aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci/environments/scenario001-multinode.yaml4
-rwxr-xr-xdocker/docker-puppet.py4
-rw-r--r--docker/services/aodh-api.yaml1
-rw-r--r--docker/services/aodh-evaluator.yaml1
-rw-r--r--docker/services/aodh-listener.yaml1
-rw-r--r--docker/services/aodh-notifier.yaml1
-rw-r--r--docker/services/ceilometer-agent-central.yaml113
-rw-r--r--docker/services/ceilometer-agent-compute.yaml91
-rw-r--r--docker/services/ceilometer-agent-notification.yaml113
-rw-r--r--docker/services/database/mongodb.yaml1
-rw-r--r--docker/services/database/mysql.yaml1
-rw-r--r--docker/services/database/redis.yaml1
-rw-r--r--docker/services/glance-api.yaml1
-rw-r--r--docker/services/gnocchi-api.yaml1
-rw-r--r--docker/services/gnocchi-metricd.yaml1
-rw-r--r--docker/services/gnocchi-statsd.yaml1
-rw-r--r--docker/services/heat-api-cfn.yaml1
-rw-r--r--docker/services/heat-api.yaml1
-rw-r--r--docker/services/heat-engine.yaml1
-rw-r--r--docker/services/ironic-api.yaml1
-rw-r--r--docker/services/ironic-conductor.yaml1
-rw-r--r--docker/services/ironic-pxe.yaml1
-rw-r--r--docker/services/keystone.yaml1
-rw-r--r--docker/services/memcached.yaml1
-rw-r--r--docker/services/mistral-api.yaml1
-rw-r--r--docker/services/mistral-engine.yaml1
-rw-r--r--docker/services/mistral-executor.yaml1
-rw-r--r--docker/services/neutron-api.yaml59
-rw-r--r--docker/services/neutron-dhcp.yaml3
-rw-r--r--docker/services/neutron-l3.yaml3
-rw-r--r--docker/services/neutron-ovs-agent.yaml14
-rw-r--r--docker/services/neutron-plugin-ml2.yaml3
-rw-r--r--docker/services/nova-api.yaml1
-rw-r--r--docker/services/nova-compute.yaml1
-rw-r--r--docker/services/nova-conductor.yaml1
-rw-r--r--docker/services/nova-ironic.yaml1
-rw-r--r--docker/services/nova-libvirt.yaml1
-rw-r--r--docker/services/nova-metadata.yaml2
-rw-r--r--docker/services/nova-placement.yaml1
-rw-r--r--docker/services/nova-scheduler.yaml1
-rw-r--r--docker/services/panko-api.yaml1
-rw-r--r--docker/services/rabbitmq.yaml1
-rw-r--r--docker/services/services.yaml1
-rw-r--r--docker/services/swift-proxy.yaml1
-rw-r--r--docker/services/swift-ringbuilder.yaml1
-rw-r--r--docker/services/swift-storage.yaml1
-rw-r--r--docker/services/zaqar.yaml1
-rw-r--r--environments/docker-services-tls-everywhere.yaml7
-rw-r--r--environments/docker.yaml4
-rw-r--r--environments/neutron-ml2-cisco-nexus-ucsm.yaml2
-rw-r--r--environments/services-docker/undercloud-ceilometer.yaml3
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml4
-rw-r--r--puppet/objectstorage-role.yaml2
-rw-r--r--puppet/services/README.rst32
-rw-r--r--puppet/services/apache.yaml33
-rw-r--r--puppet/services/ceilometer-base.yaml25
-rw-r--r--puppet/services/disabled/ceilometer-expirer.yaml1
-rw-r--r--puppet/services/kernel.yaml29
-rw-r--r--puppet/services/neutron-metadata.yaml9
-rw-r--r--roles_data_undercloud.yaml2
-rw-r--r--tox.ini1
61 files changed, 546 insertions, 53 deletions
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml
index a5c85aa6..437d7c37 100644
--- a/ci/environments/scenario001-multinode.yaml
+++ b/ci/environments/scenario001-multinode.yaml
@@ -19,8 +19,8 @@ resource_registry:
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
- OS::TripleO::Services::FluentdClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/logging/fluentd-client.yaml
- OS::TripleO::Services::SensuClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/monitoring/sensu-client.yaml
+ OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
+ OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml
parameter_defaults:
ControllerServices:
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index f1594d2d..49dd00cd 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -253,7 +253,9 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
log.debug(cmd_stderr)
if subproc.returncode != 0:
log.error('Failed running docker-puppet.py for %s' % config_volume)
- rm_container('docker-puppet-%s' % config_volume)
+ else:
+ # only delete successful runs, for debugging
+ rm_container('docker-puppet-%s' % config_volume)
