ b/puppet/objectstorage-config.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2015-04-30 + +description: > + A software config which runs manifests/overcloud_object.pp + +parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' + +resources: + + ObjectStoragePuppetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + inputs: + - name: step + type: Number + outputs: + - name: result + config: + list_join: + - '' + - - get_file: manifests/overcloud_object.pp + - {get_param: StepConfig} + +outputs: + OS::stack_id: + description: The software config which runs overcloud_controller.pp + value: {get_resource: ObjectStoragePuppetConfigImpl} diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml new file mode 100644 index 00000000..65c96ac2 --- /dev/null +++ b/puppet/post.j2.yaml @@ -0,0 +1,139 @@ +heat_template_version: 2016-10-14 + +description: > + Post-deploy configuration steps via puppet for all roles, + as defined in ../roles_data.yaml + +parameters: + servers: + type: json + description: Mapping of Role name e.g Controller to a list of servers + + role_data: + type: json + description: Mapping of Role name e.g Controller to the per-role data + + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. + +resources: + +{% for role in roles %} + # Post deployment steps for all roles + # A single config is re-applied with an incrementing step number + # {{role.name}} Role steps + {{role.name}}ArtifactsConfig: + type: deploy-artifacts.yaml + + {{role.name}}ArtifactsDeploy: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ArtifactsConfig} + + {{role.name}}PreConfig: + type: OS::TripleO::Tasks::{{role.name}}PreConfig + properties: + servers: {get_param: [servers, {{role.name}}]} + input_values: + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Config: + type: OS::TripleO::{{role.name}}Config + properties: + StepConfig: {get_param: [role_data, {{role.name}}, step_config]} + + # Step through a series of configuration steps + {{role.name}}Deployment_Step1: + type: OS::Heat::StructuredDeploymentGroup + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + properties: + name: {{role.name}}Deployment_Step1 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 1 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step2: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step1 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step2 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 2 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step3: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step2 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step3 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 3 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step4: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step3 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step4 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 4 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step5: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step4 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step5 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 5 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}PostConfig: + type: OS::TripleO::Tasks::{{role.name}}PostConfig + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step5 + {% endfor %} + properties: + servers: {get_param: servers} + input_values: + update_identifier: {get_param: DeployIdentifier} + + # Note, this should come last, so use depends_on to ensure + # this is created after any other resources. + {{role.name}}ExtraConfigPost: + depends_on: + {% for dep in roles %} + - {{dep.name}}PostConfig + {% endfor %} + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: [servers, {{role.name}}]} +{% endfor %} diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 15c8c1f1..8fe51fa3 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -31,6 +31,8 @@ are re-asserted when applying latter ones. * config_settings: Custom hiera settings for this service. + * global_config_settings: Additional hiera settings distributed to all roles. + * step_config: A puppet manifest that is used to step through the deployment sequence. Each sequence is given a "step" (via hiera('step') that provides information for when puppet classes should activate themselves. diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml new file mode 100644 index 00000000..f4f5bad8 --- /dev/null +++ b/puppet/services/aodh-api.yaml @@ -0,0 +1,80 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionAodhApi: + default: 'overcloud-ceilometer-aodh-api' + type: string + EnableCombinationAlarms: + default: false + description: Combination alarms are deprecated in Newton, hence disabled + by default. To enable, set this parameter to true. + type: boolean + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh API service. + value: + service_name: aodh_api + monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi} + config_settings: + map_merge: + - get_attr: [AodhBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] + - aodh::wsgi::apache::ssl: false + aodh::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} + aodh::api::service_name: 'httpd' + tripleo.aodh_api.firewall_rules: + '128 aodh-api': + dport: + - 8042 + - 13042 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]} + aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} + tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms} + service_config_settings: + get_attr: [AodhBase, role_data, service_config_settings] + step_config: | + include tripleo::profile::base::aodh::api diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml new file mode 100644 index 00000000..950e9026 --- /dev/null +++ b/puppet/services/aodh-base.yaml @@ -0,0 +1,107 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AodhPassword: + description: The password for the aodh services. + type: string + hidden: true + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +outputs: + role_data: + description: Role data for the Aodh role. + value: + service_name: aodh_base + config_settings: + aodh::evaluator::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - "%{hiera('redis_vip')}" + - ':6379/' + aodh::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://aodh:' + - {get_param: AodhPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/aodh' + aodh::debug: {get_param: Debug} + aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + aodh::rabbit_userid: {get_param: RabbitUserName} + aodh::rabbit_password: {get_param: RabbitPassword} + aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + aodh::rabbit_port: {get_param: RabbitClientPort} + aodh::keystone::authtoken::project_name: 'service' + aodh::keystone::authtoken::password: {get_param: AodhPassword} + aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + aodh::auth::auth_password: {get_param: AodhPassword} + aodh::auth::auth_region: 'regionOne' + aodh::auth::auth_tenant_name: 'service' + service_config_settings: + keystone: + aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} + aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} + aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} + aodh::keystone::auth::password: {get_param: AodhPassword} + aodh::keystone::auth::region: {get_param: KeystoneRegion} + aodh::keystone::auth::tenant: 'service' + mysql: + aodh::db::mysql::user: aodh + aodh::db::mysql::password: {get_param: AodhPassword} + aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + aodh::db::mysql::dbname: aodh + aodh::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml new file mode 100644 index 00000000..405c500e --- /dev/null +++ b/puppet/services/aodh-evaluator.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Evaluator service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionAodhEvaluator: + default: 'overcloud-ceilometer-aodh-evaluator' + type: string + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Evaluator service. + value: + service_name: aodh_evaluator + monitoring_subscription: {get_param: MonitoringSubscriptionAodhEvaluator} + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::evaluator diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml new file mode 100644 index 00000000..fc4e8b39 --- /dev/null +++ b/puppet/services/aodh-listener.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Listener service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionAodhListener: + default: 'overcloud-ceilometer-aodh-listener' + type: string + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Listener service. + value: + service_name: aodh_listener + monitoring_subscription: {get_param: MonitoringSubscriptionAodhListener} + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::listener diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml new file mode 100644 index 00000000..2e51c639 --- /dev/null +++ b/puppet/services/aodh-notifier.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Notifier service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionAodhNotifier: + default: 'overcloud-ceilometer-aodh-notifier' + type: string + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Notifier service. + value: + service_name: aodh_notifier + monitoring_subscription: {get_param: MonitoringSubscriptionAodhNotifier} + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::notifier diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml new file mode 100644 index 00000000..c9792019 --- /dev/null +++ b/puppet/services/apache.yaml @@ -0,0 +1,52 @@ +heat_template_version: 2016-10-14 + +description: > + Apache service configured with Puppet. Note this is typically included + automatically via other services which run via Apache. + +parameters: + ApacheMaxRequestWorkers: + default: 256 + description: Maximum number of simultaneously processed requests. + type: number + ApacheServerLimit: + default: 256 + description: Maximum number of Apache processes. + type: number + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Apache role. + value: + service_name: apache + config_settings: + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::server_signature: 'Off' + apache::server_tokens: 'Prod' + apache_remote_proxy_ips_network: + str_replace: + template: "NETWORK_subnet" + params: + NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers } + apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } + apache::mod::remoteip::proxy_ips: + - "%{hiera('apache_remote_proxy_ips_network')}" diff --git a/puppet/services/ca-certs.yaml b/puppet/services/ca-certs.yaml new file mode 100644 index 00000000..1a534156 --- /dev/null +++ b/puppet/services/ca-certs.yaml @@ -0,0 +1,35 @@ +heat_template_version: 2016-04-08 + +description: > + HAproxy service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CAMap: + description: > + Map containing the CA certs and information needed for deploying them. + default: {} + type: json + +outputs: + role_data: + description: Role data for injecting CA certificates. + value: + service_name: ca_certs + config_settings: + tripleo::trusted_cas::ca_map: {get_param: CAMap} + step_config: | + include ::tripleo::trusted_cas diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml new file mode 100644 index 00000000..2ae46d0e --- /dev/null +++ b/puppet/services/ceilometer-agent-central.yaml @@ -0,0 +1,63 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Central Agent service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true + MonitoringSubscriptionCeilometerCentral: + default: 'overcloud-ceilometer-agent-central' + type: string + CeilometerAgentCentralLoggingSource: + type: json + default: + tag: openstack.ceilometer.agent.central + path: /var/log/ceilometer/central.log + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Central Agent role. + value: + service_name: ceilometer_agent_central + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral} + logging_source: {get_param: CeilometerAgentCentralLoggingSource} + logging_groups: + - ceilometer + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::agent::central::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - "%{hiera('redis_vip')}" + - ':6379/' + step_config: | + include ::tripleo::profile::base::ceilometer::agent::central diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml new file mode 100644 index 00000000..5457539c --- /dev/null +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Compute Agent service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCeilometerCompute: + default: 'overcloud-ceilometer-agent-compute' + type: string + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Compute Agent role. + value: + service_name: ceilometer_agent_compute + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCompute} + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::agent::compute diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml new file mode 100644 index 00000000..ea403aa1 --- /dev/null +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -0,0 +1,51 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Notification Agent service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCeilometerNotification: + default: 'overcloud-ceilometer-agent-notification' + type: string + CeilometerAgentNotificationLoggingSource: + type: json + default: + tag: openstack.ceilometer.agent.notification + path: /var/log/ceilometer/agent-notification.log + + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Notification Agent role. + value: + service_name: ceilometer_agent_notification + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification} + logging_source: {get_param: CeilometerAgentNotificationLoggingSource} + logging_groups: + - ceilometer + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::agent::notification diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml new file mode 100644 index 00000000..ecea38b2 --- /dev/null +++ b/puppet/services/ceilometer-api.yaml @@ -0,0 +1,83 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCeilometerApi: + default: 'overcloud-ceilometer-api' + type: string + CeilometerApiLoggingSource: + type: json + default: + tag: openstack.ceilometer.api + path: /var/log/ceilometer/api.log + + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer API role. + value: + service_name: ceilometer_api + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi} + logging_source: {get_param: CeilometerApiLoggingSource} + logging_groups: + - ceilometer + config_settings: + map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - tripleo.ceilometer_api.firewall_rules: + '124 ceilometer': + dport: + - 8777 + - 13777 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + - ceilometer::api::service_name: 'httpd' + ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + ceilometer::wsgi::apache::ssl: false + ceilometer::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + service_config_settings: + get_attr: [CeilometerServiceBase, role_data, service_config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml new file mode 100644 index 00000000..4ace7526 --- /dev/null +++ b/puppet/services/ceilometer-base.yaml @@ -0,0 +1,132 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CeilometerBackend: + default: 'mongodb' + description: The ceilometer backend type. + type: string + CeilometerMeteringSecret: + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + description: The password for the ceilometer service account. + type: string + hidden: true + CeilometerMeterDispatcher: + default: 'gnocchi' + description: Dispatcher to process meter data + type: string + constraints: + - allowed_values: ['gnocchi', 'database'] + CeilometerWorkers: + default: 0 + description: Number of workers for Ceilometer service. + type: number + CeilometerStoreEvents: + default: false + description: Whether to store events in ceilometer. + type: boolean + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Role data for the Ceilometer role. + value: + service_name: ceilometer_base + config_settings: + ceilometer::debug: {get_param: Debug} + ceilometer::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - - '://ceilometer:' + - {get_param: CeilometerPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ceilometer' + ceilometer_backend: {get_param: CeilometerBackend} + ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} + # we include db_sync class in puppet-tripleo + ceilometer::db::sync_db: false + ceilometer::keystone::authtoken::project_name: 'service' + ceilometer::keystone::authtoken::password: {get_param: CeilometerPassword} + ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} + ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} + ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} + ceilometer::agent::auth::auth_tenant_name: 'service' + ceilometer::agent::auth::auth_endpoint_type: 'internalURL' + ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher} + ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]} + ceilometer::dispatcher::gnocchi::filter_project: 'service' + ceilometer::dispatcher::gnocchi::archive_policy: 'low' + ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' + ceilometer::rabbit_userid: {get_param: RabbitUserName} + ceilometer::rabbit_password: {get_param: RabbitPassword} + ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + ceilometer::rabbit_port: {get_param: RabbitClientPort} + ceilometer::rabbit_heartbeat_timeout_threshold: 60 + ceilometer::db::database_db_max_retries: -1 + ceilometer::db::database_max_retries: -1 + ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} + service_config_settings: + keystone: + ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} + ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} + ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} + ceilometer::keystone::auth::password: {get_param: CeilometerPassword} + ceilometer::keystone::auth::region: {get_param: KeystoneRegion} + ceilometer::keystone::auth::tenant: 'service' + mysql: + ceilometer::db::mysql::password: {get_param: CeilometerPassword} + ceilometer::db::mysql::user: ceilometer + ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + ceilometer::db::mysql::dbname: ceilometer + ceilometer::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml new file mode 100644 index 00000000..e3f1ef4e --- /dev/null +++ b/puppet/services/ceilometer-collector.yaml @@ -0,0 +1,61 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Collector service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCeilometerCollector: + default: 'overcloud-ceilometer-collector' + type: string + CeilometerCollectorLoggingSource: + type: json + default: + tag: openstack.ceilometer.collector + path: /var/log/ceilometer/collector.log + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + + MongoDbBase: + type: ./database/mongodb-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Collector role. + value: + service_name: ceilometer_collector + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector} + logging_source: {get_param: CeilometerCollectorLoggingSource} + logging_groups: + - ceilometer + config_settings: + map_merge: + - get_attr: [MongoDbBase, role_data, config_settings] + - get_attr: [CeilometerServiceBase, role_data, config_settings] + service_config_settings: + get_attr: [CeilometerServiceBase, role_data, service_config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::collector diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml new file mode 100644 index 00000000..3b811c4d --- /dev/null +++ b/puppet/services/ceilometer-expirer.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Expirer service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCeilometerExpirer: + default: 'overcloud-ceilometer-expirer' + type: string + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Expirer role. + value: + service_name: ceilometer_expirer + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerExpirer} + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::expirer diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml new file mode 100644 index 00000000..ce8d9158 --- /dev/null +++ b/puppet/services/ceph-base.yaml @@ -0,0 +1,124 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph base service. Shared by all Ceph services. + +parameters: + # NOTE(gfidente): needs a default to cope with external Ceph deployments were we don't pass (and need) an Admin key + CephAdminKey: + default: '' + description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClientUserName: + default: openstack + type: string + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # DEPRECATED options for compatibility with overcloud.yaml + # This should be removed and manipulation of the ControllerServices list + # used instead, but we need client support for that first + ControllerEnableCephStorage: + default: false + description: Whether to deploy Ceph Storage (OSD) on the Controller + type: boolean + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - ControllerEnableCephStorage + +outputs: + role_data: + description: Role data for the Ceph base service. + value: + service_name: ceph_base + config_settings: + tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} + ceph::profile::params::osd_pool_default_min_size: 1 + ceph::profile::params::osds: {/srv/data: {}} + ceph::profile::params::manage_repo: false + ceph::profile::params::authentication_type: cephx + ceph::profile::params::fsid: {get_param: CephClusterFSID} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + ceph::profile::params::cluster_network: + str_replace: + template: "NETWORK_subnet" + params: + NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]} + ceph::profile::params::public_network: + str_replace: + template: "NETWORK_subnet" + params: + NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]} + ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]} + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.admin: { + secret: 'ADMIN_KEY', + mode: '0600', + cap_mon: 'allow *', + cap_osd: 'allow *', + cap_mds: 'allow *' + }, + client.bootstrap-osd: { + secret: 'ADMIN_KEY', + keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', + cap_mon: 'allow profile bootstrap-osd' + }, + client.CLIENT_USER: { + secret: 'CLIENT_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + } + }" + params: + CLIENT_USER: {get_param: CephClientUserName} + CLIENT_KEY: {get_param: CephClientKey} + ADMIN_KEY: {get_param: CephAdminKey} + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml new file mode 100644 index 00000000..b482dd2e --- /dev/null +++ b/puppet/services/ceph-client.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph Client service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCephClient: + default: 'overcloud-ceph-client' + type: string + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder OSD service. + value: + service_name: ceph_client + monitoring_subscription: {get_param: MonitoringSubscriptionCephClient} + config_settings: + get_attr: [CephBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceph::client diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml new file mode 100644 index 00000000..52c4824f --- /dev/null +++ b/puppet/services/ceph-external.yaml @@ -0,0 +1,82 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph External service. + +parameters: + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClientUserName: + default: openstack + type: string + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CephExternalMonHost: + default: '' + type: string + description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCephExternal: + default: 'overcloud-ceph-external' + type: string + +outputs: + role_data: + description: Role data for the Ceph External service. + value: + service_name: ceph_external + monitoring_subscription: {get_param: MonitoringSubscriptionCephExternal} + config_settings: + tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost} + ceph::profile::params::fsid: {get_param: CephClusterFSID} + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.CLIENT_USER: { + secret: 'CLIENT_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + } + }" + params: + CLIENT_USER: {get_param: CephClientUserName} + CLIENT_KEY: {get_param: CephClientKey} + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + step_config: | + include ::tripleo::profile::base::ceph::client diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml new file mode 100644 index 00000000..552086ab --- /dev/null +++ b/puppet/services/ceph-mon.yaml @@ -0,0 +1,105 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph Monitor service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephIPv6: + default: False + type: boolean + CephMonKey: + description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + CephPools: + description: > + It can be used to override settings for one of the predefined pools, or to create + additional ones. Example: + { + "volumes": { + "size": 5, + "pg_num": 128, + "pgp_num": 128 + } + } + default: {} + type: json + MonitoringSubscriptionCephMon: + default: 'overcloud-ceph-mon' + type: string + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceph Monitor service. + value: + service_name: ceph_mon + monitoring_subscription: {get_param: MonitoringSubscriptionCephMon} + config_settings: + map_merge: + - get_attr: [CephBase, role_data, config_settings] + - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} + ceph::profile::params::mon_key: {get_param: CephMonKey} + ceph::profile::params::osd_pool_default_pg_num: 32 + ceph::profile::params::osd_pool_default_pgp_num: 32 + ceph::profile::params::osd_pool_default_size: 3 + # repeat returns items in a list, so we need to map_merge twice + tripleo::profile::base::ceph::mon::ceph_pools: + map_merge: + - map_merge: + repeat: + for_each: + <%pool%>: + - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} + template: + <%pool%>: + pg_num: "%{hiera('ceph::profile::params::osd_pool_default_pg_num')}" + pgp_num: "%{hiera('ceph::profile::params::osd_pool_default_pgp_num')}" + size: "%{hiera('ceph::profile::params::osd_pool_default_size')}" + - {get_param: CephPools} + tripleo.ceph_mon.firewall_rules: + '110 ceph_mon': + dport: + - 6789 + step_config: | + include ::tripleo::profile::base::ceph::mon diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml new file mode 100644 index 00000000..f6378720 --- /dev/null +++ b/puppet/services/ceph-osd.yaml @@ -0,0 +1,47 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph OSD service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCephOsd: + default: 'overcloud-ceph-osd' + type: string + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder OSD service. + value: + service_name: ceph_osd + monitoring_subscription: {get_param: MonitoringSubscriptionCephOsd} + config_settings: + map_merge: + - get_attr: [CephBase, role_data, config_settings] + - tripleo.ceph_osd.firewall_rules: + '111 ceph_osd': + dport: + - '6800-7300' + step_config: | + include ::tripleo::profile::base::ceph::osd diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml new file mode 100644 index 00000000..18a4b780 --- /dev/null +++ b/puppet/services/ceph-rgw.yaml @@ -0,0 +1,79 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph RadosGW service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AdminToken: + description: The keystone auth secret and db password. + type: string + hidden: true + CephRgwKey: + description: The cephx key for the radosgw client. Can be created + with ceph-authtool --gen-print-key. + type: string + hidden: true + SwiftPassword: + description: The password for the swift service account, used by the Ceph RGW services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceph RadosGW service. + value: + service_name: ceph_rgw + config_settings: + map_merge: + - get_attr: [CephBase, role_data, config_settings] + - tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey} + tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken} + tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ceph::profile::params::frontend_type: 'civetweb' + ceph_rgw_civetweb_bind_address: {get_param: [ServiceNetMap, CephRgwNetwork]} + ceph::profile::params::rgw_frontends: + list_join: + - '' + - - 'civetweb port=' + - '%{hiera("ceph_rgw_civetweb_bind_address")}' + - ':' + - {get_param: [EndpointMap, CephRgwInternal, port]} + tripleo.ceph_rgw.firewall_rules: + '122 ceph rgw': + dport: {get_param: [EndpointMap, CephRgwInternal, port]} + step_config: | + include ::tripleo::profile::base::ceph::rgw + service_config_settings: + keystone: + ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} + ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} + ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} + ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} + ceph::rgw::keystone::auth::tenant: 'service' diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml new file mode 100644 index 00000000..9c96acc4 --- /dev/null +++ b/puppet/services/cinder-api.yaml @@ -0,0 +1,111 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder API service configured with Puppet + +parameters: + CinderEnableDBPurge: + default: true + description: | + Whether to create cron job for purging soft deleted rows in Cinder database. + type: boolean + CinderPassword: + description: The password for the cinder service account, used by cinder-api. + type: string + hidden: true + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionCinderApi: + default: 'overcloud-cinder-api' + type: string + CinderApiLoggingSource: + type: json + default: + tag: openstack.cinder.api + path: /var/log/cinder/cinder-api.log + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder API role. + value: + service_name: cinder_api + monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi} + logging_source: {get_param: CinderApiLoggingSource} + logging_groups: + - cinder + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + cinder::keystone::authtoken::password: {get_param: CinderPassword} + cinder::keystone::authtoken::project_name: 'service' + cinder::api::enable_proxy_headers_parsing: true + + cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' + # TODO(emilien) move it to puppet-cinder + cinder::config: + DEFAULT/swift_catalog_info: + value: 'object-store:swift:internalURL' + cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge} + tripleo.cinder_api.firewall_rules: + '119 cinder': + dport: + - 8776 + - 13776 + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} + step_config: | + include ::tripleo::profile::base::cinder::api + service_config_settings: + keystone: + cinder::keystone::auth::tenant: 