diff options
77 files changed, 1833 insertions, 1585 deletions
diff --git a/environments/major-upgrade-pacemaker-init.yaml b/environments/major-upgrade-pacemaker-init.yaml index d98a9cdd..fbad0406 100644 --- a/environments/major-upgrade-pacemaker-init.yaml +++ b/environments/major-upgrade-pacemaker-init.yaml @@ -1,5 +1,5 @@ parameter_defaults: - UpgradeLevelNovaCompute: liberty + UpgradeLevelNovaCompute: mitaka resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml diff --git a/environments/major-upgrade-pacemaker.yaml b/environments/major-upgrade-pacemaker.yaml index 61186bb0..763ca67e 100644 --- a/environments/major-upgrade-pacemaker.yaml +++ b/environments/major-upgrade-pacemaker.yaml @@ -1,5 +1,5 @@ parameter_defaults: - UpgradeLevelNovaCompute: liberty + UpgradeLevelNovaCompute: mitaka resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker.yaml diff --git a/environments/neutron-midonet.yaml b/environments/neutron-midonet.yaml index 463c1874..7f50f15b 100644 --- a/environments/neutron-midonet.yaml +++ b/environments/neutron-midonet.yaml @@ -3,13 +3,13 @@ resource_registry: OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml OS::TripleO::Controller::Net::SoftwareConfig: ../net-config-linux-bridge.yaml # We have to avoid any ovs bridge. MidoNet is incompatible with its datapath OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None parameter_defaults: EnableZookeeperOnController: true EnableCassandraOnController: true NeutronCorePlugin: 'midonet.neutron.plugin_v1.MidonetPluginV2' # Overriding default core_plugin in Neutron. Don't touch it NeutronEnableIsolatedMetadata: true # MidoNet 1.9 needs this one to work. Don't change it - NeutronEnableOVSAgent: false # Other available options for MidoNet Services # TunnelZoneName: 'tunnelname' diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index 0cd49a20..bf5036bf 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -4,6 +4,7 @@ resource_registry: OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None parameter_defaults: NeutronNuageOSControllerIp: '0.0.0.0' @@ -17,7 +18,6 @@ parameter_defaults: UseForwardedFor: true NeutronCorePlugin: 'neutron.plugins.nuage.plugin.NuagePlugin' NeutronEnableDHCPAgent: false - NeutronEnableOVSAgent: false NeutronServicePlugins: [] NovaOVSBridge: 'alubr0' controllerExtraConfig: diff --git a/environments/neutron-opencontrail.yaml b/environments/neutron-opencontrail.yaml index ceccd132..b17c9c0a 100644 --- a/environments/neutron-opencontrail.yaml +++ b/environments/neutron-opencontrail.yaml @@ -6,11 +6,11 @@ resource_registry: OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None parameter_defaults: NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin - NeutronEnableOVSAgent: false NeutronEnableTunnelling: false # required params: diff --git a/environments/neutron-plumgrid.yaml b/environments/neutron-plumgrid.yaml index 19f51cfc..08ace103 100755 --- a/environments/neutron-plumgrid.yaml +++ b/environments/neutron-plumgrid.yaml @@ -1,11 +1,13 @@ # A Heat environment file which can be used to enable PLUMgrid # extensions, configured via puppet resource_registry: - OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml - # PLUMgrid doesn't require dhcp, l3, and metadata agents + # PLUMgrid doesn't require dhcp, l3, metadata, and ovs agents OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + # Override the Neutron core plugin to use PLUMgrid + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginPlumgrid parameter_defaults: NeutronCorePlugin: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2 @@ -25,6 +27,3 @@ parameter_defaults: #Optional Parameters #PLUMgridNeutronPluginVersion: present #PLUMgridPlumlibVersion: present - - # PLUMgrid doesn't require the ovs agent - NeutronEnableOVSAgent: false diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 679b79cb..52a94d80 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -9,6 +9,9 @@ resource_registry: # NOTE: For now we will need to specify overrides to all services # which use pacemaker. In the future (with upcoming HA light work) this # list will hopefully be much smaller however. + OS::TripleO::Services::CinderApi: ../puppet/services/pacemaker/cinder-api.yaml + OS::TripleO::Services::CinderScheduler: ../puppet/services/pacemaker/cinder-scheduler.yaml + OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::Keystone: ../puppet/services/pacemaker/keystone.yaml OS::TripleO::Services::GlanceApi: ../puppet/services/pacemaker/glance-api.yaml OS::TripleO::Services::GlanceRegistry: ../puppet/services/pacemaker/glance-registry.yaml @@ -19,6 +22,19 @@ resource_registry: OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/pacemaker/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../puppet/services/pacemaker/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/pacemaker/neutron-metadata.yaml + OS::TripleO::Services::NeutronServer: ../puppet/services/pacemaker/neutron-server.yaml + OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/pacemaker/neutron-plugin-ml2.yaml + # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin) + OS::TripleO::Services::NeutronCorePluginPlumgrid: ../puppet/services/pacemaker/neutron-plugin-plumgrid.yaml + + OS::TripleO::Services::NeutronOvsAgent: ../puppet/services/pacemaker/neutron-ovs-agent.yaml OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml - OS::TripleO::Services::Loadbalancer: ../puppet/services/pacemaker/loadbalancer.yaml + OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml OS::TripleO::Services::Memcached: ../puppet/services/pacemaker/memcached.yaml + OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml + OS::TripleO::Services::NovaConductor: ../puppet/services/pacemaker/nova-conductor.yaml + OS::TripleO::Services::MongoDb: ../puppet/services/pacemaker/database/mongodb.yaml + OS::TripleO::Services::NovaApi: ../puppet/services/pacemaker/nova-api.yaml + OS::TripleO::Services::NovaScheduler: ../puppet/services/pacemaker/nova-scheduler.yaml + OS::TripleO::Services::NovaConsoleauth: ../puppet/services/pacemaker/nova-consoleauth.yaml + OS::TripleO::Services::NovaVncproxy: ../puppet/services/pacemaker/nova-vncproxy.yaml diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index b207a1fe..4fab2466 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -38,8 +38,8 @@ resource_registry: # NodeExtraConfig == All nodes configuration pre service deployment # NodeExtraConfigPost == All nodes configuration post service deployment OS::TripleO::NodeUserData: firstboot/userdata_default.yaml - OS::TripleO::NodeTLSCAData: puppet/extraconfig/tls/no-ca.yaml - OS::TripleO::NodeTLSData: puppet/extraconfig/tls/no-tls.yaml + OS::TripleO::NodeTLSCAData: OS::Heat::None + OS::TripleO::NodeTLSData: OS::Heat::None OS::TripleO::ControllerExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::ComputeExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::CephStorageExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml @@ -122,6 +122,9 @@ resource_registry: # services OS::TripleO::Services: puppet/services/services.yaml + OS::TripleO::Services::CinderApi: puppet/services/cinder-api.yaml + OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml + OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml @@ -132,9 +135,27 @@ resource_registry: OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml + OS::TripleO::Services::NeutronServer: puppet/services/neutron-server.yaml + OS::TripleO::Services::NeutronCorePlugin: puppet/services/neutron-plugin-ml2.yaml + # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin) + OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml + + OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml - OS::TripleO::Services::Loadbalancer: puppet/services/loadbalancer.yaml + OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml + OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml OS::TripleO::Services::Memcached: puppet/services/memcached.yaml + OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml + OS::TripleO::Services::SaharaApi: puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: puppet/services/sahara-engine.yaml + OS::TripleO::Services::Redis: puppet/services/database/redis.yaml + OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml + OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml + OS::TripleO::Services::NovaApi: puppet/services/nova-api.yaml + OS::TripleO::Services::NovaScheduler: puppet/services/nova-scheduler.yaml + OS::TripleO::Services::NovaConsoleauth: puppet/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaVncproxy: puppet/services/nova-vncproxy.yaml + OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.yaml b/overcloud.yaml index 474fcffb..d8955b9e 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -158,28 +158,6 @@ parameters: default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge for each control plane node, - and that port will be given the IP address returned by neutron from the - public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling - overcloud.yaml to include the deployment of VLAN ports to the control - plane. - type: string - NeutronComputeAgentMode: - default: 'dvr' - description: Agent mode for the neutron-l3-agent on the compute hosts - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NeutronDVR: - default: 'False' - description: Whether to configure Neutron Distributed Virtual Routers - type: string NeutronMetadataProxySharedSecret: description: Shared secret to prevent spoofing type: string @@ -198,17 +176,6 @@ parameters: description: | The tunnel types for the Neutron tenant network. type: comma_delimited_list - NeutronTunnelIdRanges: - description: | - Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:4094", ] type: comma_delimited_list NeutronCorePlugin: default: 'ml2' @@ -232,10 +199,6 @@ parameters: description: | The mechanism drivers for the Neutron tenant network. type: comma_delimited_list - NeutronPluginExtensions: - default: "qos,port_security" - description: | - Comma-separated list of extensions enabled for the Neutron plugin. type: comma_delimited_list NeutronAgentExtensions: default: "qos" @@ -262,14 +225,6 @@ parameters: default: '' description: Comma-separated list of ntp servers type: comma_delimited_list - MongoDbNoJournal: - default: false - description: Should MongoDb journaling be disabled - type: boolean - MongoDbIPv6: - default: false - description: Enable IPv6 if MongoDB VIP is IPv6 - type: boolean PublicVirtualFixedIPs: default: [] description: > @@ -344,18 +299,6 @@ parameters: default: 10280 description: The size of the loopback file used by the cinder LVM driver. type: number - CinderNfsMountOptions: - default: '' - description: > - Mount options for NFS mounts used by Cinder NFS backend. Effective - when CinderEnableNfsBackend is true. - type: string - CinderNfsServers: - default: '' - description: > - NFS servers used by Cinder NFS backend. Effective when - CinderEnableNfsBackend is true. - type: comma_delimited_list CinderPassword: description: The password for the cinder service account, used by cinder-api. type: string @@ -486,18 +429,6 @@ parameters: description: Configures MySQL max_connections config setting type: number default: 4096 - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: A custom IP address to put onto the NeutronPublicInterface. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string PublicVirtualInterface: default: 'br-ex' description: > @@ -508,10 +439,6 @@ parameters: description: A random string to be used as a salt when hashing to determine mappings in the ring. type: string hidden: true - SwiftPassword: - description: The password for the swift service account, used by the swift proxy services. - type: string - hidden: true SwiftMountCheck: default: 'false' description: Value of mount_check in Swift account/container/object -server.conf @@ -528,10 +455,6 @@ parameters: type: number default: 3 description: How many replicas to use in the swift rings. - SaharaPassword: - description: The password for the sahara service account. - type: string - hidden: true # Compute-specific params CeilometerComputeAgent: @@ -643,6 +566,9 @@ parameters: ControllerServices: default: + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - OS::TripleO::Services::GlanceRegistry @@ -653,16 +579,29 @@ parameters: - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent - OS::TripleO::Services::RabbitMQ - - OS::TripleO::Services::Loadbalancer + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::Redis + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaVncproxy description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Controllers. type: comma_delimited_list ComputeServices: - default: [] + default: + - OS::TripleO::Services::NovaCompute description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Compute Nodes. @@ -716,6 +655,14 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + ObjectStorageServices: + default: [] + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the ObjectStorage nodes. + Note this role currently only supports steps 2, 3 and 4 configuration. + type: comma_delimited_list + # Ceph storage specific parameters CephStorageCount: @@ -884,14 +831,6 @@ resources: CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} CeilometerPassword: {get_param: CeilometerPassword} CeilometerMeterDispatcher: {get_param: CeilometerMeterDispatcher} - CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} - CinderNfsMountOptions: {get_param: CinderNfsMountOptions} - CinderNfsServers: {get_param: CinderNfsServers} - CinderPassword: {get_param: CinderPassword} - CinderISCSIHelper: {get_param: CinderISCSIHelper} - CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} - CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} - CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} CloudDomain: {get_param: CloudDomain} ControlVirtualInterface: {get_param: ControlVirtualInterface} controllerExtraConfig: {get_param: controllerExtraConfig} @@ -922,35 +861,13 @@ resources: MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize} MysqlMaxConnections: {get_param: MysqlMaxConnections} MysqlRootPassword: {get_attr: [MysqlRootPassword, value]} - NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP} - NeutronFlatNetworks: {get_param: NeutronFlatNetworks} - NeutronBridgeMappings: {get_param: NeutronBridgeMappings} NeutronTenantMtu: {get_param: NeutronTenantMtu} - NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} - NeutronEnableL2Pop: {get_param: NeutronEnableL2Pop} - NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges} NeutronPublicInterface: {get_param: NeutronPublicInterface} - NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute} - NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} NeutronPassword: {get_param: NeutronPassword} - NeutronDVR: {get_param: NeutronDVR} NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} - NeutronAgentMode: {get_param: NeutronAgentMode} - NeutronCorePlugin: {get_param: NeutronCorePlugin} - NeutronServicePlugins: {get_param: NeutronServicePlugins} - NeutronTypeDrivers: {get_param: NeutronTypeDrivers} - NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers} - NeutronPluginExtensions: {get_param: NeutronPluginExtensions} - NeutronAgentExtensions: {get_param: NeutronAgentExtensions} - NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} - NeutronL3HA: {get_param: NeutronL3HA} - NeutronNetworkType: {get_param: NeutronNetworkType} - NeutronTunnelTypes: {get_param: NeutronTunnelTypes} NovaIPv6: {get_param: NovaIPv6} NovaPassword: {get_param: NovaPassword} NtpServer: {get_param: NtpServer} - MongoDbNoJournal: {get_param: MongoDbNoJournal} - MongoDbIPv6: {get_param: MongoDbIPv6} PcsdPassword: {get_resource: PcsdPassword} PublicVirtualInterface: {get_param: PublicVirtualInterface} RabbitPassword: {get_param: RabbitPassword} @@ -959,7 +876,6 @@ resources: RabbitClientUseSSL: {get_param: RabbitClientUseSSL} RabbitClientPort: {get_param: RabbitClientPort} RedisPassword: {get_param: RedisPassword} - SaharaPassword: {get_param: SaharaPassword} SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} @@ -968,7 +884,6 @@ resources: SwiftMountCheck: {get_param: SwiftMountCheck} SwiftMinPartHours: {get_param: SwiftMinPartHours} SwiftPartPower: {get_param: SwiftPartPower} - SwiftPassword: {get_param: SwiftPassword} SwiftReplicas: { get_param: SwiftReplicas} TimeZone: {get_param: TimeZone} VirtualIP: {get_attr: [VipMap, net_ip_map, ctlplane]} # deprecated. Use per service VIP settings instead now. @@ -1040,10 +955,7 @@ resources: NeutronPassword: {get_param: NeutronPassword} NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge} NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface} - NeutronDVR: {get_param: NeutronDVR} NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} - NeutronAgentMode: {get_param: NeutronComputeAgentMode} - NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice} NeutronCorePlugin: {get_param: NeutronCorePlugin} NeutronServicePlugins: {get_param: NeutronServicePlugins} NeutronTypeDrivers: {get_param: NeutronTypeDrivers} @@ -1128,6 +1040,12 @@ resources: SchedulerHints: {get_param: BlockStorageSchedulerHints} NodeIndex: '%index%' + ObjectStorageServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: ObjectStorageServices} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + ObjectStorage: type: OS::Heat::ResourceGroup depends_on: Networks @@ -1160,6 +1078,7 @@ resources: ServerMetadata: {get_param: ServerMetadata} SchedulerHints: {get_param: ObjectStorageSchedulerHints} NodeIndex: '%index%' + ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, config_settings]} CephStorageServiceChain: type: OS::TripleO::Services @@ -1580,6 +1499,7 @@ resources: allnodes_extra: {get_attr: [AllNodesExtraConfig, config_identifier]} objectstorage_config: {get_attr: [ObjectStorage, attributes, config_identifier]} deployment_identifier: {get_param: DeployIdentifier} + StepConfig: {get_attr: [ObjectStorageServiceChain, step_config]} BlockStorageNodesPostDeployment: type: OS::TripleO::BlockStoragePostDeployment diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index f5873ddb..245710f2 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -109,7 +109,7 @@ resources: GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} - cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} @@ -127,7 +127,7 @@ resources: - 'client' - {get_param: CephClientUserName} - 'keyring' - ceph_client_user_name: {get_param: CephClientUserName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index ee00a890..d3b17784 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -144,12 +144,6 @@ parameters: of VXLAN VNI IDs that are available for tenant network allocation default: ["1:4094", ] type: comma_delimited_list - NeutronPublicInterfaceRawDevice: - default: '' - type: string - NeutronDVR: - default: 'False' - type: string NeutronMetadataProxySharedSecret: description: Shared secret to prevent spoofing type: string @@ -191,10 +185,6 @@ parameters: default: 'False' description: Whether to enable l3-agent HA type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string NodeIndex: type: number default: 0 @@ -531,6 +521,12 @@ resources: nova_api_host: {get_input: nova_api_host} nova::compute::vncproxy_host: {get_input: nova_public_ip} nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} + # TUNNELLED mode provides a security enhancement when using shared storage but is not + # supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), Dan's native encryption + # work will obsolete the need to use TUNNELLED transport mode. + nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend} rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} nova_password: {get_input: nova_password} nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} @@ -545,7 +541,7 @@ resources: ceilometer::rabbit_password: {get_input: rabbit_password} ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} ceilometer::rabbit_port: {get_input: rabbit_client_port} - ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} ceilometer_compute_agent: {get_input: ceilometer_compute_agent} @@ -576,14 +572,11 @@ resources: nova::network::neutron::neutron_password: {get_input: neutron_password} nova::network::neutron::neutron_url: {get_input: neutron_internal_url} nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} - neutron_router_distributed: {get_input: neutron_router_distributed} - neutron_agent_mode: {get_input: neutron_agent_mode} neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} neutron::core_plugin: {get_input: neutron_core_plugin} neutron::service_plugins: {get_input: neutron_service_plugins} neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers} - neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} keystone_public_api_virtual_ip: {get_input: keystone_vip} admin_password: {get_input: admin_password} ntp::servers: {get_input: ntp_servers} @@ -674,8 +667,6 @@ resources: neutron_physical_bridge: {get_param: NeutronPhysicalBridge} neutron_public_interface: {get_param: NeutronPublicInterface} neutron_password: {get_param: NeutronPassword} - neutron_agent_mode: {get_param: NeutronAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} neutron_core_plugin: {get_param: NeutronCorePlugin} neutron_service_plugins: @@ -698,7 +689,6 @@ resources: template: AGENT_EXTENSIONS params: AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]} neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} keystone_vip: {get_param: KeystonePublicApiVirtualIP} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 703ff265..70989ccf 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -15,6 +15,8 @@ parameters: description: The password for the aodh services. type: string hidden: true + #TODO(composable Redis): Remove the Redis password param + #As is used by ceilometer CeilometerApiVirtualIP: type: string default: '' @@ -47,56 +49,6 @@ parameters: default: 0 description: Number of workers for Ceilometer service. type: number - CinderEnableDBPurge: - default: true - description: | - Whether to create cron job for purging soft deleted rows in Cinder database. - type: boolean - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - CinderISCSIHelper: - default: lioadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 10280 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderNfsMountOptions: - default: '' - description: > - Mount options for NFS mounts used by Cinder NFS backend. Effective - when CinderEnableNfsBackend is true. - type: string - CinderNfsServers: - default: '' - description: > - NFS servers used by Cinder NFS backend. Effective when - CinderEnableNfsBackend is true. - type: comma_delimited_list - CinderPassword: - description: The password for the cinder service and db account, used by cinder-api. - type: string - hidden: true - CinderBackendConfig: - default: {} - description: Contains parameters to configure Cinder backends. Typically - set via parameter_defaults in the resource registry. - type: json - CinderWorkers: - default: 0 - description: Number of workers for Cinder service. - type: number controllerExtraConfig: default: {} description: | @@ -270,11 +222,6 @@ parameters: SaharaApiVirtualIP: type: string default: '' - SaharaPassword: - default: unset - description: The password for the sahara service account, used by sahara-api. - type: string - hidden: true MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -300,89 +247,10 @@ parameters: type: string hidden: true default: '' # Has to be here because of the ignored empty value bug - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: comma_delimited_list - default: "datacentre:br-ex" - NeutronEnableOVSAgent: - description: Knob to enable/disable OVS Agent - type: boolean - default: true - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronDVR: - default: 'False' - description: Whether to configure Neutron Distributed Virtual Routers - type: string NeutronMetadataProxySharedSecret: description: Shared secret to prevent spoofing type: string hidden: true - NeutronCorePlugin: - default: 'ml2' - description: | - The core plugin for Neutron. The value should be the entrypoint to be loaded - from neutron.core_plugins namespace. - type: string - NeutronServicePlugins: - default: "router,qos" - description: | - Comma-separated list of service plugin entrypoints to be loaded from the - neutron.service_plugins namespace. - type: comma_delimited_list - NeutronTypeDrivers: - default: "vxlan,vlan,flat,gre" - description: | - Comma-separated list of network type driver entrypoints to be loaded. - type: comma_delimited_list - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. - type: comma_delimited_list - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronEnableTunnelling: - type: string - default: "True" - NeutronEnableL2Pop: - type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. - default: "False" - NeutronFlatNetworks: - type: comma_delimited_list - default: 'datacentre' - description: If set, flat networks to configure in neutron plugins. - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron. - type: comma_delimited_list - NeutronNetworkVLANRanges: - default: 'datacentre:1:1000' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. type: string @@ -391,28 +259,6 @@ parameters: default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge for each control plane node, - and that port will be given the IP address returned by neutron from the - public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling - overcloud.yaml to include the deployment of VLAN ports to the control - plane. - type: string - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: A custom IP address to put onto the NeutronPublicInterface. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string NeutronTenantMtu: description: > The default MTU for tenant networks. For VXLAN/GRE tunneling, this should @@ -422,40 +268,9 @@ parameters: will determine the MTU that is assigned to the VM host through DHCP. default: 1400 type: number - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. - type: comma_delimited_list - NeutronTunnelIdRanges: - description: | - Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronPluginExtensions: - default: "qos,port_security" - description: | - Comma-separated list of extensions enabled for the Neutron plugin. - type: comma_delimited_list - NeutronAgentExtensions: - default: "qos" - description: | - Comma-separated list of extensions enabled for the Neutron agents. - type: comma_delimited_list NovaApiVirtualIP: type: string default: '' - NeutronWorkers: - default: 0 - description: Number of workers for Neutron service. - type: number NovaEnableDBPurge: default: true description: | @@ -469,18 +284,6 @@ parameters: description: The password for the nova service and db account, used by nova-api. type: string hidden: true - NovaWorkers: - default: 0 - description: Number of workers for Nova service. - type: number - MongoDbNoJournal: - default: false - description: Should MongoDb journaling be disabled - type: boolean - MongoDbIPv6: - default: false - description: Enable IPv6 if Mongo DB VIP is IPv6 - type: boolean NtpServer: default: '' description: Comma-separated list of ntp servers @@ -521,8 +324,8 @@ parameters: description: Set rabbit subscriber port, change this if using SSL type: number RedisPassword: + description: The password for Redis type: string - description: The password to access the Redis service hidden: true RedisVirtualIP: type: string @@ -560,11 +363,6 @@ parameters: default: true description: Whether to manage Swift rings or not type: boolean - SwiftPassword: - description: The password for the swift service account, used by the swift proxy - services. - hidden: true - type: string SwiftProxyVirtualIP: type: string default: '' @@ -572,10 +370,6 @@ parameters: type: number default: 3 description: How many replicas to use in the swift rings. - SwiftWorkers: - default: 0 - description: Number of workers for Swift service. - type: number TimeZone: default: 'UTC' description: The timezone to be set on controller nodes. @@ -821,12 +615,6 @@ resources: input_values: bootstack_nodeid: {get_attr: [Controller, name]} ceilometer_workers: {get_param: CeilometerWorkers} - cinder_workers: {get_param: CinderWorkers} - nova_workers: {get_param: NovaWorkers} - neutron_workers: {get_param: NeutronWorkers} - swift_workers: {get_param: SwiftWorkers} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} haproxy_log_address: {get_param: HAProxySyslogAddress} haproxy_stats_password: {get_param: HAProxyStatsPassword} haproxy_stats_user: {get_param: HAProxyStatsUser} @@ -834,31 +622,7 @@ resources: horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} admin_password: {get_param: AdminPassword} - neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} debug: {get_param: Debug} - cinder_enable_db_purge: {get_param: CinderEnableDBPurge} - cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} - cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} - cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} - cinder_nfs_servers: - str_replace: - template: SERVERS - params: - SERVERS: {get_param: CinderNfsServers} - cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} - cinder_password: {get_param: CinderPassword} - cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} - cinder_backend_config: {get_param: CinderBackendConfig} - cinder_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://cinder:' - - {get_param: CinderPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/cinder' cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]} cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]} cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} @@ -884,88 +648,9 @@ resources: template: tripleo-CLUSTER params: CLUSTER: {get_param: MysqlClusterUniquePart} - neutron_flat_networks: - str_replace: - template: NETWORKS - params: - NETWORKS: {get_param: NeutronFlatNetworks} neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_agent_mode: {get_param: NeutronAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_core_plugin: {get_param: NeutronCorePlugin} - neutron_service_plugins: - str_replace: - template: PLUGINS - params: - PLUGINS: {get_param: NeutronServicePlugins} - neutron_type_drivers: - str_replace: - template: DRIVERS - params: - DRIVERS: {get_param: NeutronTypeDrivers} - neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent} - neutron_mechanism_drivers: - str_replace: - template: MECHANISMS - params: - MECHANISMS: {get_param: NeutronMechanismDrivers} - neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron_l3_ha: {get_param: NeutronL3HA} - neutron_network_vlan_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: - str_replace: - template: MAPPINGS - params: - MAPPINGS: {get_param: NeutronBridgeMappings} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} - neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag} - neutron_tunnel_id_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronTunnelIdRanges} - neutron_vni_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronVniRanges} - neutron_tenant_network_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronNetworkType} - neutron_tunnel_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronTunnelTypes} - neutron_plugin_extensions: - str_replace: - template: PLUGIN_EXTENSIONS - params: - PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions} - neutron_agent_extensions: - str_replace: - template: AGENT_EXTENSIONS - params: - AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} neutron_password: {get_param: NeutronPassword} neutron_tenant_mtu: {get_param: NeutronTenantMtu} - neutron_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://neutron:' - - {get_param: NeutronPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/ovs_neutron?charset=utf8' neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } @@ -1052,40 +737,18 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - mongodb_no_journal: {get_param: MongoDbNoJournal} - mongodb_ipv6: {get_param: MongoDbIPv6} ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_password: {get_param: SwiftPassword} swift_part_power: {get_param: SwiftPartPower} swift_ring_build: {get_param: SwiftRingBuild} swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} - swift_public_url: {get_param: [EndpointMap, SwiftPublic, uri]} - swift_internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} - swift_admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} - swift_public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} - swift_internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} - swift_admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - sahara_password: {get_param: SaharaPassword} - sahara_public_url: {get_param: [EndpointMap, SaharaPublic, uri]} - sahara_internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} - sahara_admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} - sahara_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://sahara:' - - {get_param: SaharaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/sahara' swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} cinder_iscsi_network: @@ -1117,7 +780,6 @@ resources: SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} - redis_password: {get_param: RedisPassword} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} @@ -1161,7 +823,6 @@ resources: - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre - midonet_data #Optionally provided by AllNodesExtraConfig - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre - - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre merge_behavior: deeper datafiles: service_configs: @@ -1203,50 +864,19 @@ resources: tripleo::fencing::config: {get_input: fencing_config} # Swift + # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network} - swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri} - swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri} swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} - swift::swift_hash_suffix: {get_input: swift_hash_suffix} - swift::proxy::authtoken::admin_password: {get_input: swift_password} - swift::proxy::workers: {get_input: swift_workers} + swift::swift_hash_path_suffix: {get_input: swift_hash_suffix} tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: {get_input: swift_part_power} tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} - swift::keystone::auth::public_url: {get_input: swift_public_url } - swift::keystone::auth::internal_url: {get_input: swift_internal_url } - swift::keystone::auth::admin_url: {get_input: swift_admin_url } - swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 } - swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 } - swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 } - swift::keystone::auth::password: {get_input: swift_password } - swift::keystone::auth::region: {get_input: keystone_region} # Cinder - cinder_enable_db_purge: {get_input: cinder_enable_db_purge} - cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} - cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend} - cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options} - cinder_nfs_servers: {get_input: cinder_nfs_servers} - cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} - cinder_iscsi_helper: {get_input: cinder_iscsi_helper} - cinder_iscsi_ip_address: {get_input: cinder_iscsi_network} - cinder::database_connection: {get_input: cinder_dsn} - cinder::api::keystone_password: {get_input: cinder_password} - cinder::api::auth_uri: {get_input: keystone_auth_uri} - cinder::api::identity_uri: {get_input: keystone_identity_uri} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network} cinder::api::bind_host: {get_input: cinder_api_network} - cinder::rabbit_userid: {get_input: rabbit_username} - cinder::rabbit_password: {get_input: rabbit_password} - cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - cinder::rabbit_port: {get_input: rabbit_client_port} - cinder::debug: {get_input: debug} - cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} - cinder::glance::glance_api_servers: {get_input: glance_api_servers} - cinder_backend_config: {get_input: CinderBackendConfig} - cinder::db::mysql::password: {get_input: cinder_password} cinder::keystone::auth::public_url: {get_input: cinder_public_url } cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } @@ -1272,10 +902,10 @@ resources: keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} + # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} - mongodb::server::nojournal: {get_input: mongodb_no_journal} - mongodb::server::ipv6: {get_input: mongodb_ipv6} + # MySQL admin_password: {get_input: admin_password} enable_galera: {get_input: enable_galera} @@ -1291,55 +921,19 @@ resources: # Neutron neutron::bind_host: {get_input: neutron_api_network} - neutron::server::auth_uri: {get_input: keystone_auth_uri} - neutron::server::identity_uri: {get_input: keystone_identity_uri} - neutron::server::database_connection: {get_input: neutron_dsn} - neutron::server::api_workers: {get_input: neutron_workers} neutron::network_device_mtu: {get_input: neutron_tenant_mtu} - neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} - neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} - neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks} neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} - neutron_agent_mode: {get_input: neutron_agent_mode} - neutron_router_distributed: {get_input: neutron_router_distributed} - neutron::core_plugin: {get_input: neutron_core_plugin} - neutron::service_plugins: {get_input: neutron_service_plugins} - neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent} - neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} - neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers} - neutron::plugins::ml2::extension_drivers: {get_input: neutron_plugin_extensions} - neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} - neutron::server::l3_ha: {get_input: neutron_l3_ha} - neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} - neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} - neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings} - neutron_public_interface: {get_input: neutron_public_interface} - neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} - neutron_public_interface_tag: {get_input: neutron_public_interface_tag} - neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types} - neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types} - neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions} - neutron::server::auth_password: {get_input: neutron_password} - neutron_dsn: {get_input: neutron_dsn} - neutron::db::mysql::password: {get_input: neutron_password} neutron::keystone::auth::public_url: {get_input: neutron_public_url } neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } neutron::keystone::auth::password: {get_input: neutron_password } neutron::keystone::auth::region: {get_input: keystone_region} - neutron::server::notifications::nova_url: {get_input: nova_internal_url} - neutron::server::notifications::auth_url: {get_input: neutron_auth_url} - neutron::server::notifications::tenant_name: 'service' - neutron::server::notifications::project_name: 'service' - neutron::server::notifications::password: {get_input: nova_password} # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} ceilometer_mysql_conn_string: {get_input: ceilometer_dsn} - ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} ceilometer::rabbit_userid: {get_input: rabbit_username} ceilometer::rabbit_password: {get_input: rabbit_password} ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} @@ -1347,8 +941,8 @@ resources: ceilometer::debug: {get_input: debug} ceilometer::api::host: {get_input: ceilometer_api_network} ceilometer::api::keystone_password: {get_input: ceilometer_password} - ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} - ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} + ceilometer::api::auth_uri: {get_input: keystone_auth_uri} + ceilometer::api::identity_uri: {get_input: keystone_identity_uri} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} @@ -1412,20 +1006,13 @@ resources: gnocchi::keystone::auth::region: {get_input: keystone_region} # Nova - nova::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - nova::rabbit_port: {get_input: rabbit_client_port} nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} - nova::debug: {get_input: debug} nova::use_ipv6: {get_input: nova_ipv6} nova::api::auth_uri: {get_input: keystone_auth_uri} nova::api::identity_uri: {get_input: keystone_identity_uri} nova::api::api_bind_address: {get_input: nova_api_network} nova::api::metadata_listen: {get_input: nova_metadata_network} nova::api::admin_password: {get_input: nova_password} - nova::api::osapi_compute_workers: {get_input: nova_workers} - nova::api::metadata_workers: {get_input: nova_workers} nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::database_connection: {get_input: nova_dsn} nova::api_database_connection: {get_input: nova_api_dsn} @@ -1454,41 +1041,11 @@ resources: horizon::bind_address: {get_input: horizon_network} horizon::keystone_url: {get_input: keystone_auth_uri} - # Sahara - sahara::host: {get_input: sahara_api_network} - sahara::plugins: - - cdh - - hdp - - mapr - - vanilla - - spark - - storm - sahara::admin_password: {get_input: sahara_password} - sahara::auth_uri: {get_input: keystone_auth_uri} - sahara::admin_user: sahara - sahara::identity_uri: {get_input: keystone_identity_uri} - sahara::use_neutron: true - sahara::database_connection: {get_input: sahara_dsn} - sahara::debug: {get_input: debug} - sahara::rpc_backend: rabbit - sahara::rabbit_userid: {get_input: rabbit_username} - sahara::rabbit_password: {get_input: rabbit_password} - sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - sahara::rabbit_port: {get_input: rabbit_client_port} - sahara::db::mysql::password: {get_input: sahara_password} - sahara::keystone::auth::public_url: {get_input: sahara_public_url } - sahara::keystone::auth::internal_url: {get_input: sahara_internal_url } - sahara::keystone::auth::admin_url: {get_input: sahara_admin_url } - sahara::keystone::auth::password: {get_input: sahara_password } - sahara::keystone::auth::region: {get_input: keystone_region} # RabbitMQ rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} # Redis redis::bind: {get_input: redis_network} - redis::requirepass: {get_input: redis_password} - redis::masterauth: {get_input: redis_password} - redis::sentinel_auth_pass: {get_input: redis_password} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} @@ -1496,18 +1053,19 @@ resources: # Misc memcached_ipv6: {get_input: memcached_ipv6} memcached::listen_ip: {get_input: memcached_network} - neutron_public_interface_ip: {get_input: neutron_public_interface_ip} ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} control_virtual_interface: {get_input: control_virtual_interface} public_virtual_interface: {get_input: public_virtual_interface} - tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} - tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::loadbalancer::haproxy_stats_user: {get_input: haproxy_stats_user} - tripleo::loadbalancer::haproxy_stats_password: {get_input: haproxy_stats_password} - tripleo::loadbalancer::redis_password: {get_input: redis_password} + tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface} + tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface} + tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface} + tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface} + tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address} + tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user} + tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password} + tripleo::haproxy::redis_password: {get_input: redis_password} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml index 26ce7138..3e455347 100644 --- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml +++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml @@ -85,7 +85,7 @@ resources: tripleo::cluster::cassandra::ssl_storage_port: {get_param: CassandraSslStoragePort} tripleo::cluster::cassandra::client_port: {get_param: CassandraClientPort} tripleo::cluster::cassandra::client_port_thrift: {get_param: CassandraClientPortThrift} - tripleo::loadbalancer::midonet_api: true + tripleo::haproxy::midonet_api: true # Missed Neutron Puppet data neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.MidonetInterfaceDriver' neutron::agents::dhcp::dhcp_driver: 'midonet.neutron.agent.midonet_driver.DhcpNoOpDriver' diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 308c609a..7d4dc15b 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -83,7 +83,7 @@ resources: GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} - cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} @@ -101,7 +101,7 @@ resources: - 'client' - {get_param: CephClientUserName} - 'keyring' - ceph_client_user_name: {get_param: CephClientUserName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml index 9b6981bb..9423208e 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml @@ -51,7 +51,7 @@ resources: datafiles: cinder_dellsc_data: mapped_data: - cinder_enable_dellsc_backend: {get_input: EnableDellScBackend} + tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_input: EnableDellScBackend} cinder::backend::dellsc_iscsi::volume_backend_name: {get_input: DellScBackendName} cinder::backend::dellsc_iscsi::san_ip: {get_input: DellScSanIp} cinder::backend::dellsc_iscsi::san_login: {get_input: DellScSanLogin} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml index 36db334e..c7af6f22 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml @@ -50,7 +50,7 @@ resources: datafiles: cinder_eqlx_data: mapped_data: - cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend} + tripleo::profile::base::cinder::volume::cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend} cinder::backend::eqlx::volume_backend_name: {get_input: EqlxBackendName} cinder::backend::eqlx::san_ip: {get_input: EqlxSanIp} cinder::backend::eqlx::san_login: {get_input: EqlxSanLogin} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml index ab442f2b..6ff90881 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml @@ -87,7 +87,7 @@ resources: datafiles: cinder_netapp_data: mapped_data: - cinder_enable_netapp_backend: {get_input: EnableNetappBackend} + tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend} cinder::backend::netapp::title: {get_input: NetappBackendName} cinder::backend::netapp::netapp_login: {get_input: NetappLogin} cinder::backend::netapp::netapp_password: {get_input: NetappPassword} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml deleted file mode 100755 index 7c0a7ad2..00000000 --- a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml +++ /dev/null @@ -1,113 +0,0 @@ -heat_template_version: 2015-04-30 - -description: Controller hieradata for Neutron PLUMgrid configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - PLUMgridDirectorServer: - description: IP address of the PLUMgrid Director Server - type: string - default: 127.0.0.1 - PLUMgridDirectorServerPort: - description: Port of the PLUMgrid Director Server - type: string - default: 443 - PLUMgridUsername: - description: Username for PLUMgrid platform - type: string - PLUMgridPassword: - description: Password for PLUMgrid platform - type: string - hidden: true - PLUMgridServerTimeOut: - description: Request timeout duration (seconds) to PLUMgrid platform - type: string - default: 99 - PLUMgridNovaMetadataIP: - description: IP address of Nova Metadata - type: string - default: 169.254.169.254 - PLUMgridNovaMetadataPort: - description: Port of Nova Metadata - type: string - default: 8775 - PLUMgridL2GatewayVendor: - description: Vendor for L2 Gateway Switch - type: string - default: vendor - PLUMgridL2GatewayUsername: - description: Username for L2 Gateway Switch - type: string - default: username - PLUMgridL2GatewayPassword: - description: Password for L2 Gateway Switch - type: string - hidden: true - PLUMgridIdentityVersion: - description: Keystone Identity version - type: string - default: v2.0 - PLUMgridConnectorType: - description: Neutron Network Connector Type - type: string - default: distributed - PLUMgridNeutronPluginVersion: - description: PLUMgrid Neutron Plugin version - type: string - default: present - PLUMgridPlumlibVersion: - description: PLUMgrid Plumlib version - type: string - default: present - - -resources: - ControllerPLUMgridConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - neutron_plumgrid_data: - mapped_data: - neutron::plugins::plumgrid::director_server: {get_input: plumgrid_director_server} - neutron::plugins::plumgrid::director_server_port: {get_input: plumgrid_director_server_port} - neutron::plugins::plumgrid::username: {get_input: plumgrid_username} - neutron::plugins::plumgrid::password: {get_input: plumgrid_password} - neutron::plugins::plumgrid::nova_metadata_ip: {get_input: plumgrid_nova_metadata_ip} - neutron::plugins::plumgrid::nova_metadata_port: {get_input: plumgrid_nova_metadata_port} - neutron::plugins::plumgrid::l2gateway_vendor: {get_input: plumgrid_l2gateway_vendor} - neutron::plugins::plumgrid::l2gateway_sw_username: {get_input: plumgrid_l2gateway_sw_username} - neutron::plugins::plumgrid::l2gateway_sw_password: {get_input: plumgrid_l2gateway_sw_password} - neutron::plugins::plumgrid::connector_type: {get_input: plumgrid_connector_type} - neutron::plugins::plumgrid::identity_version: {get_input: plumgrid_identity_version} - neutron::plugins::plumgrid::package_ensure: {get_input: plumgrid_neutron_plugin_version} - neutron::plugins::plumgrid::plumlib_package_ensure: {get_input: plumgrid_plumlib_version} - - ControllerPLUMgridDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ControllerPLUMgridConfig} - server: {get_param: server} - input_values: - plumgrid_director_server: {get_param: PLUMgridDirectorServer} - plumgrid_director_server_port: {get_param: PLUMgridDirectorServerPort} - plumgrid_username: {get_param: PLUMgridUsername} - plumgrid_password: {get_param: PLUMgridPassword} - plumgrid_nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP} - plumgrid_nova_metadata_port: {get_param: PLUMgridNovaMetadataPort} - plumgrid_l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor} - plumgrid_l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername} - plumgrid_l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword} - plumgrid_identity_version: {get_param: PLUMgridIdentityVersion} - plumgrid_connector_type: {get_param: PLUMgridConnectorType} - plumgrid_neutron_plugin_version: {get_param: PLUMgridNeutronPluginVersion} - plumgrid_plumlib_version: {get_param: PLUMgridPlumlibVersion} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [ControllerPLUMgridDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/tls/no-ca.yaml b/puppet/extraconfig/tls/no-ca.yaml deleted file mode 100644 index 5862a85c..00000000 --- a/puppet/extraconfig/tls/no-ca.yaml +++ /dev/null @@ -1,17 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - This is a default no-op template which can be passed to the - OS::Nova::Server resources. This template can be replaced with - a different implementation via the resource registry, such that - deployers may customize their configuration. - -parameters: - server: # Here for compatibility with controller.yaml - description: ID of the controller node to apply this config to - type: string - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: 'Root CA cert injection not enabled.' diff --git a/puppet/extraconfig/tls/no-tls.yaml b/puppet/extraconfig/tls/no-tls.yaml deleted file mode 100644 index a2b5c569..00000000 --- a/puppet/extraconfig/tls/no-tls.yaml +++ /dev/null @@ -1,34 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - This is a default no-op template. This defines the parameters that - need to be passed in order to have TLS enabled in the controller - nodes. This template can be replaced with a different - implementation via the resource registry, such that deployers - may customize their configuration. - -parameters: - DeployedSSLCertificatePath: - default: '' - description: > - The filepath of the certificate as it will be stored in the controller. - type: string - NodeIndex: # Here for compatibility with puppet/controller.yaml - default: 0 - type: number - server: # Here for compatibility with puppet/controller.yaml - description: ID of the controller node to apply this config to - type: string - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: 'TLS not enabled.' - deployed_ssl_certificate_path: - value: '' - key_modulus_md5: - description: Key SSL Modulus - value: '' - cert_modulus_md5: - description: Certificate SSL Modulus - value: '' diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index 1e480e60..b29b91cf 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -1,4 +1,3 @@ -ceph::profile::params::osd_journal_size: 1024 ceph::profile::params::osd_pool_default_pg_num: 32 ceph::profile::params::osd_pool_default_pgp_num: 32 ceph::profile::params::osd_pool_default_size: 3 diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 34965959..65cf9577 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -17,6 +17,7 @@ nova::network::neutron::neutron_username: 'neutron' nova::network::neutron::dhcp_domain: '' neutron::allow_overlapping_ips: true +neutron::server::project_name: 'service' kernel_modules: nf_conntrack: {} diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 1e888f39..2d928cbf 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -1,11 +1,10 @@ # Hiera data here applies to all compute nodes +nova::host: "%{::fqdn}" nova::notify_on_state_change: 'vm_and_task_state' nova::notification_driver: messagingv2 -nova::compute::enabled: true nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' -nova::compute::vnc_enabled: true nova::compute::libvirt::migration_support: true @@ -22,4 +21,6 @@ nova::compute::reserved_host_memory: 2048 ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' +neutron::host: "%{::fqdn}" + compute_classes: [] diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 321ae804..e69656cf 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,10 +1,7 @@ # Hiera data here applies to all controller nodes nova::api::enabled: true -nova::conductor::enabled: true -nova::consoleauth::enabled: true nova::vncproxy::enabled: true -nova::scheduler::enabled: true # gnocchi gnocchi::db::sync::extra_opts: '--skip-storage' @@ -31,6 +28,7 @@ rabbitmq_kernel_variables: rabbitmq_config_variables: tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' cluster_partition_handling: 'pause_minority' + loopback_users: '[]' mongodb::server::replset: tripleo mongodb::server::journal: false @@ -114,7 +112,7 @@ neutron::server::sync_db: true nova::notify_on_state_change: 'vm_and_task_state' nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true -nova::scheduler::filter::ram_allocation_ratio: '1.0' +nova::api::enable_proxy_headers_parsing: true nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' nova::notification_driver: messaging @@ -126,7 +124,6 @@ ceilometer::agent::auth::auth_endpoint_type: 'internalURL' cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler cinder::cron::db_purge::destination: '/dev/null' cinder::host: hostgroup -cinder_user_enabled_backends: [] # TODO(jaosorior): Move to cinder profile once cinder is moved as a composable # service. @@ -143,6 +140,7 @@ heat::cron::purge_deleted::destination: '/dev/null' heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' +heat::auth_plugin: 'password' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' @@ -163,26 +161,26 @@ horizon::vhost_extra_params: mysql::server::manage_config_file: true -tripleo::loadbalancer::keystone_admin: true -tripleo::loadbalancer::keystone_public: true -tripleo::loadbalancer::neutron: true -tripleo::loadbalancer::cinder: true -tripleo::loadbalancer::glance_api: true -tripleo::loadbalancer::glance_registry: true -tripleo::loadbalancer::nova_osapi: true -tripleo::loadbalancer::nova_metadata: true -tripleo::loadbalancer::nova_novncproxy: true -tripleo::loadbalancer::mysql: true -tripleo::loadbalancer::redis: true -tripleo::loadbalancer::sahara: true -tripleo::loadbalancer::swift_proxy_server: true -tripleo::loadbalancer::ceilometer: true -tripleo::loadbalancer::aodh: true -tripleo::loadbalancer::gnocchi: true -tripleo::loadbalancer::heat_api: true -tripleo::loadbalancer::heat_cloudwatch: true -tripleo::loadbalancer::heat_cfn: true -tripleo::loadbalancer::horizon: true +tripleo::haproxy::keystone_admin: true +tripleo::haproxy::keystone_public: true +tripleo::haproxy::neutron: true +tripleo::haproxy::cinder: true +tripleo::haproxy::glance_api: true +tripleo::haproxy::glance_registry: true +tripleo::haproxy::nova_osapi: true +tripleo::haproxy::nova_metadata: true +tripleo::haproxy::nova_novncproxy: true +tripleo::haproxy::mysql: true +tripleo::haproxy::redis: true +tripleo::haproxy::sahara: true +tripleo::haproxy::swift_proxy_server: true +tripleo::haproxy::ceilometer: true +tripleo::haproxy::aodh: true +tripleo::haproxy::gnocchi: true +tripleo::haproxy::heat_api: true +tripleo::haproxy::heat_cloudwatch: true +tripleo::haproxy::heat_cfn: true +tripleo::haproxy::horizon: true controller_classes: [] # firewall diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 6ff74e12..30672f20 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -51,10 +51,6 @@ if hiera('step') >= 4 { ensure => present, } - include ::nova - include ::nova::config - include ::nova::compute - $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) $rbd_persistent_storage = hiera('rbd_persistent_storage', false) if $rbd_ephemeral_storage or $rbd_persistent_storage { @@ -70,7 +66,7 @@ if hiera('step') >= 4 { include ::ceph::profile::client $client_keys = hiera('ceph::profile::params::client_keys') - $client_user = join(['client.', hiera('ceph_client_user_name')]) + $client_user = join(['client.', hiera('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name')]) class { '::nova::compute::rbd': libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], } @@ -108,13 +104,6 @@ if hiera('step') >= 4 { nova_config { 'DEFAULT/my_ip': value => $ipaddress; 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; - 'DEFAULT/host': value => $fqdn; - # TUNNELLED mode provides a security enhancement when using shared storage but is not - # supported when not using shared storage. - # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 - # In future versions of QEMU (2.6, mostly), Dan's native encryption - # work will obsolete the need to use TUNNELLED transport mode. - 'libvirt/live_migration_tunnelled': value => $rbd_ephemeral_storage; } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { @@ -204,10 +193,6 @@ if hiera('step') >= 4 { } } - neutron_config { - 'DEFAULT/host': value => $fqdn; - } - include ::ceilometer include ::ceilometer::config include ::ceilometer::agent::compute diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 536c680f..6084c954 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -36,9 +36,6 @@ if hiera('step') >= 2 { # MongoDB if downcase(hiera('ceilometer_backend')) == 'mongodb' { - include ::mongodb::globals - include ::mongodb::client - include ::mongodb::server # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and # without the brackets as 'members' argument for the 'mongodb_replset' # resource. @@ -54,30 +51,6 @@ if hiera('step') >= 2 { $mongodb_replset = hiera('mongodb::server::replset') $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" - if downcase(hiera('bootstrap_nodeid')) == $::hostname { - mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port_nobr, - } - } - } - - # Redis - $redis_node_ips = hiera('redis_node_ips') - $redis_master_hostname = downcase(hiera('bootstrap_nodeid')) - - if $redis_master_hostname == $::hostname { - $slaveof = undef - } else { - $slaveof = "${redis_master_hostname} 6379" - } - class {'::redis' : - slaveof => $slaveof, - } - - if count($redis_node_ips) > 1 { - Class['::tripleo::redis_notification'] -> Service['redis-sentinel'] - include ::redis::sentinel - include ::tripleo::redis_notification } if str2bool(hiera('enable_galera', true)) { @@ -106,9 +79,6 @@ if hiera('step') >= 2 { # Create all the database schemas include ::nova::db::mysql include ::nova::db::mysql_api - include ::neutron::db::mysql - include ::cinder::db::mysql - include ::sahara::db::mysql if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { include ::gnocchi::db::mysql } @@ -117,9 +87,6 @@ if hiera('step') >= 2 { include ::aodh::db::mysql } - # pre-install swift here so we can build rings - include ::swift - $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) if $enable_ceph { @@ -184,14 +151,7 @@ if hiera('step') >= 4 { memcached_servers => $memcached_servers } include ::nova::config - include ::nova::api - include ::nova::cert - include ::nova::conductor - include ::nova::consoleauth include ::nova::network::neutron - include ::nova::vncproxy - include ::nova::scheduler - include ::nova::scheduler::filter if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { @@ -225,8 +185,8 @@ if hiera('step') >= 4 { class {'::tripleo::network::midonet::api': zookeeper_servers => $zookeeper_node_ips, - vip => hiera('tripleo::loadbalancer::public_virtual_ip'), - keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), + vip => hiera('public_virtual_ip'), + keystone_ip => hiera('public_virtual_ip'), keystone_admin_token => hiera('keystone::admin_token'), # TODO: create a 'bind' hiera key for api bind_address => hiera('neutron::bind_host'), @@ -234,36 +194,21 @@ if hiera('step') >= 4 { } # TODO: find a way to get an empty list from hiera + # TODO: when doing the composable midonet plugin, don't forget to + # set service_plugins to an empty array in Hiera. class {'::neutron': service_plugins => [] } } - else { - - # ML2 plugin - include ::neutron - } - include ::neutron::config - include ::neutron::server - include ::neutron::server::notifications - - # If the value of core plugin is set to 'nuage' or'opencontrail' or 'plumgrid', - # include nuage or opencontrail or plumgrid core plugins + # If the value of core plugin is set to 'nuage' or'opencontrail' + # include nuage or opencontrail core plugins # else use the default value of 'ml2' if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { include ::neutron::plugins::nuage } elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { include ::neutron::plugins::opencontrail - } - elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { - class { '::neutron::plugins::plumgrid' : - connection => hiera('neutron::server::database_connection'), - controller_priv_host => hiera('keystone_admin_api_vip'), - admin_password => hiera('admin_password'), - metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), - } } else { # If the value of core plugin is set to 'midonet', @@ -271,197 +216,25 @@ if hiera('step') >= 4 { if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { class {'::neutron::plugins::midonet': - midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), + midonet_api_ip => hiera('public_virtual_ip'), keystone_tenant => hiera('neutron::server::auth_tenant'), - keystone_password => hiera('neutron::server::auth_password') + keystone_password => hiera('neutron::server::password') } - } else { - - include ::neutron::plugins::ml2 - include ::neutron::agents::ml2::ovs - - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus1000v - - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), - } - - class { '::n1k_vsm': - n1kv_source => hiera('n1kv_vsm_source', undef), - n1kv_version => hiera('n1kv_vsm_version', undef), - pacemaker_control => false, - } - } - - if 'cisco_ucsm' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::ucsm - } - if 'cisco_nexus' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus - include ::neutron::plugins::ml2::cisco::type_nexus_vxlan - } - - if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::bigswitch::restproxy - include ::neutron::agents::bigswitch - } - Service['neutron-server'] -> Service['neutron-ovs-agent-service'] } Service['neutron-server'] -> Service['neutron-metadata'] - } - include ::cinder - include ::cinder::config - include ::cinder::api - include ::cinder::glance - include ::cinder::scheduler - include ::cinder::volume - include ::cinder::ceilometer - class { '::cinder::setup_test_volume': - size => join([hiera('cinder_lvm_loop_device_size'), 'M']), - } - - $cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) - if $cinder_enable_iscsi { - $cinder_iscsi_backend = 'tripleo_iscsi' - - cinder::backend::iscsi { $cinder_iscsi_backend : - iscsi_ip_address => hiera('cinder_iscsi_ip_address'), - iscsi_helper => hiera('cinder_iscsi_helper'), - } } if $enable_ceph { - $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), size => hiera('ceph::profile::params::osd_pool_default_size'), } - - $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] - - } else { - $cinder_pool_requires = [] - } - - if hiera('cinder_enable_rbd_backend', false) { - $cinder_rbd_backend = 'tripleo_ceph' - - cinder::backend::rbd { $cinder_rbd_backend : - backend_host => hiera('cinder::host'), - rbd_pool => hiera('cinder_rbd_pool_name'), - rbd_user => hiera('ceph_client_user_name'), - rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => $cinder_pool_requires, - } } - if hiera('cinder_enable_eqlx_backend', false) { - $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - - cinder::backend::eqlx { $cinder_eqlx_backend : - volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), - san_ip => hiera('cinder::backend::eqlx::san_ip', undef), - san_login => hiera('cinder::backend::eqlx::san_login', undef), - san_password => hiera('cinder::backend::eqlx::san_password', undef), - san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), - eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), - eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), - eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), - eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), - } - } - - if hiera('cinder_enable_dellsc_backend', false) { - $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : - volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), - san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), - san_login => hiera('cinder::backend::dellsc_iscsi::san_login', undef), - san_password => hiera('cinder::backend::dellsc_iscsi::san_password', undef), - dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), - iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), - iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), - dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), - dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), - } - } - - if hiera('cinder_enable_netapp_backend', false) { - $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - - if hiera('cinder::backend::netapp::nfs_shares', undef) { - $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') - } - - cinder::backend::netapp { $cinder_netapp_backend : - netapp_login => hiera('cinder::backend::netapp::netapp_login', undef), - netapp_password => hiera('cinder::backend::netapp::netapp_password', undef), - netapp_server_hostname => hiera('cinder::backend::netapp::netapp_server_hostname', undef), - netapp_server_port => hiera('cinder::backend::netapp::netapp_server_port', undef), - netapp_size_multiplier => hiera('cinder::backend::netapp::netapp_size_multiplier', undef), - netapp_storage_family => hiera('cinder::backend::netapp::netapp_storage_family', undef), - netapp_storage_protocol => hiera('cinder::backend::netapp::netapp_storage_protocol', undef), - netapp_transport_type => hiera('cinder::backend::netapp::netapp_transport_type', undef), - netapp_vfiler => hiera('cinder::backend::netapp::netapp_vfiler', undef), - netapp_volume_list => hiera('cinder::backend::netapp::netapp_volume_list', undef), - netapp_vserver => hiera('cinder::backend::netapp::netapp_vserver', undef), - netapp_partner_backend_name => hiera('cinder::backend::netapp::netapp_partner_backend_name', undef), - nfs_shares => $cinder_netapp_nfs_shares, - nfs_shares_config => hiera('cinder::backend::netapp::nfs_shares_config', undef), - netapp_copyoffload_tool_path => hiera('cinder::backend::netapp::netapp_copyoffload_tool_path', undef), - netapp_controller_ips => hiera('cinder::backend::netapp::netapp_controller_ips', undef), - netapp_sa_password => hiera('cinder::backend::netapp::netapp_sa_password', undef), - netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef), - netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef), - netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef), - } - } - - if hiera('cinder_enable_nfs_backend', false) { - $cinder_nfs_backend = 'tripleo_nfs' - - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] - } - - package {'nfs-utils': } -> - cinder::backend::nfs { $cinder_nfs_backend : - nfs_servers => hiera('cinder_nfs_servers'), - nfs_mount_options => hiera('cinder_nfs_mount_options',''), - nfs_shares_config => '/etc/cinder/shares-nfs.conf', - } - } - - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) - class { '::cinder::backends' : - enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), - } - - # swift proxy - include ::swift::proxy - include ::swift::proxy::proxy_logging - include ::swift::proxy::healthcheck - include ::swift::proxy::cache - include ::swift::proxy::keystone - include ::swift::proxy::authtoken - include ::swift::proxy::staticweb - include ::swift::proxy::ratelimit - include ::swift::proxy::catch_errors - include ::swift::proxy::tempurl - include ::swift::proxy::formpost - # swift storage if str2bool(hiera('enable_swift_storage', true)) { class { '::swift::storage::all': @@ -520,11 +293,6 @@ if hiera('step') >= 4 { include ::aodh::listener include ::aodh::client - # Sahara - include ::sahara - include ::sahara::service::api - include ::sahara::service::engine - # Horizon include ::apache::mod::remoteip if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { @@ -582,14 +350,10 @@ if hiera('step') >= 4 { if hiera('step') >= 5 { $nova_enable_db_purge = hiera('nova_enable_db_purge', true) - $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } - if $cinder_enable_db_purge { - include ::cinder::cron::db_purge - } } #END STEP 5 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 30345694..13271116 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -21,12 +21,10 @@ Pcmk_resource <| |> { # TODO(jistr): use pcs resource provider instead of just no-ops Service <| tag == 'aodh-service' or - tag == 'cinder-service' or tag == 'ceilometer-service' or tag == 'gnocchi-service' or tag == 'neutron-service' or - tag == 'nova-service' or - tag == 'sahara-service' + tag == 'nova-service' |> { hasrestart => true, restart => '/bin/true', @@ -102,17 +100,7 @@ if hiera('step') >= 1 { } if downcase(hiera('ceilometer_backend')) == 'mongodb' { - include ::mongodb::globals - include ::mongodb::client - class { '::mongodb::server' : - service_manage => false, - } - } - - # Redis - class { '::redis' : - service_manage => false, - notify_service => false, + include ::mongodb::params } # Galera @@ -174,6 +162,7 @@ if hiera('step') >= 1 { if hiera('step') >= 2 { + # NOTE(gfidente): the following vars are needed on all nodes so they # need to stay out of pacemaker_master conditional. # The addresses mangling will hopefully go away when we'll be able to @@ -200,24 +189,6 @@ if hiera('step') >= 2 { clone_params => true, } - if downcase(hiera('ceilometer_backend')) == 'mongodb' { - pacemaker::resource::service { $::mongodb::params::service_name : - op_params => 'start timeout=370s stop timeout=200s', - clone_params => true, - require => Class['::mongodb::server'], - } - # NOTE (spredzy) : The replset can only be run - # once all the nodes have joined the cluster. - mongodb_conn_validator { $mongo_node_ips_with_port : - timeout => '600', - require => Pacemaker::Resource::Service[$::mongodb::params::service_name], - before => Mongodb_replset[$mongodb_replset], - } - mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port_nobr, - } - } - pacemaker::resource::ocf { 'galera' : ocf_agent_name => 'heartbeat:galera', op_params => 'promote timeout=300s on-fail=block', @@ -227,15 +198,6 @@ if hiera('step') >= 2 { require => Class['::mysql::server'], before => Exec['galera-ready'], } - - pacemaker::resource::ocf { 'redis': - ocf_agent_name => 'heartbeat:redis', - master_params => '', - meta_params => 'notify=true ordered=true interleave=true', - resource_params => 'wait_last_known_master=true', - require => Class['::redis'], - } - } $mysql_root_password = hiera('mysql::server::root_password') $mysql_clustercheck_password = hiera('mysql_clustercheck_password') @@ -295,12 +257,6 @@ if hiera('step') >= 2 { class { '::nova::db::mysql_api': require => Exec['galera-ready'], } - class { '::neutron::db::mysql': - require => Exec['galera-ready'], - } - class { '::cinder::db::mysql': - require => Exec['galera-ready'], - } if downcase(hiera('ceilometer_backend')) == 'mysql' { class { '::ceilometer::db::mysql': @@ -313,14 +269,8 @@ if hiera('step') >= 2 { require => Exec['galera-ready'], } } - class { '::sahara::db::mysql': - require => Exec['galera-ready'], - } } - # pre-install swift here so we can build rings - include ::swift - # Ceph $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) @@ -399,34 +349,6 @@ MYSQL_HOST=localhost\n", } include ::nova::config - - class { '::nova::api' : - sync_db => $sync_db, - sync_db_api => $sync_db, - manage_service => false, - enabled => false, - } - class { '::nova::cert' : - manage_service => false, - enabled => false, - } - class { '::nova::conductor' : - manage_service => false, - enabled => false, - } - class { '::nova::consoleauth' : - manage_service => false, - enabled => false, - } - class { '::nova::vncproxy' : - manage_service => false, - enabled => false, - } - include ::nova::scheduler::filter - class { '::nova::scheduler' : - manage_service => false, - enabled => false, - } include ::nova::network::neutron if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { @@ -461,8 +383,8 @@ MYSQL_HOST=localhost\n", class {'::tripleo::network::midonet::api': zookeeper_servers => $zookeeper_node_ips, - vip => hiera('tripleo::loadbalancer::public_virtual_ip'), - keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), + vip => hiera('public_virtual_ip'), + keystone_ip => hiera('public_virtual_ip'), keystone_admin_token => hiera('keystone::admin_token'), # TODO: create a 'bind' hiera key for api bind_address => hiera('neutron::bind_host'), @@ -470,23 +392,14 @@ MYSQL_HOST=localhost\n", } # Configure Neutron + # TODO: when doing the composable midonet plugin, don't forget to + # set service_plugins to an empty array in Hiera. class {'::neutron': service_plugins => [] } } - else { - # Neutron class definitions - include ::neutron - } - include ::neutron::config - class { '::neutron::server' : - sync_db => $sync_db, - manage_service => false, - enabled => false, - } - include ::neutron::server::notifications if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { include ::neutron::plugins::nuage } @@ -495,225 +408,21 @@ MYSQL_HOST=localhost\n", } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { class {'::neutron::plugins::midonet': - midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), + midonet_api_ip => hiera('public_virtual_ip'), keystone_tenant => hiera('neutron::server::auth_tenant'), - keystone_password => hiera('neutron::server::auth_password') - } - } - if hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { - class { '::neutron::plugins::plumgrid' : - connection => hiera('neutron::server::database_connection'), - controller_priv_host => hiera('keystone_admin_api_vip'), - admin_password => hiera('admin_password'), - metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), - } - } - include ::neutron::plugins::ml2 - class { '::neutron::agents::ml2::ovs': - manage_service => false, - enabled => false, - } - - if 'cisco_ucsm' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::ucsm - } - if 'cisco_nexus' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus - include ::neutron::plugins::ml2::cisco::type_nexus_vxlan - } - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::cisco::nexus1000v - - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), - } - - class { '::n1k_vsm': - n1kv_source => hiera('n1kv_vsm_source', undef), - n1kv_version => hiera('n1kv_vsm_version', undef), - } - } - - if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::plugins::ml2::bigswitch::restproxy - include ::neutron::agents::bigswitch - } - - include ::cinder - include ::cinder::config - class { '::cinder::api': - sync_db => $sync_db, - manage_service => false, - enabled => false, - } - class { '::cinder::scheduler' : - manage_service => false, - enabled => false, - } - class { '::cinder::volume' : - manage_service => false, - enabled => false, - } - include ::cinder::glance - include ::cinder::ceilometer - class { '::cinder::setup_test_volume': - size => join([hiera('cinder_lvm_loop_device_size'), 'M']), - } - - $cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) - if $cinder_enable_iscsi { - $cinder_iscsi_backend = 'tripleo_iscsi' - - cinder::backend::iscsi { $cinder_iscsi_backend : - iscsi_ip_address => hiera('cinder_iscsi_ip_address'), - iscsi_helper => hiera('cinder_iscsi_helper'), + keystone_password => hiera('neutron::server::password') } } if $enable_ceph { - $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), size => hiera('ceph::profile::params::osd_pool_default_size'), } - - $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] - - } else { - $cinder_pool_requires = [] - } - - if hiera('cinder_enable_rbd_backend', false) { - $cinder_rbd_backend = 'tripleo_ceph' - - cinder::backend::rbd { $cinder_rbd_backend : - backend_host => hiera('cinder::host'), - rbd_pool => hiera('cinder_rbd_pool_name'), - rbd_user => hiera('ceph_client_user_name'), - rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => $cinder_pool_requires, - } - } - - if hiera('cinder_enable_eqlx_backend', false) { - $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - - cinder::backend::eqlx { $cinder_eqlx_backend : - volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), - san_ip => hiera('cinder::backend::eqlx::san_ip', undef), - san_login => hiera('cinder::backend::eqlx::san_login', undef), - san_password => hiera('cinder::backend::eqlx::san_password', undef), - san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), - eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), - eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), - eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), - eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), - } - } - - if hiera('cinder_enable_dellsc_backend', false) { - $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : - volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), - san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), - san_login => hiera('cinder::backend::dellsc_iscsi::san_login', undef), - san_password => hiera('cinder::backend::dellsc_iscsi::san_password', undef), - dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), - iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), - iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), - dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), - dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), - } - } - - if hiera('cinder_enable_netapp_backend', false) { - $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - - if hiera('cinder::backend::netapp::nfs_shares', undef) { - $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') - } - - cinder::backend::netapp { $cinder_netapp_backend : - netapp_login => hiera('cinder::backend::netapp::netapp_login', undef), - netapp_password => hiera('cinder::backend::netapp::netapp_password', undef), - netapp_server_hostname => hiera('cinder::backend::netapp::netapp_server_hostname', undef), - netapp_server_port => hiera('cinder::backend::netapp::netapp_server_port', undef), - netapp_size_multiplier => hiera('cinder::backend::netapp::netapp_size_multiplier', undef), - netapp_storage_family => hiera('cinder::backend::netapp::netapp_storage_family', undef), - netapp_storage_protocol => hiera('cinder::backend::netapp::netapp_storage_protocol', undef), - netapp_transport_type => hiera('cinder::backend::netapp::netapp_transport_type', undef), - netapp_vfiler => hiera('cinder::backend::netapp::netapp_vfiler', undef), - netapp_volume_list => hiera('cinder::backend::netapp::netapp_volume_list', undef), - netapp_vserver => hiera('cinder::backend::netapp::netapp_vserver', undef), - netapp_partner_backend_name => hiera('cinder::backend::netapp::netapp_partner_backend_name', undef), - nfs_shares => $cinder_netapp_nfs_shares, - nfs_shares_config => hiera('cinder::backend::netapp::nfs_shares_config', undef), - netapp_copyoffload_tool_path => hiera('cinder::backend::netapp::netapp_copyoffload_tool_path', undef), - netapp_controller_ips => hiera('cinder::backend::netapp::netapp_controller_ips', undef), - netapp_sa_password => hiera('cinder::backend::netapp::netapp_sa_password', undef), - netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef), - netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef), - netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef), - } - } - - if hiera('cinder_enable_nfs_backend', false) { - $cinder_nfs_backend = 'tripleo_nfs' - - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] - } - - package { 'nfs-utils': } -> - cinder::backend::nfs { $cinder_nfs_backend: - nfs_servers => hiera('cinder_nfs_servers'), - nfs_mount_options => hiera('cinder_nfs_mount_options',''), - nfs_shares_config => '/etc/cinder/shares-nfs.conf', - } - } - - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) - class { '::cinder::backends' : - enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), } - class { '::sahara': - sync_db => $sync_db, - } - class { '::sahara::service::api': - manage_service => false, - enabled => false, - } - class { '::sahara::service::engine': - manage_service => false, - enabled => false, - } - - # swift proxy - class { '::swift::proxy' : - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, - } - include ::swift::proxy::proxy_logging - include ::swift::proxy::healthcheck - include ::swift::proxy::cache - include ::swift::proxy::keystone - include ::swift::proxy::authtoken - include ::swift::proxy::staticweb - include ::swift::proxy::ratelimit - include ::swift::proxy::catch_errors - include ::swift::proxy::tempurl - include ::swift::proxy::formpost - # swift storage if str2bool(hiera('enable_swift_storage', true)) { class {'::swift::storage::all': @@ -908,14 +617,10 @@ password=\"${mysql_root_password}\"", } $nova_enable_db_purge = hiera('nova_enable_db_purge', true) - $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } - if $cinder_enable_db_purge { - include ::cinder::cron::db_purge - } if $pacemaker_master { @@ -938,139 +643,11 @@ password=\"${mysql_root_password}\"", Pacemaker::Resource::Ocf['openstack-core']], } - # Cinder - pacemaker::resource::service { $::cinder::params::api_service : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::cinder::params::scheduler_service : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::cinder::params::volume_service : } - - pacemaker::constraint::base { 'keystone-then-cinder-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::cinder::params::api_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::cinder::params::api_service]], - } - pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint': - constraint_type => 'order', - first_resource => "${::cinder::params::api_service}-clone", - second_resource => "${::cinder::params::scheduler_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], - } - pacemaker::constraint::colocation { 'cinder-scheduler-with-cinder-api-colocation': - source => "${::cinder::params::scheduler_service}-clone", - target => "${::cinder::params::api_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], - } - pacemaker::constraint::base { 'cinder-scheduler-then-cinder-volume-constraint': - constraint_type => 'order', - first_resource => "${::cinder::params::scheduler_service}-clone", - second_resource => $::cinder::params::volume_service, - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], - } - pacemaker::constraint::colocation { 'cinder-volume-with-cinder-scheduler-colocation': - source => $::cinder::params::volume_service, - target => "${::cinder::params::scheduler_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], - } - - # Sahara - pacemaker::resource::service { $::sahara::params::api_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::sahara::params::engine_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'keystone-then-sahara-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::sahara::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint': - constraint_type => 'order', - first_resource => "${::sahara::params::api_service_name}-clone", - second_resource => "${::sahara::params::engine_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], - Pacemaker::Resource::Service[$::sahara::params::engine_service_name]], - } - - if hiera('neutron::enable_ovs_agent', true) { - pacemaker::resource::service { $::neutron::params::ovs_agent_service: - clone_params => 'interleave=true', - } - } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { pacemaker::resource::service {'tomcat': clone_params => 'interleave=true', } } - if hiera('neutron::enable_ovs_agent', true) { - pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service: - ocf_agent_name => 'neutron:OVSCleanup', - clone_params => 'interleave=true', - } - pacemaker::resource::ocf { 'neutron-netns-cleanup': - ocf_agent_name => 'neutron:NetnsCleanup', - clone_params => 'interleave=true', - } - - # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent - pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_cleanup_service}-clone", - second_resource => 'neutron-netns-cleanup-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], - } - pacemaker::constraint::colocation { 'neutron-ovs-cleanup-to-netns-cleanup-colocation': - source => 'neutron-netns-cleanup-clone', - target => "${::neutron::params::ovs_cleanup_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], - } - pacemaker::constraint::base { 'neutron-netns-cleanup-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => 'neutron-netns-cleanup-clone', - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - pacemaker::constraint::colocation { 'neutron-netns-cleanup-to-openvswitch-agent-colocation': - source => "${::neutron::params::ovs_agent_service}-clone", - target => 'neutron-netns-cleanup-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { #midonet-chain chain keystone-->neutron-server-->dhcp-->metadata->tomcat pacemaker::constraint::base { 'neutron-server-to-dhcp-agent-constraint': @@ -1110,23 +687,6 @@ password=\"${mysql_root_password}\"", } # Nova - pacemaker::resource::service { $::nova::params::api_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::nova::params::conductor_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::nova::params::consoleauth_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::nova::params::vncproxy_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::nova::params::scheduler_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': constraint_type => 'order', first_resource => 'openstack-core-clone', @@ -1136,6 +696,13 @@ password=\"${mysql_root_password}\"", require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], Pacemaker::Resource::Ocf['openstack-core']], } + pacemaker::constraint::colocation { 'nova-consoleauth-with-openstack-core': + source => "${::nova::params::consoleauth_service_name}-clone", + target => 'openstack-core-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint': constraint_type => 'order', first_resource => "${::nova::params::consoleauth_service_name}-clone", diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index ae074589..3585c993 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -16,42 +16,46 @@ include ::tripleo::packages include ::tripleo::firewall -create_resources(kmod::load, hiera('kernel_modules'), {}) -create_resources(sysctl::value, hiera('sysctl_settings'), {}) -Exec <| tag == 'kmod::load' |> -> Sysctl <| |> +if hiera('step') >= 1 { + create_resources(kmod::load, hiera('kernel_modules'), {}) + create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - -include ::timezone + include ::timezone -include ::swift -class { '::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), -} -if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], + if count(hiera('ntp::servers')) > 0 { + include ::ntp } } -$swift_components = ['account', 'container', 'object'] -swift::storage::filter::recon { $swift_components : } -swift::storage::filter::healthcheck { $swift_components : } +if hiera('step') >= 4 { + class { '::swift::storage::all': + mount_check => str2bool(hiera('swift_mount_check')), + } + if(!defined(File['/srv/node'])) { + file { '/srv/node': + ensure => directory, + owner => 'swift', + group => 'swift', + require => Package['openstack-swift'], + } + } + + $swift_components = ['account', 'container', 'object'] + swift::storage::filter::recon { $swift_components : } + swift::storage::filter::healthcheck { $swift_components : } -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + $snmpd_user = hiera('snmpd_readonly_user_name') + snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), + } + class { '::snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + } + + hiera_include('object_classes') } -hiera_include('object_classes') package_manifest{'/var/lib/tripleo/installed-packages/overcloud_object': ensure => present} diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp index a623da29..2411ff84 100644 --- a/puppet/manifests/ringbuilder.pp +++ b/puppet/manifests/ringbuilder.pp @@ -89,6 +89,11 @@ class tripleo::ringbuilder ( } } +if hiera('step') >= 2 { + # pre-install swift here so we can build rings + include ::swift +} + if hiera('step') >= 3 { include ::tripleo::ringbuilder } diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 38d2ac64..15c8c1f1 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -48,3 +48,7 @@ are re-asserted when applying latter ones. 5) Service activation (Pacemaker) 6) Fencing (Pacemaker) + +Note: Not all roles currently support all steps: + + * ObjectStorage role only supports steps 2, 3 and 4 diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml new file mode 100644 index 00000000..c53bef6f --- /dev/null +++ b/puppet/services/cinder-api.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder API service configured with Puppet + +parameters: + CinderEnableDBPurge: + default: true + description: | + Whether to create cron job for purging soft deleted rows in Cinder database. + type: boolean + CinderPassword: + description: The password for the cinder service account, used by cinder-api. + type: string + hidden: true + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder API role. + value: + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - cinder::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + cinder::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + cinder::api::keystone_password: {get_param: CinderPassword} + cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge} + step_config: | + include ::tripleo::profile::base::cinder::api diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml new file mode 100644 index 00000000..85682448 --- /dev/null +++ b/puppet/services/cinder-base.yaml @@ -0,0 +1,58 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder base service. Shared by all Cinder services. + +parameters: + CinderPassword: + description: The password for the cinder service account, used by cinder-api. + type: string + hidden: true + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + +outputs: + role_data: + description: Role data for the Cinder base service. + value: + config_settings: + cinder::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://cinder:' + - {get_param: CinderPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/cinder' + cinder::db::mysql::password: {get_param: CinderPassword} + cinder::debug: {get_param: Debug} + cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + cinder::rabbit_userid: {get_param: RabbitUserName} + cinder::rabbit_password: {get_param: RabbitPassword} + cinder::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml new file mode 100644 index 00000000..6bdf86bc --- /dev/null +++ b/puppet/services/cinder-scheduler.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Scheduler service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Scheduler role. + value: + config_settings: + get_attr: [CinderBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::cinder::scheduler diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml new file mode 100644 index 00000000..d28f40e6 --- /dev/null +++ b/puppet/services/cinder-volume.yaml @@ -0,0 +1,71 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Volume service configured with Puppet + +parameters: + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + CinderISCSIHelper: + default: lioadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 10280 + description: The size of the loopback file used by the cinder LVM driver. + type: number + CinderNfsMountOptions: + default: '' + description: > + Mount options for NFS mounts used by Cinder NFS backend. Effective + when CinderEnableNfsBackend is true. + type: string + CinderNfsServers: + default: '' + description: > + NFS servers used by Cinder NFS backend. Effective when + CinderEnableNfsBackend is true. + type: comma_delimited_list + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - tripleo::profile::base::cinder::volume::cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} + tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} + tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: + str_replace: + template: SERVERS + params: + SERVERS: {get_param: CinderNfsServers} + tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml new file mode 100644 index 00000000..ecd1d319 --- /dev/null +++ b/puppet/services/database/mongodb-base.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + Configuration details for MongoDB service using composable roles + +parameters: + MongoDbNoJournal: + default: false + description: Should MongoDb journaling be disabled + type: boolean + MongoDbIPv6: + default: false + description: Enable IPv6 if MongoDB VIP is IPv6 + type: boolean + MongoDbReplset: + type: string + default: "tripleo" + +outputs: + aux_parameters: + description: Additional parameters referenced outside the base file + value: + rplset_name: {get_param: MongoDbReplset} + role_data: + description: Role data for the MongoDB base service. + value: + config_settings: + mongodb::server::nojournal: {get_param: MongoDbNoJournal} + mongodb::server::ipv6: {get_param: MongoDbIPv6} + mongodb::server::replset: {get_param: MongoDbReplset}
\ No newline at end of file diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml new file mode 100644 index 00000000..c0488700 --- /dev/null +++ b/puppet/services/database/mongodb.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + MongoDb service deployment using puppet + +parameters: + #Parameters not used EndpointMap + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + MongoDbBase: + type: ./mongodb-base.yaml + +outputs: + role_data: + description: Service mongodb using composable services. + value: + config_settings: + map_merge: + - get_attr: [MongoDbBase, role_data, config_settings] + - tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]} + mongodb::server::service_manage: True + step_config: | + include ::tripleo::profile::base::database::mongodb
\ No newline at end of file diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml new file mode 100644 index 00000000..77b3c9f0 --- /dev/null +++ b/puppet/services/database/redis-base.yaml @@ -0,0 +1,21 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Redis service configured with Puppet + +parameters: + RedisPassword: + description: The password for Redis + type: string + hidden: true + +outputs: + role_data: + description: Role data for the redis role. + value: + config_settings: + redis::requirepass: {get_param: RedisPassword} + redis::masterauth: {get_param: RedisPassword} + redis::sentinel_auth_pass: {get_param: RedisPassword} + tripleo::loadbalancer::redis_password: {get_param: RedisPassword} + diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml new file mode 100644 index 00000000..2669592a --- /dev/null +++ b/puppet/services/database/redis.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Redis service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + RedisBase: + type: ./redis-base.yaml + +outputs: + role_data: + description: Role data for the redis role. + value: + config_settings: + map_merge: + - get_attr: [RedisBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::database::redis diff --git a/puppet/services/loadbalancer.yaml b/puppet/services/haproxy.yaml index 1b9654fc..844637bc 100644 --- a/puppet/services/loadbalancer.yaml +++ b/puppet/services/haproxy.yaml @@ -1,7 +1,7 @@ heat_template_version: 2016-04-08 description: > - Loadbalancer service configured with Puppet + HAproxy service configured with Puppet parameters: EndpointMap: @@ -12,7 +12,7 @@ parameters: outputs: role_data: - description: Role data for the Loadbalancer role. + description: Role data for the HAproxy role. value: step_config: | - include ::tripleo::profile::base::loadbalancer + include ::tripleo::profile::base::haproxy diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 51807f92..4a5ec2c0 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -49,7 +49,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' - heat::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} heat::keystone_password: {get_param: HeatPassword} diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml new file mode 100644 index 00000000..09ce26b5 --- /dev/null +++ b/puppet/services/keepalived.yaml @@ -0,0 +1,18 @@ +heat_template_version: 2016-04-08 + +description: > + Keepalived service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Keepalived role. + value: + step_config: | + include ::tripleo::profile::base::keepalived diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index b34bdd22..8bd8d989 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -26,6 +26,18 @@ parameters: type: number default: 3 description: The number of neutron dhcp agents to schedule per network + NeutronCorePlugin: + default: 'ml2' + description: | + The core plugin for Neutron. The value should be the entrypoint to be loaded + from neutron.core_plugins namespace. + type: string + NeutronServicePlugins: + default: "router,qos" + description: | + Comma-separated list of service plugin entrypoints to be loaded from the + neutron.service_plugins namespace. + type: comma_delimited_list Debug: type: string default: '' @@ -41,4 +53,10 @@ outputs: neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL} neutron::rabbit_port: {get_param: RabbitClientPort} neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} + neutron::core_plugin: {get_param: NeutronCorePlugin} + neutron::service_plugins: + str_replace: + template: PLUGINS + params: + PLUGINS: {get_param: NeutronServicePlugins} neutron::debug: {get_param: Debug} diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml new file mode 100644 index 00000000..0e1dbb29 --- /dev/null +++ b/puppet/services/neutron-ovs-agent.yaml @@ -0,0 +1,71 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron OVS agent configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronEnableTunnelling: + type: string + default: "True" + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: comma_delimited_list + default: "datacentre:br-ex" + NeutronTunnelTypes: + default: 'vxlan' + description: | + The tunnel types for the Neutron tenant network. + type: comma_delimited_list + NeutronAgentExtensions: + default: "qos" + description: | + Comma-separated list of extensions enabled for the Neutron agents. + type: comma_delimited_list + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron OVS agent service. + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + neutron::agents::ml2::ovs::enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} + neutron::agents::ml2::ovs::bridge_mappings: + str_replace: + template: MAPPINGS + params: + MAPPINGS: {get_param: NeutronBridgeMappings} + neutron::agents::ml2::ovs::tunnel_types: + str_replace: + template: TYPES + params: + TYPES: {get_param: NeutronTunnelTypes} + neutron::agents::ml2::ovs::extensions: + str_replace: + template: AGENT_EXTENSIONS + params: + AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} + step_config: | + include ::tripleo::profile::base::neutron::ovs diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml new file mode 100644 index 00000000..435a6de0 --- /dev/null +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -0,0 +1,109 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron ML2 Plugin configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. + type: comma_delimited_list + NeutronTypeDrivers: + default: "vxlan,vlan,flat,gre" + description: | + Comma-separated list of network type driver entrypoints to be loaded. + type: comma_delimited_list + NeutronFlatNetworks: + type: comma_delimited_list + default: 'datacentre' + description: If set, flat networks to configure in neutron plugins. + NeutronPluginExtensions: + default: "qos,port_security" + description: | + Comma-separated list of extensions enabled for the Neutron plugin. + type: comma_delimited_list + NeutronNetworkVLANRanges: + default: 'datacentre:1:1000' + description: > + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + type: comma_delimited_list + NeutronTunnelIdRanges: + description: | + Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges + of GRE tunnel IDs that are available for tenant network allocation + default: ["1:4094", ] + type: comma_delimited_list + NeutronVniRanges: + description: | + Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges + of VXLAN VNI IDs that are available for tenant network allocation + default: ["1:4094", ] + type: comma_delimited_list + NeutronNetworkType: + default: 'vxlan' + description: The tenant network type for Neutron. + type: comma_delimited_list + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron ML2 plugin. + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::plugins::ml2::mechanism_drivers: + str_replace: + template: MECHANISMS + params: + MECHANISMS: {get_param: NeutronMechanismDrivers} + neutron::plugins::ml2::type_drivers: + str_replace: + template: DRIVERS + params: + DRIVERS: {get_param: NeutronTypeDrivers} + neutron::plugins::ml2::flat_networks: + str_replace: + template: NETWORKS + params: + NETWORKS: {get_param: NeutronFlatNetworks} + neutron::plugins::ml2::extension_drivers: + str_replace: + template: PLUGIN_EXTENSIONS + params: + PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions} + neutron::plugins::ml2::network_vlan_ranges: + str_replace: + template: RANGES + params: + RANGES: {get_param: NeutronNetworkVLANRanges} + neutron::plugins::ml2::tunnel_id_ranges: + str_replace: + template: RANGES + params: + RANGES: {get_param: NeutronTunnelIdRanges} + neutron::plugins::ml2::vni_ranges: + str_replace: + template: RANGES + params: + RANGES: {get_param: NeutronVniRanges} + neutron::plugins::ml2::tenant_network_types: + str_replace: + template: TYPES + params: + TYPES: {get_param: NeutronNetworkType} + + step_config: | + include ::tripleo::profile::base::neutron::ml2 diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml new file mode 100644 index 00000000..a0ac46ef --- /dev/null +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -0,0 +1,111 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Plumgrid plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + + # PLUMgrid specific settings + PLUMgridDirectorServer: + description: IP address of the PLUMgrid Director Server + type: string + default: 127.0.0.1 + PLUMgridDirectorServerPort: + description: Port of the PLUMgrid Director Server + type: string + default: 443 + PLUMgridUsername: + description: Username for PLUMgrid platform + type: string + PLUMgridPassword: + description: Password for PLUMgrid platform + type: string + hidden: true + PLUMgridNovaMetadataIP: + description: IP address of Nova Metadata + type: string + default: 169.254.169.254 + PLUMgridNovaMetadataPort: + description: Port of Nova Metadata + type: string + default: 8775 + PLUMgridL2GatewayVendor: + description: Vendor for L2 Gateway Switch + type: string + default: vendor + PLUMgridL2GatewayUsername: + description: Username for L2 Gateway Switch + type: string + default: username + PLUMgridL2GatewayPassword: + description: Password for L2 Gateway Switch + type: string + hidden: true + PLUMgridIdentityVersion: + description: Keystone Identity version + type: string + default: v2.0 + PLUMgridConnectorType: + description: Neutron Network Connector Type + type: string + default: distributed + PLUMgridNeutronPluginVersion: + description: PLUMgrid Neutron Plugin version + type: string + default: present + PLUMgridPlumlibVersion: + description: PLUMgrid Plumlib version + type: string + default: present + + +outputs: + role_data: + description: Role data for the Neutron Plumgrid plugin + value: + config_settings: + neutron::plugins::plumgrid::connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://neutron:' + - {get_param: NeutronPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ovs_neutron?charset=utf8' + neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]} + neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} + neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron::plugins::plumgrid::director_server: {get_param: PLUMgridDirectorServer} + neutron::plugins::plumgrid::director_server_port: {get_param: PLUMgridDirectorServerPort} + neutron::plugins::plumgrid::username: {get_param: PLUMgridUsername} + neutron::plugins::plumgrid::password: {get_param: PLUMgridPassword} + neutron::plugins::plumgrid::nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP} + neutron::plugins::plumgrid::nova_metadata_port: {get_param: PLUMgridNovaMetadataPort} + neutron::plugins::plumgrid::l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor} + neutron::plugins::plumgrid::l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername} + neutron::plugins::plumgrid::l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword} + neutron::plugins::plumgrid::connector_type: {get_param: PLUMgridConnectorType} + neutron::plugins::plumgrid::identity_version: {get_param: PLUMgridIdentityVersion} + neutron::plugins::plumgrid::package_ensure: {get_param: PLUMgridNeutronPluginVersion} + neutron::plugins::plumgrid::plumlib_package_ensure: {get_param: PLUMgridPlumlibVersion} + + step_config: | + include tripleo::profile::base::neutron::plugins::plumgrid diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml new file mode 100644 index 00000000..6299c39e --- /dev/null +++ b/puppet/services/neutron-server.yaml @@ -0,0 +1,70 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Server configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronWorkers: + default: 0 + description: Number of workers for Neutron service. + type: number + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string + NeutronL3HA: + default: 'False' + description: Whether to enable l3-agent HA + type: string + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron Server agent service. + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + neutron_dsn: &neutron_dsn + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://neutron:' + - {get_param: NeutronPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ovs_neutron?charset=utf8' + neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + neutron::server::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + neutron::server::database_connection: *neutron_dsn + neutron::server::api_workers: {get_param: NeutronWorkers} + neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} + neutron::server::l3_ha: {get_param: NeutronL3HA} + neutron::server::auth_password: {get_param: NeutronPassword} + + neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } + neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } + neutron::server::notifications::tenant_name: 'service' + neutron::server::notifications::project_name: 'service' + neutron::server::notifications::password: {get_param: NovaPassword} + neutron::db::mysql::password: {get_param: NeutronPassword} + step_config: | + include tripleo::profile::base::neutron::server diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml new file mode 100644 index 00000000..f31df371 --- /dev/null +++ b/puppet/services/nova-api.yaml @@ -0,0 +1,31 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova API service. + type: number + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova API service. + value: + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::api::osapi_compute_workers: {get_param: NovaWorkers} + - nova::api::metadata_workers: {get_param: NovaWorkers} + step_config: | + include tripleo::profile::base::nova::api diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml new file mode 100644 index 00000000..7de14f68 --- /dev/null +++ b/puppet/services/nova-base.yaml @@ -0,0 +1,39 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova base service. Shared for all Nova services. + +parameters: + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + Debug: + type: string + default: '' + description: Set to True to enable debugging on all services. + +outputs: + role_data: + description: Role data for the Neutron base service. + value: + config_settings: + nova::rabbit_password: {get_param: RabbitPassword} + nova::rabbit_user: {get_param: RabbitUserName} + nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + nova::rabbit_port: {get_param: RabbitClientPort} + nova::debug: {get_param: Debug} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml new file mode 100644 index 00000000..0844aa85 --- /dev/null +++ b/puppet/services/nova-compute.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Compute service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova Conductor service. + value: + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::nova::compute diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml new file mode 100644 index 00000000..412dd275 --- /dev/null +++ b/puppet/services/nova-conductor.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Conductor service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova Conductor service. + type: number + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova Conductor service. + value: + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::conductor::workers: {get_param: NovaWorkers} + step_config: | + include tripleo::profile::base::nova::conductor diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml new file mode 100644 index 00000000..791c5449 --- /dev/null +++ b/puppet/services/nova-consoleauth.yaml @@ -0,0 +1,24 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Consoleauth service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova Consoleauth service. + value: + config_settings: + get_attr: [NovaBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::nova::consoleauth diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml new file mode 100644 index 00000000..65ed6643 --- /dev/null +++ b/puppet/services/nova-scheduler.yaml @@ -0,0 +1,26 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Scheduler service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova Scheduler service. + value: + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::scheduler::filter::ram_allocation_ratio: '1.0' + step_config: | + include tripleo::profile::base::nova::scheduler diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml new file mode 100644 index 00000000..93a25ab2 --- /dev/null +++ b/puppet/services/nova-vncproxy.yaml @@ -0,0 +1,24 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Vncproxy service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova Vncproxy service. + value: + config_settings: + get_attr: [NovaBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml new file mode 100644 index 00000000..0f66cc06 --- /dev/null +++ b/puppet/services/pacemaker/cinder-api.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder API service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderApiBase: + type: ../cinder-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder API role. + value: + config_settings: + map_merge: + - get_attr: [CinderApiBase, role_data, config_settings] + - cinder::api::manage_service: false + cinder::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::cinder::api diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml new file mode 100644 index 00000000..d1472c00 --- /dev/null +++ b/puppet/services/pacemaker/cinder-scheduler.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Scheduler service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderSchedulerBase: + type: ../cinder-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Scheduler role. + value: + config_settings: + map_merge: + - get_attr: [CinderSchedulerBase, role_data, config_settings] + - cinder::scheduler::manage_service: false + cinder::scheduler::enabled: false + step_config: + include ::tripleo::profile::pacemaker::cinder::scheduler diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml new file mode 100644 index 00000000..ee4e6cea --- /dev/null +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Volume service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderVolumeBase: + type: ../cinder-volume.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + config_settings: + map_merge: + - get_attr: [CinderVolumeBase, role_data, config_settings] + - cinder::volume::manage_service: false + cinder::volume::enabled: false + step_config: + include ::tripleo::profile::pacemaker::cinder::volume diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml new file mode 100644 index 00000000..b2e9e0bb --- /dev/null +++ b/puppet/services/pacemaker/database/mongodb.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + MongoDb service deployment using puppet + +parameters: + #Parameters not used EndpointMap + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + MongoDbBase: + type: ../../database/mongodb-base.yaml + +outputs: + role_data: + description: Service mongodb using composable services. + value: + config_settings: + map_merge: + - get_attr: [MongoDbBase, role_data, config_settings] + - tripleo::profile::pacemaker::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]} + mongodb::server::service_manage: False + step_config: | + include ::tripleo::profile::pacemaker::database::mongodb diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml new file mode 100644 index 00000000..0e46f8a3 --- /dev/null +++ b/puppet/services/pacemaker/database/redis.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Redis service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + RedisBase: + type: ../../database/redis-base.yaml + +outputs: + role_data: + description: Role data for the Redis pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [RedisBase, role_data, config_settings] + - tripleo::profile::pacemaker::database::redis::redis_vip: {get_input: redis_vip} + redis::service_manage: false + redis::notify_service: false + step_config: | + include ::tripleo::profile::pacemaker::database::redis diff --git a/puppet/services/pacemaker/loadbalancer.yaml b/puppet/services/pacemaker/haproxy.yaml index be6825f6..c2ca2816 100644 --- a/puppet/services/pacemaker/loadbalancer.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -1,7 +1,7 @@ heat_template_version: 2016-04-08 description: > - Loadbalancer service with Pacemaker configured with Puppet + HAproxy service with Pacemaker configured with Puppet parameters: EndpointMap: @@ -12,19 +12,19 @@ parameters: resources: LoadbalancerServiceBase: - type: ../loadbalancer.yaml + type: ../haproxy.yaml properties: EndpointMap: {get_param: EndpointMap} outputs: role_data: - description: Role data for the Loadbalancer pacemaker role. + description: Role data for the HAproxy with pacemaker role. value: config_settings: map_merge: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] - - tripleo::loadbalancer::haproxy_service_manage: false - tripleo::loadbalancer::mysql_clustercheck: true - tripleo::loadbalancer::manage_vip: false + - tripleo::haproxy::haproxy_service_manage: false + tripleo::haproxy::mysql_clustercheck: true + enable_keepalived: false step_config: | - include ::tripleo::profile::pacemaker::loadbalancer + include ::tripleo::profile::pacemaker::haproxy diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml new file mode 100644 index 00000000..a17d7a61 --- /dev/null +++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron OVS agent with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronOvsBase: + type: ../neutron-ovs-agent.yaml + +outputs: + role_data: + description: Role data for the Neutron OVS agent service. + value: + config_settings: + get_attr: [NeutronOvsBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::ovs diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml new file mode 100644 index 00000000..ac9d2402 --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-ml2.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron ML2 Plugin with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronMl2Base: + type: ../neutron-plugin-ml2.yaml + +outputs: + role_data: + description: Role data for the Neutron ML2 plugin. + value: + config_settings: + map_merge: + - get_attr: [NeutronMl2Base, role_data, config_settings] + - neutron::agents::ml2::ovs::enabled: false + neutron::agents::ml2::ovs::manage_service: false + step_config: | + include ::tripleo::profile::pacemaker::neutron::ml2 diff --git a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml new file mode 100644 index 00000000..c2e8eaac --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron PLUMgrid Plugin with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronPluginPlumgridBase: + type: ../neutron-plugin-ml2.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron PLUMgrid plugin. + value: + config_settings: + map_merge: + - get_attr: [NeutronPluginPlumgridBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::plumgrid diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml new file mode 100644 index 00000000..60599e7e --- /dev/null +++ b/puppet/services/pacemaker/neutron-server.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Server with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronServerBase: + type: ../neutron-server.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Server. + value: + config_settings: + map_merge: + - get_attr: [NeutronServerBase, role_data, config_settings] + - neutron::server::enabled: false + neutron::server::manage_service: false + step_config: | + include ::tripleo::profile::pacemaker::neutron::server diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml new file mode 100644 index 00000000..1b5011b6 --- /dev/null +++ b/puppet/services/pacemaker/nova-api.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova API service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaApiBase: + type: ../nova-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova API role. + value: + config_settings: + map_merge: + - get_attr: [NovaApiBase, role_data, config_settings] + - nova::api::manage_service: false + nova::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::api diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml new file mode 100644 index 00000000..a484f0df --- /dev/null +++ b/puppet/services/pacemaker/nova-conductor.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Conductor service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaConductorBase: + type: ../nova-conductor.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Conductor role. + value: + config_settings: + map_merge: + - get_attr: [NovaConductorBase, role_data, config_settings] + - nova::conductor::manage_service: false + nova::conductor::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::conductor diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml new file mode 100644 index 00000000..f9b6b058 --- /dev/null +++ b/puppet/services/pacemaker/nova-consoleauth.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Consoleauth service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaConsoleauthBase: + type: ../nova-consoleauth.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Consoleauth role. + value: + config_settings: + map_merge: + - get_attr: [NovaConsoleauthBase, role_data, config_settings] + - nova::consoleauth::manage_service: false + nova::consoleauth::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::consoleauth diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml new file mode 100644 index 00000000..0032cbe6 --- /dev/null +++ b/puppet/services/pacemaker/nova-scheduler.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Scheduler service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaSchedulerBase: + type: ../nova-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Scheduler role. + value: + config_settings: + map_merge: + - get_attr: [NovaSchedulerBase, role_data, config_settings] + - nova::scheduler::manage_service: false + nova::scheduler::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::scheduler diff --git a/puppet/services/pacemaker/nova-vncproxy.yaml b/puppet/services/pacemaker/nova-vncproxy.yaml new file mode 100644 index 00000000..52395240 --- /dev/null +++ b/puppet/services/pacemaker/nova-vncproxy.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Vncproxy service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaVncproxyBase: + type: ../nova-vncproxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Vncproxy role. + value: + config_settings: + map_merge: + - get_attr: [NovaVncproxyBase, role_data, config_settings] + - nova::vncproxy::manage_service: false + nova::vncproxy::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::vncproxy diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml new file mode 100644 index 00000000..a5db77c4 --- /dev/null +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara API service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + SaharaApiBase: + type: ../sahara-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sahara API role. + value: + config_settings: + map_merge: + - get_attr: [SaharaApiBase, role_data, config_settings] + - sahara::service::api::manage_service: false + sahara::service::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::sahara diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml new file mode 100644 index 00000000..129f88bf --- /dev/null +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -0,0 +1,32 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara Engine service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + SaharaEngineBase: + type: ../sahara-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sahara Engine role. + value: + config_settings: + map_merge: + - get_attr: [SaharaEngineBase, role_data, config_settings] + - sahara::service::engine::manage_service: false + sahara::service::engine::enabled: false + # No puppet manifests since sahara-engine is included in + # ::tripleo::profile::pacemaker::sahara which is maintained alongside of + # pacemaker/sahara-api.yaml. + step_config: diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml new file mode 100644 index 00000000..93bf7385 --- /dev/null +++ b/puppet/services/sahara-api.yaml @@ -0,0 +1,52 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SaharaPassword: + default: unset + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true + SaharaWorkers: + default: 0 + description: The number of workers for the sahara-api. + type: number + SaharaApiVirtualIP: + type: string + default: '' + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + SaharaBase: + type: ./sahara-base.yaml + +outputs: + role_data: + description: Role data for the Sahara API role. + value: + config_settings: + map_merge: + - get_attr: [SaharaBase, role_data, config_settings] + - sahara::host: {get_param: SaharaApiVirtualIP} + sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} + sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + sahara::admin_password: {get_param: SaharaPassword} + sahara::service::api::api_workers: {get_param: SaharaApiWorkers} + sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} + sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} + sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} + sahara::keystone::auth::password: {get_param: SaharaPassword } + sahara::keystone::auth::region: {get_param: KeystoneRegion} + step_config: | + include ::tripleo::profile::base::sahara::api diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml new file mode 100644 index 00000000..275d7536 --- /dev/null +++ b/puppet/services/sahara-base.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara base service. Shared for all Sahara services. + +parameters: + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + Debug: + type: string + default: '' + description: Set to True to enable debugging on all services. + +outputs: + role_data: + description: Role data for the Sahara base service. + value: + config_settings: + sahara::rabbit_password: {get_param: RabbitPassword} + sahara::rabbit_user: {get_param: RabbitUserName} + sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + sahara::rabbit_port: {get_param: RabbitClientPort} + sahara::debug: {get_param: Debug} + sahara::use_neutron: true + sahara::plugins: + - cdh + - hdp + - mapr + - vanilla + - spark + - storm + sahara::rpc_backend: rabbit diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml new file mode 100644 index 00000000..17ef49fa --- /dev/null +++ b/puppet/services/sahara-engine.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Sahara Engine service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SaharaPassword: + default: unset + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true + +resources: + SaharaBase: + type: ./sahara-base.yaml + +outputs: + role_data: + description: Role data for the Sahara Engine role. + value: + config_settings: + map_merge: + - get_attr: [SaharaBase, role_data, config_settings] + - sahara_dsn: &sahara_dsn + list_join: + - '' + - - {get_param: [EndpointMap, MysqlVirtual, protocol]} + - '://sahara:' + - {get_param: SaharaPassword} + - '@' + - {get_param: [EndpointMap, MysqlVirtual, host]} + - '/sahara' + sahara::database_connection: *sahara_dsn + sahara::db::mysql::password: {get_param: SaharaPassword} + step_config: | + include ::tripleo::profile::base::sahara::engine diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml new file mode 100644 index 00000000..a86aeaf5 --- /dev/null +++ b/puppet/services/swift-proxy.yaml @@ -0,0 +1,49 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Swift Proxy service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + SwiftPassword: + description: The password for the swift service account, used by the swift proxy services. + type: string + hidden: true + SwiftWorkers: + default: 0 + description: Number of workers for Swift service. + type: number + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + + +outputs: + role_data: + description: Role data for the Swift proxy service. + value: + config_settings: + # Swift + swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + swift::proxy::authtoken::admin_password: {get_param: SwiftPassword} + swift::proxy::workers: {get_param: SwiftWorkers} + swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} + swift::keystone::auth::password: {get_param: SwiftPassword} + swift::keystone::auth::region: {get_param: KeystoneRegion} + step_config: | + include ::tripleo::profile::base::swift::proxy diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index b262f947..1aba2bb4 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -11,6 +11,10 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' resources: @@ -31,51 +35,56 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: - get_file: manifests/overcloud_object.pp + list_join: + - '' + - - get_file: manifests/overcloud_object.pp + - get_file: manifests/ringbuilder.pp + - {get_param: StepConfig} - StorageDeployment_Step1: + StorageRingbuilderDeployment_Step2: type: OS::Heat::StructuredDeployments depends_on: StorageArtifactsDeploy properties: - name: StorageDeployment_Step1 + name: StorageRingbuilderDeployment_Step2 servers: {get_param: servers} config: {get_resource: StoragePuppetConfig} input_values: + step: 2 update_identifier: {get_param: NodeConfigIdentifiers} - StorageRingbuilderPuppetConfig: - type: OS::Heat::SoftwareConfig + StorageRingbuilderDeployment_Step3: + type: OS::Heat::StructuredDeployments + depends_on: StorageRingbuilderDeployment_Step2 properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - inputs: - - name: step - outputs: - - name: result - config: - get_file: manifests/ringbuilder.pp + name: StorageRingbuilderDeployment_Step3 + servers: {get_param: servers} + config: {get_resource: StoragePuppetConfig} + input_values: + step: 3 + update_identifier: {get_param: NodeConfigIdentifiers} - StorageRingbuilderDeployment_Step2: + StorageDeployment_Step4: type: OS::Heat::StructuredDeployments - depends_on: StorageDeployment_Step1 + depends_on: StorageRingbuilderDeployment_Step3 properties: - name: StorageRingbuilderDeployment_Step2 + name: StorageDeployment_Step4 servers: {get_param: servers} - config: {get_resource: StorageRingbuilderPuppetConfig} + config: {get_resource: StoragePuppetConfig} input_values: - step: 3 # Note ringbuilder.pp expects >=3 + step: 4 update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. ExtraConfig: - depends_on: StorageRingbuilderDeployment_Step2 + depends_on: StorageDeployment_Step4 type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: servers} diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 3f6f4733..ed52f928 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -121,6 +121,9 @@ parameters: NodeIndex: type: number default: 0 + ServiceConfigSettings: + type: json + default: {} resources: @@ -257,6 +260,7 @@ resources: - heat_config_%{::deploy_config_name} - object_extraconfig - extraconfig + - service_configs - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - all_nodes # provided by allNodesConfig @@ -265,6 +269,8 @@ resources: - network merge_behavior: deeper datafiles: + service_configs: + mapped_data: {get_param: ServiceConfigSettings} common: raw_data: {get_file: hieradata/common.yaml} network: @@ -279,7 +285,7 @@ resources: object: raw_data: {get_file: hieradata/object.yaml} mapped_data: # data supplied directly to this deployment configuration, etc - swift::swift_hash_suffix: { get_input: swift_hash_suffix } + swift::swift_hash_path_suffix: { get_input: swift_hash_suffix } tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: { get_input: swift_part_power } tripleo::ringbuilder::replicas: {get_input: swift_replicas } diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index 3e8e9182..92234b6c 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -32,11 +32,20 @@ resources: horizon_vip: {get_input: horizon_vip} redis_vip: {get_input: redis_vip} mysql_vip: {get_input: mysql_vip} - tripleo::loadbalancer::public_virtual_ip: {get_input: public_virtual_ip} - tripleo::loadbalancer::controller_virtual_ip: {get_input: control_virtual_ip} - tripleo::loadbalancer::internal_api_virtual_ip: {get_input: internal_api_virtual_ip} - tripleo::loadbalancer::storage_virtual_ip: {get_input: storage_virtual_ip} - tripleo::loadbalancer::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} + public_virtual_ip: {get_input: public_virtual_ip} + controller_virtual_ip: {get_input: control_virtual_ip} + internal_api_virtual_ip: {get_input: internal_api_virtual_ip} + storage_virtual_ip: {get_input: storage_virtual_ip} + storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} + # public_virtual_ip and controller_virtual_ip are needed in + # both HAproxy & keepalived. + tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip} + tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip} + tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip} + tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip} + tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip} + tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip} + tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip} |