return subproc.returncode
# Holds all the information for each process to consume.
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml
index 9ba0ec03..8a02d8fd 100644
--- a/docker/services/aodh-api.yaml
+++ b/docker/services/aodh-api.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EnableInternalTLS:
type: boolean
default: false
diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml
index b4036c00..9d514d0c 100644
--- a/docker/services/aodh-evaluator.yaml
+++ b/docker/services/aodh-evaluator.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml
index 61153089..dac61087 100644
--- a/docker/services/aodh-listener.yaml
+++ b/docker/services/aodh-listener.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml
index 11ca12f9..a22ae85e 100644
--- a/docker/services/aodh-notifier.yaml
+++ b/docker/services/aodh-notifier.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml
new file mode 100644
index 00000000..94caded8
--- /dev/null
+++ b/docker/services/ceilometer-agent-central.yaml
@@ -0,0 +1,113 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Ceilometer Agent Central service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCeilometerCentralImage:
+ description: image
+ default: 'centos-binary-ceilometer-central:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CeilometerAgentCentralBase:
+ type: ../../puppet/services/ceilometer-agent-central.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Agent Central role.
+ value:
+ service_name: {get_attr: [CeilometerAgentCentralBase, role_data, service_name]}
+ config_settings: {get_attr: [CeilometerAgentCentralBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CeilometerAgentCentralBase, role_data, step_config]
+ service_config_settings: {get_attr: [CeilometerAgentCentralBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: ceilometer
+ puppet_tags: ceilometer_config
+ step_config: *step_config
+ config_image: &ceilometer_agent_central_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ceilometer-agent-central.json:
+ command: /usr/bin/ceilometer-polling --polling-namespaces central
+ docker_config:
+ step_3:
+ ceilometer_init_log:
+ start_order: 0
+ image: *ceilometer_agent_central_image
+ user: root
+ command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
+ volumes:
+ - /var/log/containers/ceilometer:/var/log/ceilometer
+ step_4:
+ ceilometer_agent_central:
+ image: *ceilometer_agent_central_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ceilometer-agent-central.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ step_5:
+ ceilometer_gnocchi_upgrade:
+ start_order: 1
+ image: *ceilometer_agent_central_image
+ net: host
+ detach: false
+ privileged: false
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ - /var/log/containers/ceilometer:/var/log/ceilometer
+ command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"]
+ upgrade_tasks:
+ - name: Stop and disable ceilometer agent central service
+ tags: step2
+ service: name=openstack-ceilometer-agent-central state=stopped enabled=no
diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml
new file mode 100644
index 00000000..9033cf4a
--- /dev/null
+++ b/docker/services/ceilometer-agent-compute.yaml
@@ -0,0 +1,91 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Ceilometer Agent Compute service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCeilometerComputeImage:
+ description: image
+ default: 'centos-binary-ceilometer-compute:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CeilometerAgentComputeBase:
+ type: ../../puppet/services/ceilometer-agent-compute.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Agent Compute role.
+ value:
+ service_name: {get_attr: [CeilometerAgentComputeBase, role_data, service_name]}
+ config_settings: {get_attr: [CeilometerAgentComputeBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CeilometerAgentComputeBase, role_data, step_config]
+ service_config_settings: {get_attr: [CeilometerAgentComputeBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: ceilometer
+ puppet_tags: ceilometer_config
+ step_config: *step_config
+ config_image: &ceilometer_agent_compute_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ceilometer-agent-compute.json:
+ command: /usr/bin/ceilometer-polling --polling-namespaces compute
+ docker_config:
+ step_4:
+ ceilometer_agent-compute:
+ image: *ceilometer_agent_compute_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable ceilometer-agent-compute service
+ tags: step2
+ service: name=openstack-ceilometer-agent-compute state=stopped enabled=no
diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml
new file mode 100644
index 00000000..79df3306
--- /dev/null
+++ b/docker/services/ceilometer-agent-notification.yaml
@@ -0,0 +1,113 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Ceilometer Agent Notification service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCeilometerNotificationImage:
+ description: image
+ default: 'centos-binary-ceilometer-notification:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CeilometerAgentNotificationBase:
+ type: ../../puppet/services/ceilometer-agent-notification.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Agent Notification role.