'service' + cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} + cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} + cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} + cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} + cinder::keystone::auth::password: {get_param: CinderPassword} + cinder::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + cinder::db::mysql::password: {get_param: CinderPassword} + cinder::db::mysql::user: cinder + cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + cinder::db::mysql::dbname: cinder + cinder::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml new file mode 100644 index 00000000..80795457 --- /dev/null +++ b/puppet/services/cinder-backup.yaml @@ -0,0 +1,62 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Backup service configured with Puppet + +parameters: + CinderBackupBackend: + default: swift + description: The short name of the Cinder Backup backend to use. + type: string + constraints: + - allowed_values: ['swift', 'ceph'] + CinderBackupRbdPoolName: + default: backups + type: string + CephClientUserName: + default: openstack + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCinderBackup: + default: 'overcloud-cinder-backup' + type: string + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: cinder_backup + monitoring_subscription: {get_param: MonitoringSubscriptionCinderBackup} + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - cinder::backup::ceph::backup_ceph_user: {get_param: CephClientUserName} + cinder::backup::ceph::backup_ceph_pool: {get_param: CinderBackupRbdPoolName} + cinder::backup::swift::backup_swift_container: volumebackups + step_config: + str_replace: + template: "include ::tripleo::profile::base::cinder::backup::DRIVER" + params: + DRIVER: {get_param: CinderBackupBackend} diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml new file mode 100644 index 00000000..93ab1d79 --- /dev/null +++ b/puppet/services/cinder-base.yaml @@ -0,0 +1,72 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder base service. Shared by all Cinder services. + +parameters: + CinderPassword: + description: The password for the cinder service account, used by cinder-api. + type: string + hidden: true + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + +outputs: + role_data: + description: Role data for the Cinder base service. + value: + service_name: cinder_base + config_settings: + cinder::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://cinder:' + - {get_param: CinderPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/cinder' + cinder::debug: {get_param: Debug} + cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + cinder::rabbit_userid: {get_param: RabbitUserName} + cinder::rabbit_password: {get_param: RabbitPassword} + cinder::rabbit_port: {get_param: RabbitClientPort} + cinder::rabbit_heartbeat_timeout_threshold: 60 + cinder::host: hostgroup + cinder::cron::db_purge::destination: '/dev/null' + cinder::db::database_db_max_retries: -1 + cinder::db::database_max_retries: -1 diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml new file mode 100644 index 00000000..94c263ea --- /dev/null +++ b/puppet/services/cinder-scheduler.yaml @@ -0,0 +1,53 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Scheduler service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCinderScheduler: + default: 'overcloud-cinder-scheduler' + type: string + CinderSchedulerLoggingSource: + type: json + default: + tag: openstack.cinder.scheduler + path: /var/log/cinder/cinder-scheduler.log + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Scheduler role. + value: + service_name: cinder_scheduler + monitoring_subscription: {get_param: MonitoringSubscriptionCinderScheduler} + logging_source: {get_param: CinderSchedulerLoggingSource} + logging_groups: + - cinder + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler + step_config: | + include ::tripleo::profile::base::cinder::scheduler diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml new file mode 100644 index 00000000..82e16f39 --- /dev/null +++ b/puppet/services/cinder-volume.yaml @@ -0,0 +1,112 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Volume service configured with Puppet + +parameters: + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + CinderISCSIHelper: + default: lioadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 10280 + description: The size of the loopback file used by the cinder LVM driver. + type: number + CinderNfsMountOptions: + default: '' + description: > + Mount options for NFS mounts used by Cinder NFS backend. Effective + when CinderEnableNfsBackend is true. + type: string + CinderNfsServers: + default: '' + description: > + NFS servers used by Cinder NFS backend. Effective when + CinderEnableNfsBackend is true. + type: comma_delimited_list + CinderRbdPoolName: + default: volumes + type: string + CephClientUserName: + default: openstack + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCinderVolume: + default: 'overcloud-cinder-volume' + type: string + CinderVolumeLoggingSource: + type: json + default: + tag: openstack.cinder.volume + path: /var/log/cinder/cinder-volume.log + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + service_name: cinder_volume + monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume} + logging_source: {get_param: CinderVolumeLoggingSource} + logging_groups: + - cinder + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - tripleo::profile::base::cinder::volume::cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} + tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} + tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: + str_replace: + template: SERVERS + params: + SERVERS: {get_param: CinderNfsServers} + tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} + tripleo.cinder_volume.firewall_rules: + '120 iscsi initiator': + dport: 3260 + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml new file mode 100644 index 00000000..3f4f106d --- /dev/null +++ b/puppet/services/database/mongodb-base.yaml @@ -0,0 +1,46 @@ +heat_template_version: 2016-04-08 + +description: > + Configuration details for MongoDB service using composable roles + +parameters: + MongoDbNoJournal: + default: false + description: Should MongoDb journaling be disabled + type: boolean + MongoDbIPv6: + default: false + description: Enable IPv6 if MongoDB VIP is IPv6 + type: boolean + MongoDbReplset: + type: string + default: "tripleo" + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + aux_parameters: + description: Additional parameters referenced outside the base file + value: + rplset_name: {get_param: MongoDbReplset} + role_data: + description: Role data for the MongoDB base service. + value: + service_name: mongodb_base + config_settings: + mongodb::server::nojournal: {get_param: MongoDbNoJournal} + mongodb::server::journal: false + mongodb::server::ipv6: {get_param: MongoDbIPv6} + mongodb::server::replset: {get_param: MongoDbReplset} diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml new file mode 100644 index 00000000..01daeafe --- /dev/null +++ b/puppet/services/database/mongodb.yaml @@ -0,0 +1,68 @@ +heat_template_version: 2016-04-08 + +description: > + MongoDb service deployment using puppet + +parameters: + #Parameters not used EndpointMap + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MongoDbLoggingSource: + type: json + description: Fluentd logging configuration for mongodb. + default: + tag: database.mongodb + path: /var/log/mongodb/mongodb.log + format: >- + /(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4}) + (?<message>.*)$/ + +resources: + MongoDbBase: + type: ./mongodb-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Service mongodb using composable services. + value: + service_name: mongodb + logging_groups: + - mongodb + logging_source: {get_param: MongoDbLoggingSource} + config_settings: + map_merge: + - get_attr: [MongoDbBase, role_data, config_settings] + - tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]} + mongodb::server::service_manage: True + tripleo.mongodb.firewall_rules: + '101 mongodb_config': + dport: 27019 + '102 mongodb_sharding': + dport: 27018 + '103 mongod': + dport: 27017 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]} + step_config: | + include ::tripleo::profile::base::database::mongodb diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml new file mode 100644 index 00000000..094a7c9f --- /dev/null +++ b/puppet/services/database/mysql.yaml @@ -0,0 +1,84 @@ +heat_template_version: 2016-10-14 + +description: > + MySQL service deployment using puppet + +parameters: + #Parameters not used EndpointMap + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlMaxConnections: + description: Configures MySQL max_connections config setting + type: number + default: 4096 + MysqlRootPassword: + type: string + hidden: true + default: '' + MysqlClustercheckPassword: + type: string + hidden: true + EnableGalera: + default: true + description: Whether to use Galera instead of regular MariaDB. + type: boolean + +outputs: + role_data: + description: Service MySQL using composable services. + value: + service_name: mysql + config_settings: + # The Galera package should work in cluster and + # non-cluster modes based on the config file. + # We set the package name here explicitly so + # that it matches what we pre-install + # in tripleo-puppet-elements. + mysql::server::package_name: 'mariadb-galera-server' + mysql::server::manage_config_file: true + tripleo.mysql.firewall_rules: + '104 mysql galera': + dport: + - 873 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 + mysql_max_connections: {get_param: MysqlMaxConnections} + mysql::server::root_password: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} + enable_galera: {get_param: EnableGalera} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + step_config: | + include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml new file mode 100644 index 00000000..4ed3c007 --- /dev/null +++ b/puppet/services/database/redis-base.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Redis service configured with Puppet + +parameters: + RedisPassword: + description: The password for Redis + type: string + hidden: true + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the redis role. + value: + service_name: redis_base + config_settings: + redis::requirepass: {get_param: RedisPassword} + redis::masterauth: {get_param: RedisPassword} + redis::sentinel_auth_pass: {get_param: RedisPassword} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + redis::bind: {get_param: [ServiceNetMap, RedisNetwork]} + redis::port: 6379 + redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"' + redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"' + redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml new file mode 100644 index 00000000..1c333b97 --- /dev/null +++ b/puppet/services/database/redis.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Redis service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + RedisBase: + type: ./redis-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the redis role. + value: + service_name: redis + config_settings: + map_merge: + - get_attr: [RedisBase, role_data, config_settings] + - tripleo.redis.firewall_rules: + '108 redis': + dport: + - 6379 + - 26379 + step_config: | + include ::tripleo::profile::base::database::redis diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 89e6ee0f..80ba9aef 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -4,11 +4,23 @@ description: > OpenStack Glance API service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + CephClientUserName: + default: openstack + type: string Debug: default: '' description: Set to True to enable debugging on all services. @@ -33,9 +45,19 @@ parameters: constraints: - allowed_values: ['swift', 'file', 'rbd'] GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number + default: '' + description: | + Number of API worker processes for Glance. If left unset (empty string), the + default value will result in the configuration being left unset and a + system-dependent default value will be chosen (e.g.: number of + processors). Please note that this will create a large number of + processes on systems with a large number of CPUs resulting in excess + memory consumption. It is recommended that a suitable non-default value + be selected on such systems. + type: string + GlanceRbdPoolName: + default: images + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -54,11 +76,28 @@ parameters: Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host. type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionGlanceApi: + default: 'overcloud-glance-api' + type: string + GlanceApiLoggingSource: + type: json + default: + tag: openstack.glance.api + path: /var/log/glance/api.log outputs: role_data: description: Role data for the Glance API role. value: + service_name: glance_api + monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi} + logging_source: {get_param: GlanceApiLoggingSource} + logging_groups: + - glance config_settings: glance::api::database_connection: list_join: @@ -70,14 +109,16 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} - glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } glance::api::registry_host: str_replace: template: "'REGISTRY_HOST'" params: REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} - glance::api::keystone_password: {get_param: GlancePassword} + glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] } + glance::api::authtoken::password: {get_param: GlancePassword} + glance::api::enable_proxy_headers_parsing: true glance::api::debug: {get_param: Debug} glance::api::workers: {get_param: GlanceWorkers} glance_notifier_strategy: {get_param: GlanceNotifierStrategy} @@ -85,15 +126,38 @@ outputs: glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_param: GlancePassword} + glance::backend::swift::swift_store_create_container_on_put: true + glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} glance_backend: {get_param: GlanceBackend} - glance::db::mysql::password: {get_param: GlancePassword} glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} - glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} - glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} - glance::keystone::auth::password: {get_param: GlancePassword } + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 + tripleo.glance_api.firewall_rules: + '112 glance_api': + dport: + - 9292 + - 13292 + glance::api::authtoken::project_name: 'service' + glance::api::pipeline: 'keystone' + glance::api::show_image_direct_url: true + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]} step_config: | include ::tripleo::profile::base::glance::api + service_config_settings: + keystone: + glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} + glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} + glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} + glance::keystone::auth::password: {get_param: GlancePassword } + glance::keystone::auth::region: {get_param: KeystoneRegion} + glance::keystone::auth::tenant: 'service' diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 6f2f0372..30df67fe 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -4,6 +4,15 @@ description: > OpenStack Glance Registry service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -18,14 +27,34 @@ parameters: type: string hidden: true GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number + default: '' + description: | + Number of worker processes for glance registry. If left unset (empty + string), the default value will result in the configuration being left + unset and a system-dependent default value will be chosen (e.g.: number of + processors). Please note that this will create a large number of processes + on systems with a large number of CPUs resulting in excess memory + consumption. It is recommended that a suitable non-default value be + selected on such systems. + type: string + MonitoringSubscriptionGlanceRegistry: + default: 'overcloud-glance-registry' + type: string + GlanceRegistryLoggingSource: + type: json + default: + tag: openstack.glance.registry + path: /var/log/glance/registry.log outputs: role_data: description: Role data for the Glance Registry role. value: + service_name: glance_registry + monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry} + logging_source: {get_param: GlanceRegistryLoggingSource} + logging_groups: + - glance config_settings: glance::registry::database_connection: list_join: @@ -36,10 +65,34 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' - glance::registry::keystone_password: {get_param: GlancePassword} - glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::registry::authtoken::password: {get_param: GlancePassword} + glance::registry::authtoken::project_name: 'service' + glance::registry::pipeline: 'keystone' + glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } glance::registry::debug: {get_param: Debug} glance::registry::workers: {get_param: GlanceWorkers} + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 + tripleo.glance_registry.firewall_rules: + '112 glance_registry': + dport: + - 9191 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]} step_config: | include ::tripleo::profile::base::glance::registry + service_config_settings: + mysql: + glance::db::mysql::password: {get_param: GlancePassword} + glance::db::mysql::user: glance + glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + glance::db::mysql::dbname: glance + glance::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml new file mode 100644 index 00000000..15121790 --- /dev/null +++ b/puppet/services/gnocchi-api.yaml @@ -0,0 +1,122 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + GnocchiPassword: + description: The password for the gnocchi service and db account. + type: string + hidden: true + GnocchiBackend: + default: swift + description: The short name of the Gnocchi backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionGnocchiApi: + default: 'overcloud-gnocchi-api' + type: string + GnocchiApiLoggingSource: + type: json + default: + tag: openstack.gnocchi.api + path: /var/log/gnocchi/app.log + +resources: + + GnocchiServiceBase: + type: ./gnocchi-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_api + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi} + logging_source: {get_param: GnocchiApiLoggingSource} + logging_groups: + - gnocchi + config_settings: + map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - tripleo.gnocchi_api.firewall_rules: + '129 gnocchi-api': + dport: + - 8041 + - 13041 + gnocchi::api::enabled: true + gnocchi::api::service_name: 'httpd' + gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword} + gnocchi::keystone::authtoken::project_name: 'service' + gnocchi::wsgi::apache::ssl: false + gnocchi::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} + tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} + gnocchi::api::host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} + + gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]} + step_config: | + include ::tripleo::profile::base::gnocchi::api + service_config_settings: + keystone: + gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi::keystone::auth::password: {get_param: GnocchiPassword} + gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} + gnocchi::keystone::auth::tenant: 'service' + mysql: + gnocchi::db::mysql::password: {get_param: GnocchiPassword} + gnocchi::db::mysql::user: gnocchi + gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + gnocchi::db::mysql::dbname: gnocchi + gnocchi::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml new file mode 100644 index 00000000..73889363 --- /dev/null +++ b/puppet/services/gnocchi-base.yaml @@ -0,0 +1,95 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + GnocchiIndexerBackend: + default: 'mysql' + description: The short name of the Gnocchi indexer backend to use. + type: string + GnocchiPassword: + description: The password for the gnocchi service and db account. + type: string + hidden: true + GnocchiRbdPoolName: + default: metrics + type: string + CephClientUserName: + default: openstack + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true + Debug: + type: string + default: '' + description: Set to True to enable debugging on all services. + +outputs: + aux_parameters: + description: Additional parameters referenced outside the base file + value: + gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend} + role_data: + description: Shared role data for the Heat services. + value: + service_name: gnocchi_base + config_settings: + #Gnocchi engine + gnocchi::debug: {get_param: Debug} + gnocchi::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://gnocchi:' + - {get_param: GnocchiPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/gnocchi' + gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' + gnocchi::storage::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - "%{hiera('redis_vip')}" + - ':6379/' + gnocchi::storage::swift::swift_user: 'service:gnocchi' + gnocchi::storage::swift::swift_auth_version: 2 + gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword} + gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} + gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} + gnocchi::storage::ceph::ceph_keyring: + list_join: + - '.' + - - '/etc/ceph/ceph' + - 'client' + - {get_param: CephClientUserName} + - 'keyring' + #Gnocchi statsd + gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' + gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3' + gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' + gnocchi::statsd::flush_delay: 10 + gnocchi::statsd::archive_policy_name: 'low' diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml new file mode 100644 index 00000000..1400bc98 --- /dev/null +++ b/puppet/services/gnocchi-metricd.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionGnocchiMetricd: + default: 'overcloud-gnocchi-metricd' + type: string + GnocchiMetricdWorkers: + default: '' + description: Number of workers for Gnocchi MetricD + type: string + +resources: + GnocchiServiceBase: + type: ./gnocchi-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_metricd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd} + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::metricd::workers: {get_param: GnocchiMetricdWorkers} + step_config: | + include ::tripleo::profile::base::gnocchi::metricd diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml new file mode 100644 index 00000000..04339f46 --- /dev/null +++ b/puppet/services/gnocchi-statsd.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionGnocchiStatsd: + default: 'overcloud-gnocchi-statsd' + type: string + +resources: + GnocchiServiceBase: + type: ./gnocchi-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_statsd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd} + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::gnocchi::statsd diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml new file mode 100644 index 00000000..974928c5 --- /dev/null +++ b/puppet/services/haproxy.yaml @@ -0,0 +1,68 @@ +heat_template_version: 2016-04-08 + +description: > + HAproxy service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + HAProxyStatsPassword: + description: Password for HAProxy stats endpoint + hidden: true + type: string + HAProxyStatsUser: + description: User for HAProxy stats endpoint + default: admin + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string + RedisPassword: + description: The password for Redis + type: string + hidden: true + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string + MonitoringSubscriptionHaproxy: + default: 'overcloud-haproxy' + type: string + +outputs: + role_data: + description: Role data for the HAproxy role. + value: + service_name: haproxy + monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} + config_settings: + tripleo.haproxy.firewall_rules: + '107 haproxy stats': + dport: 1993 + tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} + tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} + tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} + tripleo::haproxy::redis_password: {get_param: RedisPassword} + tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface} + tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface} + step_config: | + include ::tripleo::profile::base::haproxy diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index c1f26c15..a47fec5a 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -4,6 +4,15 @@ description: > Openstack Heat CloudFormation API service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -21,23 +30,55 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionHeatApiCnf: + default: 'overcloud-heat-api-cfn' + type: string + HeatApiCfnLoggingSource: + type: json + default: + tag: openstack.heat.api.cfn + path: /var/log/heat/heat-api-cfn.log resources: HeatBase: type: ./heat-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Heat CloudFormation API role. value: + service_name: heat_api_cfn + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf} + logging_source: {get_param: HeatApiCfnLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api_cfn::workers: {get_param: HeatWorkers} - heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} - heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} - heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} - heat::keystone::auth_cfn::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} + tripleo.heat_api_cfn.firewall_rules: + '125 heat_cfn': + dport: + - 8000 + - 13800 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cfn + service_config_settings: + keystone: + heat::keystone::auth_cfn::tenant: 'service' + heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} + heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} + heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} + heat::keystone::auth_cfn::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 2c56951b..6dfeaaf3 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -4,6 +4,15 @@ description: > Openstack Heat CloudWatch API service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -13,18 +22,47 @@ parameters: default: 0 description: Number of workers for Heat service. type: number + MonitoringSubscriptionHeatApiCloudwatch: + default: 'overcloud-heat-api-cloudwatch' + type: string + HeatApiCloudwatchLoggingSource: + type: json + default: + tag: openstack.heat.api.cloudwatch + path: /var/log/heat/heat-api-cloudwatch.log resources: HeatBase: type: ./heat-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Heat Cloudwatch API role. value: + service_name: heat_api_cloudwatch + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCloudwatch} + logging_source: {get_param: HeatApiCloudwatchLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api_cloudwatch::workers: {get_param: HeatWorkers} + tripleo.heat_api_cloudwatch.firewall_rules: + '125 heat_cloudwatch': + dport: + - 8003 + - 13003 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cloudwatch diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index d3461e63..2ea96fc0 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -4,6 +4,15 @@ description: > Openstack Heat API service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -21,23 +30,55 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionHeatApi: + default: 'overcloud-heat-api' + type: string + HeatApiLoggingSource: + type: json + default: + tag: openstack.heat.api + path: /var/log/heat/heat-api.log resources: HeatBase: type: ./heat-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Heat API role. value: + service_name: heat_api + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi} + logging_source: {get_param: HeatApiLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api::workers: {get_param: HeatWorkers} - heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} - heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} - heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} - heat::keystone::auth::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} + tripleo.heat_api.firewall_rules: + '125 heat_api': + dport: + - 8004 + - 13004 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api + service_config_settings: + keystone: + heat::keystone::auth::tenant: 'service' + heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} + heat::keystone::auth::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 8617df27..7eb58f56 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -26,11 +26,30 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json outputs: role_data: description: Shared role data for the Heat services. value: + service_name: heat_base config_settings: heat::rabbit_userid: {get_param: RabbitUserName} heat::rabbit_password: {get_param: RabbitPassword} @@ -38,3 +57,23 @@ outputs: heat::rabbit_port: {get_param: RabbitClientPort} heat::debug: {get_param: Debug} heat::enable_proxy_headers_parsing: true + # We need this because the default heat policy.json no longer works on TripleO + # https://git.openstack.org/cgit/openstack/heat/commit/?id=ac86702172ddf01f5bdc3f3cd99d2e32ad9b7024 + heat::policy::policies: + context_is_admin: + key: 'context_is_admin' + value: 'role:admin' + heat::rabbit_heartbeat_timeout_threshold: 60 + heat::keystone::authtoken::project_name: 'service' + heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + heat::keystone::authtoken::password: {get_param: HeatPassword} + heat::keystone::domain::domain_name: 'heat_stack' + heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' + heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' + heat::cron::purge_deleted::age: 30 + heat::cron::purge_deleted::age_type: 'days' + heat::cron::purge_deleted::maxdelay: 3600 + heat::cron::purge_deleted::destination: '/dev/null' + heat::db::database_db_max_retries: -1 + heat::db::database_max_retries: -1 diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 4a5ec2c0..24c36362 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -1,9 +1,18 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Openstack Heat Engine service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -26,19 +35,43 @@ parameters: description: Password for heat_stack_domain_admin user. type: string hidden: true + HeatAuthEncryptionKey: + description: Auth encryption key for heat-engine + type: string + hidden: true + default: '' + MonitoringSubscriptionHeatEngine: + default: 'overcloud-heat-engine' + type: string + HeatEngineLoggingSource: + type: json + default: + tag: openstack.heat.engine + path: /var/log/heat/heat-engine.log