+ value:
+ service_name: {get_attr: [CeilometerAgentNotificationBase, role_data, service_name]}
+ config_settings: {get_attr: [CeilometerAgentNotificationBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CeilometerAgentNotificationBase, role_data, step_config]
+ service_config_settings: {get_attr: [CeilometerAgentNotificationBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: ceilometer
+ puppet_tags: ceilometer_config
+ step_config: *step_config
+ config_image: &ceilometer_agent_notification_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ceilometer-agent-notification.json:
+ command: /usr/bin/ceilometer-agent-notification
+ docker_config:
+ step_3:
+ ceilometer_init_log:
+ start_order: 0
+ image: *ceilometer_agent_notification_image
+ user: root
+ command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
+ volumes:
+ - /var/log/containers/ceilometer:/var/log/ceilometer
+ step_4:
+ ceilometer_agent-notification:
+ image: *ceilometer_agent_notification_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ceilometer-agent-notification.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ step_5:
+ ceilometer_gnocchi_upgrade:
+ start_order: 1
+ image: *ceilometer_agent_notification_image
+ net: host
+ detach: false
+ privileged: false
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ - /var/log/containers/ceilometer:/var/log/ceilometer
+ command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"]
+ upgrade_tasks:
+ - name: Stop and disable ceilometer agent notification service
+ tags: step2
+ service: name=openstack-ceilometer-notification state=stopped enabled=no
diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml
index 437e6c82..ed4e3177 100644
--- a/docker/services/database/mongodb.yaml
+++ b/docker/services/database/mongodb.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
index cc9f6eab..3a4de24f 100644
--- a/docker/services/database/mysql.yaml
+++ b/docker/services/database/mysql.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
MysqlRootPassword:
type: string
hidden: true
diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml
index fbf53cb9..86c44900 100644
--- a/docker/services/database/redis.yaml
+++ b/docker/services/database/redis.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index c474131d..ef1e00ed 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EnableInternalTLS:
type: boolean
default: false
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index 4770533b..9b474731 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EnableInternalTLS:
type: boolean
default: false
diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml
index 9ddc3afb..2724805b 100644
--- a/docker/services/gnocchi-metricd.yaml
+++ b/docker/services/gnocchi-metricd.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml
index 99a94960..305971f1 100644
--- a/docker/services/gnocchi-statsd.yaml
+++ b/docker/services/gnocchi-statsd.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
index 6cfc8ecc..2631928f 100644
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -38,6 +38,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EnableInternalTLS:
type: boolean
default: false
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index 9c0ec23c..b2f4eb64 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -38,6 +38,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EnableInternalTLS:
type: boolean
default: false
diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml
index 02f7febe..8c554a50 100644
--- a/docker/services/heat-engine.yaml
+++ b/docker/services/heat-engine.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml
index 8d2f6221..300aa0bd 100644
--- a/docker/services/ironic-api.yaml
+++ b/docker/services/ironic-api.yaml
@@ -37,6 +37,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml
index 70367615..360eb669 100644
--- a/docker/services/ironic-conductor.yaml
+++ b/docker/services/ironic-conductor.yaml
@@ -37,6 +37,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml
index baf03c0f..bc828e65 100644
--- a/docker/services/ironic-pxe.yaml
+++ b/docker/services/ironic-pxe.yaml
@@ -37,6 +37,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 86ef094c..ca643749 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml
index 38a75d2d..d85a0878 100644
--- a/docker/services/memcached.yaml
+++ b/docker/services/memcached.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml
index e5e2ff0b..3b256fdd 100644
--- a/docker/services/mistral-api.yaml
+++ b/docker/services/mistral-api.yaml
@@ -37,6 +37,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml
index feef9c81..d60d847b 100644
--- a/docker/services/mistral-engine.yaml
+++ b/docker/services/mistral-engine.yaml
@@ -37,6 +37,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml
index 90415874..76ae052b 100644
--- a/docker/services/mistral-executor.yaml
+++ b/docker/services/mistral-executor.yaml
@@ -37,6 +37,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index 485b02e6..748371d5 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -15,7 +15,7 @@ parameters:
# we configure all neutron services in the same neutron
DockerNeutronConfigImage:
description: image
- default: 'centos-binary-neutron-openvswitch-agent:latest'
+ default: 'centos-binary-neutron-server:latest'
type: string
EndpointMap:
default: {}
@@ -38,6 +38,14 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -80,6 +88,8 @@ outputs:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ /var/lib/kolla/config_files/neutron_server_tls_proxy.json:
+ command: /usr/sbin/httpd -DFOREGROUND
docker_config:
# db sync runs before permissions set by kolla_config
step_3:
@@ -112,20 +122,39 @@ outputs:
- /var/log/containers/neutron:/var/log/neutron
command: ['neutron-db-manage', 'upgrade', 'heads']
step_4:
- neutron_api:
- image: *neutron_api_image
- net: host
- privileged: false
- restart: always
- volumes:
- list_concat:
- - {get_attr: [ContainersCommon, volumes]}
- -
- - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- - /var/log/containers/neutron:/var/log/neutron
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ map_merge:
+ - neutron_api:
+ image: *neutron_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /var/log/containers/neutron:/var/log/neutron
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - if:
+ - internal_tls_enabled
+ - neutron_server_tls_proxy:
+ image: *neutron_api_image
+ net: host
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - {}
host_prep_tasks:
- name: create persistent logs directory
file:
diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml
index 68d9994e..d14f5251 100644
--- a/docker/services/neutron-dhcp.yaml
+++ b/docker/services/neutron-dhcp.yaml
@@ -15,7 +15,7 @@ parameters:
# we configure all neutron services in the same neutron
DockerNeutronConfigImage:
description: image
- default: 'centos-binary-neutron-openvswitch-agent:latest'
+ default: 'centos-binary-neutron-server:latest'
type: string
EndpointMap:
default: {}
@@ -38,6 +38,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml
index 83dae627..97901bc8 100644
--- a/docker/services/neutron-l3.yaml
+++ b/docker/services/neutron-l3.yaml
@@ -15,7 +15,7 @@ parameters:
# we configure all neutron services in the same neutron
DockerNeutronConfigImage:
description: image
- default: 'centos-binary-neutron-openvswitch-agent:latest'
+ default: 'centos-binary-neutron-server:latest'
type: string
ServiceNetMap:
default: {}
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml
index ac52b378..89bf8663 100644
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@@ -12,6 +12,10 @@ parameters:
description: image
default: 'centos-binary-neutron-openvswitch-agent:latest'
type: string
+ DockerNeutronConfigImage:
+ description: image
+ default: 'centos-binary-neutron-server:latest'
+ type: string
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -28,6 +32,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -60,10 +65,10 @@ outputs:
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
step_config: *step_config
- config_image: &neutron_ovs_agent_image
+ config_image:
list_join:
- '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ]
+ - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/neutron-openvswitch-agent.json:
command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
@@ -74,7 +79,10 @@ outputs:
docker_config:
step_4:
neutronovsagent:
- image: *neutron_ovs_agent_image
+ image: &neutron_ovs_agent_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ]
net: host
pid: host
privileged: true
diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml
index 66a1397c..2e5384ea 100644
--- a/docker/services/neutron-plugin-ml2.yaml
+++ b/docker/services/neutron-plugin-ml2.yaml
@@ -21,7 +21,7 @@ parameters:
type: string
DockerNeutronConfigImage:
description: image
- default: 'centos-binary-neutron-openvswitch-agent:latest'
+ default: 'centos-binary-neutron-server:latest'
type: string
DefaultPasswords:
default: {}
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index 627d1b48..d571b21b 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -37,6 +37,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index 540e831a..4f10a1a3 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -28,6 +28,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml
index 1a0e8641..131355d7 100644
--- a/docker/services/nova-conductor.yaml
+++ b/docker/services/nova-conductor.yaml
@@ -37,6 +37,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml
index 668cbf00..be0dd111 100644
--- a/docker/services/nova-ironic.yaml
+++ b/docker/services/nova-ironic.yaml
@@ -32,6 +32,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index cc0640de..ebf0da7d 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -34,6 +34,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml
index 95d781c7..2aebbb2f 100644
--- a/docker/services/nova-metadata.yaml
+++ b/docker/services/nova-metadata.yaml
@@ -25,7 +25,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
-
+ type: json
resources:
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index 528a20ea..ae4ccf68 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml
index bcd9f7b5..6285e98e 100644
--- a/docker/services/nova-scheduler.yaml
+++ b/docker/services/nova-scheduler.yaml
@@ -37,6 +37,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml
index b2abc068..46cfa5ab 100644
--- a/docker/services/panko-api.yaml
+++ b/docker/services/panko-api.yaml
@@ -35,6 +35,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EnableInternalTLS:
type: boolean
default: false
diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml
index 92c8d9f6..e2f8228e 100644
--- a/docker/services/rabbitmq.yaml
+++ b/docker/services/rabbitmq.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
RabbitCookie:
type: string
default: ''
diff --git a/docker/services/services.yaml b/docker/services/services.yaml
index 31def7f3..15f1bf02 100644
--- a/docker/services/services.yaml
+++ b/docker/services/services.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml
index 988bb399..60972f91 100644
--- a/docker/services/swift-proxy.yaml
+++ b/docker/services/swift-proxy.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EnableInternalTLS:
type: boolean
default: false
diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml
index f98e23fd..9ced8f27 100644
--- a/docker/services/swift-ringbuilder.yaml
+++ b/docker/services/swift-ringbuilder.yaml
@@ -28,6 +28,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
index f99eb068..017fb123 100644
--- a/docker/services/swift-storage.yaml
+++ b/docker/services/swift-storage.yaml
@@ -39,6 +39,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
index 744a0c1e..594df693 100644
--- a/docker/services/zaqar.yaml
+++ b/docker/services/zaqar.yaml
@@ -33,6 +33,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
resources:
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
index 33afbc66..e37f2515 100644
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -12,6 +12,7 @@ resource_registry:
OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
+ OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
@@ -20,6 +21,12 @@ resource_registry:
OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
+ OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+ OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
+ OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
+ OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
+ OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 0c6028d0..991e991c 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -41,6 +41,9 @@ resource_registry:
OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
+ OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml
+ OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml
+ OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml
OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
@@ -58,3 +61,4 @@ parameter_defaults:
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker
+ - OS::TripleO::Services::CeilometerAgentCompute
diff --git a/environments/neutron-ml2-cisco-nexus-ucsm.yaml b/environments/neutron-ml2-cisco-nexus-ucsm.yaml
index ad111757..f5a0a399 100644
--- a/environments/neutron-ml2-cisco-nexus-ucsm.yaml
+++ b/environments/neutron-ml2-cisco-nexus-ucsm.yaml
@@ -2,6 +2,8 @@
# a Cisco Neutron plugin.
resource_registry:
OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
parameter_defaults:
NetworkUCSMIp: '127.0.0.1'
diff --git a/environments/services-docker/undercloud-ceilometer.yaml b/environments/services-docker/undercloud-ceilometer.yaml
new file mode 100644
index 00000000..07a61c20
--- /dev/null
+++ b/environments/services-docker/undercloud-ceilometer.yaml
@@ -0,0 +1,3 @@
+resource_registry:
+ OS::TripleO::Services::UndercloudCeilometerAgentCentral: ../../docker/services/ceilometer-agent-central.yaml
+ OS::TripleO::Services::UndercloudCeilometerAgentNotification: ../../docker/services/ceilometer-agent-notification.yaml
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 74776e7a..450e6116 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -195,6 +195,10 @@ resource_registry:
OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml
OS::TripleO::Services::CeilometerAgentIpmi: puppet/services/ceilometer-agent-ipmi.yaml
OS::TripleO::Services::Horizon: puppet/services/horizon.yaml
+ # Undercloud Telemetry services
+ OS::TripleO::Services::UndercloudCeilometerAgentCentral: OS::Heat::None
+ OS::TripleO::Services::UndercloudCeilometerAgentNotification: OS::Heat::None
+
#Gnocchi services
OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml
OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index 84b646a2..fb60d2be 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -127,7 +127,7 @@ parameters:
resources:
SwiftStorage:
- type: OS::Nova::ObjectStorageServer
+ type: OS::TripleO::ObjectStorageServer
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index 0fb1da65..7a18ef0c 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -19,21 +19,35 @@ environment to set per service parameters.