resources: HeatBase: type: ./heat-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Heat Engine role. value: + service_name: heat_engine + monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine} + logging_source: {get_param: HeatEngineLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::engine::num_engine_workers: {get_param: HeatWorkers} + heat::engine::configure_delegated_roles: false + heat::engine::trusts_delegated_roles: [] tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge} heat::database_connection: list_join: @@ -50,9 +83,23 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} - heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - heat::keystone_password: {get_param: HeatPassword} - heat::db::mysql::password: {get_param: HeatPassword} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} + heat::engine::auth_encryption_key: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: HeatAuthEncryptionKey} + - {get_param: [DefaultPasswords, heat_auth_encryption_key]} step_config: | include ::tripleo::profile::base::heat::engine + + service_config_settings: + mysql: + heat::db::mysql::password: {get_param: HeatPassword} + heat::db::mysql::user: heat + heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + heat::db::mysql::dbname: heat + heat::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml new file mode 100644 index 00000000..6ea5ec4e --- /dev/null +++ b/puppet/services/horizon.yaml @@ -0,0 +1,83 @@ +heat_template_version: 2016-10-14 + +description: > + Horizon service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list + HorizonSecret: + description: Secret key for Django + type: string + hidden: true + default: '' + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. + type: comma_delimited_list + MemcachedIPv6: + default: false + description: Enable IPv6 features in Memcached. + type: boolean + MonitoringSubscriptionHorizon: + default: 'overcloud-horizon' + type: string + +outputs: + role_data: + description: Role data for the Horizon role. + value: + service_name: horizon + monitoring_subscription: {get_param: MonitoringSubscriptionHorizon} + config_settings: + horizon::allowed_hosts: {get_param: HorizonAllowedHosts} + neutron::plugins::ml2::mechanism_drivers: + str_replace: + template: MECHANISMS + params: + MECHANISMS: {get_param: NeutronMechanismDrivers} + tripleo.horizon.firewall_rules: + '126 horizon': + dport: + - 80 + - 443 + horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache + horizon::django_session_engine: 'django.contrib.sessions.backends.cache' + horizon::vhost_extra_params: + add_listen: false + priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::django_debug: {get_param: Debug} + horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + horizon::secret_key: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: HorizonSecret} + - {get_param: [DefaultPasswords, horizon_secret]} + memcached_ipv6: {get_param: MemcachedIPv6} + step_config: | + include ::tripleo::profile::base::horizon diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml new file mode 100644 index 00000000..c8a2e833 --- /dev/null +++ b/puppet/services/ironic-api.yaml @@ -0,0 +1,83 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ironic API configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + IronicPassword: + description: The password for the Ironic service and db account, used by the Ironic services + type: string + hidden: true + MonitoringSubscriptionIronicApi: + default: 'overcloud-ironic-api' + type: string + +resources: + IronicBase: + type: ./ironic-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ironic API role. + value: + service_name: ironic_api + monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi} + config_settings: + map_merge: + - get_attr: [IronicBase, role_data, config_settings] + - ironic::api::authtoken::password: {get_param: IronicPassword} + ironic::api::authtoken::project_name: 'service' + ironic::api::authtoken::username: 'ironic' + ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} + # This is used to build links in responses + ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + tripleo.ironic_api.firewall_rules: + '133 ironic api': + dport: + - 6385 + - 13385 + step_config: | + include ::tripleo::profile::base::ironic::api + service_config_settings: + keystone: + ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} + ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + ironic::keystone::auth::auth_name: 'ironic' + ironic::keystone::auth::password: {get_param: IronicPassword } + ironic::keystone::auth::tenant: 'service' + mysql: + ironic::db::mysql::password: {get_param: IronicPassword} + ironic::db::mysql::user: ironic + ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + ironic::db::mysql::dbname: ironic + ironic::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml new file mode 100644 index 00000000..0ff393c6 --- /dev/null +++ b/puppet/services/ironic-base.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ironic services configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + IronicPassword: + description: The password for the Ironic service and db account, used by the Ironic services + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + +outputs: + role_data: + description: Role data for the Ironic role. + value: + service_name: ironic_base + config_settings: + ironic::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://ironic:' + - {get_param: IronicPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ironic' + ironic::debug: {get_param: Debug} + ironic::rabbit_userid: {get_param: RabbitUserName} + ironic::rabbit_password: {get_param: RabbitPassword} + ironic::rabbit_port: {get_param: RabbitClientPort} + ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + step_config: | + include ::tripleo::profile::base::ironic diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml new file mode 100644 index 00000000..4ac9fc30 --- /dev/null +++ b/puppet/services/ironic-conductor.yaml @@ -0,0 +1,100 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ironic conductor configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + IronicCleaningDiskErase: + default: 'full' + description: Type of disk cleaning before and between deployments, + "full" for full cleaning, "metadata" to clean only disk + metadata (partition table). + type: string + IronicEnabledDrivers: + default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo'] + description: Enabled Ironic drivers + type: comma_delimited_list + IronicIPXEEnabled: + default: true + description: Whether to use iPXE instead of PXE for deployment. + type: boolean + IronicIPXEPort: + default: 8088 + description: Port to use for serving images when iPXE is used. + type: string + MonitoringSubscriptionIronicConductor: + default: 'overcloud-ironic-conductor' + type: string + +resources: + IronicBase: + type: ./ironic-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ironic conductor role. + value: + service_name: ironic_conductor + monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor} + config_settings: + map_merge: + - get_attr: [IronicBase, role_data, config_settings] + # FIXME: I have no idea why neutron_url is in "api" manifest + - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase} + ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers} + # We need an endpoint containing a real IP, not a VIP here + ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]} + ironic::conductor::http_url: + list_join: + - '' + - - 'http://' + - '%{hiera("ironic_conductor_http_host")}:' + - {get_param: IronicIPXEPort} + ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled} + ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]} + # NOTE(dtantsur): UEFI only works with iPXE currently for us + ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' + ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' + tripleo.ironic_conductor.firewall_rules: + '134 ironic conductor TFTP': + dport: 69 + proto: udp + '135 ironic conductor HTTP': + dport: {get_param: IronicIPXEPort} + # NOTE(dtantsur): the my_ip parameter is heavily overloaded in + # ironic. It's used as a default value for e.g. TFTP server IP, + # glance and neutron endpoints, virtual console IP. We override + # the TFTP server IP in ironic-conductor.yaml as it should not be + # the VIP, but rather a real IP of the host. + ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]} + ironic::pxe::common::http_port: {get_param: IronicIPXEPort} + + step_config: | + include ::tripleo::profile::base::ironic::conductor diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml new file mode 100644 index 00000000..2b069d67 --- /dev/null +++ b/puppet/services/keepalived.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + Keepalived service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string + MonitoringSubscriptionKeepalived: + default: 'overcloud-keepalived' + type: string + +outputs: + role_data: + description: Role data for the Keepalived role. + value: + service_name: keepalived + monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived} + config_settings: + tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} + tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} + step_config: | + include ::tripleo::profile::base::keepalived diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml new file mode 100644 index 00000000..2f01578e --- /dev/null +++ b/puppet/services/kernel.yaml @@ -0,0 +1,49 @@ +heat_template_version: 2016-04-08 + +description: > + Load kernel modules with kmod and configure kernel options with sysctl. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Kernel modules + value: + service_name: kernel + config_settings: + kernel_modules: + nf_conntrack: {} + sysctl_settings: + net.ipv4.tcp_keepalive_intvl: + value: 1 + net.ipv4.tcp_keepalive_probes: + value: 5 + net.ipv4.tcp_keepalive_time: + value: 5 + net.nf_conntrack_max: + value: 500000 + net.netfilter.nf_conntrack_max: + value: 500000 + # prevent neutron bridges from autoconfiguring ipv6 addresses + net.ipv6.conf.default.accept_ra: + value: 0 + net.ipv6.conf.default.autoconf: + value: 0 + net.core.netdev_max_backlog: + value: 10000 + step_config: | + include ::tripleo::profile::base::kernel diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 25d92d4a..e3531636 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -4,24 +4,11 @@ description: > OpenStack Keystone service configured with Puppet parameters: - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string KeystoneEnableDBPurge: default: true description: | Whether to create cron job for purging soft deleted rows in Keystone database. type: boolean - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true KeystoneSSLCertificate: default: '' description: Keystone certificate for verifying token validity. @@ -45,10 +32,15 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint - KeystoneWorkers: - default: 0 - description: Number of workers for Keystone service. - type: number + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -88,45 +80,133 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + KeystoneWorkers: + type: string + description: Set the number of workers for keystone::wsgi::apache + default: '"%{::processorcount}"' + MonitoringSubscriptionKeystone: + default: 'overcloud-kestone' + type: string + KeystoneCredential0: + type: string + description: The first Keystone credential key. Must be a valid key. + KeystoneCredential1: + type: string + description: The second Keystone credential key. Must be a valid key. + KeystoneLoggingSource: + type: json + default: + tag: openstack.keystone + path: /var/log/keystone/keystone.log + +resources: + + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Keystone role. value: + service_name: keystone + monitoring_subscription: {get_param: MonitoringSubscriptionKeystone} + logging_source: {get_param: KeystoneLoggingSource} + logging_groups: + - keystone config_settings: - keystone::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://keystone:' - - {get_param: AdminToken} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/keystone' - keystone::admin_token: {get_param: AdminToken} - keystone::roles::admin::password: {get_param: AdminPassword} - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} - keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} - keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} - keystone::debug: {get_param: Debug} - keystone::db::mysql::password: {get_param: AdminToken} - keystone::rabbit_userid: {get_param: RabbitUserName} - keystone::rabbit_password: {get_param: RabbitPassword} - keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - keystone::rabbit_port: {get_param: RabbitClientPort} - keystone::notification_driver: {get_param: KeystoneNotificationDriver} - keystone::notification_format: {get_param: KeystoneNotificationFormat} - keystone::roles::admin::email: {get_param: AdminEmail} - keystone::roles::admin::password: {get_param: AdminPassword} - keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} - keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - keystone::endpoint::region: {get_param: KeystoneRegion} - keystone::admin_workers: {get_param: KeystoneWorkers} - keystone::public_workers: {get_param: KeystoneWorkers} - keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} - keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] + - keystone::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://keystone:' + - {get_param: AdminToken} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/keystone' + keystone::admin_token: {get_param: AdminToken} + keystone::roles::admin::password: {get_param: AdminPassword} + keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} + keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::enable_proxy_headers_parsing: true + keystone::enable_credential_setup: true + keystone::credential_keys: + '/etc/keystone/credential-keys/0': + content: {get_param: KeystoneCredential0} + '/etc/keystone/credential-keys/1': + content: {get_param: KeystoneCredential1} + keystone::debug: {get_param: Debug} + keystone::rabbit_userid: {get_param: RabbitUserName} + keystone::rabbit_password: {get_param: RabbitPassword} + keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + keystone::rabbit_port: {get_param: RabbitClientPort} + keystone::notification_driver: {get_param: KeystoneNotificationDriver} + keystone::notification_format: {get_param: KeystoneNotificationFormat} + keystone::roles::admin::email: {get_param: AdminEmail} + keystone::roles::admin::password: {get_param: AdminPassword} + keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + keystone::endpoint::region: {get_param: KeystoneRegion} + keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} + keystone::rabbit_heartbeat_timeout_threshold: 60 + keystone::cron::token_flush::maxdelay: 3600 + keystone::roles::admin::service_tenant: 'service' + keystone::roles::admin::admin_tenant: 'admin' + keystone::cron::token_flush::destination: '/dev/null' + keystone::config::keystone_config: + ec2/driver: + value: 'keystone.contrib.ec2.backends.sql.Ec2' + keystone::service_name: 'httpd' + keystone::wsgi::apache::ssl: false + keystone::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::servername_admin: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} + keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} + # override via extraconfig: + keystone::wsgi::apache::threads: 1 + keystone::db::database_db_max_retries: -1 + keystone::db::database_max_retries: -1 + tripleo.keystone.firewall_rules: + '111 keystone': + dport: + - 5000 + - 13000 + - 35357 + - 13357 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + # NOTE: this applies to all 4 bind IP settings below... + keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} + keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} step_config: | include ::tripleo::profile::base::keystone + service_config_settings: + mysql: + keystone::db::mysql::password: {get_param: AdminToken} + keystone::db::mysql::user: keystone + keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + keystone::db::mysql::dbname: keystone + keystone::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/loadbalancer.yaml b/puppet/services/loadbalancer.yaml deleted file mode 100644 index 1b9654fc..00000000 --- a/puppet/services/loadbalancer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Loadbalancer service configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -outputs: - role_data: - description: Role data for the Loadbalancer role. - value: - step_config: | - include ::tripleo::profile::base::loadbalancer diff --git a/puppet/services/logging/fluentd-base.yaml b/puppet/services/logging/fluentd-base.yaml new file mode 100644 index 00000000..c8f67556 --- /dev/null +++ b/puppet/services/logging/fluentd-base.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: Fluentd base service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + +outputs: + role_data: + description: Role data for the Fluentd role. + value: + service_name: fluentd_base + config_settings: + fluentd::package_name: fluentd + fluentd::service_name: fluentd + fluentd::config_file: /etc/fluentd/fluent.conf + fluentd::config_owner: fluentd + fluentd::config_group: fluentd + fluentd::config_path: /etc/fluentd/config.d + fluentd::plugin_provider: yum + fluentd::service_provider: systemd + fluentd::repo_install: false diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml new file mode 100644 index 00000000..3ae7110f --- /dev/null +++ b/puppet/services/logging/fluentd-client.yaml @@ -0,0 +1,64 @@ +heat_template_version: 2016-10-14 + +description: Fluentd client configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + FluentdBase: + type: ./fluentd-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + + LoggingConfiguration: + type: OS::TripleO::LoggingConfiguration + +outputs: + role_data: + description: Role data for the Fluentd client role. + value: + service_name: fluentd_client + config_settings: + map_merge: + - get_attr: [FluentdBase, role_data, config_settings] + - tripleo::profile::base::logging::fluentd::fluentd_servers: + get_attr: [LoggingConfiguration, LoggingServers] + tripleo::profile::base::logging::fluentd::fluentd_filters: + yaql: + expression: > + $.data.filters.flatten().where($) + data: + filters: + - get_attr: [LoggingConfiguration, LoggingDefaultFilters] + - get_attr: [LoggingConfiguration, LoggingExtraFilters] + tripleo::profile::base::logging::fluentd::fluentd_pos_file_path: + get_attr: [LoggingConfiguration, LoggingPosFilePath] + tripleo::profile::base::logging::fluentd::fluentd_use_ssl: + get_attr: [LoggingConfiguration, LoggingUsesSSL] + tripleo::profile::base::logging::fluentd::fluentd_ssl_certificate: + get_attr: [LoggingConfiguration, LoggingSSLCertificate] + tripleo::profile::base::logging::fluentd::fluentd_ssl_key: + get_attr: [LoggingConfiguration, LoggingSSLKey] + tripleo::profile::base::logging::fluentd::fluentd_ssl_key_passphrase: + get_attr: [LoggingConfiguration, LoggingSSLKeyPassphrase] + tripleo::profile::base::logging::fluentd::fluentd_shared_key: + get_attr: [LoggingConfiguration, LoggingSharedKey] + step_config: | + include ::tripleo::profile::base::logging::fluentd diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml new file mode 100644 index 00000000..e051781e --- /dev/null +++ b/puppet/services/logging/fluentd-config.yaml @@ -0,0 +1,154 @@ +heat_template_version: 2016-10-14 + +description: Fluentd logging configuration + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + LoggingDefaultFormat: + description: > + Default format used to parse messages from log files. + type: string + default: >- + /(?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d+) + (?<pid>\d+) + (?<priority>\S+) + (?<message>.*)$/ + LoggingPosFilePath: + description: > + Directory in which to place fluentd pos_file files (used to track + file position for the 'tail' input type). + type: string + default: /var/cache/fluentd + LoggingDefaultGroups: + description: > + Make fluentd user a member of these groups. Only override this parameter + if you want to modify the default list of groups. Use + LoggingExtraGroups to add the fluentd user to additional groups. + type: comma_delimited_list + default: + - root + LoggingExtraGroups: + description: > + Make fluentd user a member of these groups (in addition to + LoggingDefaultGroups and the groups provided by individual + composable services). + type: comma_delimited_list + default: [] + LoggingServers: + description: | + A list of destinations to which fluentd will forward log messages. Expects + a list of dictionaries of the form: + + - host: loghost1.example.com + port: 24224 + - host: loghost2.example.com + port: 24224 + type: json + default: [] + LoggingDefaultFilters: + description: > + A list of fluentd default filters. This will be passed verbatim + to the 'filter' key of a fluentd::config resource. Only override this + if you do not want the default set of filters; use LoggingExtraFilters + if you just want to add additional servers. + type: json + default: + - tag_pattern: '**' + type: record_transformer + record: + nodename: '${hostname}' + + - tag_pattern: 'openstack.**' + type: record_transformer + record: + component: '${tag_parts[1]}' + LoggingExtraFilters: + description: > + A list of additional fluentd filters. This will be passed + verbatim to the 'filter' key of a fluentd::config resource. + type: json + default: [] + LoggingUsesSSL: + description: > + A boolean value indicating whether or not we should forward log messages + use the secure_forward plugin. + type: boolean + default: false + LoggingSSLCertificate: + description: > + PEM-encoded SSL CA certificate for fluentd. + type: string + default: "" + LoggingSSLKey: + description: > + PEM-encoded key for fluentd CA certificate (used by in_secure_forward). + type: string + default: "" + LoggingSSLKeyPassphrase: + description: > + Passphrase for LoggingSSLKey (used by in_secure_forward). + type: string + default: "" + LoggingSharedKey: + description: > + Shared secret for fluentd secure-forward plugin. + type: string + default: "" + LoggingDefaultSources: + description: > + A list of default logging sources for fluentd. You should only override + this parameter if you wish to disable the default logging sources. Use + LoggingExtraSources to define additional source configurations. + type: json + default: [] + LoggingExtraSources: + description: > + A list of additional logging sources for fluentd. These will be combined + with the LoggingDefaultSources and any logging sources defined by + composable services. + type: json + default: [] + +outputs: + LoggingDefaultFormat: + value: {get_param: LoggingDefaultFormat} + LoggingDefaultFilters: + value: {get_param: LoggingDefaultFilters} + LoggingExtraFilters: + value: {get_param: LoggingExtraFilters} + LoggingDefaultGroups: + value: {get_param: LoggingDefaultGroups} + LoggingExtraGroups: + value: {get_param: LoggingExtraGroups} + LoggingPosFilePath: + value: {get_param: LoggingPosFilePath} + LoggingSSLCertificate: + value: {get_param: LoggingSSLCertificate} + LoggingSSLKey: + value: {get_param: LoggingSSLKey} + LoggingSSLKeyPassphrase: + value: {get_param: LoggingSSLKeyPassphrase} + LoggingServers: + value: {get_param: LoggingServers} + LoggingSharedKey: + value: {get_param: LoggingSharedKey} + LoggingUsesSSL: + value: {get_param: LoggingUsesSSL} + LoggingDefaultSources: + value: {get_param: LoggingDefaultSources} + LoggingExtraSources: + value: {get_param: LoggingExtraSources} diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml new file mode 100644 index 00000000..4d3fd47c --- /dev/null +++ b/puppet/services/manila-api.yaml @@ -0,0 +1,82 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-api service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionManilaApi: + default: 'overcloud-manila-api' + type: string + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-api role. + value: + service_name: manila_api + monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi} + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::keystone::authtoken::password: {get_param: ManilaPassword} + manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + manila::keystone::authtoken::project_name: 'service' + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]} + manila::api::enable_proxy_headers_parsing: true + step_config: | + include ::tripleo::profile::base::manila::api + service_config_settings: + keystone: + manila::keystone::auth::tenant: 'service' + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} + manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::password: {get_param: ManilaPassword} + manila::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + manila::db::mysql::password: {get_param: ManilaPassword} + manila::db::mysql::user: manila + manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + manila::db::mysql::dbname: manila + manila::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml new file mode 100644 index 00000000..89a36d21 --- /dev/null +++ b/puppet/services/manila-backend-cephfs.yaml @@ -0,0 +1,61 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Manila Cephfs backend + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # CephFS Native backend params: + ManilaCephFSNativeEnableBackend: + type: boolean + default: false + ManilaCephFSNativeBackendName: + type: string + default: cephfsnative + ManilaCephFSNativeDriverHandlesShareServers: + type: boolean + default: false + ManilaCephFSNativeShareBackendName: + type: string + default: 'cephfs' + ManilaCephFSNativeCephFSConfPath: + type: string + default: '/etc/ceph/cephfs.conf' + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + ManilaCephFSNativeCephFSClusterName: + type: string + default: 'ceph' + ManilaCephFSNativeCephFSEnableSnapshots: + type: boolean + default: true + +outputs: + role_data: + description: Role data for the Manila Cephfs backend. + value: + service_name: manila_backend_cephfs + config_settings: + manila::backend::cephfsnative::enable_backend: {get_param: ManilaCephFSNativeEnableBackend} + manila::backend::cephfsnative::title: {get_param: ManilaCephFSNativeBackendName} + manila::backend::cephfsnative::driver_handles_share_servers: {get_param: ManilaCephFSNativeDriverHandlesShareServers} + manila::backend::cephfsnative::share_backend_name: {get_param: ManilaCephFSNativeShareBackendName} + manila::backend::cephfsnative::cephfs_conf_path: {get_param: ManilaCephFSNativeCephFSConfPath} + manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId} + manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} + manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} + step_config: diff --git a/puppet/services/manila-backend-generic.yaml b/puppet/services/manila-backend-generic.yaml new file mode 100644 index 00000000..5c001c82 --- /dev/null +++ b/puppet/services/manila-backend-generic.yaml @@ -0,0 +1,93 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Manila generic backend. + +parameters: + ManilaGenericEnableBackend: + type: boolean + default: false + ManilaGenericBackendName: + type: string + default: tripleo_generic + ManilaGenericDriverHandlesShareServers: + type: string + default: true + ManilaGenericSmbTemplateConfigPath: + type: string + default: '$state_path/smb.conf' + ManilaGenericVolumeNameTemplate: + type: string + default: 'manila-share-%s' + ManilaGenericVolumeSnapshotNameTemplate: + type: string + default: 'manila-snapshot-%s' + ManilaGenericShareMountPath: + type: string + default: '/shares' + ManilaGenericMaxTimeToCreateVolume: + type: string + default: '180' + ManilaGenericMaxTimeToAttach: + type: string + default: '120' + ManilaGenericServiceInstanceSmbConfigPath: + type: string + default: '$share_mount_path/smb.conf' + ManilaGenericShareVolumeFsType: + type: string + default: 'ext4' + ManilaGenericCinderVolumeType: + type: string + default: '' + ManilaServiceInstanceUser: + type: string + default: '' + ManilaServiceInstancePassword: #SET THIS via parameter_defaults + type: string + hidden: true + ManilaServiceInstanceFlavorId: + type: number + default: 1 + ManilaServiceNetworkCidr: + type: string + default: '172.16.0.0/16' + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Manila Generic backend. + value: + service_name: manila_backend_generic + config_settings: + manila_generic_enable_backend: {get_param: ManilaGenericEnableBackend} + manila::backend::generic::title: {get_param: ManilaGenericBackendName} + manila::backend::generic::driver_handles_share_servers: {get_param: ManilaGenericDriverHandlesShareServers} + manila::backend::generic::smb_template_config_path: {get_param: ManilaGenericSmbTemplateConfigPath} + manila::backend::generic::volume_name_template: {get_param: ManilaGenericVolumeNameTemplate} + manila::backend::generic::volume_snapshot_name_template: {get_param: ManilaGenericVolumeSnapshotNameTemplate} + manila::backend::generic::share_mount_path: {get_param: ManilaGenericShareMountPath} + manila::backend::generic::max_time_to_create_volume: {get_param: ManilaGenericMaxTimeToCreateVolume} + manila::backend::generic::max_time_to_attach: {get_param: ManilaGenericMaxTimeToAttach} + manila::backend::generic::service_instance_smb_config_path: {get_param: ManilaGenericServiceInstanceSmbConfigPath} + manila::backend::generic::share_volume_fstype: {get_param: ManilaGenericShareVolumeFsType} + manila::backend::generic::cinder_volume_type: {get_param: ManilaGenericCinderVolumeType} + manila::service_instance::service_instance_user: {get_param: ManilaServiceInstanceUser} + manila::service_instance::service_instance_password: {get_param: ManilaServiceInstancePassword} + manila::service_instance::service_instance_flavor_id: {get_param: ManilaServiceInstanceFlavorId} + manila::service_instance::service_network_cidr: {get_param: ManilaServiceNetworkCidr} + + step_config: diff --git a/puppet/services/manila-backend-netapp.yaml b/puppet/services/manila-backend-netapp.yaml new file mode 100644 index 00000000..c95a8da7 --- /dev/null +++ b/puppet/services/manila-backend-netapp.yaml @@ -0,0 +1,112 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Manila netapp backend. + +parameters: + ManilaNetappEnableBackend: + type: boolean + default: false + ManilaNetappDriverHandlesShareServers: + type: string + default: true + ManilaNetappBackendName: + type: string + default: tripleo_netapp + ManilaNetappLogin: + type: string + default: '' + ManilaNetappPassword: + type: string + default: '' + ManilaNetappServerHostname: + type: string + default: '' + ManilaNetappTransportType: + type: string + default: 'http' + ManilaNetappStorageFamily: + type: string + default: 'ontap_cluster' + ManilaNetappServerPort: + type: number + default: 80 + ManilaNetappVolumeNameTemplate: + type: string + default: 'share_%(share_id)s' + ManilaNetappVserver: + type: string + default: '' + ManilaNetappVserverNameTemplate: + type: string + default: 'os_%s' + ManilaNetappLifNameTemplate: + type: string + default: 'os_%(net_allocation_id)s' + ManilaNetappAggrNameSearchPattern: + type: string + default: '(.*)' + ManilaNetappRootVolumeAggr: + type: string + default: '' + ManilaNetappRootVolume: + type: string + default: 'root' + ManilaNetappPortNameSearchPattern: + type: string + default: '(.*)' + ManilaNetappTraceFlags: + type: string + default: '' + ManilaNetappEnabledShareProtocols: + type: string + default: 'nfs3, nfs4.0' + ManilaNetappVolumeSnapshotReservePercent: + type: number + default: 5 + ManilaNetappSnapmirrorQuiesceTimeout: + type: number + default: 3600 + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Manila Netapp backend. + value: + service_name: manila_backend_netapp + config_settings: + manila_netapp_enable_backend: {get_param: ManilaNetappEnableBackend} + manila::backend::netapp::title: {get_param: ManilaNetappBackendName} + manila::backend::netapp::netapp_login: {get_param: ManilaNetappLogin} + manila::backend::netapp::driver_handles_share_servers: {get_param: ManilaNetappDriverHandlesShareServers} + manila::backend::netapp::netapp_password: {get_param: ManilaNetappPassword} + manila::backend::netapp::netapp_server_hostname: {get_param: ManilaNetappServerHostname} + manila::backend::netapp::netapp_transport_type: {get_param: ManilaNetappTransportType} + manila::backend::netapp::netapp_storage_family: {get_param: ManilaNetappStorageFamily} + manila::backend::netapp::netapp_server_port: {get_param: ManilaNetappServerPort} + manila::backend::netapp::netapp_volume_name_template: {get_param: ManilaNetappVolumeNameTemplate} + manila::backend::netapp::netapp_vserver: {get_param: ManilaNetappVserver} + manila::backend::netapp::netapp_vserver_name_template: {get_param: ManilaNetappVserverNameTemplate} + manila::backend::netapp::netapp_lif_name_template: {get_param: ManilaNetappLifNameTemplate} + manila::backend::netapp::netapp_aggregate_name_search_pattern: {get_param: ManilaNetappAggrNameSearchPattern} + manila::backend::netapp::netapp_root_volume_aggregate: {get_param: ManilaNetappRootVolumeAggr} + manila::backend::netapp::netapp_root_volume: {get_param: ManilaNetappRootVolume} + manila::backend::netapp::netapp_port_name_search_pattern: {get_param: ManilaNetappPortNameSearchPattern} + manila::backend::netapp::netapp_trace_flags: {get_param: ManilaNetappTraceFlags} + manila::backend::netapp::netapp_enabled_share_protocols: {get_param: ManilaNetappEnabledShareProtocols} + manila::backend::netapp::netapp_volume_snapshot_reserve_percent: {get_param: ManilaNetappVolumeSnapshotReservePercent} + manila::backend::netapp::netapp_snapmirror_quiesce_timeout: {get_param: ManilaNetappSnapmirrorQuiesceTimeout} + step_config: diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml new file mode 100644 index 00000000..d228577a --- /dev/null +++ b/puppet/services/manila-base.yaml @@ -0,0 +1,56 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Manila base service. Shared by manila-api/scheduler/share services + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Role data for the Manila Base service. + value: + service_name: manila_base + config_settings: + manila::rabbit_userid: {get_param: RabbitUserName} + manila::rabbit_password: {get_param: RabbitPassword} + manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + manila::rabbit_port: {get_param: RabbitClientPort} + manila::debug: {get_param: Debug} + manila::db::database_db_max_retries: -1 + manila::db::database_max_retries: -1 diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml new file mode 100644 index 00000000..474cc24f --- /dev/null +++ b/puppet/services/manila-scheduler.yaml @@ -0,0 +1,70 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-scheduler service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaPassword: + type: string + description: The password for the nova service and db account, used by nova-api. + hidden: true + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true + MonitoringSubscriptionManilaScheduler: + default: 'overcloud-manila-scheduler' + type: string + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-scheduler role. + value: + service_name: manila_scheduler + monitoring_subscription: {get_param: MonitoringSubscriptionManilaScheduler} + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + manila::compute::nova::nova_admin_password: {get_param: NovaPassword} + manila::compute::nova::nova_admin_tenant_name: 'service' + manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]} + manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword} + manila::sql_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://manila:' + - {get_param: ManilaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/manila' + step_config: | + include ::tripleo::profile::base::manila::scheduler diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml new file mode 100644 index 00000000..e42d2fae --- /dev/null +++ b/puppet/services/manila-share.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-share service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionManilaShare: + default: 'overcloud-manila-share' + type: string + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-share role. + value: + service_name: manila_share + monitoring_subscription: {get_param: MonitoringSubscriptionManilaShare} + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::volume::cinder::cinder_admin_tenant_name: 'service' + step_config: | + include ::tripleo::profile::base::manila::share diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index fcd0adca..9e3f6375 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -4,16 +4,39 @@ description: > Memcached service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionMemcached: + default: 'overcloud-memcached' + type: string outputs: role_data: description: Role data for the Memcached role. value: + service_name: memcached + monitoring_subscription: {get_param: MonitoringSubscriptionMemcached} config_settings: + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]} + tripleo.memcached.firewall_rules: + '121 memcached': + dport: 11211 step_config: | include ::tripleo::profile::base::memcached diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml new file mode 100644 index 00000000..d7350d07 --- /dev/null +++ b/puppet/services/monitoring/sensu-base.yaml @@ -0,0 +1,68 @@ +heat_template_version: 2016-04-08 + +description: Sensu base service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + MonitoringRabbitHost: + description: RabbitMQ host Sensu has to connect to. + type: string + default: '' + MonitoringRabbitPort: + default: 5672 + description: Set RabbitMQ subscriber port, change this if using SSL. + type: number + MonitoringRabbitUseSSL: + default: false + description: > + RabbitMQ client subscriber parameter to specify an SSL connection + to the RabbitMQ host. + type: string + MonitoringRabbitPassword: + description: The RabbitMQ password used for monitoring purposes. + type: string + hidden: true + MonitoringRabbitUserName: + description: The RabbitMQ username used for monitoring purposes. + type: string + default: sensu + MonitoringRabbitVhost: + description: The RabbitMQ vhost used for monitoring purposes. + type: string + default: '/sensu' + + +outputs: + role_data: + description: Role data for the Sensu role. + value: + service_name: sensu_base + config_settings: + sensu::enterprise: false + sensu::enterprise_dashboard: false + sensu::install_repo: false + sensu::manage_user: false + sensu::rabbitmq_host: {get_param: MonitoringRabbitHost} + sensu::rabbitmq_password: {get_param: MonitoringRabbitPassword} + sensu::rabbitmq_port: {get_param: MonitoringRabbitPort} + sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL} + sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName} + sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost} + #sensu::redis_host: {get_param: MonitoringRedisHost} + #sensu::redis_password: {get_param: MonitoringRedisPassword} + sensu::sensu_plugin_provider: 'yum' + sensu::sensu_plugin_name: 'rubygem-sensu-plugin' + sensu::version: 'present' diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml new file mode 100644 index 00000000..3f37e750 --- /dev/null +++ b/puppet/services/monitoring/sensu-client.yaml @@ -0,0 +1,49 @@ +heat_template_version: 2016-04-08 + +description: Sensu client configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SensuClientCustomConfig: + default: {} + description: Hash containing custom sensu-client variables. + type: json + label: Custom configuration for Sensu Client variables + +resources: + SensuBase: + type: ./sensu-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sensu client role. + value: + service_name: sensu_client + monitoring_subscription: all + config_settings: + map_merge: + - get_attr: [SensuBase, role_data, config_settings] + - sensu::api: false + sensu::client: true + sensu::server: false + sensu::client_custom: {get_param: SensuClientCustomConfig} + step_config: | + include ::tripleo::profile::base::monitoring::sensu diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml new file mode 100644 index 00000000..1c2331fa --- /dev/null +++ b/puppet/services/network/contrail-analytics.yaml @@ -0,0 +1,90 @@ +heat_template_version: 2016-04-08 + +description: > + Contrail Analytics service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configures Contrail Analytics. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ContrailAnalyticsHostIP: + description: host IP address of Analytics + type: string + ContrailAnalyticsRedisServerIp: + description: Redis server ip address + type: string + ContrailAnalyticsCollectorServerHttpPort: + description: Collector http port + type: number + default: 8089 + ContrailAnalyticsCollectorSandeshPort: + description: Collector sandesh port + type: number + default: 8086 + ContrailAnalyticsHttpServerPort: + description: Analytics http port + type: number + default: 8090 + ContrailAnalyticsListenAddress: + default: '0.0.0.0' + description: IP address Config API is listening on + type: string + ContrailAnalyticsListenPort: + default: 8082 + description: Port Config API is listening on + type: number + ContrailAnalyticsRedisServerPort: + description: Redis server port + type: number + default: 6379 + ContrailAnalyticsRestApiIp: + description: IP address Analytics rest interface listens on + type: string + default: '0.0.0.0' + ContrailAnalyticsRestApiPort: + description: Analytics rest port + type: number + default: 8081 + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role Contrail Analytics using composable services. + value: + service_name: contrail_analytics + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorServerHttpPort} + contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandeshPort} + contrail::analytics::host_ip: {get_param: ContrailAnalyticsHostIP} + contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttpServerPort} + contrail::analytics::listen_ip_address: {get_param: ContrailAnalyticsListenAddress} + contrail::analytics::listen_port: {get_param: ContrailAnalyticsListenPort} + contrail::analytics::redis_server: {get_param: ContrailAnalyticsRedisServerIp} + contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedisServerPort} + contrail::analytics::rest_api_ip: {get_param: ContrailAnalyticsRestApiIp} + contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsRestApiPort} + step_config: | + include ::tripleo::network::contrail::analytics diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml new file mode 100644 index 00000000..03dbea5b --- /dev/null +++ b/puppet/services/network/contrail-base.yaml @@ -0,0 +1,100 @@ +heat_template_version: 2016-04-08 + +description: > + Base parameters for all Contrail Services. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AdminPassword: + description: Keystone admin user password + type: string + AdminTenantName: + description: Keystone admin tenant name + type: string + AdminToken: + description: Keystone admin token + type: string + AdminUser: + description: Keystone admin user name + type: string + AuthHost: + description: Keystone host IP address + type: string + AuthPort: + default: 35357 + description: Keystone port + type: number + AuthProtocol: + default: 'http' + description: Keystone authentication protocol + type: string + ContrailDiscoveryServerIp: + description: Discovery server ip address + type: string + ContrailKafkaBrokerList: + description: List of kafka servers + type: comma_delimited_list + ContrailAuth: + default: 'keystone' + description: Keystone authentication method + type: string + ContrailCassandraServerList: + default: [] + description: List of cassandra servers + type: comma_delimited_list + ContrailDiscoveryServerPort: + description: Discovery server port + type: number + default: 5998 + ContrailInsecure: + default: false + description: Keystone insecure mode + type: boolean + ContrailMemcachedServer: + default: '127.0.0.1:12111' + description: Memcached server + type: string + ContrailMultiTenancy: + default: true + description: Turn on/off multi-tenancy + type: boolean + ContrailZkServerIp: + default: [] + description: List of zookeeper servers + type: comma_delimited_list + +outputs: + role_data: + description: Shared role data for the Contrail services. + value: + service_name: contrail_base + config_settings: + contrail::admin_password: {get_param: AdminPassword} + contrail::admin_tenant_name: {get_param: AdminTenantName} + contrail::admin_token: {get_param: AdminToken} + contrail::admin_user: {get_param: AdminUser} + contrail::auth_host: {get_param: [EndpointMap, KeystoneInternal, host] } + contrail::auth_port: {get_param: [EndpointMap, KeystoneInternal, port] } + contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] } + contrail::disc_server_ip: {get_param: ContrailDiscoveryServerIp} + contrail::kafka_broker_list: {get_param: ContrailKafkaBrokerList} + contrail::auth: {get_param: ContrailAuth} + contrail::cassandra_server_list: {get_param: ContrailCassandraServerList} + contrail::disc_server_port: {get_param: ContrailDiscoveryServerPort} + contrail::insecure: {get_param: ContrailInsecure} + contrail::memcached_server: {get_param: ContrailMemcachedServer} + contrail::multi_tenancy: {get_param: ContrailMultiTenancy} + contrail::zk_server_ip: {get_param: ContrailZkServerIp} diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml new file mode 100644 index 00000000..0987fc75 --- /dev/null +++ b/puppet/services/network/contrail-config.yaml @@ -0,0 +1,72 @@ +heat_template_version: 2016-04-08 + +description: > + Contrail Config service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configures Contrail Config. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ContrailConfigIfmapServerIp: + description: Ifmap server ip address + type: string + ContrailConfigIfmapUserName: + description: Ifmap user name + type: string + ContrailConfigIfmapUserPassword: + description: Ifmap user password + type: string + ContrailConfigRabbitServerIp: + description: RabbitMq server ip address + type: string + ContrailConfigRedisServerIp: + description: Redis server ip address + type: string + ContrailConfigListenAddress: + default: '0.0.0.0' + description: IP address Config API is listening on + type: string + ContrailConfigListenPort: + default: 8082 + description: Port Config API is listening on + type: number + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role Contrail Config using composable services. + value: + service_name: contrail_config + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword} + contrail::config::ifmap_server_ip: {get_param: ContrailConfigIfmapServerIp} + contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName} + contrail::config::listen_ip_address: {get_param: ContrailConfigListenAddress} + contrail::config::listen_port: {get_param: ContrailConfigListenPort} + contrail::config::rabbit_server: {get_param: ContrailConfigRabbitServerIp} + contrail::config::redis_server: {get_param: ContrailConfigRedisServerIp} + step_config: | + include ::tripleo::network::contrail::config diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml new file mode 100644 index 00000000..9356e9e9 --- /dev/null +++ b/puppet/services/network/contrail-control.yaml @@ -0,0 +1,54 @@ +heat_template_version: 2016-04-08 + +description: > + Contrail Control service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configures Contrail Control. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ContrailControlHostIP: + description: host IP address of Analytics + type: string + ContrailControlIfmapUserName: + description: Ifmap user name + type: string + ContrailControlIfmapUserPassword: + description: Ifmap user password + type: string + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role Contrail Control using composable services. + value: + service_name: contrail_control + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::control::host_ip: {get_param: ContrailControlHostIP} + contrail::control::ifmap_username: {get_param: ContrailControlIfmapUserName} + contrail::control::ifmap_password: {get_param: ContrailControlIfmapUserPassword} + step_config: | + include ::tripleo::network::contrail::control diff --git a/puppet/services/network/contrail-database.yaml b/puppet/services/network/contrail-database.yaml new file mode 100644 index 00000000..e5712618 --- /dev/null +++ b/puppet/services/network/contrail-database.yaml @@ -0,0 +1,51 @@ +heat_template_version: 2016-04-08 + +description: > + Contrail Database service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configures Contrail Database. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ContrailDatabaseHostIP: + description: host IP address of Database node + type: string + ContrailDatabaseMinDisk: + description: Minimum disk size for database + type: number + default: 64 + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role Contrail Database using composable services. + value: + service_name: contrail_database + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::database::host_ip: {get_param: ContrailDatabaseHostIP} + contrail::database::minimum_diskGB: {get_param: ContrailDatabaseMinDisk} + step_config: | + include ::tripleo::profile::contrail::database diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml new file mode 100644 index 00000000..72b9e1c0 --- /dev/null +++ b/puppet/services/network/contrail-webui.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2016-04-08 + +description: > + Contrail WebUI service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configures Contrail WebUI. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ContrailWebUiAnalyticsVip: + description: Contrail Analytics VIP + type: string + ContrailWebUiConfigVip: + description: Contrail Config VIP + type: string + ContrailWebUiNeutronVip: + description: Neutron VIP + type: string + ContrailWebuiHttpPort: + default: 8080 + description: HTTP Port of Webui + type: number + ContrailWebuiHttpsPort: + default: 8143 + description: HTTPS Port of Webui + type: number + ContrailWebUiRedisIp: + description: Redis IP + type: string + default: '127.0.0.1' + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role Contrail WebUI using composable services. + value: + service_name: contrail_webui + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::webui::contrail_analytics_vip: {get_param: ContrailWebUiAnalyticsVip} + contrail::webui::contrail_config_vip: {get_param: ContrailWebUiConfigVip} + contrail::webui::contrail_webui_http_port: {get_param: ContrailWebuiHttpPort} + contrail::webui::contrail_webui_https_port: {get_param: ContrailWebuiHttpsPort} + contrail::webui::neutron_vip: {get_param: ContrailWebUiNeutronVip} + contrail::webui::redis_ip: {get_param: ContrailWebUiRedisIp} + step_config: | + include ::tripleo::network::contrail::webui diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml new file mode 100644 index 00000000..3b531ab3 --- /dev/null +++ b/puppet/services/neutron-api.yaml @@ -0,0 +1,182 @@ +heat_template_version: 2016-10-14 + +description: > + OpenStack Neutron Server configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronWorkers: + default: '' + description: | + Sets the number of API and RPC workers for the Neutron service. The + default value results in the configuration being left unset and a + system-dependent default will be chosen (usually the number of + processors). Please note that this can result in a large number of + processes and memory consumption on systems with a large core count. On + such systems it is recommended that a non-default value be selected that + matches the load requirements. + type: string + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true + NeutronEnableDVR: + description: Enable Neutron DVR. + default: false + type: boolean + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionNeutronServer: + default: 'overcloud-neutron-server' + type: string + NeutronApiLoggingSource: + type: json + default: + tag: openstack.neutron.api + path: /var/log/neutron/server.log + ControllerCount: + description: | + Under normal conditions, this should not be overridden manually and is + set at deployment time. The default value is present to allow the + template to be used in environments that do not override it. + default: 1 + type: number + + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Ocata cycle. + NeutronL3HA: + default: false + description: | + Whether to enable HA for virtual routers. While the default value is + 'false', L3 HA will be automatically enabled if the number of nodes + hosting controller configurations and DVR is disabled. This parameter is + being deprecated in Newton and is scheduled to be removed in Ocata. + Future releases will enable L3 HA by default if it is appropriate for the + deployment type. Alternate mechanisms will be available to override. + type: boolean + +parameter_groups: +- label: deprecated + description: | + The following parameters are deprecated and will be removed. They should not + be relied on for new deployments. If you have concerns regarding deprecated + parameters, please contact the TripleO development team on IRC or the + OpenStack mailing list. + parameters: + - NeutronL3HA + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +conditions: + + auto_enable_l3_ha: + and: + - not: + equals: + - get_param: ControllerCount + - 1 + - equals: + - get_param: NeutronEnableDVR + - false + +outputs: + role_data: + description: Role data for the Neutron Server agent service. + value: + service_name: neutron_api + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer} + logging_source: {get_param: NeutronApiLoggingSource} + logging_groups: + - neutron + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::server::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://neutron:' + - {get_param: NeutronPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ovs_neutron' + neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + neutron::server::api_workers: {get_param: NeutronWorkers} + neutron::server::rpc_workers: {get_param: NeutronWorkers} + neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} + neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]} + neutron::keystone::authtoken::password: {get_param: NeutronPassword} + + neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } + neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } + neutron::server::notifications::tenant_name: 'service' + neutron::server::notifications::project_name: 'service' + neutron::server::notifications::password: {get_param: NovaPassword} + neutron::keystone::authtoken::project_name: 'service' + neutron::server::sync_db: true + tripleo.neutron_server.firewall_rules: + '114 neutron server': + dport: + - 9696 + - 13696 + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '106 vrrp': + proto: vrrp + neutron::server::router_distributed: {get_param: NeutronEnableDVR} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} + step_config: | + include tripleo::profile::base::neutron::server + service_config_settings: + keystone: + neutron::keystone::auth::tenant: 'service' + neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} + neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron::keystone::auth::password: {get_param: NeutronPassword} + neutron::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + neutron::db::mysql::password: {get_param: NeutronPassword} + neutron::db::mysql::user: neutron + neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + neutron::db::mysql::dbname: ovs_neutron + neutron::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index b34bdd22..32d50d41 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -26,19 +26,77 @@ parameters: type: number default: 3 description: The number of neutron dhcp agents to schedule per network + NeutronCorePlugin: + default: 'ml2' + description: | + The core plugin for Neutron. The value should be the entrypoint to be loaded + from neutron.core_plugins namespace. + type: string + NeutronServicePlugins: + default: "router,qos" + description: | + Comma-separated list of service plugin entrypoints to be loaded from the + neutron.service_plugins namespace. + type: comma_delimited_list Debug: type: string default: '' description: Set to True to enable debugging on all services. + EnableConfigPurge: + type: boolean + default: true + description: > + Remove configuration that is not generated by TripleO. Setting + to false may result in configuration remnants after updates/upgrades. + NeutronGlobalPhysnetMtu: + type: number + default: 1496 + description: | + MTU of the underlying physical network. Neutron uses this value to + calculate MTU for all virtual network components. For flat and VLAN + networks, neutron uses this value without modification. For overlay + networks such as VXLAN, neutron automatically subtracts the overlay + protocol overhead from this value. The default value of 1496 is + currently in effect to compensate for some additional overhead when + deploying with some network configurations (e.g. network isolation over + single network interfaces) + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json outputs: role_data: description: Role data for the Neutron base service. value: + service_name: neutron_base config_settings: neutron::rabbit_password: {get_param: RabbitPassword} neutron::rabbit_user: {get_param: RabbitUserName} neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL} neutron::rabbit_port: {get_param: RabbitClientPort} neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} + neutron::core_plugin: {get_param: NeutronCorePlugin} + neutron::service_plugins: + str_replace: + template: PLUGINS + params: + PLUGINS: {get_param: NeutronServicePlugins} neutron::debug: {get_param: Debug} + neutron::purge_config: {get_param: EnableConfigPurge} + neutron::allow_overlapping_ips: true + neutron::rabbit_heartbeat_timeout_threshold: 60 + neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed + neutron::db::database_db_max_retries: -1 + neutron::db::database_max_retries: -1 + neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} diff --git a/puppet/services/neutron-compute-plugin-midonet.yaml b/puppet/services/neutron-compute-plugin-midonet.yaml new file mode 100644 index 00000000..26b6fa6b --- /dev/null +++ b/puppet/services/neutron-compute-plugin-midonet.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute Midonet plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Neutron Compute Plumgrid plugin + value: + service_name: neutron_compute_plugin_midonet + config_settings: + step_config: | + include ::tripleo::profile::base::neutron::agents::midonet diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml new file mode 100644 index 00000000..c4f8ad12 --- /dev/null +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -0,0 +1,36 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute Nuage plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaPassword: + description: The password for the nova service account, used by nova-api. + type: string + hidden: true + +outputs: + role_data: + description: Role data for the Neutron Compute Nuage plugin + value: + service_name: neutron_compute_plugin_nuage + config_settings: + tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service' + tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword} + tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]} + step_config: | + include ::tripleo::profile::base::neutron::agents::nuage diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/puppet/services/neutron-compute-plugin-opencontrail.yaml new file mode 100644 index 00000000..9f2fd13c --- /dev/null +++ b/puppet/services/neutron-compute-plugin-opencontrail.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute OpenContrail plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Neutron Compute OpenContrail plugin + value: + service_name: neutron_compute_plugin_opencontrail + config_settings: + step_config: | + include ::tripleo::profile::base::neutron::opencontrail::vrouter diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml new file mode 100644 index 00000000..95e05dd4 --- /dev/null +++ b/puppet/services/neutron-compute-plugin-ovn.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute OVN agent + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + OVNDbHost: + description: IP address on which the OVN DB servers are listening + type: string + OVNSouthboundServerPort: + description: Port of the Southbound DB Server + type: number + default: 6642 + OVNTunnelEncapType: + description: Tunnel encapsulation type + type: string + default: geneve + + +outputs: + role_data: + description: Role data for the Neutron Compute OVN agent + value: + service_name: neutron_compute_plugin_ovn + config_settings: + tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: OVNDbHost} + ovn::southbound::port: {get_param: OVNSouthboundServerPort} + ovn::southbound::encap_type: {get_param: OVNTunnelEncapType} + ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} + step_config: | + include ::tripleo::profile::base::neutron::agents::ovn diff --git a/puppet/services/neutron-compute-plugin-plumgrid.yaml b/puppet/services/neutron-compute-plugin-plumgrid.yaml new file mode 100644 index 00000000..31a0a08b --- /dev/null +++ b/puppet/services/neutron-compute-plugin-plumgrid.