Apart from sevice specific inputs, there are few default parameters for all
the services. Following are the list of default parameters:
- * ServiceNetMap: Mapping of service_name -> network name. Typically set via
- parameter_defaults in the resource registry. This mapping overrides those
- in ServiceNetMapDefaults.
+ * ServiceNetMap: Mapping of service_name -> network name. Default mappings
+ for service to network names are defined in
+ ../network/service_net_map.j2.yaml, which may be overridden via
+ ServiceNetMap values added to a user environment file via
+ parameter_defaults.
- * EndpointMap: Mapping of service endpoint -> protocol. Typically set via
- parameter_defaults in the resource registry.
+ * EndpointMap: Mapping of service endpoint -> protocol. Contains a mapping of
+ endpoint data generated for all services, based on the data included in
+ ../network/endpoints/endpoint_data.yaml.
- * DefaultPasswords: Mapping of service -> default password. Used to help pass
- top level passwords managed by Heat into services.
+ * DefaultPasswords: Mapping of service -> default password. Used to pass some
+ passwords from the parent templates, this is a legacy interface and should
+ not be used by new services.
* RoleName: Name of the role on which this service is deployed. A service can
- be deployed in multiple roles.
+ be deployed in multiple roles. This is an internal parameter (should not be
+ set via environment file), which is fetched from the name attribute of the
+ roles_data.yaml template.
* RoleParameters: Parameter specific to a role on which the service is
- applied.
+ applied. Using the format "<RoleName>Parameters" in the parameter_defaults
+ of user environment file, parameters can be provided for a specific role.
+ For example, in order to provide a parameter specific to "Compute" role,
+ below is the format::
+
+ parameter_defaults:
+ ComputeParameters:
+ Param1: value
+
Config Settings
---------------
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index ac371927..f3021060 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -84,21 +84,24 @@ outputs:
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
apache::mod::remoteip::proxy_ips:
- "%{hiera('apache_remote_proxy_ips_network')}"
- -
- generate_service_certificates: true
- tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
- tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
- apache_certificates_specs:
- map_merge:
- repeat:
- template:
- httpd-NETWORK:
- service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
- service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
- hostname: "%{hiera('fqdn_NETWORK')}"
- principal: "HTTP/%{hiera('fqdn_NETWORK')}"
- for_each:
- NETWORK: {get_attr: [ApacheNetworks, value]}
+ - if:
+ - internal_tls_enabled
+ -
+ generate_service_certificates: true
+ tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
+ tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
+ apache_certificates_specs:
+ map_merge:
+ repeat:
+ template:
+ httpd-NETWORK:
+ service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
+ service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
+ hostname: "%{hiera('fqdn_NETWORK')}"
+ principal: "HTTP/%{hiera('fqdn_NETWORK')}"
+ for_each:
+ NETWORK: {get_attr: [ApacheNetworks, value]}
+ - {}
metadata_settings:
if:
- internal_tls_enabled
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index d2f08bec..e60eb425 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -38,9 +38,27 @@ parameters:
default: 0
description: Number of workers for Ceilometer service.
type: number
+ ManageEventPipeline:
+ default: false
+ description: Whether to manage event_pipeline.yaml.
+ type: boolean
EventPipelinePublishers:
- default: ['notifier://?topic=alarm.all']
- description: A list of publishers to put in event_pipeline.yaml.
+ default: ['gnocchi://']
+ description: >
+ A list of publishers to put in event_pipeline.yaml. When the
+ collector is used, override this with notifier:// publisher.
+ Set ManageEventPipeline to true for override to take effect.