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute Plumgrid plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Neutron Compute Plumgrid plugin + value: + service_name: neutron_compute_plugin_plumgrid + config_settings: + step_config: | + include tripleo::profile::base::neutron::plumgrid diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 80ccf1c2..2cd08f98 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -4,50 +4,73 @@ description: > OpenStack Neutron DHCP agent configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + NeutronEnableMetadataNetwork: + default: false + description: If True, DHCP provide metadata network. Requires either + IsolatedMetadata or ForceMetadata parameters to also be True. + type: boolean NeutronEnableIsolatedMetadata: - default: 'False' + default: false description: If True, DHCP provide metadata route to VM. + type: boolean + NeutronEnableForceMetadata: + default: false + description: If True, DHCP always provides metadata route to VM. + type: boolean + MonitoringSubscriptionNeutronDhcp: + default: 'overcloud-neutron-dhcp' type: string - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,%MTU%' - description: > - Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU - to be set to the value of NeutronTenantMtu, which should be set to account - for tunnel overhead. - type: string - NeutronTenantMtu: - description: > - The default MTU for tenant networks. For VXLAN/GRE tunneling, this should - be at least 50 bytes smaller than the MTU on the physical network. This - value will be used to set the MTU on the virtual Ethernet device. - This value will be used to construct the NeutronDnsmasqOptions, since that - will determine the MTU that is assigned to the VM host through DHCP. - default: "1400" - type: string + NeutronDhcpAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.dhcp + path: /var/log/neutron/dhcp-agent.log resources: NeutronBase: type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Neutron DHCP agent service. value: + service_name: neutron_dhcp + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp} + logging_source: {get_param: NeutronDhcpAgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf - tripleo::profile::base::neutron::dhcp: - str_replace: - template: {get_param: NeutronDnsmasqOptions} - params: - '%MTU%': {get_param: NeutronTenantMtu} - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata} + neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork} + tripleo.neutron_dhcp.firewall_rules: + '115 neutron dhcp input': + proto: 'udp' + dport: 67 + '116 neutron dhcp output': + proto: 'udp' + chain: 'OUTPUT' + dport: 68 step_config: | include tripleo::profile::base::neutron::dhcp diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml new file mode 100644 index 00000000..b6c29116 --- /dev/null +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -0,0 +1,62 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron L3 agent for DVR enabled compute nodes + configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + type: string + default: '' + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. + type: string + default: 'br-ex' + MonitoringSubscriptionNeutronL3Dvr: + default: 'overcloud-neutron-l3-dvr' + type: string + NeutronL3ComputeAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.l3-compute + path: /var/log/neutron/l3-agent.log + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for DVR L3 Agent on Compute Nodes + value: + service_name: neutron_l3_compute_dvr + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3Dvr} + logging_source: {get_param: NeutronL3ComputeAgentLoggingSource} + logging_groups: + - neutron + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} + neutron::agents::l3::agent_mode : 'dvr' + step_config: | + include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 20c82dc1..9e223374 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -4,6 +4,15 @@ description: > OpenStack Neutron L3 agent configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -16,19 +25,47 @@ parameters: description: Name of bridge used for external network traffic. type: string default: 'br-ex' + NeutronL3AgentMode: + description: | + Agent mode for L3 agent. Must be one of legacy or dvr_snat. + default: 'legacy' + type: string + constraints: + - allowed_values: + - legacy + - dvr_snat + MonitoringSubscriptionNeutronL3: + default: 'overcloud-neutron-l3-agent' + type: string + NeutronL3AgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.l3 + path: /var/log/neutron/l3-agent.log resources: NeutronBase: type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Neutron L3 agent service. value: + service_name: neutron_l3 + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3} + logging_source: {get_param: NeutronL3AgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} + neutron::agents::l3::router_delete_namespaces: True + neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode} step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index e221b3a1..8be4c6d6 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -4,6 +4,15 @@ description: > OpenStack Neutron Metadata agent configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -14,23 +23,47 @@ parameters: type: string hidden: true NeutronWorkers: - default: 0 - description: Number of workers for Neutron service. - type: number + default: '' + description: | + Sets the number of worker processes for the neutron metadata agent. The + default value results in the configuration being left unset and a + system-dependent default will be chosen (usually the number of + processors). Please note that this can result in a large number of + processes and memory consumption on systems with a large core count. On + such systems it is recommended that a non-default value be selected that + matches the load requirements. + type: string NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true + MonitoringSubscriptionNeutronMetadata: + default: 'overcloud-neutron-metadata' + type: string + NeutronMetadataAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.metadata + path: /var/log/neutron/metadata-agent.log resources: NeutronBase: type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Neutron Metadata agent service. value: + service_name: neutron_metadata + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata} + logging_source: {get_param: NeutronMetadataAgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -38,5 +71,7 @@ outputs: neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + neutron::agents::metadata::auth_tenant: 'service' + neutron::agents::metadata::metadata_ip: '"%{hiera(\"nova_metadata_vip\")}"' step_config: | include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml new file mode 100644 index 00000000..0de256c0 --- /dev/null +++ b/puppet/services/neutron-midonet.yaml @@ -0,0 +1,62 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Midonet plugin and services + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + AdminToken: + description: The keystone auth secret and db password. + type: string + hidden: true + EnableZookeeperOnController: + label: Enable Zookeeper On Controller + description: 'Whether enable Zookeeper cluster on Controller' + type: boolean + default: false + EnableCassandraOnController: + label: Enable Cassandra On Controller + description: 'Whether enable Cassandra cluster on Controller' + type: boolean + default: false + MonitoringSubscriptionNeutronMidonet: + default: 'overcloud-neutron-midonet' + type: string + +outputs: + role_data: + description: Role data for the Neutron Midonet plugin and services + value: + service_name: neutron_midonet + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMidonet} + config_settings: + tripleo::profile::base::neutron::midonet::admin_password: {get_param: AdminPassword} + tripleo::profile::base::neutron::midonet::keystone_admin_token: {get_param: AdminToken} + tripleo::profile::base::neutron::midonet::neutron_auth_password: {get_param: NeutronPassword} + tripleo::profile::base::neutron::midonet::zk_on_controller: {get_param: EnableZookeeperOnController} + tripleo::profile::base::neutron::midonet::neutron_auth_tenant: 'service' + enable_cassandra_on_controller: {get_param: EnableCassandraOnController} + neutron::service_plugins: [] + step_config: | + include tripleo::profile::base::neutron::plugins::midonet diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml new file mode 100644 index 00000000..cbe65638 --- /dev/null +++ b/puppet/services/neutron-ovs-agent.yaml @@ -0,0 +1,121 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron OVS agent configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: comma_delimited_list + default: "datacentre:br-ex" + NeutronTunnelTypes: + default: 'vxlan' + description: | + The tunnel types for the Neutron tenant network. + type: comma_delimited_list + NeutronAgentExtensions: + default: "qos" + description: | + Comma-separated list of extensions enabled for the Neutron agents. + type: comma_delimited_list + NeutronEnableDVR: + default: False + description: | + Enable support for distributed routing in the OVS Agent. + type: boolean + NeutronEnableARPResponder: + default: false + description: | + Enable ARP responder feature in the OVS Agent. + type: boolean + MonitoringSubscriptionNeutronOvs: + default: 'overcloud-neutron-ovs-agent' + type: string + NeutronOVSFirewallDriver: + default: '' + description: | + Configure the classname of the firewall driver to use for implementing + security groups. Possible values depend on system configuration. Some + examples are: noop, openvswitch, iptables_hybrid. The default value of an + empty string will result in a default supported configuration. + type: string + NeutronOpenVswitchAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.openvswitch + path: /var/log/neutron/openvswitch-agent.log + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron OVS agent service. + value: + service_name: neutron_ovs_agent + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs} + logging_source: {get_param: NeutronOpenVswitchAgentLoggingSource} + logging_groups: + - neutron + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} + neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} + neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder} + neutron::agents::ml2::ovs::bridge_mappings: + str_replace: + template: MAPPINGS + params: + MAPPINGS: {get_param: NeutronBridgeMappings} + neutron::agents::ml2::ovs::tunnel_types: + str_replace: + template: TYPES + params: + TYPES: {get_param: NeutronTunnelTypes} + neutron::agents::ml2::ovs::extensions: + str_replace: + template: AGENT_EXTENSIONS + params: + AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} + step_config: | + include ::tripleo::profile::base::neutron::ovs diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml new file mode 100644 index 00000000..cc772c9d --- /dev/null +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -0,0 +1,75 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron OVS DPDK configured with Puppet for Compute Role + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronDpdkCoreList: + description: List of cores to be used for DPDK Poll Mode Driver + type: string + constraints: + - allowed_pattern: "[0-9,-]+" + NeutronDpdkMemoryChannels: + description: Number of memory channels to be used for DPDK + type: string + constraints: + - allowed_pattern: "[0-9]+" + NeutronDpdkSocketMemory: + default: "" + description: Memory allocated for each socket + type: string + NeutronDpdkDriverType: + default: "vfio-pci" + description: DPDK Driver type + type: string + # below parameters has to be set in neutron agent only for compute nodes. + # as of now there is no other usecase for these parameters except dpdk. + # should be moved to compute only ovs agent in case of any other usecases. + NeutronDatapathType: + default: "" + description: Datapath type for ovs bridges + type: string + NeutronVhostuserSocketDir: + default: "" + description: The vhost-user socket directory for OVS + type: string + +resources: + + NeutronOvsAgent: + type: ./neutron-ovs-agent.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron OVS DPDK Agent service. + value: + service_name: neutron_ovs_dpdk_agent + config_settings: + map_merge: + - get_attr: [NeutronOvsAgent, role_data, config_settings] + - neutron::agents::ml2::ovs::enable_dpdk: true + neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType} + neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir} + vswitch::dpdk::core_list: {get_param: NeutronDpdkCoreList} + vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels} + vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory} + vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType} + step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml new file mode 100644 index 00000000..e98ed497 --- /dev/null +++ b/puppet/services/neutron-plugin-ml2-ovn.yaml @@ -0,0 +1,79 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron ML2/OVN plugin configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + OVNDbHost: + description: IP address on which the OVN DB servers are listening + type: string + OVNNorthboundServerPort: + description: Port of the OVN Northbound DB server + type: number + default: 6641 + OVNDbConnectionTimeout: + description: Timeout in seconds for the OVSDB connection transaction + type: number + default: 60 + OVNVifType: + description: Type of VIF to be used for ports + type: string + default: ovs + constraints: + - allowed_values: + - ovs + - vhostuser + OVNNeutronSyncMode: + description: The synchronization mode of OVN with Neutron DB + type: string + default: log + constraints: + - allowed_values: + - log + - off + - repair + OVNQosDriver: + description: OVN notification driver for Neutron QOS service plugin + type: string + default: NULL + +resources: + + NeutronMl2Base: + type: ./neutron-plugin-ml2.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron ML2/OVN plugin. + value: + service_name: neutron_plugin_ml2_ovn + config_settings: + map_merge: + - get_attr: [NeutronMl2Base, role_data, config_settings] + - ovn::northbound::port: {get_param: OVNNorthboundServerPort} + tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_db_host: {get_param: OVNDbHost} + neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} + neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} + neutron::plugins::ovn::ovn_l3_mode: true + neutron::plugins::ovn::vif_type: {get_param: OVNVifType} + neutron::server::qos_notification_drivers: {get_param: OVNQosDriver} + step_config: | + include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml new file mode 100644 index 00000000..17e8bca1 --- /dev/null +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -0,0 +1,129 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron ML2 Plugin configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. + type: comma_delimited_list + NeutronTypeDrivers: + default: "vxlan,vlan,flat,gre" + description: | + Comma-separated list of network type driver entrypoints to be loaded. + type: comma_delimited_list + NeutronFlatNetworks: + type: comma_delimited_list + default: 'datacentre' + description: If set, flat networks to configure in neutron plugins. + NeutronPluginExtensions: + default: "qos,port_security,trunk" + description: | + Comma-separated list of extensions enabled for the Neutron plugin. + type: comma_delimited_list + NeutronNetworkVLANRanges: + default: 'datacentre:1:1000' + description: > + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + type: comma_delimited_list + NeutronTunnelIdRanges: + description: | + Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges + of GRE tunnel IDs that are available for tenant network allocation + default: ["1:4094", ] + type: comma_delimited_list + NeutronVniRanges: + description: | + Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges + of VXLAN VNI IDs that are available for tenant network allocation + default: ["1:4094", ] + type: comma_delimited_list + NeutronNetworkType: + default: 'vxlan' + description: The tenant network type for Neutron. + type: comma_delimited_list + NeutronSupportedPCIVendorDevs: + description: | + List of supported pci vendor devices in the format VendorID:ProductID. + By default Intel & Mellanox SR-IOV capable NICs are supported. + type: comma_delimited_list + default: ['15b3:1004','8086:10ca'] +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron ML2 plugin. + value: + service_name: neutron_plugin_ml2 + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::plugins::ml2::mechanism_drivers: + str_replace: + template: MECHANISMS + params: + MECHANISMS: {get_param: NeutronMechanismDrivers} + neutron::plugins::ml2::type_drivers: + str_replace: + template: DRIVERS + params: + DRIVERS: {get_param: NeutronTypeDrivers} + neutron::plugins::ml2::flat_networks: + str_replace: + template: NETWORKS + params: + NETWORKS: {get_param: NeutronFlatNetworks} + neutron::plugins::ml2::extension_drivers: + str_replace: + template: PLUGIN_EXTENSIONS + params: + PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions} + neutron::plugins::ml2::network_vlan_ranges: + str_replace: + template: RANGES + params: + RANGES: {get_param: NeutronNetworkVLANRanges} + neutron::plugins::ml2::tunnel_id_ranges: + str_replace: + template: RANGES + params: + RANGES: {get_param: NeutronTunnelIdRanges} + neutron::plugins::ml2::vni_ranges: + str_replace: + template: RANGES + params: + RANGES: {get_param: NeutronVniRanges} + neutron::plugins::ml2::tenant_network_types: + str_replace: + template: TYPES + params: + TYPES: {get_param: NeutronNetworkType} + neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs} + + step_config: | + include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml new file mode 100644 index 00000000..838ec5ea --- /dev/null +++ b/puppet/services/neutron-plugin-nuage.yaml @@ -0,0 +1,89 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Nuage plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # Config specific parameters, to be provided via parameter_defaults + NeutronNuageOSControllerIp: + description: IP address of the OpenStack Controller + type: string + + NeutronNuageNetPartitionName: + description: Specifies the title that you will see on the VSD + type: string + default: 'default_name' + + NeutronNuageVSDIp: + description: IP address and port of the Virtual Services Directory + type: string + + NeutronNuageVSDUsername: + description: Username to be used to log into VSD + type: string + + NeutronNuageVSDPassword: + description: Password to be used to log into VSD + type: string + + NeutronNuageVSDOrganization: + description: Organization parameter required to log into VSD + type: string + default: 'organization' + + NeutronNuageBaseURIVersion: + description: URI version to be used based on the VSD release + type: string + default: 'default_uri_version' + + NeutronNuageCMSId: + description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD + type: string + + UseForwardedFor: + description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. + type: boolean + default: false + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Nuage plugin + value: + service_name: neutron_plugin_nuage + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::plugins::nuage::nuage_oscontroller_ip: {get_param: NeutronNuageOSControllerIp} + neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName} + neutron::plugins::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp} + neutron::plugins::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername} + neutron::plugins::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword} + neutron::plugins::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization} + neutron::plugins::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion} + neutron::plugins::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId} + nova::api::use_forwarded_for: {get_param: UseForwardedFor} + step_config: | + include tripleo::profile::base::neutron::plugins::nuage diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml new file mode 100644 index 00000000..4e294965 --- /dev/null +++ b/puppet/services/neutron-plugin-opencontrail.yaml @@ -0,0 +1,74 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Opencontrail plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + AdminToken: + description: The keystone auth secret and db password. + type: string + hidden: true + ContrailApiServerIp: + description: IP address of the OpenContrail API server + type: string + ContrailApiServerPort: + description: Port of the OpenContrail API + type: string + default: 8082 + ContrailMultiTenancy: + description: Whether to enable multi tenancy + type: boolean + default: false + ContrailExtensions: + description: List of OpenContrail extensions to be enabled + type: comma_delimited_list + default: '' + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Opencontrail plugin + value: + service_name: neutron_plugin_opencontrail + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + + neutron::plugins::opencontrail::api_server_ip: {get_param: ContrailApiServerIp} + neutron::plugins::opencontrail::api_server_port: {get_param: ContrailApiServerPort} + neutron::plugins::opencontrail::multi_tenancy: {get_param: ContrailMultiTenancy} + neutron::plugins::opencontrail::contrail_extensions: {get_param: ContrailExtensions} + neutron::plugins::opencontrail::keystone_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] } + neutron::plugins::opencontrail::keystone_admin_user: admin + neutron::plugins::opencontrail::keystone_admin_tenant_name: admin + neutron::plugins::opencontrail::keystone_admin_password: {get_param: AdminPassword} + neutron::plugins::opencontrail::keystone_admin_token: {get_param: AdminToken} + step_config: | + include tripleo::profile::base::neutron::plugins::opencontrail diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml new file mode 100644 index 00000000..30af8a3f --- /dev/null +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -0,0 +1,121 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Plumgrid plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + + # PLUMgrid specific settings + PLUMgridDirectorServer: + description: IP address of the PLUMgrid Director Server + type: string + default: 127.0.0.1 + PLUMgridDirectorServerPort: + description: Port of the PLUMgrid Director Server + type: string + default: 443 + PLUMgridUsername: + description: Username for PLUMgrid platform + type: string + PLUMgridPassword: + description: Password for PLUMgrid platform + type: string + hidden: true + PLUMgridNovaMetadataIP: + description: IP address of Nova Metadata + type: string + default: 169.254.169.254 + PLUMgridNovaMetadataPort: + description: Port of Nova Metadata + type: string + default: 8775 + PLUMgridL2GatewayVendor: + description: Vendor for L2 Gateway Switch + type: string + default: vendor + PLUMgridL2GatewayUsername: + description: Username for L2 Gateway Switch + type: string + default: username + PLUMgridL2GatewayPassword: + description: Password for L2 Gateway Switch + type: string + hidden: true + PLUMgridIdentityVersion: + description: Keystone Identity version + type: string + default: v2.0 + PLUMgridConnectorType: + description: Neutron Network Connector Type + type: string + default: distributed + PLUMgridNeutronPluginVersion: + description: PLUMgrid Neutron Plugin version + type: string + default: present + PLUMgridPlumlibVersion: + description: PLUMgrid Plumlib version + type: string + default: present + + +outputs: + role_data: + description: Role data for the Neutron Plumgrid plugin + value: + service_name: neutron_plugin_plumgrid + config_settings: + neutron::plugins::plumgrid::connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://neutron:' + - {get_param: NeutronPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ovs_neutron' + neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]} + neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} + neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron::plugins::plumgrid::director_server: {get_param: PLUMgridDirectorServer} + neutron::plugins::plumgrid::director_server_port: {get_param: PLUMgridDirectorServerPort} + neutron::plugins::plumgrid::username: {get_param: PLUMgridUsername} + neutron::plugins::plumgrid::password: {get_param: PLUMgridPassword} + neutron::plugins::plumgrid::nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP} + neutron::plugins::plumgrid::nova_metadata_port: {get_param: PLUMgridNovaMetadataPort} + neutron::plugins::plumgrid::l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor} + neutron::plugins::plumgrid::l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername} + neutron::plugins::plumgrid::l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword} + neutron::plugins::plumgrid::connector_type: {get_param: PLUMgridConnectorType} + neutron::plugins::plumgrid::identity_version: {get_param: PLUMgridIdentityVersion} + neutron::plugins::plumgrid::package_ensure: {get_param: PLUMgridNeutronPluginVersion} + neutron::plugins::plumgrid::plumlib_package_ensure: {get_param: PLUMgridPlumlibVersion} + + step_config: | + include tripleo::profile::base::neutron::plugins::plumgrid diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml new file mode 100644 index 00000000..44f7f242 --- /dev/null +++ b/puppet/services/neutron-sriov-agent.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron SR-IOV nic agent configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: > + Mapping of service_name -> network name. Typically set via + parameter_defaults in the resource registry. This mapping overrides those + in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronPhysicalDevMappings: + description: > + List of <physical_network>:<physical device> + All physical networks listed in network_vlan_ranges + on the server should have mappings to appropriate + interfaces on each agent. + type: comma_delimited_list + default: "" + NeutronExcludeDevices: + description: > + List of <network_device>:<excluded_devices> mapping + network_device to the agent's node-specific list of virtual functions + that should not be used for virtual networking. excluded_devices is a + semicolon separated list of virtual functions to exclude from + network_device. The network_device in the mapping should appear in the + physical_device_mappings list. + type: comma_delimited_list + default: "" + NeutronSriovNumVFs: + description: > + Provide the list of VFs to be reserved for each SR-IOV interface. + Format "<interface_name1>:<numvfs1>","<interface_name2>:<numvfs2>" + Example "eth1:4096","eth2:128" + type: comma_delimited_list + default: "" + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron SR-IOV nic agent service. + value: + service_name: neutron_sriov_agent + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings} + neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices} + tripleo::host::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs} + step_config: | + include ::tripleo::profile::base::neutron::sriov diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml new file mode 100644 index 00000000..b2ec0038 --- /dev/null +++ b/puppet/services/nova-api.yaml @@ -0,0 +1,132 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova API service. + type: number + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + InstanceNameTemplate: + default: 'instance-%08x' + description: Template string to be used to generate instance names + type: string + NovaEnableDBPurge: + default: true + description: | + Whether to create cron job for purging soft deleted rows in Nova database. + type: boolean + MonitoringSubscriptionNovaApi: + default: 'overcloud-nova-api' + type: string + NovaApiLoggingSource: + type: json + default: + tag: openstack.nova.api + path: /var/log/nova/nova-api.log + +resources: + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova API service. + value: + service_name: nova_api + monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi} + logging_source: {get_param: NovaApiLoggingSource} + logging_groups: + - nova + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::api::osapi_compute_workers: {get_param: NovaWorkers} + nova::api::metadata_workers: {get_param: NovaWorkers} + nova::cron::archive_deleted_rows::hour: '"*/12"' + nova::cron::archive_deleted_rows::destination: '"/dev/null"' + tripleo.nova_api.firewall_rules: + '113 nova_api': + dport: + - 6080 + - 13080 + - 8773 + - 3773 + - 8774 + - 13774 + - 8775 + nova::keystone::authtoken::project_name: 'service' + nova::keystone::authtoken::password: {get_param: NovaPassword} + nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + nova::api::enabled: true + nova::api::default_floating_pool: 'public' + nova::api::sync_db_api: true + nova::api::enable_proxy_headers_parsing: true + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + nova::api::instance_name_template: {get_param: InstanceNameTemplate} + nova_enable_db_purge: {get_param: NovaEnableDBPurge} + + step_config: | + include tripleo::profile::base::nova::api + service_config_settings: + keystone: + nova::keystone::auth::tenant: 'service' + nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} + nova::keystone::auth::password: {get_param: NovaPassword} + nova::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + nova::db::mysql::password: {get_param: NovaPassword} + nova::db::mysql::user: nova + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql::dbname: nova + nova::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + nova::db::mysql_api::password: {get_param: NovaPassword} + nova::db::mysql_api::user: nova_api + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql_api::dbname: nova_api + nova::db::mysql_api::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml new file mode 100644 index 00000000..8db00d8f --- /dev/null +++ b/puppet/services/nova-base.yaml @@ -0,0 +1,117 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova base service. Shared for all Nova services. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + NovaOVSBridge: + default: 'br-int' + description: Name of integration bridge used by Open vSwitch + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + Debug: + type: string + default: '' + description: Set to True to enable debugging on all services. + EnableConfigPurge: + type: boolean + default: true + description: > + Remove configuration that is not generated by TripleO. Setting + to false may result in configuration remnants after updates/upgrades. + NovaIPv6: + default: false + description: Enable IPv6 features in Nova + type: boolean + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: '' + +outputs: + role_data: + description: Role data for the Nova base service. + value: + service_name: nova_base + config_settings: + nova::rabbit_password: {get_param: RabbitPassword} + nova::rabbit_userid: {get_param: RabbitUserName} + nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + nova::rabbit_port: {get_param: RabbitClientPort} + nova::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova' + nova::api_database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova_api:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova_api' + nova::debug: {get_param: Debug} + nova::purge_config: {get_param: EnableConfigPurge} + nova::network::neutron::neutron_project_name: 'service' + nova::network::neutron::neutron_username: 'neutron' + nova::network::neutron::dhcp_domain: '' + nova::network::neutron::neutron_password: {get_param: NeutronPassword} + nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} + nova::rabbit_heartbeat_timeout_threshold: 60 + nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' + nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. + nova::notify_on_state_change: 'vm_and_task_state' + nova::notification_driver: messagingv2 + nova::network::neutron::neutron_auth_type: 'v3password' + nova::db::database_db_max_retries: -1 + nova::db::database_max_retries: -1 + nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + nova::use_ipv6: {get_param: NovaIPv6} + nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} + nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml new file mode 100644 index 00000000..f7f2510e --- /dev/null +++ b/puppet/services/nova-compute.yaml @@ -0,0 +1,147 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Compute service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaRbdPoolName: + default: vms + type: string + CephClientUserName: + default: openstack + type: string + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + NovaComputeLibvirtVifDriver: + default: '' + description: Libvirt VIF driver configuration for the network + type: string + NovaPCIPassthrough: + description: > + List of PCI Passthrough whitelist parameters. + Example - + NovaPCIPassthrough: + - vendor_id: "8086" + product_id: "154c" + address: "0000:05:00.0" + physical_network: "datacentre" + For different formats, refer to the nova.conf documentation for + pci_passthrough_whitelist configuration + type: json + default: '' + NovaVcpuPinSet: + description: > + A list or range of physical CPU cores to reserve for virtual machine + processes. + Ex. NovaVcpuPinSet: ['4-12','^8'] will reserve cores from 4-12 excluding 8 + type: comma_delimited_list + default: [] + NovaReservedHostMemory: + description: > + Reserved RAM for host processes. + type: number + default: 2048 + constraints: + - range: { min: 512 } + MonitoringSubscriptionNovaCompute: + default: 'overcloud-nova-compute' + type: string + NovaComputeLoggingSource: + type: json + default: + tag: openstack.nova.compute + path: /var/log/nova/nova-compute.log + +resources: + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Compute service. + value: + service_name: nova_compute + monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute} + logging_source: {get_param: NovaComputeLoggingSource} + logging_groups: + - nova + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::compute::libvirt::manage_libvirt_services: false + nova::compute::pci_passthrough: + str_replace: + template: "'JSON_PARAM'" + params: + JSON_PARAM: {get_param: NovaPCIPassthrough} + nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet} + nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory} + # we manage migration in nova common puppet profile + nova::compute::libvirt::migration_support: false + tripleo::profile::base::nova::manage_migration: true + tripleo::profile::base::nova::nova_compute_enabled: true + nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"' + nova::compute::instance_usage_audit: true + nova::compute::instance_usage_audit_period: 'hour' + nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend} + # TUNNELLED mode provides a security enhancement when using shared + # storage but is not supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), danpb's native + # encryption work will obsolete the need to use TUNNELLED transport + # mode. + nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend} + nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]} + nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]} + nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]} + nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} + step_config: | + # TODO(emilien): figure how to deal with libvirt profile. + # We'll probably treat it like we do with Neutron plugins. + # Until then, just include it in the default nova-compute role. + include tripleo::profile::base::nova::compute::libvirt diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml new file mode 100644 index 00000000..2671cdd3 --- /dev/null +++ b/puppet/services/nova-conductor.yaml @@ -0,0 +1,56 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Conductor service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova Conductor service. + type: number + MonitoringSubscriptionNovaConductor: + default: 'overcloud-nova-conductor' + type: string + NovaSchedulerLoggingSource: + type: json + default: + tag: openstack.nova.scheduler + path: /var/log/nova/nova-scheduler.log + +resources: + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Conductor service. + value: + service_name: nova_conductor + monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor} + logging_source: {get_param: NovaSchedulerLoggingSource} + logging_groups: + - nova + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::conductor::workers: {get_param: NovaWorkers} + step_config: | + include tripleo::profile::base::nova::conductor diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml new file mode 100644 index 00000000..85e60420 --- /dev/null +++ b/puppet/services/nova-consoleauth.yaml @@ -0,0 +1,50 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Consoleauth service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionNovaConsoleauth: + default: 'overcloud-nova-consoleauth' + type: string + NovaConsoleauthLoggingSource: + type: json + default: + tag: openstack.nova.consoleauth + path: /var/log/nova/nova-consoleauth.log + +resources: + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Consoleauth service. + value: + service_name: nova_consoleauth + monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth} + logging_source: {get_param: NovaConsoleauthLoggingSource} + logging_groups: + - nova + config_settings: + get_attr: [NovaBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::nova::consoleauth diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml new file mode 100644 index 00000000..bf7639dd --- /dev/null +++ b/puppet/services/nova-ironic.yaml @@ -0,0 +1,53 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Compute service configured with Puppet and using Ironic + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + IronicPassword: + description: The password for the Ironic service and db account, used by the Ironic services + type: string + hidden: true + +resources: + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Compute service with Ironic. + value: + service_name: nova_ironic + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::compute::force_config_drive: true + nova::compute::reserved_host_memory: '0' + nova::compute::vnc_enabled: false + nova::ironic::common::admin_password: {get_param: IronicPassword} + nova::ironic::common::admin_tenant_name: 'service' + nova::ironic::common::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri]} + nova::ironic::common::admin_username: 'ironic' + nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]} + nova::network::neutron::dhcp_domain: '' + nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager' + step_config: | + include tripleo::profile::base::nova::compute::ironic diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml new file mode 100644 index 00000000..b5ca2437 --- /dev/null +++ b/puppet/services/nova-libvirt.yaml @@ -0,0 +1,55 @@ +heat_template_version: 2016-04-08 + +description: > + Libvirt service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaComputeLibvirtType: + type: string + default: kvm + MonitoringSubscriptionNovaLibvirt: + default: 'overcloud-nova-libvirt' + type: string + +resources: + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Libvirt service. + value: + service_name: nova_libvirt + monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt} + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + # we include ::nova::compute::libvirt::services in nova/libvirt profile + - nova::compute::libvirt::manage_libvirt_services: false + # we manage migration in nova common puppet profile + nova::compute::libvirt::migration_support: false + tripleo::profile::base::nova::manage_migration: true + tripleo::profile::base::nova::libvirt_enabled: true + nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + + step_config: | + include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml new file mode 100644 index 00000000..92373c56 --- /dev/null +++ b/puppet/services/nova-metadata.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova API service. + type: number + +outputs: + role_data: + description: Role data for the Nova Metadata service. + value: + service_name: nova_metadata + config_settings: + nova::api::metadata_workers: {get_param: NovaWorkers} + nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + step_config: "" diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml new file mode 100644 index 00000000..d89e3e11 --- /dev/null +++ b/puppet/services/nova-scheduler.yaml @@ -0,0 +1,65 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Scheduler service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaSchedulerAvailableFilters: + default: [] + description: List of scheduler available filters + type: comma_delimited_list + NovaSchedulerDefaultFilters: + type: comma_delimited_list + default: [] + description: > + An array of filters used by Nova to filter a node.These filters will be + applied in the order they are listed, so place your most restrictive + filters first to make the filtering process more efficient. + MonitoringSubscriptionNovaScheduler: + default: 'overcloud-nova-scheduler' + type: string + NovaSchedulerLoggingSource: + type: json + default: + tag: openstack.nova.scheduler + path: /var/log/nova/nova-scheduler.log + +resources: + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Scheduler service. + value: + service_name: nova_scheduler + monitoring_subscription: {get_param: MonitoringSubscriptionNovaScheduler} + logging_source: {get_param: NovaSchedulerLoggingSource} + logging_groups: + - nova + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::scheduler::filter::ram_allocation_ratio: '1.0' + nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters} + nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters} + step_config: | + include tripleo::profile::base::nova::scheduler diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml new file mode 100644 index 00000000..85d59ae6 --- /dev/null +++ b/puppet/services/nova-vnc-proxy.yaml @@ -0,0 +1,61 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Vncproxy service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionNovaVNCProxy: + default: 'overcloud-nova-vncproxy' + type: string + NovaVncproxyLoggingSource: + type: json + default: + tag: openstack.nova.vncproxy + path: /var/log/nova/nova-vncproxy.log + +resources: + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Vncproxy service. + value: + service_name: nova_vnc_proxy + monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy} + logging_source: {get_param: NovaVncproxyLoggingSource} + logging_groups: + - nova + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::vncproxy::enabled: true + nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]} + nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]} + step_config: | + include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml new file mode 100644 index 00000000..d2ee036e --- /dev/null +++ b/puppet/services/opendaylight-api.yaml @@ -0,0 +1,80 @@ +heat_template_version: 2016-04-08 + +description: > + OpenDaylight SDN Controller. + +parameters: + OpenDaylightPort: + default: 8081 + description: Set opendaylight service port + type: number + EnableOpenDaylightOnController: + default: false + description: Whether to install OpenDaylight on control nodes. + type: boolean + OpenDaylightUsername: + default: 'admin' + description: The username for the opendaylight server. + type: string + OpenDaylightPassword: + default: 'admin' + type: string + description: The password for the opendaylight server. + hidden: true + OpenDaylightEnableL3: + description: Knob to enable/disable ODL L3 + type: string + default: 'no' + OpenDaylightEnableDHCP: + description: Knob to enable/disable ODL DHCP Server + type: boolean + default: false + OpenDaylightFeatures: + description: List of features to install with ODL + type: comma_delimited_list + default: ["odl-netvirt-openstack","odl-netvirt-ui"] + OpenDaylightConnectionProtocol: + description: L7 protocol used for REST access + type: string + default: 'http' + OpenDaylightCheckURL: + description: URL postfix to verify ODL has finished starting up + type: string + default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1' + OpenDaylightApiVirtualIP: + type: string + default: '' + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +outputs: + role_data: + description: Role data for the OpenDaylight service. + value: + service_name: opendaylight_api + config_settings: + opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + odl_on_controller: {get_param: EnableOpenDaylightOnController} + opendaylight_check_url: {get_param: OpenDaylightCheckURL} + opendaylight::username: {get_param: OpenDaylightUsername} + opendaylight::password: {get_param: OpenDaylightPassword} + opendaylight::enable_l3: {get_param: OpenDaylightEnableL3} + opendaylight::extra_features: {get_param: OpenDaylightFeatures} + opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} + opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpenDaylightApiNetwork]} + step_config: | + include tripleo::profile::base::neutron::opendaylight + include tripleo::profile::base::neutron::plugins::ovs::opendaylight diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml new file mode 100644 index 00000000..8bcb72f7 --- /dev/null +++ b/puppet/services/opendaylight-ovs.yaml @@ -0,0 +1,47 @@ +heat_template_version: 2016-04-08 + +description: > + OpenDaylight OVS Configuration. + +parameters: + OpenDaylightPort: + default: 8081 + description: Set opendaylight service port + type: number + OpenDaylightConnectionProtocol: + description: L7 protocol used for REST access + type: string + default: 'http' + OpenDaylightCheckURL: + description: URL postfix to verify ODL has finished starting up + type: string + default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1' + OpenDaylightApiVirtualIP: + type: string + default: '' + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +outputs: + role_data: + description: Role data for the OpenDaylight service. + value: + service_name: opendaylight_ovs + config_settings: + opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + opendaylight_check_url: {get_param: OpenDaylightCheckURL} + opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + step_config: | + include tripleo::profile::base::neutron::plugins::ovs::opendaylight diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml new file mode 100644 index 00000000..abfb9c80 --- /dev/null +++ b/puppet/services/pacemaker.yaml @@ -0,0 +1,116 @@ +heat_template_version: 2016-10-14 + +description: > + Pacemaker service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionPacemaker: + default: 'overcloud-pacemaker' + type: string + CorosyncIPv6: + default: false + description: Enable IPv6 in Corosync + type: boolean + EnableFencing: + default: false + description: Whether to enable fencing in Pacemaker or not. + type: boolean + PcsdPassword: + type: string + description: The password for the 'pcsd' user for pacemaker. + hidden: true + default: '' + FencingConfig: + default: {} + description: | + Pacemaker fencing configuration. The JSON should have + the following structure: + { + "devices": [ + { + "agent": "AGENT_NAME", + "host_mac": "HOST_MAC_ADDRESS", + "params": {"PARAM_NAME": "PARAM_VALUE"} + } + ] + } + For instance: + { + "devices": [ + { + "agent": "fence_xvm", + "host_mac": "52:54:00:aa:bb:cc", + "params": { + "multicast_address": "225.0.0.12", + "port": "baremetal_0", + "manage_fw": true, + "manage_key_file": true, + "key_file": "/etc/fence_xvm.key", + "key_file_password": "abcdef" + } + } + ] + } + type: json + PacemakerLoggingSource: + type: json + default: + tag: system.pacemaker + path: /var/log/pacemaker.log,/var/log/cluster/corosync.log + format: >- + /^(?<time>[^ ]*\s*[^ ]* [^ ]*) + \[(?<pid>[^ ]*)\] + (?<host>[^ ]*) + (?<message>.*)$/ + +outputs: + role_data: + description: Role data for the Pacemaker role. + value: + service_name: pacemaker + monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker} + logging_groups: + - haclient + logging_source: {get_param: PacemakerLoggingSource} + config_settings: + pacemaker::corosync::cluster_name: 'tripleo_cluster' + pacemaker::corosync::manage_fw: false + pacemaker::resource_defaults::defaults: + resource-stickiness: { value: INFINITY } + corosync_token_timeout: 10000 + tripleo.pacemaker.firewall_rules: + '130 pacemaker tcp': + proto: 'tcp' + dport: + - 2224 + - 3121 + - 21064 + '131 pacemaker udp': + proto: 'udp' + dport: 5405 + corosync_ipv6: {get_param: CorosyncIPv6} + tripleo::fencing::config: {get_param: FencingConfig} + enable_fencing: {get_param: EnableFencing} + hacluster_pwd: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: PcsdPassword} + - {get_param: [DefaultPasswords, pcsd_password]} + step_config: | + include ::tripleo::profile::base::pacemaker diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml new file mode 100644 index 00000000..5dcb62ca --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Central Agent service with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCeilometerCentral: + default: 'overcloud-ceilometer-agent-central' + type: string + +resources: + CeilometerServiceBase: + type: ../ceilometer-agent-central.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Central Agent pacemaker role. + value: + service_name: ceilometer_agent_central + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral} + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::agent::central::manage_service: false + ceilometer::agent::central::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::agent::central diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml new file mode 100644 index 00000000..dbe14499 --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Notification Agent service with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCeilometerNotification: + default: 'overcloud-ceilometer-agent-notification' + type: string + +resources: + CeilometerServiceBase: + type: ../ceilometer-agent-notification.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Notification Agent pacemaker role. + value: + service_name: ceilometer_agent_notification + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification} + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::agent::notification::manage_service: false + ceilometer::agent::notification::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::agent::notification diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml new file mode 100644 index 00000000..4b6c18f6 --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-api.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer API service with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCeilometerApi: + default: 'overcloud-ceilometer-api' + type: string + +resources: + CeilometerServiceBase: + type: ../ceilometer-api.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer API pacemaker role. + value: + service_name: ceilometer_api + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi} + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::api::manage_service: false + ceilometer::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::api diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml new file mode 100644 index 00000000..4c919515 --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-collector.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Collector service with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionCeilometerCollector: + default: 'overcloud-ceilometer-collector' + type: string + +resources: + CeilometerServiceBase: + type: ../ceilometer-collector.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Collector pacemaker role. + value: + service_name: ceilometer_collector + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector} + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::collector::manage_service: false + ceilometer::collector::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::collector diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml new file mode 100644 index 00000000..6823789e --- /dev/null +++ b/puppet/services/pacemaker/cinder-api.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder API service with Pacemaker configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderApiBase: + type: ../cinder-api.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder API role. + value: + service_name: cinder_api + monitoring_subscription: {get_attr: [CinderApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [CinderApiBase, role_data, logging_source]} + logging_groups: {get_attr: [CinderApiBase, role_data, logging_groups]} + config_settings: + map_merge: + - get_attr: [CinderApiBase, role_data, config_settings] + - cinder::api::manage_service: false + cinder::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::cinder::api diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml new file mode 100644 index 00000000..2ebc7680 --- /dev/null +++ b/puppet/services/pacemaker/cinder-backup.yaml @@ -0,0 +1,61 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Backup service with Pacemaker configured with Puppet + +parameters: + CinderBackupBackend: + default: swift + description: The short name of the Cinder Backup backend to use. + type: string + constraints: + - allowed_values: ['swift', 'ceph'] + CinderBackupRbdPoolName: + default: backups + type: string + CephClientUserName: + default: openstack + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBackupBase: + type: ../cinder-backup.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + CinderBackupBackend: {get_param: CinderBackupBackend} + CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName} + CephClientUserName: {get_param: CephClientUserName} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: cinder_backup + monitoring_subscription: {get_attr: [CinderBackupBase, role_data, monitoring_subscription]} + config_settings: + map_merge: + - get_attr: [CinderBackupBase, role_data, config_settings] + - cinder::backup::manage_service: false + cinder::backup::enabled: false + step_config: + list_join: + - "\n" + - - get_attr: [CinderBackupBase, role_data, step_config] + - "include ::tripleo::profile::pacemaker::cinder::backup" diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml new file mode 100644 index 00000000..15e44be2 --- /dev/null +++ b/puppet/services/pacemaker/cinder-scheduler.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Scheduler service with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderSchedulerBase: + type: ../cinder-scheduler.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Scheduler role. + value: + service_name: cinder_scheduler + monitoring_subscription: {get_attr: [CinderSchedulerBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [CinderSchedulerBase, role_data, logging_source]} + logging_groups: {get_attr: [CinderSchedulerBase, role_data, logging_groups]} + config_settings: + map_merge: + - get_attr: [CinderSchedulerBase, role_data, config_settings] + - cinder::scheduler::manage_service: false + cinder::scheduler::enabled: false + step_config: + include ::tripleo::profile::pacemaker::cinder::scheduler diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml new file mode 100644 index 00000000..11b9bf8f --- /dev/null +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Volume service with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderVolumeBase: + type: ../cinder-volume.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + service_name: cinder_volume + monitoring_subscription: {get_attr: [CinderVolumeBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [CinderVolumeBase, role_data, logging_source]} + logging_groups: {get_attr: [CinderVolumeBase, role_data, logging_groups]} + config_settings: + map_merge: + - get_attr: [CinderVolumeBase, role_data, config_settings] + - cinder::volume::manage_service: false + cinder::volume::enabled: false + step_config: + include ::tripleo::profile::pacemaker::cinder::volume diff --git a/puppet/services/pacemaker/core.yaml b/puppet/services/pacemaker/core.yaml new file mode 100644 index 00000000..9eca1de3 --- /dev/null +++ b/puppet/services/pacemaker/core.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Core (fake) service with Pacemaker configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Core role. + value: + service_name: core + config_settings: {} + step_config: | + include ::tripleo::profile::pacemaker::core
\ No newline at end of file diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml new file mode 100644 index 00000000..64ae2e91 --- /dev/null +++ b/puppet/services/pacemaker/database/mongodb.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + MongoDb service deployment using puppet + +parameters: + #Parameters not used EndpointMap + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + MongoDbBase: + type: ../../database/mongodb-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Service mongodb using composable services. + value: + service_name: mongodb + config_settings: + map_merge: + - get_attr: [MongoDbBase, role_data, config_settings] + - tripleo::profile::pacemaker::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]} + mongodb::server::service_manage: False + step_config: | + include ::tripleo::profile::pacemaker::database::mongodb diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml new file mode 100644 index 00000000..7deaf0ca --- /dev/null +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -0,0 +1,55 @@ +heat_template_version: 2016-04-08 + +description: > + MySQL with Pacemaker service deployment using puppet + +parameters: + #Parameters not used EndpointMap + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + MysqlBase: + type: ../../database/mysql.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Service MySQL with Pacemaker using composable services. + value: + service_name: mysql + config_settings: + map_merge: + - get_attr: [MysqlBase, role_data, config_settings] + - tripleo::profile::pacemaker::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr: + get_param: [ServiceNetMap, MysqlNetwork] + step_config: | + include ::tripleo::profile::pacemaker::database::mysql diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml new file mode 100644 index 00000000..d9156e67 --- /dev/null +++ b/puppet/services/pacemaker/database/redis.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Redis service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + RedisBase: + type: ../../database/redis-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Redis pacemaker role. + value: + service_name: redis + config_settings: + map_merge: + - get_attr: [RedisBase, role_data, config_settings] + - redis::service_manage: false + redis::notify_service: false + step_config: | + include ::tripleo::profile::pacemaker::database::redis diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml index 5a581dca..20a439f6 100644 --- a/puppet/services/pacemaker/glance-api.yaml +++ b/puppet/services/pacemaker/glance-api.yaml @@ -4,6 +4,15 @@ description: > OpenStack Glance API service with Pacemaker configured with Puppet. parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -39,12 +48,18 @@ resources: GlanceApiBase: type: ../glance-api.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Glance role. value: + service_name: glance_api + monitoring_subscription: {get_attr: [GlanceApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [GlanceApiBase, role_data, logging_source]} + logging_groups: {get_attr: [GlanceApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [GlanceApiBase, role_data, config_settings] @@ -52,6 +67,7 @@ outputs: glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} + glance_file_pcmk_directory: '/var/lib/glance/images' glance::api::manage_service: false glance::api::enabled: false step_config: | diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml index 8b88cb93..41f89fdd 100644 --- a/puppet/services/pacemaker/glance-registry.yaml +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -4,6 +4,15 @@ description: > OpenStack Glance Registry service with Pacemaker configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -15,12 +24,18 @@ resources: GlanceRegistryBase: type: ../glance-registry.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Glance role. value: + service_name: glance_registry + monitoring_subscription: {get_attr: [GlanceRegistryBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [GlanceRegistryBase, role_data, logging_source]} + logging_groups: {get_attr: [GlanceRegistryBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [GlanceRegistryBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml new file mode 100644 index 00000000..6a9161fa --- /dev/null +++ b/puppet/services/pacemaker/gnocchi-api.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionGnocchiApi: + default: 'overcloud-gnocchi-api' + type: string + +resources: + GnocchiServiceBase: + type: ../gnocchi-api.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_api + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi} + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::metricd::manage_service: false + gnocchi::metricd::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::gnocchi::api diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml new file mode 100644 index 00000000..0f36b5d5 --- /dev/null +++ b/puppet/services/pacemaker/gnocchi-metricd.yaml @@ -0,0 +1,47 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionGnocchiMetricd: + default: 'overcloud-gnocchi-metricd' + type: string + +resources: + GnocchiServiceBase: + type: ../gnocchi-metricd.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_metricd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd} + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::metricd::manage_service: false + gnocchi::metricd::enabled: false + tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]} + + step_config: | + include ::tripleo::profile::pacemaker::gnocchi::metricd diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml new file mode 100644 index 00000000..b9afc590 --- /dev/null +++ b/puppet/services/pacemaker/gnocchi-statsd.yaml @@ -0,0 +1,46 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionGnocchiStatsd: + default: 'overcloud-gnocchi-statsd' + type: string + +resources: + GnocchiServiceBase: + type: ../gnocchi-statsd.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_statsd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd} + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::statsd::manage_service: false + gnocchi::statsd::enabled: false + tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]} + step_config: | + include ::tripleo::profile::pacemaker::gnocchi::statsd diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml new file mode 100644 index 00000000..52104a71 --- /dev/null +++ b/puppet/services/pacemaker/haproxy.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2016-04-08 + +description: > + HAproxy service with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + LoadbalancerServiceBase: + type: ../haproxy.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the HAproxy with pacemaker role. + value: + service_name: haproxy + monitoring_subscription: {get_attr: [LoadbalancerServiceBase, role_data, monitoring_subscription]} + config_settings: + map_merge: + - get_attr: [LoadbalancerServiceBase, role_data, config_settings] + - tripleo::haproxy::haproxy_service_manage: false + tripleo::haproxy::mysql_clustercheck: true + enable_keepalived: false + tripleo::haproxy::keepalived: false + step_config: | + include ::tripleo::profile::pacemaker::haproxy diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml index 5833c42d..dd25905b 100644 --- a/puppet/services/pacemaker/heat-api-cfn.yaml +++ b/puppet/services/pacemaker/heat-api-cfn.yaml @@ -4,6 +4,15 @@ description: > Openstack Heat CloudFormation API service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -14,18 +23,22 @@ resources: HeatApiCfnBase: type: ../heat-api-cfn.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Heat CloudFormation API role. value: + service_name: heat_api_cfn + monitoring_subscription: {get_attr: [HeatApiCfnBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatApiCfnBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatApiCfnBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatApiCfnBase, role_data, config_settings] - heat::api_cfn::manage_service: false heat::api_cfn::enabled: false - step_config: - # No puppet manifests since heat-api-cfn is included in - # ::tripleo::profile::pacemaker::heat which is maintained alongside of - # pacemaker/heat-api.yaml. + step_config: | + include ::tripleo::profile::pacemaker::heat::api_cfn diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml index 8b67702c..18d2a0d5 100644 --- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml +++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml @@ -4,6 +4,15 @@ description: > Openstack Heat CloudWatch API service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -14,18 +23,22 @@ resources: HeatApiCloudwatchBase: type: ../heat-api-cloudwatch.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Heat Cloudwatch API role. value: + service_name: heat_api_cloudwatch + monitoring_subscription: {get_attr: [HeatApiCloudwatchBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatApiCloudwatchBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatApiCloudwatchBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] - heat::api_cloudwatch::manage_service: false heat::api_cloudwatch::enabled: false - step_config: - # No puppet manifests since heat-api-cloudwatch is included in - # ::tripleo::profile::pacemaker::heat which is maintained alongside of - # pacemaker/heat-api.yaml. + step_config: | + include ::tripleo::profile::pacemaker::heat::api_cloudwatch diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml index 6628e8dd..43122cb0 100644 --- a/puppet/services/pacemaker/heat-api.yaml +++ b/puppet/services/pacemaker/heat-api.yaml @@ -4,6 +4,15 @@ description: > Openstack Heat API service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -14,16 +23,22 @@ resources: HeatApiBase: type: ../heat-api.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Heat API role. value: + service_name: heat_api + monitoring_subscription: {get_attr: [HeatApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatApiBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatApiBase, role_data, config_settings] - heat::api::manage_service: false heat::api::enabled: false step_config: | - include ::tripleo::profile::pacemaker::heat + include ::tripleo::profile::pacemaker::heat::api diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml index e1195780..54bfdad2 100644 --- a/puppet/services/pacemaker/heat-engine.yaml +++ b/puppet/services/pacemaker/heat-engine.yaml @@ -4,6 +4,15 @@ description: > Openstack Heat Engine service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -14,6 +23,8 @@ resources: HeatEngineBase: type: ../heat-engine.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -21,12 +32,14 @@ outputs: role_data: description: Role data for the Heat engine role. value: + service_name: heat_engine + monitoring_subscription: {get_attr: [HeatEngineBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatEngineBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatEngineBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatEngineBase, role_data, config_settings] - heat::engine::manage_service: false heat::engine::enabled: false - step_config: - # No puppet manifests since heat-engine is included in - # ::tripleo::profile::pacemaker::heat which is maintained alongside of - # pacemaker/heat-api.yaml. + step_config: | + include ::tripleo::profile::pacemaker::heat::engine diff --git a/puppet/services/pacemaker/horizon.yaml b/puppet/services/pacemaker/horizon.yaml new file mode 100644 index 00000000..18de23ae --- /dev/null +++ b/puppet/services/pacemaker/horizon.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2016-04-08 + +description: > + Horizon service with Pacemaker configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + HorizonBase: + type: ../horizon.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Horizon role. + value: + service_name: horizon + monitoring_subscription: {get_attr: [HorizonBase, role_data, monitoring_subscription]} + config_settings: + get_attr: [HorizonBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::horizon + include ::tripleo::profile::pacemaker::apache diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml index 04e90368..908b9bbd 100644 --- a/puppet/services/pacemaker/keystone.yaml +++ b/puppet/services/pacemaker/keystone.yaml @@ -4,6 +4,15 @@ description: > OpenStack Keystone service with Pacemaker configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -15,12 +24,18 @@ resources: KeystoneServiceBase: type: ../keystone.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Keystone pacemaker role. value: + service_name: keystone + monitoring_subscription: {get_attr: [KeystoneServiceBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [KeystoneServiceBase, role_data, logging_source]} + logging_groups: {get_attr: [KeystoneServiceBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [KeystoneServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/loadbalancer.yaml b/puppet/services/pacemaker/loadbalancer.yaml deleted file mode 100644 index ce67e925..00000000 --- a/puppet/services/pacemaker/loadbalancer.yaml +++ /dev/null @@ -1,30 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Loadbalancer service with Pacemaker configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - LoadbalancerServiceBase: - type: ../loadbalancer.yaml - properties: - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Loadbalancer pacemaker role. - value: - config_settings: - map_merge: - - get_attr: [LoadbalancerServiceBase, role_data, config_settings] - - tripleo::haproxy::haproxy_service_manage: false - tripleo::haproxy::mysql_clustercheck: true - tripleo::haproxy::keepalived: false - step_config: | - include ::tripleo::profile::pacemaker::loadbalancer diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml new file mode 100644 index 00000000..cabc31a0 --- /dev/null +++ b/puppet/services/pacemaker/manila-share.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2016-04-08 + +description: > + The manila-share service with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + ManilaShareBase: + type: ../manila-share.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the manila-share pacemaker role. + value: + service_name: manila_share + monitoring_subscription: {get_attr: [ManilaShareBase, role_data, monitoring_subscription]} + config_settings: + map_merge: + - get_attr: [ManilaShareBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::manila diff --git a/puppet/services/pacemaker/memcached.yaml b/puppet/services/pacemaker/memcached.yaml index 9a11855e..04b895b6 100644 --- a/puppet/services/pacemaker/memcached.yaml +++ b/puppet/services/pacemaker/memcached.yaml @@ -4,6 +4,15 @@ description: > Mecached service with Pacemaker configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -14,11 +23,17 @@ resources: MemcachedServiceBase: type: ../memcached.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Memcached pacemaker role. value: + service_name: memcached + monitoring_subscription: {get_attr: [MemcachedServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [MemcachedServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml index 6f514379..7fca73d6 100644 --- a/puppet/services/pacemaker/neutron-dhcp.yaml +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -4,6 +4,15 @@ description: > OpenStack Neutron DHCP service with Pacemaker configured with Puppet. parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -15,12 +24,18 @@ resources: NeutronDhcpBase: type: ../neutron-dhcp.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Neutron DHCP role. value: + service_name: neutron_dhcp + monitoring_subscription: {get_attr: [NeutronDhcpBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronDhcpBase, role_data, logging_source]} + logging_groups: {get_attr: [NeutronDhcpBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NeutronDhcpBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml index cb9c32d9..cdb87f50 100644 --- a/puppet/services/pacemaker/neutron-l3.yaml +++ b/puppet/services/pacemaker/neutron-l3.yaml @@ -4,6 +4,15 @@ description: > OpenStack Neutron L3 service with Pacemaker configured with Puppet. parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -15,12 +24,18 @@ resources: NeutronL3Base: type: ../neutron-l3.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Neutron L3 role. value: + service_name: neutron_l3 + monitoring_subscription: {get_attr: [NeutronL3Base, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronL3Base, role_data, logging_source]} + logging_groups: {get_attr: [NeutronL3Base, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NeutronL3Base, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml index 1c74b26f..49a31eb5 100644 --- a/puppet/services/pacemaker/neutron-metadata.yaml +++ b/puppet/services/pacemaker/neutron-metadata.yaml @@ -4,6 +4,15 @@ description: > OpenStack Neutron Metadata service with Pacemaker configured with Puppet. parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -15,12 +24,18 @@ resources: NeutronMetadataBase: type: ../neutron-metadata.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Neutron Metadata role. value: + service_name: neutron_metadata + monitoring_subscription: {get_attr: [NeutronMetadataBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronMetadataBase, role_data, logging_source]} + logging_groups: {get_attr: [NeutronMetadataBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NeutronMetadataBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml new file mode 100644 index 00000000..fdd5dafb --- /dev/null +++ b/puppet/services/pacemaker/neutron-midonet.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Midonet with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronMidonetBase: + type: ../neutron-midonet.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Midonet plugin. + value: + service_name: neutron_midonet + monitoring_subscription: {get_attr: [NeutronMidonetBase, role_data, monitoring_subscription]} + config_settings: + map_merge: + - get_attr: [NeutronMidonetBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::midonet diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml new file mode 100644 index 00000000..a2bd7c83 --- /dev/null +++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron OVS agent with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronOvsBase: + type: ../neutron-ovs-agent.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron OVS agent service. + value: + service_name: neutron_ovs_agent + monitoring_subscription: {get_attr: [NeutronOvsBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronOvsBase, role_data, logging_source]} + logging_groups: {get_attr: [NeutronOvsBase, role_data, logging_groups]} + config_settings: + get_attr: [NeutronOvsBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::ovs diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml new file mode 100644 index 00000000..234f116e --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-ml2.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron ML2 Plugin with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronMl2Base: + type: ../neutron-plugin-ml2.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron ML2 plugin. + value: + service_name: neutron_plugin_ml2 + config_settings: + map_merge: + - get_attr: [NeutronMl2Base, role_data, config_settings] + - neutron::agents::ml2::ovs::enabled: false + neutron::agents::ml2::ovs::manage_service: false + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::ml2 diff --git a/puppet/services/pacemaker/neutron-plugin-nuage.yaml b/puppet/services/pacemaker/neutron-plugin-nuage.yaml new file mode 100644 index 00000000..9fca2cc3 --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-nuage.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Nuage Plugin with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronPluginNuageBase: + type: ../neutron-plugin-nuage.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Nuage plugin. + value: + service_name: neutron_plugin_nuage + config_settings: + map_merge: + - get_attr: [NeutronPluginNuageBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::nuage diff --git a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml new file mode 100644 index 00000000..80d6ed92 --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron OpenContrail Plugin with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronPluginOpenContrail: + type: ../neutron-plugin-nuage.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron OpenContrail plugin. + value: + service_name: neutron_plugin_opencontrail + config_settings: + map_merge: + - get_attr: [NeutronPluginOpenContrail, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::opencontrail diff --git a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml new file mode 100644 index 00000000..5dd4e588 --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron PLUMgrid Plugin with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronPluginPlumgridBase: + type: ../neutron-plugin-ml2.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron PLUMgrid plugin. + value: + service_name: neutron_plugin_plumgrid + config_settings: + map_merge: + - get_attr: [NeutronPluginPlumgridBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::plumgrid diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml new file mode 100644 index 00000000..33bc2d99 --- /dev/null +++ b/puppet/services/pacemaker/neutron-server.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Server with Pacemaker configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronL3HA: + default: true + description: Whether to enable HA for virtual routers + type: boolean + +resources: + + NeutronServerBase: + type: ../neutron-server.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Server. + value: + service_name: neutron_server + monitoring_subscription: {get_attr: [NeutronServerBase, role_data, monitoring_subscription]} + config_settings: + map_merge: + - get_attr: [NeutronServerBase, role_data, config_settings] + - neutron::server::enabled: false + neutron::server::manage_service: false + neutron::server::l3_ha: {get_param: NeutronL3HA} + step_config: | + include ::tripleo::profile::pacemaker::neutron::server diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml new file mode 100644 index 00000000..b86e438a --- /dev/null +++ b/puppet/services/pacemaker/nova-api.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova API service with Pacemaker configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaApiBase: + type: ../nova-api.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova API role. + value: + service_name: nova_api + monitoring_subscription: {get_attr: [NovaApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaApiBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaApiBase, role_data, logging_groups]} + config_settings: + map_merge: + - get_attr: [NovaApiBase, role_data, config_settings] + - nova::api::manage_service: false + nova::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::api diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml new file mode 100644 index 00000000..a0a766ec --- /dev/null +++ b/puppet/services/pacemaker/nova-conductor.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Conductor service with Pacemaker configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaConductorBase: + type: ../nova-conductor.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Conductor role. + value: + service_name: nova_conductor + monitoring_subscription: {get_attr: [NovaConductorBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaConductorBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaConductorBase, role_data, logging_groups]} + config_settings: + map_merge: + - get_attr: [NovaConductorBase, role_data, config_settings] + - nova::conductor::manage_service: false + nova::conductor::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::conductor diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml new file mode 100644 index 00000000..5d51eb47 --- /dev/null +++ b/puppet/services/pacemaker/nova-consoleauth.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Consoleauth service with Pacemaker configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaConsoleauthBase: + type: ../nova-consoleauth.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Consoleauth role. + value: + service_name: nova_consoleauth + monitoring_subscription: {get_attr: [NovaConsoleauthBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaConsoleauthBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaConsoleauthBase, role_data, logging_groups]} + config_settings: + map_merge: + - get_attr: [NovaConsoleauthBase, role_data, config_settings] + - nova::consoleauth::manage_service: false + nova::consoleauth::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::consoleauth diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml new file mode 100644 index 00000000..8828ee11 --- /dev/null +++ b/puppet/services/pacemaker/nova-scheduler.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Scheduler service with Pacemaker configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaSchedulerBase: + type: ../nova-scheduler.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Scheduler role. + value: + service_name: nova_scheduler + monitoring_subscription: {get_attr: [NovaSchedulerBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaSchedulerBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaSchedulerBase, role_data, logging_groups]} + config_settings: + map_merge: + - get_attr: [NovaSchedulerBase, role_data, config_settings] + - nova::scheduler::manage_service: false + nova::scheduler::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::scheduler diff --git a/puppet/services/pacemaker/nova-vnc-proxy.yaml b/puppet/services/pacemaker/nova-vnc-proxy.yaml new file mode 100644 index 00000000..ebe84a03 --- /dev/null +++ b/puppet/services/pacemaker/nova-vnc-proxy.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Vncproxy service with Pacemaker configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaVncproxyBase: + type: ../nova-vnc-proxy.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Vncproxy role. + value: + service_name: nova_vnc_proxy + monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaVncproxyBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaVncproxyBase, role_data, logging_groups]} + config_settings: + map_merge: + - get_attr: [NovaVncproxyBase, role_data, config_settings] + - nova::vncproxy::manage_service: false + nova::vncproxy::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::vncproxy diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index 20fb2e40..f3fa2d28 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -4,6 +4,15 @@ description: > RabbitMQ service with Pacemaker configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -14,12 +23,16 @@ resources: RabbitMQServiceBase: type: ../rabbitmq.yaml properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the RabbitMQ pacemaker role. value: + service_name: rabbitmq + monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [RabbitMQServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml new file mode 100644 index 00000000..3dfb7d94 --- /dev/null +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara API service with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + SaharaApiBase: + type: ../sahara-api.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sahara API role. + value: + service_name: sahara_api + monitoring_subscription: {get_attr: [SaharaApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [SaharaApiBase, role_data, logging_source]} + logging_groups: {get_attr: [SaharaApiBase, role_data, logging_groups]} + config_settings: + map_merge: + - get_attr: [SaharaApiBase, role_data, config_settings] + - sahara::service::api::manage_service: false + sahara::service::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::sahara::api diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml new file mode 100644 index 00000000..a06d11b3 --- /dev/null +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara Engine service with Pacemaker configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + SaharaEngineBase: + type: ../sahara-engine.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sahara Engine role. + value: + service_name: sahara_engine + monitoring_subscription: {get_attr: [SaharaEngineBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [SaharaEngineBase, role_data, logging_source]} + logging_groups: {get_attr: [SaharaEngineBase, role_data, logging_groups]} + config_settings: + map_merge: + - get_attr: [SaharaEngineBase, role_data, config_settings] + - sahara::service::engine::manage_service: false + sahara::service::engine::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::sahara::engine diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 581b4ba4..52300a2f 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -1,9 +1,18 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > RabbitMQ service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -18,22 +27,66 @@ parameters: type: string hidden: true RabbitFDLimit: - default: 16384 + default: 65536 description: Configures RabbitMQ FD limit type: string RabbitIPv6: default: false description: Enable IPv6 in RabbitMQ type: boolean + RabbitCookie: + type: string + default: '' + hidden: true + MonitoringSubscriptionRabbitmq: + default: 'overcloud-rabbitmq' + type: string outputs: role_data: description: Role data for the RabbitMQ role. value: + service_name: rabbitmq + monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq} config_settings: rabbitmq::file_limit: {get_param: RabbitFDLimit} rabbitmq::default_user: {get_param: RabbitUserName} rabbitmq::default_pass: {get_param: RabbitPassword} rabbit_ipv6: {get_param: RabbitIPv6} + tripleo.rabbitmq.firewall_rules: + '109 rabbitmq': + dport: + - 4369 + - 5672 + - 25672 + rabbitmq::delete_guest_user: false + rabbitmq::wipe_db_on_cookie_change: true + rabbitmq::port: '5672' + rabbitmq::package_source: undef + rabbitmq::repos_ensure: false + rabbitmq_environment: + RABBITMQ_NODENAME: "rabbit@%{::hostname}" + RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' + rabbitmq_kernel_variables: + inet_dist_listen_min: '25672' + inet_dist_listen_max: '25672' + rabbitmq_config_variables: + tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' + cluster_partition_handling: 'pause_minority' + loopback_users: '[]' + rabbitmq::erlang_cookie: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} step_config: | include ::tripleo::profile::base::rabbitmq diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml new file mode 100644 index 00000000..54e63df4 --- /dev/null +++ b/puppet/services/sahara-api.yaml @@ -0,0 +1,92 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SaharaPassword: + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true + SaharaWorkers: + default: 0 + description: The number of workers for the sahara-api. + type: number + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionSaharaApi: + default: 'overcloud-sahara-api' + type: string + SaharaApiLoggingSource: + type: json + default: + tag: openstack.sahara.api + path: /var/log/sahara/sahara-api.log + +resources: + SaharaBase: + type: ./sahara-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sahara API role. + value: + service_name: sahara_api + monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi} + logging_source: {get_param: SaharaApiLoggingSource} + logging_groups: + - sahara + config_settings: + map_merge: + - get_attr: [SaharaBase, role_data, config_settings] + - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} + sahara::service::api::api_workers: {get_param: SaharaWorkers} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]} + tripleo.sahara_api.firewall_rules: + '132 sahara': + dport: + - 8386 + - 13386 + step_config: | + include ::tripleo::profile::base::sahara::api + service_config_settings: + keystone: + sahara::keystone::auth::tenant: 'service' + sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} + sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} + sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} + sahara::keystone::auth::password: {get_param: SaharaPassword } + sahara::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + sahara::db::mysql::password: {get_param: SaharaPassword} + sahara::db::mysql::user: sahara + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + sahara::db::mysql::dbname: sahara + sahara::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml new file mode 100644 index 00000000..5fc8ed61 --- /dev/null +++ b/puppet/services/sahara-base.yaml @@ -0,0 +1,82 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara base service. Shared for all Sahara services. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + SaharaPassword: + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true + Debug: + type: string + default: '' + description: Set to True to enable debugging on all services. + +outputs: + role_data: + description: Role data for the Sahara base service. + value: + service_name: sahara_base + config_settings: + sahara::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://sahara:' + - {get_param: SaharaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/sahara' + sahara::rabbit_password: {get_param: RabbitPassword} + sahara::rabbit_user: {get_param: RabbitUserName} + sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + sahara::rabbit_port: {get_param: RabbitClientPort} + sahara::debug: {get_param: Debug} + sahara::admin_password: {get_param: SaharaPassword} + sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + sahara::use_neutron: true + sahara::plugins: + - ambari + - cdh + - mapr + - vanilla + - spark + - storm + sahara::rpc_backend: rabbit + sahara::admin_tenant_name: 'service' + sahara::db::database_db_max_retries: -1 + sahara::db::database_max_retries: -1 diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml new file mode 100644 index 00000000..287c1c05 --- /dev/null +++ b/puppet/services/sahara-engine.yaml @@ -0,0 +1,51 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara Engine service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionSaharaEngine: + default: 'overcloud-sahara-engine' + type: string + SaharaEngineLoggingSource: + type: json + default: + tag: openstack.sahara.engine + path: /var/log/sahara/sahara-engine.log + +resources: + SaharaBase: + type: ./sahara-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sahara Engine role. + value: + service_name: sahara_engine + monitoring_subscription: {get_param: MonitoringSubscriptionSaharaEngine} + logging_source: {get_param: SaharaEngineLoggingSource} + logging_groups: + - sahara + config_settings: + map_merge: + - get_attr: [SaharaBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::sahara::engine diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 7ed880fc..7b5fa40c 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Utility stack to convert an array of services into a set of combined @@ -10,11 +10,22 @@ parameters: description: | List nested stack service templates. type: comma_delimited_list + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DefaultPasswords: + default: {} + description: Mapping of service -> default password. Used to help + pass top level passwords managed by Heat into services. + type: json resources: @@ -24,12 +35,75 @@ resources: resources: {get_param: Services} concurrent: true resource_properties: + ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_param: EndpointMap} + DefaultPasswords: {get_param: DefaultPasswords} + + LoggingConfiguration: + type: OS::TripleO::LoggingConfiguration outputs: - config_settings: - description: Configuration settings. - value: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} - step_config: - description: Step configuration. - value: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} + role_data: + description: Combined Role data for this set of services. + value: + service_names: + # Filter any null/None service_names which may be present due to mapping + # of services to OS::Heat::None + yaql: + expression: list($.data.s_names.where($ != null)) + data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} + monitoring_subscriptions: + yaql: + expression: list($.data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + logging_sources: + # Transform the individual logging_source configuration from + # each service in the chain into a global list, adding some + # default configuration at the same time. + yaql: + expression: > + let( + default_format => $.data.default_format, + pos_file_path => $.data.pos_file_path, + sources => $.data.sources.flatten() + ) -> + $sources.where($ != null).select({ + 'type' => 'tail', + 'tag' => $.tag, + 'path' => $.path, + 'format' => $.get('format', $default_format), + 'pos_file' => $.get('pos_file', $pos_file_path + '/' + $.tag + '.pos') + }) + data: + sources: + - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} + - yaql: + expression: list($.data.where($ != null).select($.get('logging_sources')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + - {get_attr: [LoggingConfiguration, LoggingExtraSources]} + default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} + pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} + logging_groups: + # Build a list of unique groups to which we should add the + # fluentd user. + yaql: + expression: > + set($.data.groups.flatten()).where($) + data: + groups: + - [{get_attr: [LoggingConfiguration, LoggingDefaultGroups]}] + - yaql: + expression: list($.data.where($ != null).select($.get('logging_groups')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + - [{get_attr: [LoggingConfiguration, LoggingExtraGroups]}] + config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} + global_config_settings: + map_merge: + yaql: + expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + service_config_settings: + yaql: + expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) + data: {get_attr: [ServiceChain, role_data]} + step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml new file mode 100644 index 00000000..4d01632d --- /dev/null +++ b/puppet/services/snmp.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + SNMP client configured with Puppet, to facilitate Ceilometer Hardware + monitoring in the undercloud. This service is required to enable hardware + monitoring. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + +outputs: + role_data: + description: Role data for the SNMP services + value: + service_name: snmp + config_settings: + tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName} + tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword} + tripleo.snmp.firewall_rules: + '127 snmp': + dport: 161 + proto: 'udp' + step_config: | + include ::tripleo::profile::base::snmp diff --git a/puppet/services/swift-base.yaml b/puppet/services/swift-base.yaml new file mode 100644 index 00000000..741adb4d --- /dev/null +++ b/puppet/services/swift-base.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Swift Proxy service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SwiftHashSuffix: + description: A random string to be used as a salt when hashing to determine mappings + in the ring. + hidden: true + type: string + +outputs: + role_data: + description: Role data for the Swift common swift settings. + value: + service_name: swift_base + config_settings: + swift::swift_hash_path_suffix: {get_param: SwiftHashSuffix} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index a86aeaf5..8b990bcd 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -4,6 +4,15 @@ description: > OpenStack Swift Proxy service configured with Puppet parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -17,6 +26,10 @@ parameters: description: The password for the swift service account, used by the swift proxy services. type: string hidden: true + SwiftProxyNodeTimeout: + default: 60 + description: Timeout for requests going from swift-proxy to swift a/c/o services. + type: number SwiftWorkers: default: 0 description: Number of workers for Swift service. @@ -25,25 +38,80 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionSwiftProxy: + default: 'overcloud-swift-proxy' + type: string +resources: + SwiftBase: + type: ./swift-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Swift proxy service. value: + service_name: swift_proxy + monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy} config_settings: - # Swift - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - swift::proxy::authtoken::admin_password: {get_param: SwiftPassword} - swift::proxy::workers: {get_param: SwiftWorkers} - swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} - swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} - swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} - swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} - swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} - swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} - swift::keystone::auth::password: {get_param: SwiftPassword} - swift::keystone::auth::region: {get_param: KeystoneRegion} + map_merge: + - get_attr: [SwiftBase, role_data, config_settings] + + - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + swift::proxy::authtoken::password: {get_param: SwiftPassword} + swift::proxy::authtoken::project_name: 'service' + swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} + swift::proxy::workers: {get_param: SwiftWorkers} + tripleo.swift_proxy.firewall_rules: + '122 swift proxy': + dport: + - 8080 + - 13808 + swift::proxy::keystone::operator_roles: + - admin + - swiftoperator + - ResellerAdmin + swift::proxy::pipeline: + - 'catch_errors' + - 'healthcheck' + - 'proxy-logging' + - 'cache' + - 'ratelimit' + - 'bulk' + - 'tempurl' + - 'formpost' + - 'authtoken' + - 'keystone' + - 'staticweb' + - 'proxy-logging' + - 'proxy-server' + swift::proxy::account_autocreate: true + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]} step_config: | include ::tripleo::profile::base::swift::proxy + service_config_settings: + keystone: + swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} + swift::keystone::auth::password: {get_param: SwiftPassword} + swift::keystone::auth::region: {get_param: KeystoneRegion} + swift::keystone::auth::tenant: 'service' + swift::keystone::auth::configure_s3_endpoint: false + swift::keystone::auth::operator_roles: + - admin + - swiftoperator + - ResellerAdmin diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml new file mode 100644 index 00000000..e151d185 --- /dev/null +++ b/puppet/services/swift-ringbuilder.yaml @@ -0,0 +1,65 @@ +heat_template_version: 2016-10-14 + +description: > + OpenStack Swift Ringbuilder + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SwiftMinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + SwiftPartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + SwiftRingBuild: + default: true + description: Whether to manage Swift rings or not + type: boolean + SwiftReplicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json + + +outputs: + role_data: + description: Role data for Swift Ringbuilder configuration. + value: + service_name: swift_ringbuilder + config_settings: + tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild} + tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas} + tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: 'r1z1-' + tripleo::profile::base::swift::ringbuilder::raw_disks: + yaql: + expression: $.data.raw_disk_lists.flatten() + data: + raw_disk_lists: + - [':%PORT%/d1'] + - repeat: + template: ':%PORT%/DEVICE' + for_each: + DEVICE: {get_param: SwiftRawDisks} + swift::ringbuilder::part_power: {get_param: SwiftPartPower} + swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours} + step_config: | + include ::tripleo::profile::base::swift::ringbuilder diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml new file mode 100644 index 00000000..7fbb8d90 --- /dev/null +++ b/puppet/services/swift-storage.yaml @@ -0,0 +1,92 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Swift Storage service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + SwiftMountCheck: + default: false + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json + MonitoringSubscriptionSwiftStorage: + default: 'overcloud-swift-storage' + type: string + + # DEPRECATED options for compatibility with overcloud.yaml + # This should be removed and manipulation of the ControllerServices list + # used instead, but we need client support for that first + ControllerEnableSwiftStorage: + default: true + description: Whether to enable Swift Storage on the Controller + type: boolean + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - ControllerEnableSwiftStorage + +resources: + SwiftBase: + type: ./swift-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Swift Proxy role. + value: + service_name: swift_storage + monitoring_subscription: {get_param: MonitoringSubscriptionSwiftStorage} + config_settings: + map_merge: + - get_attr: [SwiftBase, role_data, config_settings] + - swift::storage::all::mount_check: {get_param: SwiftMountCheck} + tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage} + tripleo.swift_storage.firewall_rules: + '123 swift storage': + dport: + - 873 + - 6000 + - 6001 + - 6002 + swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' + swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' + swift::storage::all::object_pipeline: + - healthcheck + - recon + - object-server + swift::storage::all::container_pipeline: + - healthcheck + - container-server + swift::storage::all::account_pipeline: + - healthcheck + - account-server + swift::storage::disks: {get_param: SwiftRawDisks} + swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]} + step_config: | + include ::tripleo::profile::base::swift::storage diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml new file mode 100644 index 00000000..eb5237fe --- /dev/null +++ b/puppet/services/time/ntp.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2016-04-08 + +description: > + NTP service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configure NTP. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NtpServer: + default: [] + description: NTP servers + type: comma_delimited_list + +outputs: + role_data: + description: Role ntp using composable services. + value: + service_name: ntp + config_settings: + ntp::servers: {get_param: NtpServer} + tripleo.ntp.firewall_rules: + '105 ntp': + dport: 123 + proto: udp + step_config: | + include ::ntp diff --git a/puppet/services/time/timezone.yaml b/puppet/services/time/timezone.yaml new file mode 100644 index 00000000..384b5191 --- /dev/null +++ b/puppet/services/time/timezone.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2016-04-08 + +description: > + Composable Timezone service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + TimeZone: + default: 'UTC' + description: The timezone to be set on the overcloud. + type: string + +outputs: + role_data: + description: Timezone role using composable services. + value: + service_name: timezone + config_settings: + timezone::timezone: {get_param: TimeZone} + step_config: | + include ::timezone diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml new file mode 100644 index 00000000..f6ec458f --- /dev/null +++ b/puppet/services/tripleo-firewall.yaml @@ -0,0 +1,39 @@ +heat_template_version: 2016-04-08 + +description: > + TripleO Firewall settings + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the new ones. + type: boolean + +outputs: + role_data: + description: Role data for the TripleO firewall settings + value: + service_name: tripleo_firewall + config_settings: + tripleo::firewall::manage_firewall: {get_param: ManageFirewall} + tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules} + step_config: | + include ::tripleo::firewall diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml new file mode 100644 index 00000000..124f5fe8 --- /dev/null +++ b/puppet/services/tripleo-packages.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2016-04-08 + +description: > + TripleO Package installation settings + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +outputs: + role_data: + description: Role data for the TripleO package settings + value: + service_name: tripleo_packages + config_settings: + tripleo::packages::enable_install: {get_param: EnablePackageInstall} + step_config: | + include ::tripleo::packages diff --git a/puppet/services/vip-hosts.yaml b/puppet/services/vip-hosts.yaml new file mode 100644 index 00000000..a9d757ee --- /dev/null +++ b/puppet/services/vip-hosts.yaml @@ -0,0 +1,56 @@ +heat_template_version: 2016-04-08 + +description: > + If the deployer doesn't have a DNS server for the overcloud nodes. This will + populate the node-names and IPs for the VIPs of the overcloud. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: role data for the VIP hosts role + value: + service_name: vip_hosts + config_settings: + tripleo::vip_hosts::hosts_spec: + external: + name: "%{hiera('cloud_name_external')}" + ip: "%{hiera('public_virtual_ip')}" + ensure: present + comment: FQDN of the external VIP + internal_api: + name: "%{hiera('cloud_name_internal_api')}" + ip: "%{hiera('internal_api_virtual_ip')}" + ensure: present + comment: FQDN of the internal api VIP + storage: + name: "%{hiera('cloud_name_storage')}" + ip: "%{hiera('storage_virtual_ip')}" + ensure: present + comment: FQDN of the storage VIP + storage_mgmt: + name: "%{hiera('cloud_name_storage_mgmt')}" + ip: "%{hiera('storage_mgmt_virtual_ip')}" + ensure: present + comment: FQDN of the storage mgmt VIP + ctlplane: + name: "%{hiera('cloud_name_ctlplane')}" + ip: "%{hiera('controller_virtual_ip')}" + ensure: present + comment: FQDN of the ctlplane VIP + step_config: | + include ::tripleo::vip_hosts diff --git a/puppet/swift-devices-and-proxy-config.yaml b/puppet/swift-devices-and-proxy-config.yaml deleted file mode 100644 index 92ef5c1c..00000000 --- a/puppet/swift-devices-and-proxy-config.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Swift Devices and Proxy Config for Puppet' - -parameters: - controller_swift_devices: - type: comma_delimited_list - object_store_swift_devices: - type: comma_delimited_list - controller_swift_proxy_memcaches: - type: comma_delimited_list - -resources: - - SwiftDevicesAndProxyConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - swift_devices_and_proxy: - mapped_data: - tripleo::ringbuilder::devices: - list_join: - - ", " - - - list_join: - - ", " - - {get_param: controller_swift_devices} - - list_join: - - ", " - - {get_param: object_store_swift_devices} - swift::proxy::cache::memcache_servers: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: controller_swift_proxy_memcaches} - -outputs: - config_id: - description: The ID of the SwiftDevicesAndProxyConfigImpl resource. - value: - {get_resource: SwiftDevicesAndProxyConfigImpl} diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml deleted file mode 100644 index 1aba2bb4..00000000 --- a/puppet/swift-storage-post.yaml +++ /dev/null @@ -1,91 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'OpenStack swift storage node post deployment for Puppet' - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - StorageArtifactsConfig: - type: deploy-artifacts.yaml - - StorageArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: servers} - config: {get_resource: StorageArtifactsConfig} - input_values: - update_identifier: {get_param: NodeConfigIdentifiers} - - StoragePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - inputs: - - name: step - outputs: - - name: result - config: - list_join: - - '' - - - get_file: manifests/overcloud_object.pp - - get_file: manifests/ringbuilder.pp - - {get_param: StepConfig} - - StorageRingbuilderDeployment_Step2: - type: OS::Heat::StructuredDeployments - depends_on: StorageArtifactsDeploy - properties: - name: StorageRingbuilderDeployment_Step2 - servers: {get_param: servers} - config: {get_resource: StoragePuppetConfig} - input_values: - step: 2 - update_identifier: {get_param: NodeConfigIdentifiers} - - StorageRingbuilderDeployment_Step3: - type: OS::Heat::StructuredDeployments - depends_on: StorageRingbuilderDeployment_Step2 - properties: - name: StorageRingbuilderDeployment_Step3 - servers: {get_param: servers} - config: {get_resource: StoragePuppetConfig} - input_values: - step: 3 - update_identifier: {get_param: NodeConfigIdentifiers} - - StorageDeployment_Step4: - type: OS::Heat::StructuredDeployments - depends_on: StorageRingbuilderDeployment_Step3 - properties: - name: StorageDeployment_Step4 - servers: {get_param: servers} - config: {get_resource: StoragePuppetConfig} - input_values: - step: 4 - update_identifier: {get_param: NodeConfigIdentifiers} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - depends_on: StorageDeployment_Step4 - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} - diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index ed52f928..899ba66d 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -1,59 +1,21 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: 'OpenStack swift storage node configured by Puppet' parameters: - Flavor: + OvercloudSwiftStorageFlavor: description: Flavor for Swift storage nodes to request when deploying. + default: baremetal type: string constraints: - custom_constraint: nova.flavor - HashSuffix: - description: A random string to be used as a salt when hashing to determine mappings - in the ring. - hidden: true - type: string - Image: - default: overcloud-swift-storage + SwiftStorageImage: + default: overcloud-full type: string + constraints: + - custom_constraint: glance.image KeyName: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string - MountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - MinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - PartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - RingBuild: - default: true - description: Whether to manage Swift rings or not - type: boolean - Replicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean UpdateIdentifier: default: '' type: string @@ -65,10 +27,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json - TimeZone: - default: 'UTC' - description: The timezone to be set on Ceph nodes. - type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json Hostname: type: string default: '' # Defaults to Heat created hostname @@ -103,7 +66,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -114,7 +76,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + ObjectStorageSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -124,14 +86,33 @@ parameters: ServiceConfigSettings: type: json default: {} + ServiceNames: + type: comma_delimited_list + default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] + ConfigCommand: + type: string + description: Command which will be run whenever configuration data changes + default: os-refresh-config --timeout 14400 + LoggingSources: + type: json + default: [] + LoggingGroups: + type: comma_delimited_list + default: [] resources: SwiftStorage: type: OS::Nova::Server + metadata: + os-collect-config: + command: {get_param: ConfigCommand} properties: - image: {get_param: Image} - flavor: {get_param: Flavor} + image: {get_param: SwiftStorageImage} + flavor: {get_param: OvercloudSwiftStorageFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -143,7 +124,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: ObjectStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -260,44 +241,33 @@ resources: - heat_config_%{::deploy_config_name} - object_extraconfig - extraconfig + - service_names - service_configs - object - - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig + - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - - common - - network merge_behavior: deeper datafiles: + service_names: + mapped_data: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: - mapped_data: {get_param: ServiceConfigSettings} - common: - raw_data: {get_file: hieradata/common.yaml} - network: mapped_data: - net_ip_map: {get_attr: [NetIpMap, net_ip_map]} - net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} - net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} object_extraconfig: mapped_data: {get_param: ObjectStorageExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} object: - raw_data: {get_file: hieradata/object.yaml} mapped_data: # data supplied directly to this deployment configuration, etc - swift::swift_hash_path_suffix: { get_input: swift_hash_suffix } - tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } - tripleo::ringbuilder::part_power: { get_input: swift_part_power } - tripleo::ringbuilder::replicas: {get_input: swift_replicas } - swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} - swift_mount_check: {get_input: swift_mount_check } - tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } - ntp::servers: {get_input: ntp_servers} - timezone::timezone: {get_input: timezone} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} SwiftStorageHieraDeploy: @@ -308,20 +278,7 @@ resources: server: {get_resource: SwiftStorage} config: {get_resource: SwiftStorageHieraConfig} input_values: - local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - swift_hash_suffix: {get_param: HashSuffix} - swift_mount_check: {get_param: MountCheck} - swift_min_part_hours: {get_param: MinPartHours} - swift_ring_build: {get_param: RingBuild} - swift_part_power: {get_param: PartPower} - swift_replicas: { get_param: Replicas} - ntp_servers: {get_param: NtpServer} - timezone: {get_param: TimeZone} - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -351,6 +308,12 @@ resources: get_param: UpdateIdentifier outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [SwiftStorage, name]} hosts_entry: value: str_replace: @@ -362,6 +325,7 @@ outputs: STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST TENANTIP TENANTHOST.DOMAIN TENANTHOST MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST + CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -402,17 +366,16 @@ outputs: - '.' - - {get_attr: [SwiftStorage, name]} - management + CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + CTLPLANEHOST: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - ctlplane nova_server_resource: description: Heat resource handle for the swift storage server value: {get_resource: SwiftStorage} - swift_device: - description: Swift device formatted for swift-ring-builder - value: - str_replace: - template: 'r1z1-IP:%PORT%/d1' - params: - IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} @@ -431,11 +394,3 @@ outputs: management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: - list_join: - - ',' - - - {get_attr: [SwiftStorageHieraDeploy, deploy_stdout]} - - {get_attr: [NodeTLSCAData, deploy_stdout]} - - {get_param: UpdateIdentifier} diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml deleted file mode 100644 index 92234b6c..00000000 --- a/puppet/vip-config.yaml +++ /dev/null @@ -1,55 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - Configure hieradata for service -> virtual IP mappings. - -resources: - VipConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - vip_data: - mapped_data: - keystone_admin_api_vip: {get_input: keystone_admin_api_vip} - keystone_public_api_vip: {get_input: keystone_public_api_vip} - neutron_api_vip: {get_input: neutron_api_vip} - # TODO: pass a `midonet_api_vip` var - midonet_api_vip: {get_input: neutron_api_vip} - cinder_api_vip: {get_input: cinder_api_vip} - glance_api_vip: {get_input: glance_api_vip} - glance_registry_vip: {get_input: glance_registry_vip} - sahara_api_vip: {get_input: sahara_api_vip} - swift_proxy_vip: {get_input: swift_proxy_vip} - nova_api_vip: {get_input: nova_api_vip} - nova_metadata_vip: {get_input: nova_metadata_vip} - ceilometer_api_vip: {get_input: ceilometer_api_vip} - aodh_api_vip: {get_input: aodh_api_vip} - gnocchi_api_vip: {get_input: gnocchi_api_vip} - heat_api_vip: {get_input: heat_api_vip} - horizon_vip: {get_input: horizon_vip} - redis_vip: {get_input: redis_vip} - mysql_vip: {get_input: mysql_vip} - public_virtual_ip: {get_input: public_virtual_ip} - controller_virtual_ip: {get_input: control_virtual_ip} - internal_api_virtual_ip: {get_input: internal_api_virtual_ip} - storage_virtual_ip: {get_input: storage_virtual_ip} - storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} - # public_virtual_ip and controller_virtual_ip are needed in - # both HAproxy & keepalived. - tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip} - tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip} - tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip} - tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip} - tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip} - tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip} - tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} - tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip} - - -outputs: - OS::stack_id: - description: The VipConfigImpl resource. - value: {get_resource: VipConfigImpl} diff --git a/roles_data.yaml b/roles_data.yaml new file mode 100644 index 00000000..fe98d827 --- /dev/null +++ b/roles_data.yaml @@ -0,0 +1,164 @@ +# Specifies which roles (groups of nodes) will be deployed +# Note this is used as an input to the various *.j2.yaml +# jinja2 templates, so that they are converted into *.yaml +# during the plan creation (via a mistral action/workflow). +# +# The format is a list, with the following format: +# +# * name: (string) mandatory, name of the role, must be unique +# +# CountDefault: (number) optional, default number of nodes, defaults to 0 +# sets the default for the {{role.name}}Count parameter in overcloud.yaml +# +# HostnameFormatDefault: (string) optional default format string for hostname +# defaults to '%stackname%-{{role.name.lower()}}-%index%' +# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml +# +# ServicesDefault: (list) optional default list of services to be deployed +# on the role, defaults to an empty list. Sets the default for the +# {{role.name}}Services parameter in overcloud.yaml + +- name: Controller + CountDefault: 1 + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Core + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::Redis + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::Tripleo::Services::ManilaApi + - OS::Tripleo::Services::ManilaScheduler + - OS::Tripleo::Services::ManilaBackendGeneric + - OS::Tripleo::Services::ManilaBackendNetapp + - OS::Tripleo::Services::ManilaBackendCephFs + - OS::Tripleo::Services::ManilaShare + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::OpenDaylight + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::VipHosts + +- name: Compute + CountDefault: 1 + HostnameFormatDefault: '%stackname%-novacompute-%index%' + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::VipHosts + +- name: BlockStorage + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::VipHosts + +- name: ObjectStorage + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::VipHosts + +- name: CephStorage + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::VipHosts diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 2da873d0..95c7d025 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -17,27 +17,65 @@ import traceback import yaml +required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords'] + def exit_usage(): print('Usage %s <yaml file or directory>' % sys.argv[0]) sys.exit(1) + +def validate_service(filename, tpl): + if 'outputs' in tpl and 'role_data' in tpl['outputs']: + if 'value' not in tpl['outputs']['role_data']: + print('ERROR: invalid role_data for filename: %s' + % filename) + return 1 + role_data = tpl['outputs']['role_data']['value'] + if 'service_name' not in role_data: + print('ERROR: service_name is required in role_data for %s.' + % filename) + return 1 + # service_name must match the filename, but with an underscore + if (role_data['service_name'] != + os.path.basename(filename).split('.')[0].replace("-", "_")): + print('ERROR: service_name should match file name for service: %s.' + % filename) + return 1 + if 'parameters' in tpl: + for param in required_params: + if param not in tpl['parameters']: + print('ERROR: parameter %s is required for %s.' + % (param, filename)) + return 1 + return 0 + + def validate(filename): print('Validating %s' % filename) + retval = 0 try: tpl = yaml.load(open(filename).read()) + + if (filename.startswith('./puppet/services/') and + filename != './puppet/services/services.yaml'): + retval = validate_service(filename, tpl) + except Exception: print(traceback.format_exc()) return 1 # yaml is OK, now walk the parameters and output a warning for unused ones - for p in tpl.get('parameters', {}): - str_p = '\'%s\'' % p - in_resources = str_p in str(tpl.get('resources', {})) - in_outputs = str_p in str(tpl.get('outputs', {})) - if not in_resources and not in_outputs: - print('Warning: parameter %s in template %s appears to be unused' - % (p, filename)) + if 'heat_template_version' in tpl: + for p in tpl.get('parameters', {}): + if p in required_params: + continue + str_p = '\'%s\'' % p + in_resources = str_p in str(tpl.get('resources', {})) + in_outputs = str_p in str(tpl.get('outputs', {})) + if not in_resources and not in_outputs: + print('Warning: parameter %s in template %s ' + 'appears to be unused' % (p, filename)) - return 0 + return retval if len(sys.argv) < 2: exit_usage() @@ -50,7 +88,7 @@ for base_path in path_args: if os.path.isdir(base_path): for subdir, dirs, files in os.walk(base_path): for f in files: - if f.endswith('.yaml'): + if f.endswith('.yaml') and not f.endswith('.j2.yaml'): file_path = os.path.join(subdir, f) failed = validate(file_path) if failed: |