+ type: comma_delimited_list
+ ManagePipeline:
+ default: false
+ description: Whether to manage pipeline.yaml.
+ type: boolean
+ PipelinePublishers:
+ default: ['gnocchi://']
+ description: >
+ A list of publishers to put in pipeline.yaml. When the
+ collector is used, override this with notifier:// publisher.
+ Set ManagePipeline to true for override to take effect.
type: comma_delimited_list
Debug:
default: ''
@@ -97,7 +115,10 @@ outputs:
ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ ceilometer::agent::notification::manage_event_pipeline: {get_param: ManageEventPipeline}
ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers}
+ ceilometer::agent::notification::manage_pipeline: {get_param: ManagePipeline}
+ ceilometer::agent::notification::pipeline_publishers: {get_param: PipelinePublishers}
ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion}
ceilometer::agent::auth::auth_tenant_name: 'service'
ceilometer::agent::auth::auth_user_domain_name: 'Default'
diff --git a/puppet/services/disabled/ceilometer-expirer.yaml b/puppet/services/disabled/ceilometer-expirer.yaml
index 560cc582..182193ec 100644
--- a/puppet/services/disabled/ceilometer-expirer.yaml
+++ b/puppet/services/disabled/ceilometer-expirer.yaml
@@ -20,6 +20,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 697ec228..8121454b 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -34,6 +34,28 @@ parameters:
default: 0
description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys
type: number
+ NeighbourGcThreshold1:
+ default: 1024
+ description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value.
+ This is the minimum number of entries to keep in the ARP
+ cache. The garbage collector will not run if there are
+ fewer than this number of entries in the cache.
+ type: number
+ NeighbourGcThreshold2:
+ default: 2048
+ description: Configures sysctl net.ipv4.neigh.default.gc_thresh2 value.
+ This is the soft maximum number of entries to keep in the
+ ARP cache. The garbage collector will allow the number of
+ entries to exceed this for 5 seconds before collection will
+ be performed.
+ type: number
+ NeighbourGcThreshold3:
+ default: 4096
+ description: Configures sysctl net.ipv4.neigh.default.gc_thresh3 value.
+ This is the hard maximum number of entries to keep in the
+ ARP cache. The garbage collector will always run if there
+ are more than this number of entries in the cache.
+ type: number
outputs:
role_data:
@@ -94,5 +116,12 @@ outputs:
value: 1
fs.suid_dumpable:
value: 0
+ #avoid neighbour table overflow on large deployments
+ net.ipv4.neigh.default.gc_thresh1:
+ value: {get_param: NeighbourGcThreshold1}
+ net.ipv4.neigh.default.gc_thresh2:
+ value: {get_param: NeighbourGcThreshold2}
+ net.ipv4.neigh.default.gc_thresh3:
+ value: {get_param: NeighbourGcThreshold3}
step_config: |
include ::tripleo::profile::base::kernel
diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml
index 7d9c73eb..ec4a3df6 100644
--- a/puppet/services/neutron-metadata.yaml
+++ b/puppet/services/neutron-metadata.yaml
@@ -54,6 +54,9 @@ parameters:
tag: openstack.neutron.agent.metadata
path: /var/log/neutron/metadata-agent.log
+conditions:
+ neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
+
resources:
NeutronBase:
@@ -78,11 +81,15 @@ outputs:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
+ -
+ if:
+ - neutron_workers_unset
+ - {}
+ - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
step_config: |
include tripleo::profile::base::neutron::metadata
upgrade_tasks:
diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml
index 9894f00e..d57c8fc6 100644
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@@ -45,3 +45,5 @@
- OS::TripleO::Services::UndercloudGnocchiMetricd
- OS::TripleO::Services::UndercloudGnocchiStatsd
- OS::TripleO::Services::UndercloudPankoApi
+ - OS::TripleO::Services::UndercloudCeilometerAgentCentral
+ - OS::TripleO::Services::UndercloudCeilometerAgentNotification
diff --git a/tox.ini b/tox.ini
index 3796a546..b92e5456 100644
--- a/tox.ini
+++ b/tox.ini
@@ -4,6 +4,7 @@ skipsdist = True
[testenv]
usedevelop = True
+install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt